while i see wut u r getting at, at the end of teh day, u live in the uk, so stfu. uscert does necessary work, and i know 4 a fact that dhs is doing alot of good. maybe not in cybersecurity, which apparently is the only thing you think about instead of looking @ a bigger picture.. but dhs is very necessary. it works. and u r again, wrong.
On Thu, Oct 23, 2008 at 7:01 PM, n3td3v <[EMAIL PROTECTED]> wrote: > I'm not against anyone here, just I think and most people agree DHS > has been pretty pointless and ineffective in its goals. You can see > they mean well, but they do it all wrong. Basically, it seemed to be a > department which grouped existing or new departments together under > one umbrella. I think the point was to centralise them all into one > command and control coordination group called DHS. Did US-CERT do > well, what do they do? They look out for vulnerability's on the > mailing lists and act as a bridge between vendors and the interest of > the government. If the government have an interest in say a DNS > vulnerability, they will email vendors and say, you got to patch this, > we are putting pressure on you to patch. Also, the federal government > are rolling out DNSSEC to its domain name infrastructure. So, > basically, US-CERT seems to be an oversight posture, oversighting not > only their government interests, but over sighting businesses and > academia, to make sure their standards are upto scratch and making > sure they know what they need to know so that they can make a decision > which US-CERT will end up bullying them into doing with emails and > telephone calls. So I can see maybe US-CERT might have a reason to be > there, to oversight the rest of us and bully us with recommendations, > they force upon you if you don't take the primary polite hint at > updating something. Do we need US-CERT? Do we Need DHS? The truth is, > we could probably keep US-CERT, but generally they are just bullies > with the security community they over sight with, and if the DHS was > disbanded, then the US-CERT could still exist without the DHS > umbrella, although it might be better if US-CERT and DHS just go at > the same time. I agree with the idea of what they want to do, I just > don't like the way in which they do it. Their approach to protecting > the homeland is all wrong. US-CERT are bullies to the infosec > community, we shouldn't need to feel intimidated by them, they I feel > some vendors are in times like the DNS flaw when the government start > demanding things. Good night. The things that US-CERT do and > recommend, the vendors know about already, US-CERT are just like an > annoyance alarm bell in your ear you can't get rid of when you already > know what you need to know. So if US-CERT and DHS weren't around we > wouldn't be less off, we would be better off without them. I'm sure > they, US-CERT keep doing it to their own government departments as > well, emailing and phone calling them about things they already know > about. Lastly, their email alert system, it is slow, so slow at > telling people about things, they it just becomes a spam alert in your > inbox of old news, and that reflects what I was talking about in this > email about them sending spear targeted emails and phone calls to > vendors and government departments, which already have their security > teams taking care of issues and don't need the over sight and bully > boy annoyances that US-CERT seem to pose. The funny thing is, this > isn't even personal experience im talking about, as you know im not > part of the professional community, but I know what's going on because > I talk to people and I read the mailing lists and get the vibe that > this is what the US-CERT do in reality is bully boy people into doing > things and telling them things they already know, and demand things > are done. And in times of need, force people to work with each other > even if they don't really want to. Maybe the forcing people to > collaborate is a good thing at critical times, but you don't need a > whole US-CERT for that, it just takes a couple of independant folks to > do that, out there in the community when it becomes apparent when > action with multi-vendors, governments is required. Do we need, DHS, > no. Do we need to keep US-CERT, no because the skilled folks are > already there at each government department and vendor, they are more > upto speed than the DHS and US-CERT appear to be on security > vulnerabilities and what needs to be done. There is no need to pump > money into US-CERT which only tells people what they know already, > this is the case with individual end-users, vendors and government > departments, they don't see US-CERT/DHS that is needed, its just a > luxury. Its like driving a bentley, when i can still get to where i > want to go in a mini. The mini is smaller, more economic on fuel, > nippier round the bends in the cities, while the bentley is a big > heavy, fuel/money guzzler, slower but looks shinier on the outside, > but infact does the same thing as the mini. So better off with the > mini I say, unless you just are a show off and want to impress people > on the outside, when not really offering anything new on the inside > that the mini can't offer. And with the mini / bentley thing now in > your head, that is basically what it comes down to and explains the > situation well, why have a bentley, when all we want is a mini? Or > better off get a bus or a train and don't bother with any oversight > group that bullies people and offers nothing new to anyone that they > didn't know already. Another rant done and done, good night. Sorry > people who work for US-CERT, you are probably nice guys who mean well, > but nevermind you get my point. n3td3v. Take care everybody, we as > white hats should stick together, but just because I don't agree with > something a white hat does doesn't make me bad. People seem to think > if you're a white hat, you can't speak out about another white hat or > you will be called a bad person, no I think its ok to talk about other > white hats if another white hat doesn't agree with something. But > people like valdis will still call me names, but he is probably a > republican, so who cares. n3td3v is not a bad person im a good natured > person, maybe with shit social skills but who cares about it??? We > don't come great computer people by having a social life and going out > places, do we? Good night. > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
