lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
From: nick at virus-l.demon.co.uk (Nick FitzGerald) Subject: Flaw in NetBIOS Could Lead to Information Disclosure (824105) Irwan Hadi <irwanhadi@...by.com> wrote: > http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-034.asp > > Microsoft Security Bulletin MS03-034 Print > > Flaw in NetBIOS Could Lead to Information Disclosure (824105) > Originally posted: September 03, 2003 <<snip ~15KB of MS copyrighted material>> Several things: 1. Do you have MS' permission to repost these in their entirety? According to MS' Terms of Use on their web site and clealry linked from the page you c'n'p-ed that text from: http://www.microsoft.com/info/cpyright.htm ... PERSONAL AND NON-COMMERCIAL USE LIMITATION. Unless otherwise specified, the Services are for your personal and non-commercial use. You may not modify, copy, distribute, transmit, display, perform, reproduce, publish, license, create derivative works from, transfer, or sell any information, software, products or services obtained from the Services. 2. People are already complaining about how slow the F-D list is. Do you really think we need it bogged down by having to send umpteen thousand copies of your 17KB message? 3. Were you aware that subscribing to MS' own lists for security bulletin distribution is possible? Many people on this list likely already do that so all you are doing is duplicating their mail load in respect of this message. 4. Other lists already provide MS security bulletin summarizing services. I received notifications and a summarized version of all five of today's batch of MS security bulletins from NTBugtraq before I received the first of your re-postings. 5. If you intend to keep up this "service", do you really think you can provide the timeliness and perfect record of the automated MS list or of Russ Cooper's automated summarizer? Personally, I expect the MS list server (slow as it is -- I haven't received the first of these yet and will probably not get the last until sometime on Saturday if recent performance of that list, multipled by five, is anything to go by) and Russ' automated summarizer to get notifications to much more reliably (albeit slowly in MS' case) than you will be able to. 6. Many of us are _NOT_ on fast connections so your unnecessary clogging of our download capacity with these postings is a real piss-off. In summary -- stop doing this! If you really _must_ "help" with such announcements, please constrain yourself to posting the URL and a _brief_ summary -- the affected s/w list and the "Technical details" section down to, but not including, the "Mitigating factors" sub-section should be sufficient for most folk to decide whether they need to go look at the whole bulletin. Regards, Nick FitzGerald
Powered by blists - more mailing lists