Administrivia #2808

[BlueBoar () THIEVCO COM (Blue Boar)]

First off, sorry about the delay and the sudden bunch of messages.  I lost
Internet connectivity for a few days.

Second, I'm going to kill a couple of threads.

I'm going to end the "classes" thread.  I thought it would be useful
information, but a couple of folks have reminded me that it's a bit off
topic, and it's not fair for me to change charter on the fly like that.

The other is the "wwwboard"  a.k.a. payment for spotting holes thread.  I
should have realized that the original was way too inflammatory, and asked
the author to cut it back to a question about the encryption type.  I also
should not have allowed the flame fest, my note included.  Sorry about
that, I'll do better in the future.

As a summary to the wwwboard thread, here's what I gathered:

-It uses standard unix crypt(3) hashing
-It's often not smart to exercise a hole, and then announce yourself (no
one has been accused of this, but it was brought up)
-Many companies will be suspicious/afraid/apathetic if you send them a note
telling them they have a hole
-Given the previous, good luck asking for payment
-If you want to get paid for this sort of thing, you should have an
agreement in place before any holes are reported (and possibly before they
are even looked for)

I now return you to the reporting of holes, and writing of exploits.

                                                BB