lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <3F571E8C.11575.C0D62DB8@localhost>
From: nick at virus-l.demon.co.uk (Nick FitzGerald)
Subject: Flaw in NetBIOS Could Lead to Information
 Disclosure (824105)

Irwan Hadi <irwanhadi@...by.com> wrote:

> http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-034.asp
> 
> Microsoft Security Bulletin MS03-034  Print  
> 
> Flaw in NetBIOS Could Lead to Information Disclosure (824105)
> Originally posted: September 03, 2003
<<snip ~15KB of MS copyrighted material>>

Several things:

1.  Do you have MS' permission to repost these in their entirety?  
According to MS' Terms of Use on their web site and clealry linked from 
the page you c'n'p-ed that text from:

   http://www.microsoft.com/info/cpyright.htm

   ...

   PERSONAL AND NON-COMMERCIAL USE LIMITATION.

   Unless otherwise specified, the Services are for your personal and
   non-commercial use. You may not modify, copy, distribute, transmit,
   display, perform, reproduce, publish, license, create derivative
   works from, transfer, or sell any information, software, products or
   services obtained from the Services.

2.  People are already complaining about how slow the F-D list is.   Do 
you really think we need it bogged down by having to send umpteen 
thousand copies of your 17KB message?

3.  Were you aware that subscribing to MS' own lists for security 
bulletin distribution is possible?  Many people on this list likely 
already do that so all you are doing is duplicating their mail load in 
respect of this message.

4.  Other lists already provide MS security bulletin summarizing 
services.  I received notifications and a summarized version of all 
five of today's batch of MS security bulletins from NTBugtraq before I 
received the first of your re-postings.

5.  If you intend to keep up this "service", do you really think you 
can provide the timeliness and perfect record of the automated MS list 
or of Russ Cooper's automated summarizer?  Personally, I expect the MS 
list server (slow as it is -- I haven't received the first of these yet 
and will probably not get the last until sometime on Saturday if recent 
performance of that list, multipled by five, is anything to go by) and 
Russ' automated summarizer to get notifications to much more reliably 
(albeit slowly in MS' case) than you will be able to.

6.  Many of us are _NOT_ on fast connections so your unnecessary 
clogging of our download capacity with these postings is a real
piss-off.

In summary -- stop doing this!

If you really _must_ "help" with such announcements, please constrain 
yourself to posting the URL and a _brief_ summary -- the affected s/w 
list and the "Technical details" section down to, but not including, 
the "Mitigating factors" sub-section should be sufficient for most folk 
to decide whether they need to go look at the whole bulletin.


Regards,

Nick FitzGerald


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ