Re: Hellvisory #0001!

[ras () SLARTIBARTFAST MAGRATHEA COM (Robert A. Seace)]

In the profound words of Denny:
> I think this isn't the right place for "pseudo-hacking" information
> because (most of) the poeple here in VULN-DEV are working hard to
> provide serious information and of course to receive servious
> information .

        I don't see why the advisory in question was any less "serious"
than anything else posted here...

> Further this mailinglist is named "vuln-dev" 'cause vulnerabilities
> are found and exploit-code will be generated which should be helpful
> for persons who use buggy Sorfware ...

        Right...  And, how many use the buggy software (or, at least
buggy practices) obviously in use at NSI for verifying domain info
changes?  I don't see how this is any different...

> In the name of the serious people here I could say that noone
> (seroius) here is interrested in personal engineering or in stealing
> other peoples domains ...

        Please speak for yourself only, and don't presume you represent
a group larger than 1...  You could use your same argument against
ANY topic discussed here: "I don't think anyone is interested in
such-and-such CGI flaw, because we serious people don't care about
breaking into other people's web sites"; "I don't think anyone is
interested in such-and-such buffer overflow, because we serious people
don't care about taking over other people's computers"; etc...  Using
your arguments, this list would be completely silent, with a bunch
of "serious people" (whatever they are supposed to be) sitting around
and all not talking about anything...  If that's the kind of list you
want, why not create your own, and call it "SeriousPeople" or something...
But, personally, I like this list the way it is...  And, while I didn't
particularly give a shit about the advisory in question either, I don't
think it was off-topic for the list, or at all inappropriate...  It was
pointing out some legitimate weaknesses in how NSI handles such domain
changes...  I don't think it necessarily warrented a whole long advisory
like that (especially since the issue has been well-covered plenty of
times before, already), but so what?  If I didn't want to read it, I
don't HAVE to...  And, maybe SOMEONE out there didn't already know about
such things, and this helped enlighten them to the risks... *shrug*
In short, it was no more out of place than any other message I've seen
around here...  (I have no connection to the original poster, and have
no interest in the advisory at all...  It just annoys me when I see
holier-than-thou people presume to speak for an entire group...)

--
||========================================================================||
|| Robert A. Seace ||               URL              || ras () magrathea com ||
||  AKA: Agrajag   || http://www.magrathea.com/~ras/ || rob () wordstock com ||
||========================================================================||
"What do you mean, you've never been to Alpha Centauri? For heaven's sake,
 mankind, it's only four light-years away, you know." - THGTTG