Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Administrivia: Bad moderation & EZMLM

From: Alfred Huger <ah () securityfocus com>
Date: Wed, 30 May 2001 10:32:04 -0600 (MDT)


Hey folks,

I thought I would take a second and drop you all a line and cover a few
administrative points.

1. Bad moderation

Shortly before our LISTSERV keeled over and died SecurityFocus took it's
first round of VC funding. As a result I have been a little preoccupied
doing what I get paid for and the list(s) has suffered. Add to this our
transition to EZMLM and it's somewhat byzantine command set (and me not
bothering to read the manual yet) has led overall to some pretty terrible
media list administration. Mea Culpa, I am working on addressing this.

2. Conversation (on Incidents) about virus material.

In short, this is not going to continue, unless the virus payload is a
classic trojan or requires Incident Handling outside of AV damage control.
There is a list here, Focus-Virus which deals with this type of traffic.

3. Posting source code for trojans.

Some of our users have complained about other users running them through
the ringer for posting worm source code and exploits to the Incidents
list. I am not going to spend a great deal of time on this issue, but let
me be clear on this:

 The lists I run and SecurityFocus in general support Full Disclosure as a
principle where both network worms, security tools and security
vulnerabilities are concerned. You should expect to see this type of
traffic on our lists, in particular on the Incidents list where we deal
with automated worms on a regular basis. I will *not* limit the disclosure
on this list, I do not believe in old boys clubs or exclusive 'researcher'
cabals. One playing field, and a level one. Now having said this, if you
post source for material which people whom are not in the full disclosure
camp might find objectionable you'd best develop a thick skin. People tend
to get pretty religious on this issue.

4. Thanks a bunch.

Thanks again to all of you who post to the lists. I do not get to follow
up with you often enough but I do deeply appreciate you helping build
community here.

Cheers,
-al



VP Engineering
SecurityFocus.com
"Vae Victis"
Previous By Date Next
Previous By Thread Next

Current thread: