Full Disclosure mailing list archives
Re: Announcing new security mailing list
From: full-disclosure () lists netsys com (Blue Boar)
Date: Thu, 11 Jul 2002 18:00:25 -0700
Matthew S. Hallacy wrote:
I disagree, I think my DOCSIS vulnerability posting is a good example of something that should have gone out immediately, but was /never/ posted. ( I ended up taking it to another list) It was valid, the vendors knew, but it was withheld because you deemed it 'malicious'.
"You", meaning who? Not I.. it went to my list: http://online.securityfocus.com/archive/82/261280 I have my own set of (often harsher) standards for what posts I allow on vuln-dev... but that has nothing to do with Bugtraq. I assume you mean Dave, whose reply is here: http://online.securityfocus.com/archive/82/261454 I suppose you can accuse him of not stating his standards well enough up front for what kinds of messages he considers fraud instructions. I might not have approved the original message either. For messages like that, I'm often torn between my policy of not allowing posts that tell that a particular site is vulnerable to a hole only they can fix, and allowing the poster to implicate themself for the poking around they've done. It kinda depends if I feel like I've been made an accessory. If so, I'll usually approve it for the world to see. Or, maybe forward to the FBI. I haven't had occasion to do the latter yet. The point being, that has nothing to do with the Bugtraq moderator holding posts so he can warn a vendor to make a fix. In your case, if I'm reading the headers correctly, there were only about 6 hours between when you sent the note to Bugtraq, and decided it wasn't going to be posted? BB
Current thread:
- Re: Announcing new security mailing list, (continued)
- Re: Announcing new security mailing list Ron DuFresne (Jul 11)
- Re: Announcing new security mailing list Lupe Christoph (Jul 12)
- Re: Announcing new security mailing list martin f krafft (Jul 13)
- Re: Announcing new security mailing list V K (Jul 13)
- Re:Flares and personal opinions Berend-Jan Wever (Jul 13)
- Re:Flares and personal opinions Nick FitzGerald (Jul 13)
- Re:Flares and personal opinions David Benfell (Jul 14)
- Re: Announcing new security mailing list martin f krafft (Jul 13)
- Re: Announcing new security mailing list Ulf H{rnhammar (Jul 13)
- Re: Announcing new security mailing list Blue Boar (Jul 11)
- Re: Announcing new security mailing list Steve (Jul 11)
- Flare Berend-Jan Wever (Jul 11)
- Message not available
- Flare Vanja Hrustic (Jul 12)