Doing a search on Counterpane, I found this article written last summer on SANS by
Bruce Schneier of Counterpane.
http://www.zdnet.com/zdnn/stories/comment/0,5859,2609398,00.html
Bruce Schneier wrote:
On July 17, the SANS (System Administration, Networking, and Security) Institute
promulgated an e-mail warning people of the "most dangerous flaw found in Windows
workstations." I can't really figure this e-mail out; it seems to be primarily a grab
for press coverage.
Some of it is suspiciously vague: "We developed this exploit further and realized that
this is one of the most serious exploits of Windows workstations in the last several
years" "Developed"? How? No one says.
Some of it brags: "Microsoft asked us not to release the details until they had a
fix." "Release the details"? But the original Bugtraq posting was pretty explanatory,
and SANS has not released anything new.
...SANS issued another e-mail on July 21st, with more dire warnings: "Please fix this
before you go home today. And if you have gone home, go back to the office and fix
it." In my opinion, this warning blew the threat completely out of proportion and was
irresponsible to send. ...
It appears Bruce does not think very highly of SANS. Is SANS lacking the credibility
or as dubious as Bruce makes them sound? I heard SANS has a decent security
conference. Is there better alternatives or recommendations?
In the article, Bruce recommends against SANS rewarding writing a virus that
auto-fixes a vulnerability. I agree with Bruce in that the cure might be worse than
the actual vulnerability, but has anyone tried this? Did they do it because of the
SANS reward?
Kathy
- Kathy
---======-----
--=========---
-============-
--=========---
---=======----
--------------
Free web-based email
Performance Testing of your web site
Only at: http://www.perfstat.com
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
