Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Re: Fwd: xbl vulnerabilty

From: Martin Peikert <lists () nolog org>
Date: Wed, 09 Jul 2003 11:09:56 +0200
Hello,

martin f krafft wrote:

If you don't give us a name, we can't credit you. We will not say
that "mysterious auto94042 () hushmail com found that..."
there was a discussion on pen-test about anonymity, so I won't start that here again. But maybe some of the arguments mentioned there are necessary to change your mind. I cannot see what the hell you need a "name" for. 


Sorry, anonymity only has a certain degree of utility.


Some arguments from the discussion (not a quote):
 rfp, mudge, Gwendolynn ferch Elydyr - are that names you would
 accept? How do you decide that a name or mail adress is fake -
 would a post from "Fook Yoo" be allowed? If it was
 fyoo () hotmail com, Fook_Yoo () aw com?
So, IMHO at least you could tell the people that auto94042 () hushmail com found that vulnerability - it's *the author's* choice to give his real name, a name - do you think you can proof that? - or simply nothing. You _do have_ the email adress. 

GTi

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: