>
>ccnawan wrote:
> >
> > In my experience I have been taught, it not a good idea to write about
>How
> > tos in regards to security in a open forum like this?
> > Dan Evensen
> > > >
>
>
>Go tell that to SecurityFocus... I guess they'll want to pull their
>penetration test, incidents, and bugtraq mailing lists. And their
>online vulnerability database.
All of the above do not explain how the penetration is done, they just
provide methods of testing if your equipment is prone to this penetration,
or detailing what penetration exists, and how to fix it.
>Point being, this stuff isn't secret as it is. The more people know
>about it, the _less_ the risk.
The more security people know about it, the better, the more general public
know about the exploits, the harder a security professionals job is, so more
work I get, so tell everybody, I don't care.
I will not detail how penetration is done, or mention tools to exploit them
(unless they are already PD). I will indicate that a certain feature could
be exploited, or has been exploited, and where possible I'll try to tell you
how to fix it, but I won't tell you the exploit, as this is a horribly open
and free-readable forum.
bugtraq is a bible, which all network professionals should review it weekly,
if not more often.
Rob./
_________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=3802&t=3666
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
