lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <4171D53E.6060405@deaddrop.org>
From: shrdlu at deaddrop.org (Etaoin Shrdlu)
Subject: Full-Disclosure Posts

yahoo@...alhost wrote:

>Should Full-Disclosure only allow so-called -real- names? I was on
>Nanog (a network admin list) and they have a rule where you can only
>  
>

NANOG is not even remotely a network admin list. It is comprised 
(mostly) of those folk who administer and make decisions on what we used 
to consider the backbone. North American Network Operators Group (NANOG) 
does occasionally talk about the administration of networks, but they 
aren't interested in your puny /29 in your parent's basement.

>post with a first and second name, instead of an alias or nick, to
>kind of give more credibility that you are a security professional and
>not a hax0r or script kiddie.
>  
>

They really aren't all that interested in having *security 
professionals* (whatever that might mean) on the list, although they 
don't reject such things. It isn't the purpose of the list. Do you 
provide support for MCI? How about Verisign? Those are the sort of folk 
that list is intended for. In addition, the FAQ will tell you that a 
recognized pseudonym as an acceptable substitute (that means that the 
pseudonym needs to have been around for quite a while, cookie).

>Should the same rule be pro actively implemented to Full-Disclosure or
>is it a dead duck idea?
>  
>

It would be silly to think of such a thing. I'd say that more than half 
the posts here are mixed between goofy handles, and truenames (c.f. 
Truenames, Vinge), and that the signal and noise has no correlation 
between those (i.e. goofy handle is not necessarily noise, and lord 
knows truenames are no guarantee of signal).

>I know hax0rs or script kiddies would probably use fake first and
>second names if it was implemented, but at least the list would look
>neat and a tad more professional?
>  
>

Of course, anyone still using the term "hax0r" as though it were 
meaningful might want to think further about what a "security 
professional" might be.

>Feedback welcomed....
>

Voila!

-- 
Do not meddle in the affairs of wizards, for they are subtle,
and quick to anger. Do not meddle in the affairs of dragons,
for you are crunchy, and taste good with catsup.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ