Re: Keep Gadi Evron off Bugtraq

["worried security" <worriedsecurity () googlemail com>]

On 9/22/07, Joel R. Helgeson <joel () helgeson com> wrote:
>  Everyone knows who Gadi is, so by definition, Gadi **is** high profile…
>
> I happen to agree with Gadi, that a 0day is the day an EXPLOIT is
> RELEASED, where such exploit also serves as the ONLY vendor notification of
> a bug being discovered. Every adult on this list understands the definition,
> but the kids can't seem to grasp the not-so-subtle nuance  between a 0day
> and the discovery of a bug in someone else's code.
>
> This supposedly serious disclosure you refer to is a non-event, there was
> a "press release" about a supposedly serious flaw in PDF, there were no
> details, so therefore it doesn't even count as disclosure of a
> vulnerability.
>
>
>
> -joel

 Calling someone a kid who just released a major disclosure isn't helpful in
the bigger picture of extracting relevant information from the person, or
hearing from others with insightful information on-topic with the
exploitation of PDF.

Calling someones major disclosure "a non event" isn't helpful in the bigger
picture of extracting relevant information from the person, or hearing from
others with insightful information on-topic with the exploitation of PDF.

Calling someones subject title inappropriate because its called "0day" isn't
helpful in the bigger picture of extracting relevant information from the
person, or hearing from others with insightful information on-topic with the
exploitation of PDF.

Bugtraq moderators, please keep irrelevant conversation out of important
disclosures in future, where knowing relevant, on topic information is
mission critical to why people use your mailing list.

Its not a kiddy flame, I have no grudges with Gadi Evron, there is just a
time and place for pissy conversation about buzzwords, and putting it in
that particular thread just to teach the poster a lesson about buzzwords
isn't cool.

For all you know, because the thread ended up over run with buzzword
conversation, you could have made the original poster not want to post
relevant information, or hearing from others with insightful information
on-topic with the exploitation of PDF.

What the hell are these Bugtraq moderators doing with their day, have they
simply lost sight and focus themselves? Its funny from a company calling
themselves "Security + Focus" to allow someone to totally train wreck what
would of, could of been an interesting, insightful, relevant conversation
about the topic "We have a PDF flaw which can own Windows".

Instead, it turned into "Why Gadi Evron thinks this disclosure is named
wrongly", dude no one cares, its Bugtraq man, don't lose focus. Keep your
industry leading buzzword police conversation for elsewhere.

Keep Gadi Evron off Bugtraq, Unless he comes up with something which helps
solve the mission critical, a 0-day PDF flaw, which we were all wanting more
information about for whitehat purposes.

What I want from Bugtraq:

Stay mission critical, if someone posts about PDF flaw, then only accept
reply posts about PDF.

Don't allow someone to go off mission critical just because they are well
known.

Actually read your list description when moderating Bugtraq, mission
critical is important to the rest of us who aren't trying to be buzzword
pioneers, which if you know Gadi from other lists. is his own mission
critical, but its not everyone elses interest, so keep him off Bugtraq.

I think I have made myself clear, and yes I could have went into the PDF
thread and ranted and raved about Bugtraq moderators, but my name isn't Gadi
Evron, so I started my own thread to tell him he and his Bugtraq moderator
supporters are idiots and runing Bugtraq for everyone else.

Whats the point in moderating Bugtraq after that thread, sigh... it didn't
look like  a moderated conversation at all, it looked like a Bugtraq
moderator was sleeping at the wheel.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/