Full Disclosure mailing list archives
Re: Announcing new security mailing list
From: full-disclosure () lists netsys com (Steve)
Date: Thu, 11 Jul 2002 20:37:02 -0600
I suppose you can accuse him of not stating his standards well enough up front for what kinds of messages he considers fraud instructions.
Typically Dave (the Bugtraq moderator) will return the rejected post with comments as to why it was rejected. I can't speak for Dave or Security Focus but in my experience I have seen comments come back as to why a message is being rejected come back from Dave.
I might not have approved the original message either. For messages like that, I'm often torn between my policy of not allowing posts that tell that a particular site is vulnerable to a hole only they can fix, and allowing the poster to implicate themself for the poking around they've done. It kinda depends if I feel like I've been made an accessory. If so, I'll usually approve it for the world to see. Or, maybe forward to the FBI. I haven't had occasion to do the latter yet.
I think in the case when you have a post that is clearly something illegal - ie: "I just hacked XXX Corp and here is how" then of course you aren't going to post it -- you will probably forward it on to the proper authorities and hope you don't get implicated. But in the case of the DOCSIS post -- it was nothing illegal so why the questions? Of course this is just my observation from outside the whole issue. This reminds me of when I started Win2KSecAdvice - I had some assclown email me saying that he just "0wn3d Microsoft using RFP's RDS exploit" which I obviously thought was a false claim and post but I forwarded it off to the proper people and never let it hit the list.
In your case, if I'm reading the headers correctly, there were only about 6 hours between when you sent the note to Bugtraq, and decided it wasn't going to be posted?
Six hours isn't to out of the question as an expectation but what the poster needs to understand that the larger the mailing list, the longer it is going to take mail to be processed. Also, there is refference in Mathew's post about his post not being accepted or rejected by Bugtraq -- just deleted. Bugtraq runs on the same mailing list software as VulnWatch and there is no way in only six hours that a poster would know that his post was simply ignored. The options to a moderator are, ACCEPT, DENY, or ignore. If you ignore, the message must time out before the poster is notified that it was not acted upon (and in some cases this notification is never sent). I am not saying that I agree with this post not being sent to Bugtraq I am simply trying to give a moderators perspective on how some of the common mailing list apps work. Just my .02$ on a subject that is probably getting beaten to death. Regards; Steve Manzuik Founder & Technical Lead Entrench Technologies www.entrenchtech.com Moderator - VulnWatch www.vulnwatch.org -=-=-=-=-=-=-=-=-=-=-=- www.csicon.net -=-=-=-=-=-=-=-=-=-=-=-
Current thread:
- Re: Announcing new security mailing list, (continued)
- Re: Announcing new security mailing list Lupe Christoph (Jul 12)
- Re: Announcing new security mailing list martin f krafft (Jul 13)
- Re: Announcing new security mailing list V K (Jul 13)
- Re:Flares and personal opinions Berend-Jan Wever (Jul 13)
- Re:Flares and personal opinions Nick FitzGerald (Jul 13)
- Re:Flares and personal opinions David Benfell (Jul 14)
- Re: Announcing new security mailing list martin f krafft (Jul 13)
- Re: Announcing new security mailing list Ulf H{rnhammar (Jul 13)
- Re: Announcing new security mailing list Blue Boar (Jul 11)
- Re: Announcing new security mailing list Steve (Jul 11)
- Flare Berend-Jan Wever (Jul 11)
- Message not available
- Flare Vanja Hrustic (Jul 12)