On 13/04/07, Ajay Pal Singh Atwal <[EMAIL PROTECTED]> wrote: > I have a question. Letus say some sites of govt of India are affected by > vulnerabilities and are more or less sitting ducks and waiting for crackers > to deface them, or are already targets of crackers. > When the issue is reported to CERT-IN, nothing has happened after a month > (provided those sites are not acting as honeypots for some secret govt IT > security project), what should be the next option. A full-disclosure or > silence? >
Full disclosure is always not good idea. The knee jerk reaction of babudom is to take you on first (kill the messenger) than try to see what should be done. Can we create a hall of vulnerability (like hall of shame by ILUG-D) and send the link to CERT-IN May be that would wake them up. Unfortunately few instance in past make me believe that knee jerk reaction is more likely as you can be charged with "break-in". Logic (convoluted) is that you can only know if you have breached the sites and if you have breached you are the target of breaking "governmental" machinery!!! Take care. -- Regards, Sudev Barar ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ linux-india-help mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/linux-india-help
