lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <20080102164630.F3980118039@mailserver5.hushmail.com>
Date: Wed, 02 Jan 2008 16:46:28 +0000
From: <31415926@...h.ai>
To: <full-disclosure@...ts.grok.org.uk>
Cc: 
Subject: Critical Vulnerability in 

Critical Vulnerability in [Full-Disclosure]

The problem with full disclosure is that everyone feels the need to 
fully disclose, even when their opinion and the information they 
are purporting to impart is, well, bollocks. You can't tell them to 
shut up as they think they're important and the internet gives them 
balls of steel and verbal diarhoea, so we stumble from one tired 
flamewar to another with no useful content being published.

It's embarrassing.

I'm an advocate of FD as a concept. I believe that there is no such 
thing as an innocent on the internet and if you really are that 
dumb, then you deserve everything you get. FD (as one of many like-
minded lists) forces the vendors to patch or die and eventually 
write quality code. FD (the concept, not the list) is the ultimate 
nuclear deterrent, without the mutually assured destruction lunacy.

I have watched the posters to this list for some time. By far the 
vast majority are transparently kiddies, sitting on their painted-
up laptops thinking of themselves as the techno-brats in the film 
"Hackers" and hoping to grow up to be like the guy in the film 
"Swordfish". They write in l33t5p34k and think that this somehow 
makes them informed. Kiddies are the lowest form of life in the 
hierarchy of information security and in the IT industry generally.

You know who you are and so does everyone else. You are fools, and 
an embarrassment to the craft:
Secreview (review of products/services you have never bought, are 
you the goatse.cz receiver?)
Reepex (Isn't a reepex a bit of farm machinery?)
Gobbles (A nickname for a gay male prostitute)
Morning Wood (The holy grail of the viagra-abuser)
Gmaggro ("high value target selection", are you completely cocking 
stupid?)

Oh, the outrage.

I can see it now. there will be armies of skiddies demanding that 
the l33tz hack this f@...r, spam him, pwn him, and post defamatory 
messages concerning her skills and possible employment 
opportunities for her and her mother everywhere possible. Guess 
what, kids? I don't care.

No, not even a little bit. Do what you like, I could care less and 
no one else cares if you live or die tonight, you sad, acne'd 
little dewdrops.

Calmed down yet?

Good. I want you to consider something.

The FD list consists of the following content (and what it has to 
say):

Advisories by vendors (we fixed this)
Advisories by individuals (I tested that and found this)
Advisories by infosec organisations (we found this)
Funnies (self explanatory)
Opinions (this sucks, what about that?)
Skids (I did this, aren't I great, everyone else sucks?)
Trolls (you suck)
Trawlers (I have something 0day to buy or sell)

The top three (ie the useful content) is available in any one of a 
hundred places, the bottom three are noise. The only people 
interested in the noise are those who keep track of it for a 
living.

So, consider that by posting anything in the bottom three 
categories, you are drawing the attention of those who take an 
interest in your sad efforts to destabilise the technical crutch of 
society. These people are better than you in every important way, 
and if you so much as tiptoe across one of their lines, you'll wind 
up sharing a cell with a 7ft gorilla called george with a dead 
mouse and a pressing need to dry-cornhole your ringpiece 3 times a 
night and twice on sundays. Do yourselves a favour and STFU.

What's left?

The funnies and the opinions. I've laughed my tits off at posts by 
Mssrs Coderman, Diggle, Dripping, VanWinkle and Mengele, and i've 
been interested by a few others who will remain nameless as I can't 
list them all. Long live full disclosure, but keep in mind that 
you're only legends in your own bedrooms.

later, pi

--
Click to get a free auto insurance quotes from top companies.
http://tagline.hushmail.com/fc/Ioyw6h4d8EIl5uJlSoB5C7HKVmuBsQOXlKB8YUus2MT2FpMkQCNmCM/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ