EuroCERT Open Meeting, 12. January 1998., Milano
-----BEGIN PGP SIGNED MESSAGE----- EuroCERT Open Meeting 12. January 1998., Milano - Italy This is an open meeting organized by EuroCERT with the intention of gathering European Computer Incident Response Teams and other interested parties together. This meeting is an offspring of the previous FSIG-Europe meetings (FIRST Special Interest Group) organized by DFN-CERT from Germany. This year the meeting is aligned with FIRST sponsored Technical Colloquium and the meeting of the FIRST Steering Committees so it will be opportunity to meet some of well established FIRST members from teams worldwide. However, emphasis is given to European teams and issues. Objectives of meeting: *) To allow European CERT members to get to know each other and share their experience; *) to discuss the immediate steps in order to achieve better cooperation among teams. The provisional agenda will include: *) presentation of EuroCERT *) presentation of new and existing teams *) PGP signing party *) teams/groups/people expectation (especially new ones) *) how to unify terminology (what is an incident, classes, ....) *) what kind of information to share, when, in what form *) what statistics can be produced *) information sharing In order to discuss some topics before meeting feel free to join public@eurocert.net list, for subscription send a mail to public-request@eurocert.net. Note: Unfortunately non-FIRST members are not permitted to participate in the Technical Colloquium, however non-FIRST members are allowed into Steering Committee Meetings (but they are usually very boring). EuroCERT is a service provided as part of the SIRCE (Security Incident Co-ordination for Europe) pilot sponsored by TERENA . This service provides an information resource for computer Incident Response Teams (IRTs). In its current stage the primary objective is to collect and distribute information regarding existing IRTs in Europe. For more information about EuroCERT please visit its WWW site <http://www.eurocert.net>. FIRST, the Forum of Incident Response and Security Teams (FIRST), brings together a variety of computer security incident response teams from government, commercial, and academic organizations. FIRST aims to foster cooperation and coordination in incident prevention, to prompt rapid reaction to incidents, and to promote information sharing among members and the community at large. For more information about FIRST please visit its WWW site <http://www.first.org> -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQCVAwUBNEM/1cAFeq0PniW5AQEfLAQAkiGSC69xDrUxYI8Ne3FuFeKeUdnjcUqm 1yMBwxL2JXnq0sDrPtevC95/xV6wPg4B+J22M1990psC4AEPbuDldv+KgiJstLVY NDiJIHQQl5wOC3zT4vsWB7JwbZdJXDMREI57QZRdxA5vftYb/pRL612R1BIT+UQT Oww8CV41tgQ= =G3lY -----END PGP SIGNATURE----- ------------------------------------------------------------------ EuroCERT, c/o UKERNA tel: (+44 1235) 822 382 Atlas Centre fax: (+44 1235) 822 398 Didcot Oxon OX11 0QS http://www.eurocert.net UK mailto:Damir.Rajnovic@eurocert.net ------------------------------------------------------------------
This is an open meeting organized by EuroCERT with the intention ^^^^ of gathering European Computer Incident Response Teams and other interested parties together. ... This year the meeting is aligned with FIRST sponsored Technical Colloquium and the meeting of the FIRST Steering Committees so it will be opportunity to meet some of well established FIRST members from teams worldwide. Note: Unfortunately non-FIRST members are not permitted to participate in the Technical Colloquium How comes? Are non-FIRST members considered technically incompetent? Is their input not considered worthwhile? Are non-FIRST members considered untrusted, and hence to be kept away from 'sensitive' information? Or is it because of the sponsoring, or to put it another way: money prevailing over valuable technical input from non-members? I wouldn't call that an "open" meeting... Piet
Piet,
This is an open meeting organized by EuroCERT with the intention ^^^^
[...]
Note: Unfortunately non-FIRST members are not permitted to participate in the Technical Colloquium
How comes? Are non-FIRST members considered technically incompetent?
[...] No. Non-FIRST members are not permitted to participate in FIRST technical colloquia. They are allowed and encouraged to participate in EuroCERT open meetings (as well as in FIRST open workshops for the matter). Both events are adjacent for convenience, but independent.
-----BEGIN PGP SIGNED MESSAGE----- Hello Piet, At 12:28 +0200 14/10/97, Piet Beertema wrote:
This is an open meeting organized by EuroCERT with the intention ^^^^ of gathering European Computer Incident Response Teams and other interested parties together. ... This year the meeting is aligned with FIRST sponsored Technical Colloquium and the meeting of the FIRST Steering Committees so it will be opportunity to meet some of well established FIRST members from teams worldwide.
Note: Unfortunately non-FIRST members are not permitted to participate in the Technical Colloquium
How comes? Are non-FIRST members considered technically incompetent? Is their input not considered worthwhile? Are non-FIRST members considered untrusted, and hence to be kept away from 'sensitive' information? Or is it because of the sponsoring, or to put it another way: money prevailing over valuable technical input from non-members? I wouldn't call that an "open" meeting...
In invitation is stated than EuroCERT's meeting is open and it is aligned with FIRST events in order to make possible that FIRST and non-FIRST teams meet each other. I can not answer on your question why FIRST do not allow non-FIRST members on Technical Colloquium, please ask that question on first-sc@first.org (steering committee) and first-sec@first.org (secretariat). I am sure that you will get official answer to that question. Cheers, Damir Rajnovic -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQCVAwUBNENPRsAFeq0PniW5AQFisQQAsDMdg6q20jW/9mIAfW3NYliVvC7ONamz +Eh2tMcIq+KwxoIesZxieugCnhsgDIkqNHKpyDl3e/2lxsWwRBqOvDVHUxUCaZbE gXRC3mvoKsH3UPS8fgV2upme89SU7Q3CIYvnmX7b2uCQiSxn+yRWoWrdozO0yCHD Wjb1k2+aeGE= =M1eA -----END PGP SIGNATURE----- ------------------------------------------------------------------ EuroCERT tel: (+44 1235) 822 382 c/o UKERNA, Atlas Centre fax: (+44 1235) 822 398 Chilton, Didcot Oxon OX11 0QS http://www.eurocert.net UK mailto:Damir.Rajnovic@eurocert.net ------------------------------------------------------------------
-----BEGIN PGP SIGNED MESSAGE----- ==> From: Piet Beertema Piet, The answers given thus far to your remark (see below) were quite true, but they may not clarify the situation enough for everybody reading this. So I will bother you all again (some people more than once - myself included: 5 times...) with this clarification and hope it will be the last disturbance of the sort. My answers, by the way, are non-authoritative, but true anyway :-) FIRST is an all volunteer organisation, currently without membership fees - that answers part of your question: there is no big bucks involved here. FIRST aims at being a forum for all the computer security incident response teams (say, the CERTs) in the world. Currently FIRST serves appx 70 members, including NREN teams, commercial teams and -last but not least- vendor teams. Activities include a yearly PUBLIC conference, a PUBLIC webserver and mailinglists and regular technical colloquia open only to members. In order to become a FIRST member some requirements have to be met with regards to a.o. trustworthiness. If that would not be the case FIRST would not function as it is - and for IRTs (CERTs) FIRST is an important forum to meet other teams and relay information. If FIRST would be entirely open a lot of people who are now sharing valuable information - which e.g. goes into public security advisories - would stop doing that : that's just a fact of life. This applies to the technical colloquia especially: information about hitherto unknown or unused vulnerabilities can be discussed there - and would not be if the colloquia were open. Of course I am aware of other fora (like especially BUGTRAQ) where substantially different rules apply - but I see both the FIRST approach and the BUGTRAQ approach as necessary complementary ways to meet the same end: minimisation of information and network insecurity. If anybody wants to discuss this topic, count me in, but please DO NOT BOTHER ALL LISTS ABOVE with this discussion - interesting though it is: pick an appropriate one or two. EuroCERT is currently still a TERENA pilot (codename SIRCE) offering Incident Support services to its constituents - who DO pay money for those services by the way - and planning to offer Incident Coordination (i.e. CERT like) services starting somewhere in 1998 and gradually evolving to become a full blown coordinating IRT. EuroCERT's potential customer base is basically formed by all (potential) European IRTs, both commercial and NREN ones. Part of EuroCERT's Incident Support services was to take over the organisation of the appx yearly informal meetings of European IRTs which started in 1993 in Amsterdam and were organised by a.o. DFN-CERT, TERENA, Micro-BIT Virus Center and CERT-NL. EuroCERT has a paying customer base, but some services however are necessarily extended to also non paying customers - and the organisation of these open meetings was clearly one of them. FIRST happens to organise a (closed) technical colloquium in Milano in January. Several attendants of those colloquia are also customers of EuroCERT or are associated with European IRTs. So it was a rather obvious idea of EuroCERT to try and organise the OPEN European IRT meeting adjacent in time to the FIRST meeting - saving time and money for several people - and also enabling interested and valuable guests from US teams (like CERT Coordination Center) to be present. Having taken part in the discussions I know that also co-location (in time) with RIPE or TERENA meetings is considered for future events. Hope to see several of you in Milano on the 12th of January, during an entirely open meeting for European IRTs and interested guests. Best regards Don Stikvoort CERT-NL chairman CERT-NL is the IRT for SURFnet ( the .nl NREN ). CERT-NL is a member of FIRST and a customer of EuroCERT.
This is an open meeting organized by EuroCERT with the intention ^^^^ of gathering European Computer Incident Response Teams and other interested parties together. ... This year the meeting is aligned with FIRST sponsored Technical Colloquium and the meeting of the FIRST Steering Committees so it will be opportunity to meet some of well established FIRST members from teams worldwide.
Note: Unfortunately non-FIRST members are not permitted to participate in the Technical Colloquium
How comes? Are non-FIRST members considered technically incompetent? Is their input not considered worthwhile? Are non-FIRST members considered untrusted, and hence to be kept away from 'sensitive' information? Or is it because of the sponsoring, or to put it another way: money prevailing over valuable technical input from non-members? I wouldn't call that an "open" meeting...
Piet
-----BEGIN PGP SIGNATURE----- Version: 2.6.2i iQCVAwUBNEOT7hhlzkA/+6mNAQHllwP6Aowqllyw4J0sxECY/6HqZ4tHIMsz0ZnI ROYk58fPbJ7jDme44LqfWxkZ3WlpxLcfeWh0cSUyAelhvgb8LkA/xP84qb+Rz/2V isLP8EcCo8hluV9UHKdqWuHlkmk/7EpZuR3eEB/tGUKKKpuk8i5VcD9dQwq7zAdp uQag6ncArvg= =SGK/ -----END PGP SIGNATURE-----
participants (4)
-
Damir Rajnovic -
Don Stikvoort -
Piet Beertema -
Ruben Martinez