lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Sun, 21 Sep 2008 12:34:58 +0100
From: n3td3v <xploitable@...il.com>
To: "John Cartwright" <johnc@...k.org.uk>, full-disclosure@...ts.grok.org.uk
Subject: Re: Social flaws / vulnerabilities in 'Last
	account activity' on Gmail

On Sun, Sep 21, 2008 at 4:01 AM,  <Valdis.Kletnieks@...edu> wrote:
> On Sat, 20 Sep 2008 21:47:55 BST, AaRoNg11 said:
>
>> If the job was that sensitive of a job, do you really think they'd be using
>> gmail to send important information?
>
> Remember - n3td3v is in the British Isles, where clusterfuck IT is rampant in
> the government sector.  You know, like "Let's lose the financial details of
> *EVERY SINGLE FRIKKING FAMILY IN THE COUNTRY on an UNENCRYPTED DISK".
>
> Oh, why was the disk unencrypted? Because the policy on how to securely
> transfer the data was deemed so sensitive that it was only accessible to
> upper management - the people *doing* the work didn't have access to the
> policy of how to do it right.
>

Maybe we can take this over to cyber-politics@...ts.grok.org.uk or
whatever name he gives the new mailing list when John Cartwright
finally gets the finger out.

We need a non-technical, unbiased, unmoderated version of
full-disclosure where people can post rants, raves, speeches, ideas,
views, opinons, news items, the dirty on employees, gossip, security
conferences, or other intelligence thats non-technical.

A place where people like n3td3v don't get made to feel bad for
posting their views on whats going on in the security community.

There seems to be a feeling that anyone who is non-technical is
unwelcome on full-disclosure and end up getting written about on
securityfocus by robert lemos and made to feel a bad person. :(

This is unfair, in the bigger scope of things, there just isn't
anywhere to go to post non-technical stuff thats unmoderated.

So instead of being nasty to n3td3v and writing about him on
securityfocus and declaring a hunt for n3td3v, let's just create a new
mailing list where people like me won't get made uncomfortable for
posting.

The bottom line is, there is no non-technical, unbiased, unmoderated
version of full-disclosure and there should be one.

We need a cyber political mailing list, where anything goes, right now
it just seems that people don't really want n3td3v around, but thats
not because n3td3v has done something wrong, its just because there is
no where else suitable to post about cyber politics thats
non-technical, unbiased, unmoderated.

I don't like posting to full-disclosure if I feel unwelcome, but I
don't want to be muzzled, I want John Cartwright to setup a new
mailing list for the non-technical issues.

This is my proposal im putting forward, so let's talk about it.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ