Re: Announcing new security mailing list

[full-disclosure () lists netsys com (Steve)]

> I suppose 
> you can accuse him of not stating his 
> standards well enough up 
> front for what kinds of messages he considers fraud instructions.

Typically Dave (the Bugtraq moderator) will return the rejected post
with comments as to why it was rejected.  I can't speak for Dave or
Security Focus but in my experience I have seen comments come back as to
why a message is being rejected come back from Dave.

 
> I might not have approved the original message either.  For 
> messages like 
> that, I'm often torn between my policy of not allowing posts 
> that tell that 
> a particular site is vulnerable to a hole only they can fix, 
> and allowing 
> the poster to implicate themself for the poking around 
> they've done.  It 
> kinda depends if I feel like I've been made an accessory.  If 
> so, I'll 
> usually approve it for the world to see.  Or, maybe forward 
> to the FBI.  I 
> haven't had occasion to do the latter yet.

I think in the case when you have a post that is clearly something
illegal - ie: "I just hacked XXX Corp and here is how" then of course
you aren't going to post it -- you will probably forward it on to the
proper authorities and hope you don't get implicated.  But in the case
of the DOCSIS post -- it was nothing illegal so why the questions?  Of
course this is just my observation from outside the whole issue.

This reminds me of when I started Win2KSecAdvice - I had some assclown
email me saying that he just "0wn3d Microsoft using RFP's RDS exploit"
which I obviously thought was a false claim and post but I forwarded it
off to the proper people and never let it hit the list.


> In your case, if I'm reading the headers correctly, there 
> were only about 6 
> hours between when you sent the note to Bugtraq, and decided 
> it wasn't 
> going to be posted?

Six hours isn't to out of the question as an expectation but what the
poster needs to understand that the larger the mailing list, the longer
it is going to take mail to be processed.  Also, there is refference in
Mathew's post about his post not being accepted or rejected by Bugtraq
-- just deleted.  Bugtraq runs on the same mailing list software as
VulnWatch and there is no way in only six hours that a poster would know
that his post was simply ignored.  The options to a moderator are,
ACCEPT, DENY, or ignore.  If you ignore, the message must time out
before the poster is notified that it was not acted upon (and in some
cases this notification is never sent).

I am not saying that I agree with this post not being sent to Bugtraq I
am simply trying to give a moderators perspective on how some of the
common mailing list apps work.

Just my .02$ on a subject that is probably getting beaten to death.

Regards;


Steve Manzuik
Founder & Technical Lead
Entrench Technologies
www.entrenchtech.com

Moderator - VulnWatch
www.vulnwatch.org

-=-=-=-=-=-=-=-=-=-=-=- www.csicon.net -=-=-=-=-=-=-=-=-=-=-=-