[Snort-sigs] Sourcefire VRT Certified Snort Rules Update

evilghost at ...3397... evilghost at ...3397...
Tue Nov 17 18:23:49 EST 2009


Mike and Nigel, thank you for your understanding and commitment to 
address this in the future.  While frustrated and annoyed, I hope I was 
able to effectively communicate with tact and professionalism the issue, 
as observed, from the outside looking in.

-evilghost

Mike Guiterman wrote:
> Your frustration is understood.  Sorry about the premature email announcing
> the fix.  We're working on it now.  Our apologies to everyone affected.
>
> Regards,
>
> Mike
>
> On Tue, Nov 17, 2009 at 3:13 PM, evilghost at ...3397... <
> evilghost at ...3397...> wrote:
>
>   
>> Nigel, thank you for this response, however, I believe it to be a
>> reasonable expectation that the VRT announcement emails which are made
>> to this list, with a corresponding URL to the Change Log, function
>> correctly at not be 404.  Additionally, when an issue is reported it
>> would be nice to have this addressed in a timely basis and
>> comprehensively; due diligence should be done to verify the Change Log
>> is actually working as expected before claiming it is, as it only makes
>> SourceFire look incompetent when the converse is true.
>>
>> As of now the notification system for VRT appears to be diffused across
>> many different mechanisms, from sporadic functioning mailing lists to
>> Blogs.  While I'm not opposed to another technological approach to
>> management of the Snort rules and the accompanying change notification
>> it is a disservice to your VRT subscriber base to continue in this
>> downward spiral of mismanagement and haphazard issue resolution.
>>
>> I could only hope that the information available of Snort.org would be
>> an authoritative source, the URLs in VRT announcement messages would be
>> functional, and that I should not have to rely on additional tool to
>> perform what is purported to already exist.
>>
>> As a paying VRT subscriber I am entitled to make these criticisms,
>> especially when they have merit.
>>
>> Thanks,
>> evilghost
>>
>>
>> Nigel Houghton wrote:
>>     
>>> On Tue, Nov 17, 2009 at 2:22 PM, evilghost at ...3397...
>>> <evilghost at ...3397...> wrote:
>>>
>>>       
>>>> Negative, this is not resolved.
>>>>
>>>>         
>> http://www.snort.org/vrt/docs/ruleset_changelogs/changes-2009-11-13.html
>>     
>>>> loads correctly and contains two HREFs to the Change log itself, one for
>>>> 'Snort Version CURRENT' and one for 'Snort Version 2_8'
>>>>
>>>>
>>>>         
>> http://www.snort.org/vrt/docs/ruleset_changelogs/CURRENT/changes-2009-11-13.html
>>     
>>>> is HTTP 404.
>>>>
>>>>         
>> http://www.snort.org/vrt/docs/ruleset_changelogs/2_8/changes-2009-11-13.html
>>     
>>>> is HTTP 404.
>>>>
>>>> C'mon guys.  Many of us depend on these Change Logs before we blindly
>>>> push out these VRT rules and the inability to correctly manage these
>>>> Changelogs reflect poorly on you (SourceFire), especially when there's a
>>>> 4 day lapse in response when the issue was initially reported and still
>>>> it has not been resolved correctly.
>>>>
>>>> -evilghost
>>>>
>>>> Mike Guiterman wrote:
>>>>
>>>>         
>>>>> This has been fixed.  Thanks for the report.
>>>>>
>>>>> On Fri, Nov 13, 2009 at 4:24 PM, evilghost at ...3397... <
>>>>> evilghost at ...3397...> wrote:
>>>>>
>>>>>
>>>>>
>>>>>           
>>>>>> The changelog is HTTP 404.
>>>>>>
>>>>>> research at ...435... wrote:
>>>>>>
>>>>>>
>>>>>>             
>>>>>>> -----BEGIN PGP SIGNED MESSAGE-----
>>>>>>> Hash: SHA1
>>>>>>>
>>>>>>>
>>>>>>> Sourcefire VRT Certified Snort Rules Update
>>>>>>>
>>>>>>> Synopsis:
>>>>>>> This release adds and modifies rules in several categories.
>>>>>>>
>>>>>>> Details:
>>>>>>> As a result of ongoing research, the Sourcefire VRT has added
>>>>>>>               
>> multiple
>>     
>>>>>>> rules to the specific-threats, web-misc, p2p, backdoor and
>>>>>>>               
>> spyware-put
>>     
>>>>>>> rule sets to provide coverage for emerging threats from these
>>>>>>> technologies.
>>>>>>>
>>>>>>> For a complete list of new and modified rules please see:
>>>>>>>
>>>>>>>
>>>>>>>               
>> http://www.snort.org/vrt/docs/ruleset_changelogs/changes-2009-11-13.html
>>     
>>>>>>> -----BEGIN PGP SIGNATURE-----
>>>>>>> Version: GnuPG v1.4.6 (GNU/Linux)
>>>>>>>
>>>>>>> iD8DBQFK/cGkQcQOxItLLaMRAk4OAJ9gbdNYa7P1AvbV/GuontbfpwVzYQCfRAgS
>>>>>>> E3O1jvr9wb3Hy+DPpQ2RGLw=
>>>>>>> =c3JW
>>>>>>> -----END PGP SIGNATURE-----
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>               
>> ------------------------------------------------------------------------------
>>     
>>>>>>             
>>>>>>> Let Crystal Reports handle the reporting - Free Crystal Reports 2008
>>>>>>>
>>>>>>>
>>>>>>>               
>>>>>> 30-Day
>>>>>>
>>>>>>
>>>>>>             
>>>>>>> trial. Simplify your report design, integration and deployment - and
>>>>>>>
>>>>>>>
>>>>>>>               
>>>>>> focus on
>>>>>>
>>>>>>
>>>>>>             
>>>>>>> what you do best, core application coding. Discover what's new with
>>>>>>> Crystal Reports now.  http://p.sf.net/sfu/bobj-july
>>>>>>> _______________________________________________
>>>>>>> Snort-sigs mailing list
>>>>>>> Snort-sigs at lists.sourceforge.net
>>>>>>> https://lists.sourceforge.net/lists/listinfo/snort-sigs
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>               
>> ------------------------------------------------------------------------------
>>     
>>>>>> Let Crystal Reports handle the reporting - Free Crystal Reports 2008
>>>>>>             
>> 30-Day
>>     
>>>>>> trial. Simplify your report design, integration and deployment - and
>>>>>>             
>> focus
>>     
>>>>>> on
>>>>>> what you do best, core application coding. Discover what's new with
>>>>>> Crystal Reports now.  http://p.sf.net/sfu/bobj-july
>>>>>> _______________________________________________
>>>>>> Snort-sigs mailing list
>>>>>> Snort-sigs at lists.sourceforge.net
>>>>>> https://lists.sourceforge.net/lists/listinfo/snort-sigs
>>>>>>
>>>>>>
>>>>>>
>>>>>>             
>>> If you use pulled pork to download your rules, it will show all the
>>> changes, including the shared object rules.
>>>
>>> This is a much better way of looking at what you are about to deploy
>>> than a page on a web site. Hopefully, the next release of pulled pork
>>> will give you the option of creating a changelog file. This way you
>>> can see the changes between what you have and what you are getting, as
>>> opposed to the changes between subsequent files.
>>>
>>>
>>>       
>
>   




More information about the Snort-sigs mailing list