lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
From: fooldisclosure at hushmail.com (fooldisclosure@...hmail.com)
Subject: Fwd: Returned post for bugtraq@...urityfocus.com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi All

I encourage anyone who has a post rejected from bugtraq to forward any comments from the moderator(s) to this list.

Also, it would be useful to include dates. Ie. I posted this advisory to bugtraq on (date) and it was finally approved by moderators on (date). Some people are already doing this; it emphasizes some of my points below.

It's important that bugtraq subscribers understand a few key issues:

* Most (MOST) posts to bugtraq get rejected

* Many posts that eventually make it through to a secfocus list will have a comment such as 'moderator: please allow this because...' or 'this is the 3rd time I have tried to submit this...'

* Security issues sent to bugtraq get 'sat on' by secfocus. Priority customers get priority notice. This is unacceptable. If I wish to alert the security industry to a new exploit, Bugtraq (traditionally) is the place to do so. However, if I send my info to bugtraq, secfocus will sit on this information, and make money from their priority customers for 'early warning'.

* The bugtraq moderators are technically incapable of distinguishing real issues from fake or non-issues.

* The bugtraq moderators have commercial interestes to look after. Do you think you will ever see Symantec-bashing posts? How long until symantec and microsoft cut some kind of non-disclosure deal?


Obviously the bugtraq moderators cannot see any issues with obfuscated URL's that look like http://www.ebay.com%252f%40evil.site.goes.here.

Maybe symantec should hire zenomorph@...security.net? I'm sure he has the necessary expertise to fill this obvious knowledge-gap at secfocus.

Regards,

.F.D.


>Hi! This is the ezmlm program. I'm managing the
>bugtraq@...urityfocus.com mailing list.
>
>I'm working for my owner, who can be reached
>at bugtraq-owner@...urityfocus.com.
>
>I'm sorry, your message (enclosed) was not accepted by the mode
>rator.
>If the moderator has made any comments, they are shown below.
>
>>>>>> -------------------- >>>>>
>What does that accomplish?
><<<<< -------------------- <<<<<

-----BEGIN PGP SIGNATURE-----
Version: Hush 2.1
Note: This signature can be verified at https://www.hushtools.com

wmMEARECACMFAj14DOscHGZvb2xkaXNjbG9zdXJlQGh1c2htYWlsLmNvbQAKCRAMkLNo
e92H9dJmAJ4uvEG+UDnpH/H66Bxbg2sqC3KY5wCfSVnfnsaxG26Pt/EhsSXQem+YO0Q=
=zwOh
-----END PGP SIGNATURE-----




Get your free encrypted email at https://www.hushmail.com

Powered by blists - more mailing lists