On Mon, 14 Mar 2005 20:21:35 +0300, phased said: > > no they didnt, shit paper, nothing new, absolute crap just publicity bollocks (I haven't actually read the paper in question yet, but still..) Notice that often, a "nothing new" paper can still be important just due to readability by an audience other than the technical geeks. For example, it's been *years* since "Smashing the stack for fun and profit" made it all clear for the bitheads among us - but would you give it to your upper management as justification for a project? No, you'd need to find a white paper that had "nothing new" in it, but which stated it in a way that the threat becomes clear even to a manager. And writing something that's accessible by a *novice* sysadmin that has maybe a year or two experience is an entirely different skill.... In fact, for some stuff like the FBI/SANS Top 20 we do every year, or the Center for Internet Security benchmarks, if something is "new", it's almost certainly out of scope - when I did a very early draft of what Hal Pomeranz ended up making into the CIS Solaris benchmark, "Have I heard this point enough times I want to gag" was one of the clearest indicators that something should be in the guidelines...
Attachment:
pgp00051.pgp
Description: PGP signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://www.secunia.com/