Re: Symantec Change Posting Criteria (was Re: Administrivia)

[Etaoin Shrdlu <shrdlu () deaddrop org>]

Note that I've removed the CC list from hell. I am certainly not interested
in Al Huger's response, having had mixed dealings with him in past. I also
am not interested in having to fight the brain dead vacation and other
bounce messages brought about by posting to a SF mail list (having been
posting quite a bit to honeypots, I have fresh and painful experience of
same). In fact:

"How do you tell when your post has been accepted?"
"You're immediately swamped with bounce messages from around the planet,
including a bunch from SF about undeliverable messages."

Ba-da-bump. Oh, wait, you aren't laughing.

cepacolmax () hushmail com wrote:

> By the way, my response post to pen-test (quoted below), merely defining
> the reasons for which I choose not to post from my corporate email, was
> also denied.

I read, and agreed with your very civilized response (which I've clipped,
for the sake of brevity). This is (IMNSHO) a thin attempt at preventing
commentary on a product that obviously needs commenting upon. I've posted
on all the SF lists at one time or another, and if anyone truly believes
that Etaoin Shrdlu is my given name, well... Not to mention the fact that
Miss Elydyr deserves courtesy and respect, whether or not her given name is
Gwendolynn. She's been posting with that name, consistently, for long
enough, that it's recognized, and respected, and the idea that suddenly odd
looking names are unacceptable is tripe.

> Note that this post infringes neither on the original list charter, nor
> on the moderator's ammendments as stated.

No, of course it doesn't infringe, but then, you appear to still be
searching for reason, and I tell you that it is a doomed search. And now to
address that danged troublemaker, GfE, herself.

> On Mon, 07 Jul 2003 12:51:42 -0700 Gwendolynn ferch Elydyr <gwen () reptiles org>
> wrote:
> > I've CC'd this email to full-disclosure, so that those folks that
> > aren't
> > on pen-test are aware of the policy change to posting requirements
> > on
> > that list - and potentially to more of the securityfocus lists.
> > It's
> > interesting to note that the only list that appears to have an exemption
> > from this type of policy or arbitrary action is bugtraq.

Well, considering the number of posts I've made over the past few days to
Honeypots, this is either VERY sudden, or Al thinks my parents have a cruel
sense of humor (they do, but that's a different issue). I would suggest
that product postings are only seen on bugtraq when they involve cross-site
scripting (god, I'm bored with that crap), and that most of the important
stuff will go to Vuln-Watch anyway, so what's the point? Besides, if they
started worrying about pseudonyms now, then RFP would be right out
(although he claims to be gone, anyway). Do you suppose Aleph1 is not
allowed? How about Mudge, or Hobbit? Come on, now.

> > On Mon, 7 Jul 2003, Alfred Huger wrote:

Crap, so I deleted most of it.

> > > 1.   If you want to post about a product  positive or negative you
> > > cannot do so from a Huhsmail or other such account.
> > >
> > > 2.   If you plan to post use your real name or do not post.
> > >
> > > 3.   Be polite  period.
> > >
> > > 4.   Do not use this as a forum to take shots at your competitor
> > > or I will see you and your company banned from every list we have here
> > > (except Bugtraq).

Boy, this is where I really start to get annoyed. If they're anonymous, how
can he know who ought to be banned? Will he ban a certain well-known virus
company, if they misbehave? Sounds like a potential law suit in the making.
But wait, here comes my favorite line from GfE:

> > This isn't full-disclosure, the last time I checked. To the best
> > of
> > my knowledge, pen-test is a moderated list. Surely the moderator
> > is
> > capable of noting the difference between "Your product sukz0rs"
> > and
> > "The product proved unable to stand up to traffic above 100Mhz"
> > - and
> > of passing the appropriate posting through, whether it has "John
> > Doe"
> > or "thunderfallingdown" attached to it as a moniker.

Yah know? Doesn't this seem to just get right to it? Hey, Al, what's up
with this, are you on the verge of losing your job? Have we all become
targets? Oh, and I'm getting reealll tired of the following message:

This is the Postfix program at host outgoing2.securityfocus.com.

I'm sorry to have to inform you that the message returned
below could not be delivered to one or more destinations.

For further assistance, please send mail to <postmaster>

If you do so, please include this problem report. You can
delete your own text from the message returned below.

                        The Postfix program

<moby () xitac com>: mail for xitac.com loops back to myself

I've received close to a hundred of those from outgoing2.securityfocus.com,
and I'm sure it's not finished. Bleagh.

--
It isn't that we're not paranoid.
It's that we're not paranoid enough.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html