Full Disclosure mailing list archives

Re: win2kup2date.exe ?

From: Barry Fitzgerald <bkfsec () sdf lonestar org>
Date: Mon, 13 Sep 2004 14:19:34 -0400

VX Dude wrote:


I have a sad feeling that I am alone about this.  If I
am, then I really pity you guys.

Stinny FranCisco, CISSP
Internet Sniper
eDefense Inc.

I tend to agree with you. However, there are a couple of things toconsider:

1) Disclosure tends to refer to information. Now, malware istechnically information -- but not in the sense that people think of"information" as. People readthe list expecting vulnerability releases and fixes.Adding malware distribution to the list of services the list providescould further muddy the already muddied

            waters that come with having an unmoderated security list.

2) This increase in list traffic and bandwidth may be problematicfor people without fully dedicated internet connections or thosepay-per-time period internetconnections. FD may not be the most appropiate place forthis traffic. A new list may be more appropriate.

3) Let's face it -- in many corners of the world, distributingmalware isn't entirely legal. FD might be put into legal jeopardybecause of this. I don't know whereFD is based out of, but here in the states, the DMCA andother fascism-inspired laws have been used to shut down securityresearch. Ideally, the "list" would

          be setup within a non-treaty laiden country.

Now, I for one think that keeping malware off the list isn't going tostop a determined person with hostile intentions. Having said that, itis a worthy discussion and I certainly respect everyone who has broughtup those concerns. But, I think that you're generally correct, VX Dude,in that keeping this stuff off the list is not entirely compatible withfull disclosure philosophy. These are all points to think about,though. It's really up to the list owners and what they want.


            -Barry



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Re: win2kup2date.exe ?, (continued)
- - - Message not available
    - Re: win2kup2date.exe ? Richard Johnson (Sep 09)
    - Re: win2kup2date.exe ? Micheal Espinola Jr (Sep 09)
    - Re: win2kup2date.exe ? Über GuidoZ (Sep 09)
    - Re: win2kup2date.exe ? KF_lists (Sep 09)
    - Re: win2kup2date.exe ? Über GuidoZ (Sep 09)
    - Re: win2kup2date.exe ? John Galt (Sep 10)
    - Re: win2kup2date.exe ? KF_lists (Sep 10)
    - Re: win2kup2date.exe ? VX Dude (Sep 12)
    - Re: win2kup2date.exe ? GuidoZ (Sep 12)
    - Re: win2kup2date.exe ? devis (Sep 13)
    - Re: win2kup2date.exe ? Barry Fitzgerald (Sep 13)
- Re: win2kup2date.exe ? rmulraney (Sep 03)
  - Re: Re: win2kup2date.exe ? devis (Sep 03)
- RE: win2kup2date.exe ? Yaakov Yehudi (Sep 05)
- Re: win2kup2date.exe ? Marek Isalski (Sep 09)
- win2kup2date.exe ? iDefense Labs (Sep 09)
  - Re: win2kup2date.exe ? Über GuidoZ (Sep 09)
- RE: win2kup2date.exe ? Watts, Jonathan (Sep 09)