Full Disclosure mailing list archives
Re: Symantec Change Posting Criteria (was Re: Administrivia)
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Wed, 09 Jul 2003 00:51:26 +1200
Etaoin Shrdlu <shrdlu () deaddrop org> wrote:
Note that I've removed the CC list from hell. I am certainly not interested in Al Huger's response, having had mixed dealings with him in past. ...
My guess is the millions he expects from selling some of his presumably rather large wadge of Symantec shares in a couple of years are clouding his judgement (not that it was ever particularly good in my opinion anyway...). <<snip>>
cepacolmax () hushmail com wrote:By the way, my response post to pen-test (quoted below), merely defining the reasons for which I choose not to post from my corporate email, was also denied.I read, and agreed with your very civilized response (which I've clipped, for the sake of brevity). This is (IMNSHO) a thin attempt at preventing commentary on a product that obviously needs commenting upon. I've posted on all the SF lists at one time or another, and if anyone truly believes that Etaoin Shrdlu is my given name, well... Not to mention the fact that Miss Elydyr deserves courtesy and respect, whether or not her given name is Gwendolynn. She's been posting with that name, consistently, for long enough, that it's recognized, and respected, and the idea that suddenly odd looking names are unacceptable is tripe.Note that this post infringes neither on the original list charter, nor on the moderator's ammendments as stated.No, of course it doesn't infringe, but then, you appear to still be searching for reason, and I tell you that it is a doomed search. ...
Indeed. SF list moderators have consistently not accepted (but not actively rejected either -- they all come back after the list server software notices they've hit the moderation acceptance timeout) my messages to their lists for approximately the last three months. In that time I have posted on the same general topics and in the same general style (or perhaps somewhat "constrained" on average) and (at least until the last couple of weeks) at about the same list traffic-relative frequency, as I had previously, when about 50-70% of my posts were apparently acceptable. More disturbing is that several of the threads I've posted responses to have had other messages, apparently scribbled out by intellectually challenged baboons, accepted and posted, offering the most outrageous and clearly wrong "advice". (Actually, in the time I've been actively censored thus, the incidents list moderator "slipped up" and posted one of my responses -- I wonder if he was censured by the powers that be at SF for that lapse?) As for "searching for reason" on SF lists: I agree with "Etaoin" -- forget it as a lost cause. And think about the bigger picture folks... Can Symantec -- tight in bed with MS and others on the OIS, and dependent on MS cooperating with it (and even more so now that MS owns an AV product and thus may "threaten" to enter the market sector that made Symantec what it is...) -- afford keep running any of the SF lists as they historically ran? If so, for how much longer? Oh, and on the "searching for reason" issue -- in my experience, and with the singular exception of Elias, the folk that the moderate the SF lists are not gonadally developed enough to contemplate, let alone accept, discussion of the quality of their moderation on the list and mainly are not even mature and confident enough in their choices to reply privately to questions about the same.
... And now to address that danged troublemaker, GfE, herself.
8-) <<snip>>
On Mon, 7 Jul 2003, Alfred Huger wrote:Crap, so I deleted most of it.
Are we surprised?
1. If you want to post about a product positive or negative you cannot do so from a Huhsmail or other such account. 2. If you plan to post use your real name or do not post. 3. Be polite period. 4. Do not use this as a forum to take shots at your competitor or I will see you and your company banned from every list we have here (except Bugtraq).Boy, this is where I really start to get annoyed. If they're anonymous, how can he know who ought to be banned? ...
Well, he seems to believe that making them not post through Hushmail will make their real identities transparent. I guess he believes in the tooth fairy too...
... Will he ban a certain well-known virus company, if they misbehave? Sounds like a potential law suit in the making.
Well, very few AV folk post in SF lists anyway, because for most of their history the SF lists seem to have had an unannounced "deny posts from anyone from an AV company" policy. The attitude has seemed to be "sure they can join the lists" and read the often chronically inane BS that commonly passes as "security expert" opinion on AV technical matters, "but they'd better not try to post any responses". As a result, all manner of virus-related stupidity has gone largely unchallenged in SF lists because those who have some of the best possible input to make have continually had their responses bounced back after the list time-outs (as I am now "suffering"). And, I am not so naive as to imagine that there are not other "avoid" lists or categories or, that there may not be "friendlies" lists too. All very cunning were your plan to build up a certain perception to develop a particular market orientation to boost the value of your shareholding...
But wait, here comes my favorite line from GfE:This isn't full-disclosure, the last time I checked. To the best of my knowledge, pen-test is a moderated list. Surely the moderator is capable of noting the difference between "Your product sukz0rs" and "The product proved unable to stand up to traffic above 100Mhz" - and of passing the appropriate posting through, whether it has "John Doe" or "thunderfallingdown" attached to it as a moniker.Yah know? Doesn't this seem to just get right to it? Hey, Al, what's up with this, are you on the verge of losing your job? ...
I doubt it -- last I heard, the lunatics were taking over the Symantec asylum. If true, it sounds like Al should fit right in...
... Have we all become targets? Oh, and I'm getting reealll tired of the following message: This is the Postfix program at host outgoing2.securityfocus.com. I'm sorry to have to inform you that the message returned below could not be delivered to one or more destinations. For further assistance, please send mail to <postmaster> If you do so, please include this problem report. You can delete your own text from the message returned below. The Postfix program <moby () xitac com>: mail for xitac.com loops back to myself I've received close to a hundred of those from outgoing2.securityfocus.com, and I'm sure it's not finished. Bleagh.
At least you don't seem to be getting a stream of these: Hi! This is the ezmlm program. I'm managing the incidents () securityfocus com mailing list. I'm working for my owner, who can be reached at incidents-owner () securityfocus com. I'm sorry, the list moderators for the incidents list have failed to act on your post. Thus, I'm returning it to you. If you feel that this is in error, please repost the message or contact a list moderator directly. --- Enclosed, please find the message you sent. [...] Yet... 8-) (Oh, and yes, as always, this is posted over my real name and that is my real phone number...) -- Nick FitzGerald Computer Virus Consulting Ltd. Ph/FAX: +64 3 3529854 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Symantec Change Posting Criteria (was Re: Administrivia) Gwendolynn ferch Elydyr (Jul 07)
- Re: Symantec Change Posting Criteria (was Re: Administrivia) Adam Shostack (Jul 07)
- <Possible follow-ups>
- Re: Symantec Change Posting Criteria (was Re: Administrivia) cepacolmax (Jul 07)
- Re: Symantec Change Posting Criteria (was Re: Administrivia) Etaoin Shrdlu (Jul 08)
- Re: Symantec Change Posting Criteria (was Re: Administrivia) Nick FitzGerald (Jul 08)
- Re: Symantec Change Posting Criteria (was Re: Administrivia) security snot (Jul 08)
- Re: Symantec Change Posting Criteria (was Re: Administrivia) Etaoin Shrdlu (Jul 08)
- Re: Symantec Change Posting Criteria (was Re: Administrivia) cepacolmax (Jul 07)