Full Disclosure mailing list archives
Re: Re: Fwd: xbl vulnerabilty
From: Martin Peikert <lists () nolog org>
Date: Wed, 09 Jul 2003 11:09:56 +0200
Hello, martin f krafft wrote:
If you don't give us a name, we can't credit you. We will not say that "mysterious auto94042 () hushmail com found that..."
there was a discussion on pen-test about anonymity, so I won't start that here again. But maybe some of the arguments mentioned there are necessary to change your mind. I cannot see what the hell you need a "name" for.
Sorry, anonymity only has a certain degree of utility.
Some arguments from the discussion (not a quote): rfp, mudge, Gwendolynn ferch Elydyr - are that names you would accept? How do you decide that a name or mail adress is fake - would a post from "Fook Yoo" be allowed? If it was fyoo () hotmail com, Fook_Yoo () aw com?So, IMHO at least you could tell the people that auto94042 () hushmail com found that vulnerability - it's *the author's* choice to give his real name, a name - do you think you can proof that? - or simply nothing. You _do have_ the email adress.
GTi _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Fwd: Re: xbl vulnerabilty auto94042 (Jul 08)
- <Possible follow-ups>
- Fwd: xbl vulnerabilty auto94042 (Jul 08)
- Re: Fwd: xbl vulnerabilty martin f krafft (Jul 09)
- Re: Re: Fwd: xbl vulnerabilty Martin Peikert (Jul 09)
- Re: Re: Fwd: xbl vulnerabilty martin f krafft (Jul 09)
- Re: Re: Fwd: xbl vulnerabilty Steve Kemp (Jul 09)
- Re: Fwd: xbl vulnerabilty martin f krafft (Jul 09)
- Fwd: Re: xbl vulnerabilty auto94042 (Jul 09)