lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: phased at mail.ru (phased)
Subject: list noise


I also care about noise, and responding to stupid mails makes it worse.
Every time people send stupid mails like the rm file thing, and people reply to the list, the author was successful in filling the list with crap for a day or so.

If no one replies, then they dont get attention and the people who know their advisories(anyone with common sense) are blatantly crap will not be affected by their nuisance.

You always get a load of emails to the list from people who want to tell everyone they know that an advisory for example was crap, yes we know
thank you, but we are not handing out gold stars today!!!
No need to tell us all every time!!!

phased

-----Original Message-----
From: Barrie Dempster <barrie@...oot-robot.net>
To: full-disclosure@...ts.netsys.com
Date: Thu, 30 Dec 2004 09:36:07 +0000
Subject: RE: [Full-Disclosure] Multiple Backdoors found in eEye Products(IRISand SecureIIS)

> I'd have to agree with the eEye statement on this one. You sent out an
> advisory without disclosing the details, which offers no real benefit to
> anyone. Many people consider this responsible disclosure but that also
> requires you to notify the vendor (there were no @eeye.com's in your
> "to" list but there were a couple of press mailboxes).
> 
> You didn't contact eEye, you didn't release details, you used an
> anonymous address and failed to mention or credit any of the other guys
> in your "testing team", This can only lead us to believe that the
> advisory is fake and only intended to generate bad press for eEye. I
> personally don't care about eEye's PR rating but I do care about the
> level of noise on these lists and I do care about backdoor-ed commercial
> products that are in common use. You may have an issue with eEye and see
> this as revenge. However, I doubt you also have an issue with the many
> admins who probably have spent their holiday season investigating these
> claims, when there are likely more pressing matters to address, such as
> a large stock of alcohol.
> 
> Show us details, or be quiet. If you intended to embarrass eEye the plan
> backfired as any competent professional on this list (there are a few -
> I've heard stories about them) would see this as a shameful attempt and
> would be laughing at you, not eEye.
> 
> Seasons greetings to eEye and all Full Disclosure subscribers - even you
> "Lance Gusto".
> 
> With Regards..
> Barrie Dempster (zeedo) - Fortiter et Strenue
> 
>   http://www.bsrf.org.uk
> 
> [ gpg --recv-keys --keyserver www.keyserver.net 0x96025FD0 ]
> 
> 
> 
> 
> 
> ATTACHMENT: application/pgp-signature ("signature.asc")
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
> 
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ