Not to make a statement here, but as I have worked as/with the "feds" for many years, I think these attacks are a tad prejudice and ill placed on this mailing list.
However, in regards to your statements about or against contacting the "feds" to alert them of this new exploit. The comment made earlier of people being clueless is inaccurate. There are organizations across the world, some of which are indeed "feds" that make it their sole purpose to know these sorts of things. I would recommend contacting the vendors first, if they're homegrown scripts, contact the author. Give them a chance to secure their code. Then after a set amount of time, disclose your vulnerability to the bugtraq list at www.securityfocus.com, might even decide to submit it to the various CERT's out there for investigation. cert.mil, cert.gov, cert.org, etc... In the very least, your investigation and reporting of the incidents at hand can help folks in the Snort community and other IA communities do develop rules to catch network traffic that does exploit it. Don't nessassarily expect a response. These oganizations get millions of emails a day (undoubtly) so there may be some disconnect. But they do take things seriously. You're best bet to let it be known is to publish it to places like Bugtraq. (AFTER you contact the vendor) Heck you may even consider bouncing it off the handlers at isc.sans.org and see if they're detecting an increase in traffic across the Internet that is indeed exploiting it. Might just be that you found an isolated incident. Who knows. Best of luck. Ian. >> If I was the Feds I would simply tell you to go away and secure >>your system. And, if you are working for an organisation where your >>systems must be secure by law, I would sic the appropriate agency on >>you. > > And, you already sound like a government worker. Totally bad attitude. I > expect to speak to someone like you today. I am sure I will find a way > around the front guard, then maybe not. There are plenty of folks like > you > in the government. > _______________________________________________ Visit http://www.mimedefang.org and http://www.roaringpenguin.com MIMEDefang mailing list [email protected] http://lists.roaringpenguin.com/mailman/listinfo/mimedefang
