> As we've discovered after many such events, the overlap between the
> people who read those lists and the people running outdated vulnerable
> software isn't very large.
to steal from a reply to a private message:
there are a jillion folk at the edges of the net running with low end
gear, low
> On Jan 26, 2019, at 16:48, valdis.kletni...@vt.edu wrote:
>
> On Sat, 26 Jan 2019 11:37:05 -0800, Owen DeLong said:
>>1.Compile a list of lists that should be notified of such experiments
>> in
>>advance. Try to get the word out to as much of the community
>>as
On Sat, 26 Jan 2019 11:37:05 -0800, Owen DeLong said:
> 1. Compile a list of lists that should be notified of such
> experiments in
> advance. Try to get the word out to as much of the community
> as possible through various NOGs and other relevant industry
> I think a better question is, once a vulnerability has become
> widespread public knowledge, do you expect malicious actors, malware
> authors and intelligence agencies of autocratic nation-states to obey
> a gentlemens' agreement not to exploit something?
false anology, or maybe just a subject
Randy Bush wrote on 26/01/2019 16:15:
if you know of an out-of-spec vulnerability or bug in deployed router,
switch, server, ... ops and researchers should exploit it as much as
possible in order to encourage fixing of the hole.
It came out as "please continue", but the sentiment sounded less
I think a better question is, once a vulnerability has become widespread
public knowledge, do you expect malicious actors, malware authors and
intelligence agencies of autocratic nation-states to obey a gentlemens'
agreement not to exploit something?
There is not a great deal of venn diagram
I think that’s a bit of reductio ad absurdum from what has been said.
I would prefer that researchers collaborate to:
1. Compile a list of lists that should be notified of such
experiments in
advance. Try to get the word out to as much of the community
i just want to make sure that folk are really in agreement with what i
think i have been hearing from a lot of strident voices here.
if you know of an out-of-spec vulnerability or bug in deployed router,
switch, server, ... ops and researchers should exploit it as much as
possible in order to
8 matches
Mail list logo
