lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <200307080200.h6820K8w091142@mailserver2.hushmail.com>
From: cepacolmax at hushmail.com (cepacolmax@...hmail.com)
Subject: Symantec Change Posting Criteria (was Re: Administrivia)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

By the way, my response post to pen-test (quoted below), merely defining
the reasons for which I choose not to post from my corporate email, was
also denied.

Note that this post infringes neither on the original list charter, nor
on the moderator's ammendments as stated.

</quote>
Al -

I understand all of your points below.

I personally avoid using my business email on lists such as this for
a couple of reasons.

It's a fact that spam robots troll web archives for valid email addresses.
This is not a knock against the list administrators - no one expects
you to control who reads the web archives.

There is also the question of backlash - If I were to post something
like "I can't get service pack 4 to install" from an email@...omany.com,
 it's a sure bet that I've just made my entire company a target for pre-
sp4 attacks. This is an unacceptable risk.

Perhaps the second point reveals my paranoia, but I work in security
- - - paranoia is what keeps the network clean!
</quote>

Cheers,

Max

On Mon, 07 Jul 2003 12:51:42 -0700 Gwendolynn ferch Elydyr <gwen@...tiles.org>
wrote:
>
>I've CC'd this email to full-disclosure, so that those folks that
>aren't
>on pen-test are aware of the policy change to posting requirements
>on
>that list - and potentially to more of the securityfocus lists.
>It's
>interesting to note that the only list that appears to have an exemption
>from this type of policy or arbitrary action is bugtraq.
>
>On Mon, 7 Jul 2003, Alfred Huger wrote:
>> Recently someone posted a question regarding a product (CORE Impact)
>to
>> the list. These types of posts always make me leery because this
>industry,
>> being what it is, rarely has anything nice to say about anything.
>Being a
>> product vendor myself I am particularly aware of how ugly people
>can be.
>> Often, if not always, when these come out the competitors to the
>product
>> generate email addresses elsewhere and have their way. Or the
>vendor
>> itself does the same thing and pumps their product.
>
>When I first read this posting, I went and checked the headers,
>to see
>if it was a forgery. The style seemed rather unlike AH, and the
>content
>was (at best) distressing. To my chagrin, this actually appears
>to be
>valid email.
>
>> The list has 13,000 + people on it. Many of them decision makers
>so I need
>> to be fairly careful about this. So here are the ground rules
>moving
>> forward:
>>
>> 1.	If you want to post about a product  positive or negative you
>> cannot do so from a Huhsmail or other such account.
>>
>> 2.	If you plan to post use your real name or do not post.
>>
>> 3.	Be polite  period.
>>
>> 4.	Do not use this as a forum to take shots at your competitor
>or I
>> will see you and your company banned from every list we have here
>(except
>> Bugtraq).
>
>I have to ask.
>
>Why?
>
>Did the Symantec lawyers have a sudden bout of panic about potential
>defamation lawsuits? Are there so many posts to the list that contain
>problematic content?
>
>This isn't full-disclosure, the last time I checked. To the best
>of
>my knowledge, pen-test is a moderated list. Surely the moderator
>is
>capable of noting the difference between "Your product sukz0rs"
>and
>"The product proved unable to stand up to traffic above 100Mhz"
>- and
>of passing the appropriate posting through, whether it has "John
>Doe"
>or "thunderfallingdown" attached to it as a moniker.
>
>Beyond that, threats seem inappropriate. "...I will see you and
>your
>company banned from every list we have..." Has Symantec stooped
>to this
>level, or is this personal opinion.
>
>I lament the former list - and the free flow of useful information.
>
>cheers!
>==========================================================================
>"A cat spends her life conflicted between a deep, passionate and
>profound
>desire for fish and an equally deep, passionate and profound desire
>to
>avoid getting wet.  This is the defining metaphor of my life right
>now."
>
>
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.netsys.com/full-disclosure-charter.html
>
>
-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 2.3

wkYEARECAAYFAj8KJeMACgkQ6muvpb42jIB6egCfcguAjCYWQudGQLYNX6kG0AIni38A
njBRdluvaXkXj5kDOKWuzoP/fwZ5
=2Nxq
-----END PGP SIGNATURE-----




Concerned about your privacy? Follow this link to get
FREE encrypted email: https://www.hushmail.com/?l=2

Free, ultra-private instant messaging with Hush Messenger
https://www.hushmail.com/services.php?subloc=messenger&l=434

Promote security and make money with the Hushmail Affiliate Program: 
https://www.hushmail.com/about.php?subloc=affiliate&l=427

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ