Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Flaw in NetBIOS Could Lead to Information Disclosure (824105)

From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Thu, 04 Sep 2003 11:14:20 +1200
Irwan Hadi <irwanhadi () phxby com> wrote:


http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-034.asp

Microsoft Security Bulletin MS03-034  Print  

Flaw in NetBIOS Could Lead to Information Disclosure (824105)
Originally posted: September 03, 2003

<<snip ~15KB of MS copyrighted material>>

Several things:

1.  Do you have MS' permission to repost these in their entirety?  
According to MS' Terms of Use on their web site and clealry linked from 
the page you c'n'p-ed that text from:

   http://www.microsoft.com/info/cpyright.htm

   ...

   PERSONAL AND NON-COMMERCIAL USE LIMITATION.

   Unless otherwise specified, the Services are for your personal and
   non-commercial use. You may not modify, copy, distribute, transmit,
   display, perform, reproduce, publish, license, create derivative
   works from, transfer, or sell any information, software, products or
   services obtained from the Services.

2.  People are already complaining about how slow the F-D list is.   Do 
you really think we need it bogged down by having to send umpteen 
thousand copies of your 17KB message?

3.  Were you aware that subscribing to MS' own lists for security 
bulletin distribution is possible?  Many people on this list likely 
already do that so all you are doing is duplicating their mail load in 
respect of this message.

4.  Other lists already provide MS security bulletin summarizing 
services.  I received notifications and a summarized version of all 
five of today's batch of MS security bulletins from NTBugtraq before I 
received the first of your re-postings.

5.  If you intend to keep up this "service", do you really think you 
can provide the timeliness and perfect record of the automated MS list 
or of Russ Cooper's automated summarizer?  Personally, I expect the MS 
list server (slow as it is -- I haven't received the first of these yet 
and will probably not get the last until sometime on Saturday if recent 
performance of that list, multipled by five, is anything to go by) and 
Russ' automated summarizer to get notifications to much more reliably 
(albeit slowly in MS' case) than you will be able to.

6.  Many of us are _NOT_ on fast connections so your unnecessary 
clogging of our download capacity with these postings is a real
piss-off.

In summary -- stop doing this!

If you really _must_ "help" with such announcements, please constrain 
yourself to posting the URL and a _brief_ summary -- the affected s/w 
list and the "Technical details" section down to, but not including, 
the "Mitigating factors" sub-section should be sufficient for most folk 
to decide whether they need to go look at the whole bulletin.


Regards,

Nick FitzGerald

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: