Re: Symantec Change Posting Criteria (was Re: Administrivia)

[<cepacolmax () hushmail com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

By the way, my response post to pen-test (quoted below), merely defining
the reasons for which I choose not to post from my corporate email, was
also denied.

Note that this post infringes neither on the original list charter, nor
on the moderator's ammendments as stated.

</quote>
Al -

I understand all of your points below.

I personally avoid using my business email on lists such as this for
a couple of reasons.

It's a fact that spam robots troll web archives for valid email addresses.
This is not a knock against the list administrators - no one expects
you to control who reads the web archives.

There is also the question of backlash - If I were to post something
like "I can't get service pack 4 to install" from an email () mycomany com,
 it's a sure bet that I've just made my entire company a target for pre-
sp4 attacks. This is an unacceptable risk.

Perhaps the second point reveals my paranoia, but I work in security
- - - paranoia is what keeps the network clean!
</quote>

Cheers,

Max

On Mon, 07 Jul 2003 12:51:42 -0700 Gwendolynn ferch Elydyr <gwen () reptiles org>
wrote:
> I've CC'd this email to full-disclosure, so that those folks that
> aren't
> on pen-test are aware of the policy change to posting requirements
> on
> that list - and potentially to more of the securityfocus lists.
> It's
> interesting to note that the only list that appears to have an exemption
> from this type of policy or arbitrary action is bugtraq.
>
> On Mon, 7 Jul 2003, Alfred Huger wrote:
> > Recently someone posted a question regarding a product (CORE Impact)
> to
> > the list. These types of posts always make me leery because this
> industry,
> > being what it is, rarely has anything nice to say about anything.
> Being a
> > product vendor myself I am particularly aware of how ugly people
> can be.
> > Often, if not always, when these come out the competitors to the
> product
> > generate email addresses elsewhere and have their way. Or the
> vendor
> > itself does the same thing and pumps their product.
>
> When I first read this posting, I went and checked the headers,
> to see
> if it was a forgery. The style seemed rather unlike AH, and the
> content
> was (at best) distressing. To my chagrin, this actually appears
> to be
> valid email.
>
> > The list has 13,000 + people on it. Many of them decision makers
> so I need
> > to be fairly careful about this. So here are the ground rules
> moving
> > forward:
> >
> > 1.   If you want to post about a product  positive or negative you
> > cannot do so from a Huhsmail or other such account.
> >
> > 2.   If you plan to post use your real name or do not post.
> >
> > 3.   Be polite  period.
> >
> > 4.   Do not use this as a forum to take shots at your competitor
> or I
> > will see you and your company banned from every list we have here
> (except
> > Bugtraq).
>
> I have to ask.
>
> Why?
>
> Did the Symantec lawyers have a sudden bout of panic about potential
> defamation lawsuits? Are there so many posts to the list that contain
> problematic content?
>
> This isn't full-disclosure, the last time I checked. To the best
> of
> my knowledge, pen-test is a moderated list. Surely the moderator
> is
> capable of noting the difference between "Your product sukz0rs"
> and
> "The product proved unable to stand up to traffic above 100Mhz"
> - and
> of passing the appropriate posting through, whether it has "John
> Doe"
> or "thunderfallingdown" attached to it as a moniker.
>
> Beyond that, threats seem inappropriate. "...I will see you and
> your
> company banned from every list we have..." Has Symantec stooped
> to this
> level, or is this personal opinion.
>
> I lament the former list - and the free flow of useful information.
>
> cheers!
> ==========================================================================
> "A cat spends her life conflicted between a deep, passionate and
> profound
> desire for fish and an equally deep, passionate and profound desire
> to
> avoid getting wet.  This is the defining metaphor of my life right
> now."
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 2.3

wkYEARECAAYFAj8KJeMACgkQ6muvpb42jIB6egCfcguAjCYWQudGQLYNX6kG0AIni38A
njBRdluvaXkXj5kDOKWuzoP/fwZ5
=2Nxq
-----END PGP SIGNATURE-----




Concerned about your privacy? Follow this link to get
FREE encrypted email: https://www.hushmail.com/?l=2

Free, ultra-private instant messaging with Hush Messenger
https://www.hushmail.com/services.php?subloc=messenger&l=434

Promote security and make money with the Hushmail Affiliate Program: 
https://www.hushmail.com/about.php?subloc=affiliate&l=427
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html