lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
From: chows at ozemail.com.au (gregh)
Subject: Vulnerability Disclosure Debate

> ----- Original Message ----- 
> From: gridrun 
> To: full-disclosure@...ts.netsys.com 
> Sent: Friday, August 08, 2003 2:53 AM
> Subject: [Full-Disclosure] Vulnerability Disclosure Debate


> Vulnerability Disclosure Debate
> by gridrun on 8/07/03

> The security alliance around Microsoft is trying to push its "reasonable 
> vulnerability disclosure guidelines", which seeks to prevent security 
> researchers from publishing proof-of-concept code alltogether, and wants 
> them to make only limited, next to useless, information about security 
> flaws available to the public.
> In my humble, personal opinion, this step seeks to maximize income of 
> several large security firms, as they would release any detailed 
> information only to paying groups of subscribers... An inherently 
> dangerous plan, and the argumentation behind it is severely flawed.

I would like to point out one plain and simple thing that, to this day, stuffs up the best - and worst - drawn up plans of the Federal Govt here in Oz so will ultimately do the same to MS for their efforts. The law!

Example: Parents with kids who dont want to sit in front of the computer watching what their kids are doing lobbied hard and succeeded in getting the Fed Govt here to draw up and pass laws to "limit Internet" which, of course, dont work. In one particular law, they decided that even soft porn (topless females etc) were not allowed to be show on Internet sites in Oz and one particular guy made a living out of selling such stuff online. Leave out the fact that a kid can go into a newsagent and see a lot more of course. Anyway, the day prior to the law coming into effect which would have killed his business, he moved the entire web site to another country and used the same web site address not missing a beat in the process and though he still sells soft porn online to this day in Oz, as it is hosted in another country, it is effectively outside the laws of Oz.

So, if MS really DO get this shit passed, all we have to do is remember this stuff and move the list and it's web site and whatever else you think is necessary off to another country where laws are different. Effectively you wouldnt be "publishing" in the country that didnt want this happening but publishing nonetheless.

-----------------------------------------------------------------------------
| < Friar Tuck was a Spoonerism victim at the hands of the Merry Men!!> |
-----------------------------------------------------------------------------

Powered by blists - more mailing lists