lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date: Sun, 23 Sep 2007 00:36:45 +0100
From: "worried security" <worriedsecurity@...glemail.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: Keep Gadi Evron off Bugtraq

On 9/22/07, Joel R. Helgeson <joel@...geson.com> wrote:
>
>  Everyone knows who Gadi is, so by definition, Gadi **is** high profileā€¦
>
> I happen to agree with Gadi, that a 0day is the day an EXPLOIT is
> RELEASED, where such exploit also serves as the ONLY vendor notification of
> a bug being discovered. Every adult on this list understands the definition,
> but the kids can't seem to grasp the not-so-subtle nuance  between a 0day
> and the discovery of a bug in someone else's code.
>
> This supposedly serious disclosure you refer to is a non-event, there was
> a "press release" about a supposedly serious flaw in PDF, there were no
> details, so therefore it doesn't even count as disclosure of a
> vulnerability.
>
>
>
> -joel
>

 Calling someone a kid who just released a major disclosure isn't helpful in
the bigger picture of extracting relevant information from the person, or
hearing from others with insightful information on-topic with the
exploitation of PDF.

Calling someones major disclosure "a non event" isn't helpful in the bigger
picture of extracting relevant information from the person, or hearing from
others with insightful information on-topic with the exploitation of PDF.

Calling someones subject title inappropriate because its called "0day" isn't
helpful in the bigger picture of extracting relevant information from the
person, or hearing from others with insightful information on-topic with the
exploitation of PDF.

Bugtraq moderators, please keep irrelevant conversation out of important
disclosures in future, where knowing relevant, on topic information is
mission critical to why people use your mailing list.

Its not a kiddy flame, I have no grudges with Gadi Evron, there is just a
time and place for pissy conversation about buzzwords, and putting it in
that particular thread just to teach the poster a lesson about buzzwords
isn't cool.

For all you know, because the thread ended up over run with buzzword
conversation, you could have made the original poster not want to post
relevant information, or hearing from others with insightful information
on-topic with the exploitation of PDF.

What the hell are these Bugtraq moderators doing with their day, have they
simply lost sight and focus themselves? Its funny from a company calling
themselves "Security + Focus" to allow someone to totally train wreck what
would of, could of been an interesting, insightful, relevant conversation
about the topic "We have a PDF flaw which can own Windows".

Instead, it turned into "Why Gadi Evron thinks this disclosure is named
wrongly", dude no one cares, its Bugtraq man, don't lose focus. Keep your
industry leading buzzword police conversation for elsewhere.

Keep Gadi Evron off Bugtraq, Unless he comes up with something which helps
solve the mission critical, a 0-day PDF flaw, which we were all wanting more
information about for whitehat purposes.

What I want from Bugtraq:

Stay mission critical, if someone posts about PDF flaw, then only accept
reply posts about PDF.

Don't allow someone to go off mission critical just because they are well
known.

Actually read your list description when moderating Bugtraq, mission
critical is important to the rest of us who aren't trying to be buzzword
pioneers, which if you know Gadi from other lists. is his own mission
critical, but its not everyone elses interest, so keep him off Bugtraq.

I think I have made myself clear, and yes I could have went into the PDF
thread and ranted and raved about Bugtraq moderators, but my name isn't Gadi
Evron, so I started my own thread to tell him he and his Bugtraq moderator
supporters are idiots and runing Bugtraq for everyone else.

Whats the point in moderating Bugtraq after that thread, sigh... it didn't
look like  a moderated conversation at all, it looked like a Bugtraq
moderator was sleeping at the wheel.

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ