×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

202 comments

first post (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#3905172)

first post

Conflict of Interest? (5, Insightful)

darylp (41915) | more than 10 years ago | (#3905174)

Will we be seeing more minor security issues inflated to cataclysmic proportions just so Symantec can sell a few more virus scanners?

Re:Conflict of Interest? (0)

Anonymous Coward | more than 10 years ago | (#3905280)

Gee...now more of an excuse for symantic to say "What virus?" until they actually have a fix for it.

Re:Conflict of Interest? (1)

Anonymous Coward | more than 10 years ago | (#3905374)

Probably. We'll may have to move SecurityFocus a little farther down on the list of sources that we trust and whose links that we visit regarding security matters. It remains to be seen if that trust (and link) winds up above or below that of ISS's. Let's hope Symantec can resist the temptation to turn their new acquisition into nothing more than a marketing tool.

Re:Conflict of Interest? (5, Insightful)

tcc (140386) | more than 10 years ago | (#3905410)

I'd be more worried about them *NOT* releasing some security issues of those 800 pounds gorilla that promotes security through obscurity instead of writing safer code.

Symantec is a corporation after all. If let's say, a certain company would cut them vital information required for the lowlevel of the system so that their antivirus technology work effectively (on their future OS), well I can see a very *VERY* persuasive effort that could just work.

I am happy for the people at security focus if it pays off their hard work, but I am worried about the quality and most importantly, the neutrality of the service that will result from this acquisition.

Re:Conflict of Interest? (3, Funny)

spacefrog (313816) | more than 10 years ago | (#3905431)

Yeah, Imagine in the investment world, if the underwriter, broker and analyst all worked for the same company.

Oh Wait . . .

Re:Conflict of Interest? (2)

SkyLeach (188871) | more than 10 years ago | (#3905452)

Absolutely this is COI! They will be publishing every minor non-threat virus and probably every virus which is theoretical and not in the wild as well.

This is a bad thing IMHO.

Re:Conflict of Interest? (1)

antirename (556799) | more than 10 years ago | (#3905492)

Or, will we be seeing less if Symantec institutes a policy of "the vendor has a year to respond before this can be made public, so don't post that?"

1st post? (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#3905177)

1st post?

Reputation (0)

Anonymous Coward | more than 10 years ago | (#3905180)

Well, I guess that Symantec doesn't exactly have the best reputation right now... Let's see how that resonates with the community.

tmegapscm

wisdom of investment (-1, Flamebait)

Anonymous Coward | more than 10 years ago | (#3905187)

Isn't Windows outdated?

What Aleph1 has to say... (5, Interesting)

fungus (37425) | more than 10 years ago | (#3905188)

From: aleph1@securityfocus.com [mailto:aleph1@securityfocus.com]
Sent: Wednesday, July 17, 2002 5:28 PM
To: bugtraq@securityfocus.com
Subject: Administrivia: Symantec acquiring SecurityFocus

Good day,

Today, SecurityFocus and Symantec announced that Symantec is acquiring
SecurityFocus. Symantec sees real value in the services SecurityFocus
provides to its customers and believes they are an excellent fit with
their current offerings. We at SecurityFocus see this as an opportunity to
provide even better services for the security community.

Symantec recognizes the value and uniqueness of the public services
SecurityFocus provides to the community, such as the numerous mailing
lists we host and the content we provide via the SecurityFocus Online web
site.

In particular, Symantec and SecurityFocus want to ease any fears as to
whether the character of this mailing list will change.

Frequently Asked Questions:

Q. What is the Symantec strategy for keeping data sources?

A. We believe it is critical to maintain the integrity of the existing
security community currently part of the SecurityFocus portal and
Bugtraq mailing list.

Q. What is Symantec's disclosure policy?

A. Symantec believes in responsible vulnerability disclosure and is active
in initiatives to set best practices in this area. Our first priority
is to help our customers protect their computing assets by providing
tools and information to safeguard their systems.

We will work with vendors, if we discover vulnerabilities in other
products, to report and investigate the issue in a thorough and timely
fashion, in the same way that Symantec will work with other security
researchers if they find an issue with any Symantec technology.

We observe a 30-day grace period after the notification of a security
advisory to give users an opportunity to apply the patch. During this
grace period, we provide our customers significant information about
the vulnerability and the fix, but not step-by-step instructions for
exploiting the vulnerability. We do not provide detailed exploit code
or provide samples of malicious code except to other trusted security
researchers and in a secured manner.

Q. Will Symantec change SecurityFocus' vulnerability reporting policy?

A. We believe that in order for the SecurityFocus/Bugtraq community to be
effective, it must be an independent entity. We believe that its
current disclosure policy is appropriate for the venue. Symantec will
continue to operate with its separate disclosure policy.

Sincerly,
Elias Levy, David Ahmad,
and the rest of the SecurityFocus staff

Re:What Aleph1 has to say... (3, Insightful)

antirename (556799) | more than 10 years ago | (#3905628)

Read earlier post... they don't exactly define responsible disclosure, do they? A week? Two weeks? A month? A year? I think it was Fyodor who independantly came up with a framework for responsible disclosure. It will be interesting to see if Symantec is more interested in making potential problems public knowledge or protecting companies that could be embarrased by them.

Prediction! (5, Interesting)

Codex The Sloth (93427) | more than 10 years ago | (#3905193)

Prediction: Symantecs products are going to suddenly become very secure.

Re:Prediction! (0, Troll)

jmagar.com (67146) | more than 10 years ago | (#3905463)

Ha in your face #93427! I'm #67146!

Loss of credibility (5, Insightful)

BobRoss (63028) | more than 10 years ago | (#3905194)

This buyout (sellout?) makes the site a lot less credible in my opinion. They are simply going to use the site to sell more virus protection software.

Hogwash (1)

glrotate (300695) | more than 10 years ago | (#3905278)

Norton's products are quite good. NAV and NIS are the best in their class and absolute requirements for any internet pc.

Re:Hogwash (1, Funny)

Anonymous Coward | more than 10 years ago | (#3905349)

Norton's products are quite good. NAV and NIS are the best in their class and absolute requirements for any internet pc.

You watch too much techtv.

Re:Hogwash (2)

Stonehead (87327) | more than 10 years ago | (#3905470)

Does your 'absolute requirement' run on my Unix internet pc? And how much of the exact 0 viruses that ever infected it would require it?

Demographics of /. (1)

glrotate (300695) | more than 10 years ago | (#3905525)

You forget the overwhelming majority of us on /. run Windows with IE.

Re:Demographics of /. (0)

Anonymous Coward | more than 11 years ago | (#3905714)

you shouldn't be here then.

Re:Hogwash (1)

antirename (556799) | more than 10 years ago | (#3905637)

Only on Windows... and I use macafee anyway on my gaming box. Ever heard of Snort? They DID port that to windows, you know :)

Re:Loss of credibility (0)

Anonymous Coward | more than 10 years ago | (#3905451)

heh, nav is just one product they sell. They have a lot of over services and products that they have added in the recent years. You should read their website.

Great. Just great. (0, Redundant)

Apuleius (6901) | more than 10 years ago | (#3905201)

The sleazy panic-mongers of Symantec have just scored a major victory. Without Security Focus, FUD-fighters will have that much harder a time advocating sane policies. Oy.

symantec will NEVER be secure (5, Insightful)

GoatPigSheep (525460) | more than 10 years ago | (#3905215)

their products will never be secure as long as they do not detect the fbi's spy software.

Re:symantec will NEVER be secure (0)

Anonymous Coward | more than 10 years ago | (#3905336)

Actually Symantec does indeed detect that fbi software, you are thinking of mcafee.... silly FUD trolling is for cows

Re:symantec will NEVER be secure (0)

Anonymous Coward | more than 10 years ago | (#3905359)

AS a Follow up to my last troll, consult here for the position of Symantec's CEO on all of this:

JT Speaks [rense.com]

Re:symantec will NEVER be secure (0)

Anonymous Coward | more than 10 years ago | (#3905338)

Read the stories...they do/would if it existed.
http://www.rense.com/general17/balk.htm
http://abcnews.go.com/sections/scitech/CuttingEdg e /cuttingedge011221.html

Re:symantec will NEVER be secure (0)

Anonymous Coward | more than 10 years ago | (#3905390)

Symantec will detect the FBI Spy software. Check this out:

"Symantec's first priority is to protect our customers from malicious and illegal attacks. We have no intention of leaving or creating a hole in our software that might compromise our customers' security."

This was taken from CBS Marketwatch at: http://www.marketwatch.com/news/story.asp?print=1& guid={5A7D3C17-23C3-4C41-A071-6329E2E112F1}&siteid =yhoo

Re:symantec will NEVER be secure (2)

John Hasler (414242) | more than 10 years ago | (#3905500)

Symantec will detect the FBI Spy software.

Oh, well. It's ok, then. I mean, if they _said_ so, it _must_ be true, right?

The end of the best security related mailing list? (1)

5r (585302) | more than 10 years ago | (#3905217)

I've always had followed closely the bugtraq list, and I belive strongly it's cutting edge anything goes security ... wonder how the Symantec staff would moderate it

Re:The end of the best security related mailing li (1)

TheDarkRogue (245521) | more than 10 years ago | (#3905244)

From: xxxxx@xxxxx.xxx
to: BugTraq Mailing list
Subject: Large hole in Norton Firewall

Would you like to not send this message to the list?
>Yes
Message Deleted

What kind of intentions? (1)

prof187 (235849) | more than 10 years ago | (#3905224)

I wonder what kind of intentions Symantec has here. If they want to use SecurityFocus as a well-known security company to help make their products better, or if they just want them for the name. Consider "Tommy Boy"...

I think they'll need new servers.... (5, Funny)

reaper20 (23396) | more than 10 years ago | (#3905226)

The contest is on...

Which will be worse, the slashdot effect or the mass unsubscribes pounding the mailing lists??

My Lunix Experience by poopbot (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#3905227)

I've been using home computers since the VIC-20 and I've come to dread and fear the possibility of being forced to adopt Linux as a result of Microsoft's heavy-handedness. After being hyped by friends and co-workers about the pleasures of this great and fantastic open-source operating system, I attempted to load Linux, not once but four times on three year old PC that was previously running Win98.

The first time took me about an hour to realize that I had to reformat the hard disk and wipe out years worth of work (after backing it up on CD-R). Then I had to figure that the only way to get the Linux CD to actually start loading was to boot it from the CD by modifying the CMOS settings as the PC was starting up. A simple line suggesting this that could have been printed on the CD would have saved a lot of time!

After loading a whole gigabyte of stuff onto the empty hard drive (do I really need to load 50 megabytes of TeX fonts when I'm just trying to get a demo of Linux????), the entire process halted when the floppy disk drive didn't respond. The Linux loader demanded a working floppy backup of some obscure file be made and since I've never used the floppy drive, I didn't know that it didn't work. The installation process locked up and I had to reboot.

The reboot left me in UNIX hell: a black screen half filled with incomprehensible characters with a single flashing dollar sign as the only indication that the entire PC was still working. No matter what I typed or tried (simple intutitve commands like 'help' 'review' 'exit' 'restore' 'dir' 'What the fuck is happening?') nothing made any intelligent response except for returning me to the flashing dollar sign. Shit! I'm in Dante's seventh circle of hell for misers. I was forced to reformat the hard drive and reinstall Windows in order to confirm that I still had a working PC.

I bought a new floppy drive that I will never use in order to load this wonderful and fantastic operating system. Reformated the hard drive, reset the CMOS, and loaded a whole gig of worthless junk from the penguin CD. Everything loaded and I made all of the selections for keyboard and mouse ect... The system rebooted and got to the point where it should have started to work and simply stopped. No response to mouse, keypress, or anything. I reloaded Windows (it worked perfectly) and decided to load Linux on my new good computer.

I ended up back bashed back in UNIX hell and having to load Windows and ALL of my programs and files from CD backups, which took hours. I convinced that Linux is some kind of really bad joke or else an 'emperor's new clothes' type of mass hallucination. How can anyone with a pretension of being a computer professional seriously believe or claim that this junk is ready to take on Windows?

- posted by poopbot: the bot formerly known as pwpbot

Xg7bcDAs6I

I'm glad I have Junkbuster (2)

smnolde (209197) | more than 10 years ago | (#3905234)

I hate going to any symantec website. Their web pages reek of ads for different products. I'm glad I use Junkbuster to block all of them.

And I'm doubly-glad I use mozilla to stop those damn pop-ups.

And SecurityFocus.com was a great site... I can only hope Symantec doesn't run it into the advertising ground.

Re:I'm glad I have Junkbuster (2, Interesting)

petong (320755) | more than 10 years ago | (#3905326)

I just installed privoxy [privoxy.org] which is based on junkbuster. Not only does it filter out ads, but pop-ups as well. nice.

Re:I'm glad I have Junkbuster (2)

_Sprocket_ (42527) | more than 10 years ago | (#3905444)

AND privoxy does a pretty decent job at filtering Flash ads. I don't mind ads in general... in fact, I've been slowly easing up privoxy's default config to allow for more ad banners. But I do hate Flash, user tracking, stupid java tricks, blinking ad banners... and other such marketing shennanigans.

Re:I'm glad I have Junkbuster (0)

Anonymous Coward | more than 11 years ago | (#3905716)

Exactly which Symantec web sites "reek of ads for different products" ?

I checked www.symantec.com & www.sarc.com & http://securityresponse.symantec.com/

I failed to see any ads - unless you mean the ads under the "Products" area... which um, would seem fairly normal.

Cool but come on...... (1)

Hacker'sEdict (593458) | more than 10 years ago | (#3905245)

"With this acquisition, Symantec will offer customers the most comprehensive, proactive early warning system across the broadest range of threats." How long do you think it will take befor an update is released for it after it is released? 5 10 mins? the most! Some one is going to be able to get through it just like everyone else.

Full Disclosure Mailing List (5, Informative)

eejack (416145) | more than 10 years ago | (#3905246)

There was a new list started about 2 weeks ago, directly because of this potential issue:

Here was the announcement:

Subject: Announcing new security mailing list

We are pleased to announce the creation of a new security mailing list
dedicated to FULL DISCLOSURE. When Scott Chasin handed over the bugtraq
mailing list, it was clearly dedicated to the immediate and full
dissemination of security issues. The current bugtraq mailing list has
changed over the years, and some of us feel it has changed for the worse.

If you believe in full disclosure, and wish to participate in unfettered,
and unmoderated discussions, please feel free to subscribe to the new
mailing list by accessing http://lists.netsys.com [netsys.com]

Rumours of NAI/McAfee acquisition discussions with (1)

jordan (17131) | more than 10 years ago | (#3905258)

What's REALLY interesting is I've heard that NAI/McAfee have been in acquisition discussions with Symantec.

So, Symantec buys SecurityFocus, NAI busy Symantec, and boom, overnight you have a huge amalgam of one-stop Security and Anti-Virus.

Jeez, kinda scary. No?

--jordan

Re:Rumours of NAI/McAfee acquisition discussions w (0)

Anonymous Coward | more than 10 years ago | (#3905353)

SYMC is larger than NAI by quite a bit. This isn't gonna happen.

Re:Rumours of NAI/McAfee acquisition discussions w (0)

Anonymous Coward | more than 10 years ago | (#3905467)

symantec made 331 million this quarter, NAI made 22 million... good luck with that idea.

Re:Rumours of NAI/McAfee acquisition discussions w (2)

brunes69 (86786) | more than 11 years ago | (#3905767)

Not really scary to me, seeing how their entire product line is useless on any of my Linux machines anyways.

the broadest range of threats? (1)

Jonny Ringo (444580) | more than 10 years ago | (#3905281)

With this acquisition, Symantec will offer customers the most comprehensive, proactive early warning system across the broadest range of threats.

Does that include threating emails from ex-girl freinds?

Cause if soo Sign me up!

Not Sure What To Make Of This (4, Insightful)

White Roses (211207) | more than 10 years ago | (#3905285)

So, a company that I do not fully trust when it comes to acurate, honest security reporting purchased a forum (company?) which I do trust on those same matters.

I don't really know what to say. It'd be like Ford buying Volvo or something. Oh, wait . . .

Re:Not Sure What To Make Of This (0)

Anonymous Coward | more than 10 years ago | (#3905376)

I don't really know what to say. It'd be like Ford buying Volvo or something. Oh, wait . . .

That implies that you trust Volvo. I don't know if I can say the same... :)

WHY THE FUCK?? (-1, Troll)

Anonymous Coward | more than 10 years ago | (#3905302)

why in the world would you let yourself be bought out by SYMANTEC??? Good god, this is a sad day, I will wear a black armband for the next two weeks to mourn this tragic loss.

The new BugTraq (4, Funny)

Stephen VanDahm (88206) | more than 10 years ago | (#3905316)

REALLY BAD SECURITY VULNERABILITY EXPOSED

DATE: July 17, 2002

AFFECTED SYSTEMS:

All systems for which Symantec sells products.

DESCRIPTION:

Holy Fucking Shit!! The computer just, like, explodes! It's the end of the world!

WORKAROUND:

Install Norton Anti-Virus. If you already have Norton Antivirus installed, buy another copy and install it. That'll fix it, we promise.

Re:The new BugTraq (5, Insightful)

kir (583) | more than 10 years ago | (#3905473)

While exaggerated, I think your post is probably and example of the future of any mailing list done by SecurityFocus. Sad. Symantec always seemed cheap and sleezy to me while SecurityFocus at least tried to be legitimate.

With this purchase, SecurityFocus' credibility (at least with me) has gone out the window. I can't see how they can continue to be credible when they've got a company in charge that ONLY cares about the bottom line. Just look at their irresponsible virus warnings (as you've so clearly demonstrated). Boooooo!

Re:The new BugTraq (1)

Faust7 (314817) | more than 10 years ago | (#3905527)

I would love to see "Really Bad" used in any newspaper headline at all.

(I ran across the phrase "wild sex" in a graduate thesis once. That was amusing. This would be more so.)

Re:The new BugTraq (0)

Anonymous Coward | more than 11 years ago | (#3905676)

I saw 'went ballistic' in a thesis paper once, thought it utterly pathetic... A year and a half later, I saw it in a newspaper headline. Quite frightening.

Re:The new BugTraq (2)

bergeron76 (176351) | more than 11 years ago | (#3905773)

I agree. It is quite frigtening that you don't observe the natural evolution of language. If I saw "went ballistic" on a newspaper heading, I'm quite certain I would understand it.

Dude, you must be an old professor or something.

Distrust of everything (0)

Anonymous Coward | more than 10 years ago | (#3905321)

What sort of changes should we expect from Security Focus? I imagine anything to remain profitable.

Reality flayed open before your eyes, a macabre spectable to be suppresed lest one becomes disturbed. Nothing to see here, return to your television and its subliminal scalpels because the brain cannot feel pain. Follow the path lain before you, avoid all troubles. Eyes wide open in blank ingnorance, forever young and stupid. But it's OK, others will pick up the chain where you've fallen and continue on. Your bones will lie parallel to some milestone in the march of time, and hopefully you didn't spend your days as a fucking moron.

A distillation of Alice in Chains, Jar of Flies.

Another free service turned pay-based (1)

urbieta (212354) | more than 10 years ago | (#3905342)

There goes another usefull service being prostituted by corporate morons with a MILK THE MASSES mission statement, I guess well have to use another means of information :D

this is the company that would allow magic lantern (5, Insightful)

NetBoy (131975) | more than 10 years ago | (#3905356)

Hmmm, this reminds me of something, lets see....

Ahh, Symantec pledges to acquiese to FBI backdoor demands [politechbot.com]

This is a real problem and needs to be addressed.

Has Symantec policy changed with respect to things
like magic lantern and so forth?

bugtraq. Poof.

Re:this is the company that would allow magic lant (0)

Anonymous Coward | more than 10 years ago | (#3905393)

Yeah it chnaged;

http://www.rense.com/general17/balk.htm

Well, (1)

Aknaton (528294) | more than 10 years ago | (#3905357)

I'm sure SecurityFocus will suck by the time they are done with it.

(Sorry if this is trollish but it just seems like things get worse when an outside company aquires something useful.)

Bad news... (2, Interesting)

Cinabrium (571473) | more than 10 years ago | (#3905362)

for all the information security community. Some of the probable effects have already been discussed in other postings:
  1. Would we believe the seriousness of virus threat anouncements? (BTW, please see the interesting musings of Bruce Schneier in the last issue of CRYPTO-GRAM [counterpane.com].
  2. Would we believe in the security of Symantec's products?
  3. Would Symantec take advantage of first hand information before releasing it to public knowledge?
Even if bugtraq keeps its objectivity (and what a big "if" is that!), doubt will ever remain. A critical resource for the security community has been lost, at least because of the lack of credibility in the new owners.

Where is Symantec headed? (5, Informative)

drew_ri (236095) | more than 10 years ago | (#3905385)

This is interesting news. It is a loss to the security community at large, since securityfocus was such a great resource, although once they went commercial it lost a lot of its appeal to me. Symantec is really positioning itself to be the M$ of security here. About 8 months ago, I was at a meeting with some of their top Sales and Product Dev. folks, and they presented their offerings roadmap. It included an appliance which would:

Serve as a FW/VPN

Act as a network IDS

Serve as a management console for Host IDS

Act as the A/V Manager
Because they have agents installed on every machine when you run Intruder Alert, NAV, or other tools, it would allow them to sync up the status of a host, network, etc. with the mothership at Symantec-Focus, and determine in real-time what devices are vulnerable. This is kind of cool in concept but not easy in execution.

My concern is that they already have bought other products, which are completely jacked up and are still not fixed. I spent my Thanksgiving morning last year doing a disaster recovery on a Symantec Intruder Alert System...what a mess that product is...where is the high availability, the fault tolerance, etc.? Again...cool concept, crappy execution.

This merger puts Symantec in direct competion with folks like eSecurityOnline, and I can tell you that for people already in bed with Symantec who have legal obligations to stay on top of vulnerabilities (e.g. Banks) this makes it a one stop shop for them. I see it as a conflict of interest. They should buy a couple of pen-test companies while they're at it and they can even validate their product implementations are secure ;)

Depressing.. (1)

mrwonton (456172) | more than 10 years ago | (#3905388)

Not that I have anything against Symantec, but it depresses me to see a great resource such as SecurityFocus acquired by a company that notoriously blows the very thing people look to SecurityFocus to provide out of proportions.

Awsome! (2)

MrResistor (120588) | more than 10 years ago | (#3905392)

Now Symantec can screw up SecurityFocus like they've screwed up everything else that was useful until they bought it!

Sorry for the flamebait, but I've bought too many Symantec products over the years, and they seem to get worse with every revision. I remember when Norton Utilities was something beneficial, now I refer to that package as Norton Anti-System.

Other fun past experiences with Symantec products have included Act, which was a big pile of poo, and WinFax, which was pretty good last time I used it, as long as you limited your use to a specific subset of it's advertised functionality.

Re:Awsome! (2)

tcc (140386) | more than 10 years ago | (#3905541)

>Now Symantec can screw up SecurityFocus like they've screwed up everything else that was useful until they bought it!

Atguard is the perfect example of this...

Tried systemworks with internet security 2002? well "DUDE you need a GHZ DELL" to run this thing, and what more does it give than the original atguard? well.. list updates, and some automated features that punches holes left and right therough the firewall, for "user's simplicity"'s sake... Everything slowed down to molasse and it's a shame.

At least ghost is still working well and the improvements are nice, but that's the only product that I can only say good things about since it got acquired.

Are Symantec's interests honest? (1)

Hheero (584573) | more than 10 years ago | (#3905402)

If Symantec wishes to maintain the bugtraq in similar fashion as it presently exists, why would they shell-out 75 million dollars when they could have just perused the site fo' free?

Next is dotSymantec, subscribe for yearly fee to get AntiVirus software, updates, and security advisories...The Internet is beginning to suck, I'm going back to the library, some of those are still FREE!

Re:Are Symantec's interests honest? (0)

Anonymous Coward | more than 10 years ago | (#3905489)

Read the PR VERY carefully. You're closer to the truth than you even know :P

-Newhire NAV CE agent.

Re:Are Symantec's interests honest? (1)

program21 (469995) | more than 10 years ago | (#3905505)

This seems like a sign pointing out that Symantec only wants the SecurityFocus name.

Re:Are Symantec's interests honest? (1)

antirename (556799) | more than 11 years ago | (#3905663)

Ok, you'll know when you read it in print six months later how your box got rooted. Actually, that could happen with the buyout of bugtraq too. Spend some time on IRC, on the blackhat sites, and talking to script kiddies instead of hanging out on Slashdot all day. You'll be just as well informed. It won't change anything for the 'kiddies, and it shouldn't for you either unless you just like being uninformed.

It doesn't matter (5, Insightful)

platypus (18156) | more than 11 years ago | (#3905682)

If they believe they just need to shell out 75 million dollars for a stinking mailing list in order to contral an important part of the world's infrastructure, they are idiots.
Getting something to work like bugtraq technically is absolutely no problem. A mailing list with 30000 subscribers, ok let it be 300000, isn't voodoo.
The "selling point" of bugtraq is/was the trust many people have in them, the people which post there, their policy. If anything would cause people to mistrust them, it needs just one trusted guy from the security community to start a new list, and bugtraq is dead. I've even read a post that one alternative has already started.
If someone like Dan Farmer, Wietse Venema or, for the hell of it, Bruce Schneier decided to start a bugtraq clone, the original would not stand a chance if its reputation had already been damaged.

Symantec sells more than JUST anti-virus crap (1)

huckda (398277) | more than 10 years ago | (#3905403)

As if they were the enemy or something...
the enemy is NOT microsoft nor virus authors.
the enemy IS those ignorant programmers that have no idea how to test their code to see if the CODE is vulnerable...

Symantec taking over should have little effect on the amount of product they sell. They are simply heading into a new market and doing so by purchasing the leader in that market. By being ready for what may come, they can better attack the problems when they arrive and better serve their customer base.

--Huck

Re:Symantec sells more than JUST anti-virus crap (2)

antirename (556799) | more than 11 years ago | (#3905685)

No, the enemy is the script kiddies and worms that prey on low-hanging fruit. To defend against them, you need to know when an exploit is in the wild. Knowing when a vendor and/or Symantec made the problem the exploit exploits public is useless if it's too late. You want the most current information you can get... at least that way, you can just disable a service or do a work-around until a patch comes out. Do I trust a large corporation not to brush things under the rug in exchange for keeping other large corporations from being embarassed? No. Should you? Personal choice, I guess. I'll stick to IRC and the more arcane sites for info until I'm proved wrong. Word spreads fast these days, what with the internet and all...

Editorial Independance (3, Interesting)

klp (169904) | more than 10 years ago | (#3905430)

At the company-wide meeting about the acquisition, Symantec president John Schwarz said repeatedly that Symantec is committed on the highest levels to keeping the SecurityFocus Web site [securityfocus.com] alive, and editorially independant. A written policy will set this out explicitly in the weeks to come.

Re:Editorial Independance (4, Interesting)

Quixote (154172) | more than 10 years ago | (#3905562)

"Editorial independance" (sic) lasts only as long as they don't get sued by Micro$oft over some trivial little exploit that gets posted on SecurityFocus. After that, "independance" goes out the window, and the answer is "how high?" (IYKWIM).

Re:Editorial Independance (0)

Anonymous Coward | more than 10 years ago | (#3905580)

Will they still report security holes in Symantec's personal firewall products?

Re:Editorial Independance (1)

antirename (556799) | more than 11 years ago | (#3905698)

yet to see it, though... you would have thought that they would have hammered that one out before the deal was signed...

Re:Editorial Independance (1)

joesklein (141324) | more than 11 years ago | (#3905734)

Samuel Langhorne Clemens once wrote:

There are lies and then there are dam lies.

I propose a third.
There are lies from yet another CEO.

Argh!!! (1)

jcoy42 (412359) | more than 10 years ago | (#3905455)

They (the list administrators for securityfocus.com) have sent me this about a billion times now- one copy to each list I subscribe too. Then I check slashdot for a break from all the email spam and there it is again..

So I guess that means that Symantec has acquired SecurityFocus. I also heard that Symantec has acquired SecurityFocus. And in related news, yeah, you guessed it- Symantec has acquired SecurityFocus.

Gee... (-1, Troll)

Anonymous Coward | more than 10 years ago | (#3905456)

I just hired a new techie yesterday to handle some of my clients, shouldn't I be slashdotted?

Packetstorm..... (2, Interesting)

micaiah (593598) | more than 10 years ago | (#3905512)

Yeah this really is depressing. However, another site I like in case any of you are unaware is Packetstorm [packetstormsecurity.org]. I like it a lot and so far it hasn't sold out. :-(

Re:Packetstorm..... (2)

friday2k (205692) | more than 10 years ago | (#3905550)

Remember Packetstorm was related to Securify. And they lost quite some money on it afaik.

How to tell if they are cheating... (1)

DearSlashdot (592493) | more than 10 years ago | (#3905586)

Symantec claims that it SecurityFocus will still be "independent". It's possible, but unlikely. The true test will be how often a vulnerability shows up before Symantec releases a fix.

Mixed feelings... (4, Interesting)

Rain (5189) | more than 11 years ago | (#3905645)

While it appears that Symantec will generally leave Bugtraq alone (not that it's been very useful for some time, imho), I don't really trust them.

Let me provide my basis (petty as it may seem): I'm the system administrator at an ISP small enough that I do some of the tech support. I've seen NAV's mail scanner totally screw up peoples' mail settings enough times that I don't think quality is something they emphisize. To make matters worse, this problem tends not to be fixed by a reboot, and NAV will lock the mail server fields in OE (I don't think it can do that in Netscape/Mozilla, but I'm not sure) making it impossible to use the affected mail account without completely deleting it and readding it. Sometimes, disabling and re-enabling mail scanning will fix the problem, but that's not always the case.

I used to prefer NAV over most other virus scanners (and some other Symantec products back in the days of MS-DOS), but I really think they've gone downhill in the past several years. I hope that the same fate doesn't come to Bugtraq--the list has already become bad enough.

Great. (2)

mindstrm (20013) | more than 11 years ago | (#3905679)

Now I'm terrified.

The company who's tech support told me "Sir, you shouldn't use that program, it's dangerous" when I called, as their customer, to ask how I could remove a so-called 'virus' from the scanning list.

IMHO SecurityFocus sold out (1)

attobyte (20206) | more than 11 years ago | (#3905728)

I think we need to start looking for another security site. I don't want one controlled by a large Corp.

This is a sad day :(

Mike

Shameless Plug (2)

ActMatrix (246577) | more than 11 years ago | (#3905762)

SecurityFocus is an excellent asset to the security community and I do hope it manages to retain its journalistic independence through this whole process. I've been running my own small security portal/company the past few years - helps pay the college tuition and all. We do have very thorough daily coverage of news and significant vulnerabilities and the site has a Slashdot-esque feel...URL is in my sig if anyone wants to check it out.

Here are the checks and balances... (1)

cide1 (126814) | more than 11 years ago | (#3905795)

The normal "cracker" hates big corporations. If enough crackers realize that every virus they write helps Symantech, they will stop for a while, so Symantech's value to a customer goes down. Symantech will shrink, and security minded people are smart. If security focus is no longer the place to find out about risks, then another source will emerge. The Darwinism of internet communities is great. As soon as one company starts charging for a service, 3 more come out and do it for free, often time learning from the mistakes of the first. Watch this cycle with music sharing. The only music sharing that is viable for more than 6 months at a time is IRC and FTP.

smells like (0)

Anonymous Coward | more than 11 years ago | (#3905802)

ssshhhhhhhhhhiiiiiiiiiitttttttttttttt

Boy, it's a rotten, commercial world out there.

Now I'll get my Symantec-slanted Bugtraq chock full O' commercial advertisements.

This just seems wrong.

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...