Attack on Anti-Bug Lists

[pascal () netcom com (Richard A Childers)]

Scott Chasin notes :

"Copyrighted Source code (without the consent of the owner), passwords,
 credit card numbers or anything else illegal in nature is against the
 charter of this list and if continued will force this list to become
 moderated or digestified.  "


This is tough to disagree with.

But, on the other hand ... has anyone considered the possibility that
this is a double-feinted 'denial of service' attack upon both bugtraq,
and firewalls ?

Consider. If party A previously enjoyed free access to certain bugs on
certain systems, and suddenly found them being closed up as fast as they
were discovered ... well, s/he would be miffed, to say the least.

Tracing the source of her or his distress, s/he would find the sources
to be bugtraq and firewalls. ( This, IMHO, reflects quite positively upon
both of these lists ... and these lists' originators, as well. )

S/he would then, naturally enough, set out to eradicate this annoyance.

It would not take long for her or him to arrive at a simple solution for
discrediting ( little pun, there :-) the lists in question.

As one person has already noted, the data posted did not appear to be in
the correct format for VISA numbers. That is, it is most likely a spoof.

But the problem of liability remains ... and I think that's what some of
the more faint-hearted were worried about. If it *were* real data, it could
end up distributed on a bunch of machines, the names of which would be gained
by a subpoena filed by the credit agencies involved, upon crimelab.com. Or
greatcircle.com. Or both.

Those machines and their owners might next be subpoena'd. All very unpleasant.

There is genuine room for concern, here. All emoting aside, for the moment.

And I think we all ought to thank the wanna-be who posted this stuff, for
having brought this issue to the fore before it *really* happened.

                                -=8=-

"I really don't want to start moderating each message being sent to 
 the bugtraq reflector but if the current noise traffic continues I 
 will be forced to take some action."

I vote for Digestifying. ( There's that disgusting democratic spirit crop-
-ping up, again ... quick, someone grab a rock !! :-)

Or adding a 12-hour lapse between reception and retransmission ? During that
12-hour period, a monitoring individual will have received the incoming mail
and will have had an opportunity to remove it from the queue before it gets
propogated to bugtraq.

All of this is a pain, because the crackers' distribution channels are not
so hindered - being private, rather than public, they are not subject to
this kind of attack. On the other hand, I don't believe that they communi-
-cate with one another any more efficiently than do the rest of us.  (-:
If we did, we wouldn't need a mailing list. We'd use email, directly. It's
been well established, that doesn't work.

And, let's face it, I go twelve hours without reading my email, already.

Once in a while.        (-:


-- richard

    "I gathered I wasn't very well liked. Somehow, the feeling pleased me."
                    _Nine Princes In Amber_, by Roger Zelazny

   richard childers        san francisco, california        pascal () netcom com