Full Disclosure mailing list archives
Re: Announcing new security mailing list
From: full-disclosure () lists netsys com (Matthew S. Hallacy)
Date: Thu, 11 Jul 2002 23:34:39 -0500
On Thu, Jul 11, 2002 at 06:00:25PM -0700, Blue Boar wrote:
"You", meaning who? Not I.. it went to my list: http://online.securityfocus.com/archive/82/261280 I have my own set of (often harsher) standards for what posts I allow on vuln-dev... but that has nothing to do with Bugtraq. I assume you mean Dave, whose reply is here: http://online.securityfocus.com/archive/82/261454
Sorry, it was Dave, I kind of see securityfocus as one large group..
I suppose you can accuse him of not stating his standards well enough up front for what kinds of messages he considers fraud instructions.
How is it any different from someone writing an exploit and posting it to the list? I didn't even include any scripts for it, I merely explained the process (I did have people, such as 3Com (who still claim there is no problem) say that it was not an issue with their product(s)).
I might not have approved the original message either. For messages like that, I'm often torn between my policy of not allowing posts that tell that a particular site is vulnerable to a hole only they can fix, and allowing the poster to implicate themself for the poking around they've done. It kinda depends if I feel like I've been made an accessory. If so, I'll usually approve it for the world to see. Or, maybe forward to the FBI. I haven't had occasion to do the latter yet.
I didn't view it as illegal, I had been repeatedly informed by AT&T that any speed limitations were due to hardware limitations, and that I should feel free to download all the 'tweaks' available online, etc etc. Never would they admit to having capped the service (I have the emails to/from the AT&T tech support rep stating this)
The point being, that has nothing to do with the Bugtraq moderator holding posts so he can warn a vendor to make a fix.
It's about censoring valid content based on a single persons feelings.
In your case, if I'm reading the headers correctly, there were only about 6 hours between when you sent the note to Bugtraq, and decided it wasn't going to be posted?
Actually I had posted it that Friday, I waited until Monday ~2pm and re-sent it (thus the 'lets try this again' comment), only at that point did I recieve a message back from the moderator that he was not going to allow it through, with no explanation. 6 hours later I posted it to vuln-dev
BB
-- Matthew S. Hallacy FUBAR, LART, BOFH Certified http://www.poptix.net GPG public key 0x01938203
Current thread:
- Re:Flares and personal opinions, (continued)
- Re:Flares and personal opinions Nick FitzGerald (Jul 13)
- Re:Flares and personal opinions David Benfell (Jul 14)
- Re: Announcing new security mailing list martin f krafft (Jul 13)
- Re: Announcing new security mailing list Ulf H{rnhammar (Jul 13)
- Re: Announcing new security mailing list Matthew S. Hallacy (Jul 11)
- Re: Announcing new security mailing list Blue Boar (Jul 11)
- Re: Announcing new security mailing list Steve (Jul 11)
- Flare Berend-Jan Wever (Jul 11)
- Message not available
- Flare Vanja Hrustic (Jul 12)
- Re: Announcing new security mailing list Ron DuFresne (Jul 12)
- Re: Announcing new security mailing list Matthew S. Hallacy (Jul 11)