Evan Schuman: Resurrection of Full Disclosure mailing list is great news, if you're not a cyberthief
The alternatives to an independent list like Full Disclosure can't match it for stopping new cyberattack tactics
Computerworld - The hardest thing to get large companies to do is to share sensitive corporate information with direct rivals. A very close second to that is to get them to talk about a security attack they just suffered. But that double reticence provides a favorable business climate for cyberthieves.
If all companies in a sector shared information about cyberattacks with one another, they would all learn about new things to look out for. Because potential victims would be aware of where a new danger lies, cyberthieves would have to give up new tactics fairly quickly. If that information isn't being shared, the cyberthieves can just keep repeating their new attacks at one company after another. You would hope that companies could see how it would be beneficial to them to share information with rivals, which would then be encouraged to share information that could save them from a cyberattack as well. But cyberthieves needn't be too worried about that. There's far more suspicion and paranoia in large companies than can be overcome by security self-interest.
I've been thinking about all of this in the wake of the March 19 shutdown of the 12-year-old, highly respected global security mailing list called Full Disclosure. FD was a wonderful forum for security professionals to share new cyberthief tactics and report security holes. The folk who ran FD were vague about why the list was being shut down, other than it involving legal threats.
John Cartwright, the administrator of the list, bemoaned changes in the hacker community, saying in a message, "I'm not willing to fight this fight any longer. It's getting harder to operate an open forum in today's legal climate, let alone a security-related one. There is no honor amongst hackers any more. There is no real community. There is precious little skill. The entire security game is becoming more and more regulated. This is all a sign of things to come, and a reflection on the sad state of an industry that should never have become an industry."
Fortunately, we won't be writing the obituary for Full Disclosure -- yet. A few days after the list was shut down, Gordon Lyon, a fan of the list and himself a respected security researcher, surfaced to take over the administration of the list, with Cartwright's blessing.
Lyon decided to revive the list because he doesn't buy the arguments of some in the security field that lists like FD are no longer needed. To the suggestions that researchers can just host their advisories on websites like Pastebin and post links to them on Twitter, he said, "Mailing lists create a much more permanent record, and their decentralized nature makes them harder to censor or quietly alter in the future."
More by Evan Schuman
- Evan Schuman: Barnes & Noble plays into Amazon's hands
- Evan Schuman: The data dangers of free public Wi-Fi
- Evan Schuman: What if you can't trust your inbox?
- Evan Schuman: Supreme Court on obvious patents: Common sense isn't so horrible
- Evan Schuman: Do you know the people you're following on Twitter? Neither does Twitter, apparently
- Evan Schuman: Is Google forgetting that interactivity pays its bills?
- Evan Schuman: Killer robots? What could go wrong? Oh, yeah ...
- Evan Schuman: One law to rule all data breaches -- but let's make it a real law
- Evan Schuman: Snapchat's reputation is vanishing (unlike its images)
- Evan Schuman: Snapchat's latest feature shows why IT must tame marketing's inner monster
- Troubleshooting Common Issues in VoIP Learn more about Voice over Internet Protocol (VoIP), including common VoIP metrics used, best practices in VoIP management and tips and tricks for...
- 2013 Network Management Software (NMS) Buyers Guide This white paper contains an independent comparison study of six different network management solutions and provides guidance on how you can choose the...
- Rightsizing Your Network Performance Management Solution: 4 Case Studies This white paper discusses challenges encountered as organizations search for the most cost-effective network performance management solution.
- Global Growing Pains: Tapping into B2B Integration Services to Overcome Global Expansion Challenges A recent survey by IDG Research explored both the challenges and pain points companies face when growing globally, as well as the capabilities...
- E-Signature RFP Checklist Webcast If your organization is looking to adopt e-signatures, you may be overwhelmed by the number of providers that offer seemingly similar solutions. How...
- Cloud and Collaboration: Driving Your Business Value Mission Critical Cloud from Peer 1 Hosting is enterprise-grade. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!