lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Wed, 10 Dec 2008 22:54:35 -0800
From: - o z - <osgo@...mail.com>
To: full-disclosure@...ts.grok.org.uk
Subject: FD subject line/name of org suggestion...

Hi everyone!

Is it just me, or is it normal for everyone else *not* to usually see  
the entire exploit notification, e.g.,
subject line in client:

[Full-disclosure] [ GL** #####-0* ] Critical Squirrel Meat Timer v. 
371117a Threat to Earth and All Inhabitants
                                                                                                '(cut 
  off right about @Meat Timer) [date]'

What has happened over time (10+ years) is that while average desktop  
space has grown, font real-estate
has shrunk.   Way more stuff is on-screen.  We're bombarded with even  
more info, some of it critical, and yeah,
maybe some of us like to keep current 'cause we live & breath infosec  
and have to "kill -s netdev 666" just to
make sense of it all sometimes.  Belay that, nothing, nothing makes  
sense there...makes my orange
run like clockwork.   That's it!

Using an informal survey method, most of my peers display FD the same  
way....critical version info is usually obscuficated
(or it's something else dearly important...say what you want...the  
community is creative with names).

It would be easier on the eyes and achieve a better productivity  
metric for my capitalist oppressors if the sub. line read:

[Full-disclosure] Warning goes here xxxxxxxx.xxxxxxxxxxxxxxxxxxx [good  
job, now put your name/date thingy here, right here!]

When my FD mailbox has 1000+ messages, many of them pertaining to  
software I'm responsible for, it would make
it easier if the subject line devoted as much space possible for the  
'sploit...first....followed by the author's naming convention.

Credit will be remembered no matter what, since if it affects you, it  
will be opened.  If it's been a long night or day,
whoa, it's easy to overlook something I shouldn't.   Right now it's  
like, "Wow, that was some exploit I saw by
'insert name here and date' -- sure wish I could have read it at one  
glance, damn..."

Somebody might be screaming, "Dude, change your settings" -- and  
they're right.  I should and do...but still have the same
issue, on a variety of clients -- increasing available subject line  
space helps, regardless.  Some org. ID's rent *16!*
characters in the subj. line, and the last five can be a real bitch,  
i.e., "v.371117" -- etc.....

Maybe some of 'ya think this is persnickety, and hell, it might be,  
it's just the 'best job, least amount of time thing.'
It just makes more sense to me is all, quite unlike my apparent  
deteriorating cognitive & grammatical abilities.

-oz









_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists