lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
From: fooldisclosure at hushmail.com (fooldisclosure@...hmail.com) Subject: Fwd: Returned post for bugtraq@...urityfocus.com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi All I encourage anyone who has a post rejected from bugtraq to forward any comments from the moderator(s) to this list. Also, it would be useful to include dates. Ie. I posted this advisory to bugtraq on (date) and it was finally approved by moderators on (date). Some people are already doing this; it emphasizes some of my points below. It's important that bugtraq subscribers understand a few key issues: * Most (MOST) posts to bugtraq get rejected * Many posts that eventually make it through to a secfocus list will have a comment such as 'moderator: please allow this because...' or 'this is the 3rd time I have tried to submit this...' * Security issues sent to bugtraq get 'sat on' by secfocus. Priority customers get priority notice. This is unacceptable. If I wish to alert the security industry to a new exploit, Bugtraq (traditionally) is the place to do so. However, if I send my info to bugtraq, secfocus will sit on this information, and make money from their priority customers for 'early warning'. * The bugtraq moderators are technically incapable of distinguishing real issues from fake or non-issues. * The bugtraq moderators have commercial interestes to look after. Do you think you will ever see Symantec-bashing posts? How long until symantec and microsoft cut some kind of non-disclosure deal? Obviously the bugtraq moderators cannot see any issues with obfuscated URL's that look like http://www.ebay.com%252f%40evil.site.goes.here. Maybe symantec should hire zenomorph@...security.net? I'm sure he has the necessary expertise to fill this obvious knowledge-gap at secfocus. Regards, .F.D. >Hi! This is the ezmlm program. I'm managing the >bugtraq@...urityfocus.com mailing list. > >I'm working for my owner, who can be reached >at bugtraq-owner@...urityfocus.com. > >I'm sorry, your message (enclosed) was not accepted by the mode >rator. >If the moderator has made any comments, they are shown below. > >>>>>> -------------------- >>>>> >What does that accomplish? ><<<<< -------------------- <<<<< -----BEGIN PGP SIGNATURE----- Version: Hush 2.1 Note: This signature can be verified at https://www.hushtools.com wmMEARECACMFAj14DOscHGZvb2xkaXNjbG9zdXJlQGh1c2htYWlsLmNvbQAKCRAMkLNo e92H9dJmAJ4uvEG+UDnpH/H66Bxbg2sqC3KY5wCfSVnfnsaxG26Pt/EhsSXQem+YO0Q= =zwOh -----END PGP SIGNATURE----- Get your free encrypted email at https://www.hushmail.com
Powered by blists - more mailing lists