list moderation (was Re: About War Driving.)

[Kelly Martin <kel () securityfocus com>]

This appears to be a comment on list moderation so I'll address it here.

Steven wrote:
> Hi Gaurav,
>
> I am surprised to see so many answers that were identical or duplicates
> were allowed to pass through to this list.  I think we've seen from the
> nearly 30+ posts that WEP is terrible, WPA is better, and WPA2 + the right
> implementation is wonderful.  

In fact I also rejected at least that many posts, requiring me to type 
out or clip a response to each person about why the post was rejected. 
After the first three or four replies that say the same thing, I only 
approve subsequent messages when they offer at least *some* additional 
commentary or thoughts, speculation or insight - even if they all 
mention WPA2 along with a little tidbit of something else.

Most people use threaded mail readers like GMail, so they need not read 
all the replies to a thread unless they want to. Also, this list is not 
Bugtraq, and thus it can be helpful to read a consensus about an issue. 
I think this is more useful than a single correct reply with a hundred 
other responses all rejected by me.

Moderation policy hasn't changed much since I took over this list 3.5 
years ago.

I think you might have known this
> beforehand.  

Yes but this is Security-BASICS and one cannot make assumptions on 
behalf of the poster.

> However, 1 million replies about WEP being bad doesn't really
> answer your core question -- which was whether or not you can locate the
> person.

As moderator I cannot edit messages to improve their contents, I approve 
them if they meet the guidelines and offer at least a shred of something 
new. Related does not mean off-topic. Quite a few obviously wrong 
replies such suggestions about enabling MAC filtering were rejected 
before they hit the list. Dozens more that only mentioned WEP weaknesses 
were also rejected. If the poster was unsure, I may have approved the 
post to allow others in the community to correct him.

If you've ever tried to triangulate a WiFi attacker you know that a 
defense-in-depth strategy where you *also* improve your defenses is the 
best approach. Sniffing for unencrypted traffic and DNS lookups made by 
the attacker is useful, as is reducing power output to the antennas, 
using WPA2, allowing only VPN traffic, monitoring the DHCP daemon, 
changing keys frequently with a RADIUS server or similar, setting up 
high and low interaction WiFi honeypots, outbound filtering on the WiFi 
network's firewall, faraday cage-like "WiFi wallpaper" and of course 
many more options. If it were my personal network I'd also pen-test the 
attacker, but would not recommend this to others esp in a corporate setting.

Finding the attacker is not the only option - and may not even be 
possible if he uses a high gain directional antenna from far away.

I too find it a bit taxing when there are a thousand similar replies on 
a subject, as they all hit the moderation queue along with all the spam 
that gets rejected by me. It's a balance between useful information, 
consensus, and the amount of time it takes me to moderate a busy list 
such as this.

Regards,

moderator


---------------------------------------------------------------------------
This list is sponsored by: ByteCrusher

Detect Malicious Web Content and Exploits in Real-Time.
Anti-Virus engines can't detect unknown or new threats.
LinkScanner can. Web surfing just became a whole lot safer.

http://www.explabs.com/staging/promotions/xern_lspro.asp?loc=sfmaildetect
---------------------------------------------------------------------------