lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <67ea64530709230629t6007da08v770b8f2e81eb1be3@mail.gmail.com>
Date: Sun, 23 Sep 2007 14:29:54 +0100
From: "worried security" <worriedsecurity@...glemail.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Fwd: [funsec] Keep Gadi Evron off Bugtraq

---------- Forwarded message ----------
From: n3td3v <xploitable@...il.com>
Date: Sep 23, 2007 12:59 PM
Subject: Re: [funsec] Keep Gadi Evron off Bugtraq
To: funsec@...uxbox.org


On 9/23/07, Gadi Evron <ge@...uxbox.org> wrote:
> Guys, I can't in good conscience kick n3td3v out while it is me who is
> discussed. Can we please move on? He will send yet another idiotic message
> and I will kick him then.
>
> My "don't mod" for this list is too extreme, I know. But oh well - we
> don't really have a need for it.
>
> n3td3v will go away soon.

Just stop talking about ABC childish security topics under a serious
disclosure on Bugtraq and everything will be ok. You're not in serious
trouble, you've only caused a public outcry of one person.

But what triggered me to do my ranting was because there are voices of
people you don't see on mailing lists who I talk to who were thinking
exactly the same thing, but they just don't have it in them to send
rant messages to get the message out there that your style of bringing
up your own personal agenda about buzzwords isn't wanted on Bugtraq
about this stuff.

Keep your own agenda of shaping the industry for other times. I'm not
against you being an influential voice in the security community for
the progression and development of practices such as false positive
0day flagging.

However in the middle of critical disclosures which could affect
national security I suggest you keep your mouth shut on matters about
what is a 0day.

This industry by default will always have teens and early twenties
adults in them who may mark a vulnerability as a 0day when it isn't
strictly true, but it was unhelpful to trigger a discussion about the
0day term, even though that conversation was interesting and at the
same time you may have been right on the matter you brought up on
Bugtraq, but what i'm saying is, stop triggering off side issues which
aren't mission critical on important disclosures that the government
have particular interest in tracking closely.

You start to become the problem and not the solution by triggering off
splinter topics like you did. Hell, its not as if there aren't plenty
of other places you can go and voice your opinion about the PDF thread
where high ranking folks will listen to you and may agree with you.

You have your own mailing list, and there is Full-Disclosure as well,
where you can voice your opinion without affecting the free flow of
intelligence.

Next time you have the urge to get involved in information security
politics, can you start your own seperate thread, so the serious
disclosure thread can be left clear for on topic only discussion about
the mission critical?

Why don't you even reply properly to what i'm saying on public lists
on Funsec and Full-Disclosure about what i'm talking about? Its only
sensible to have healthy discussion about what you done.

While the kids responsible for the PDF flaw need educating about what
a 0day is and what a 0day isn't, there is also an issue of YOU talking
about ABC security topics at the wrong time, when corporations and
governments ONLY want to know information thats important to their
mission critical.

You won't even acknowledge what i'm saying, all you seem to do is
talking about moderating your mailing list, you're just pissing people
off, espeically me, by not saying you may be wrong, and that you may
have discussed the buzzword in question in the wrong place.

You could of even post about buzzwords later on in the thread once it
had matured and it was obvious no important intelligence about PDF
flaw was going to be posted, but you didn't, your trolling comments
were the first or second message in the thread.

Please keep your ABC security politics out of highly sensitive threads
which have a potential to affect national security in future.

The ball is in your court, you can continue to do what you've been
doing or you can think more closely about what i'm saying to you.

I thought you were a whitehat, so do whitehats go around ruining
threads by triggering off side topics? Its harmful, so stop.

I may be responsible for trolling on mailing lists, but at least I
don't hi-jack important disclosure threads, I start my own thread,
leaving the organisation, structure and integrity of threads which
affect the mission ciritcal of corporations and governments in tact
for officials to read to protect their systems from cyber attacks.

If there is one place on the internet I don't want troll posts, its
Bugtraq, c'mon, leave one place on the internet free from drama so
security experts can read a thread which is completely on topic, I
mean in the thread in question there was even someone calling you
"Fatboy", that kind of shit isn't the place for name calling, so
either its you at fault or Bugtraq moderators for letting you on the
list, so do me a favour and keep your *i want to shape the security
industry* coversation for elsewhere.

Do you think its appropriate for people to be calling you "Fatboy" on
Bugtraq of all places? For f**ks sake, stop being controversial on
Bugtraq, which could trigger people to talk about the 0day term and
calling you Fatboy instead of the mission critical.

What you did was more characteristic of the blackhat mentality, trying
to disrupt the steady flow of intelligence on important matters, so if
you want to be known as a whitehat,s tart f**king acting like one.

I don't believe what you did was PRO whitehat, so save your thread
hi-jacking in future.

So ban me from Funsec, its not important to me to get a feed of what
is already available on the RSS feeds Fergie and the others are
subscribed to, hell, as soon as they post the URLs on Funsec, I
instantly know the exact place they got it from, thats how closely I
monitor everything thats going on.

Plus, I don't believe people who are doing there jobs properly need
Funsec to be alerted of the URLs post here. If the folks on here
didn't know about the URLs post on Funsec before they appeared on
Funsec, I would be very concerned at who is working in our governments
and corporations.

I'll see you around Gadi, here is a URL for your mailing list...
http://www.reuters.com/article/technologyNews/idUSSP4995420070922
Its been missed out ;)

No hard feelings Gadi, just think about what you say and where you say
in future on high risk vulnerability threads on Bugtraq. You can say
what the hell you want elsewhere, but not on Bugtraq.

Bugtraq should be a sterile environment away from controversy and name
calling seen on other places such as Full-Disclosure.

You brought controversy and name calling onto Bugtraq in the middle of
an important national security thread, I bet you're proud.

You don't need to ban me from Funsec, i'm finished now. Unless you do
something else on the internet thats equally as outragous which merits
an e-mail, you won't hear from me again.

Think mission critical in corporations, think national security in
governments. Thats what Bugtraq is supposed to be useful for, not Gadi
Evron and self.

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ