[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

on list moderation of great justice [was: [oss-security] list policy (Re: Truly scary SSL 3.0 vuln to be revealed soon:) ]

To: cpunks <[email protected]>
Subject: on list moderation of great justice [was: [oss-security] list policy (Re: Truly scary SSL 3.0 vuln to be revealed soon:) ]
From: [email protected] (coderman)
Date: Mon, 3 Nov 2014 20:02:36 -0800

> On Tue, Oct 14, 2014 at 10:48:00PM -0700, Walter Parker wrote:
>> What is this list's policy on Full Disclosure?
>...

as one who enjoys a significant moderation delay on Full-Disclosure,
 i feel qualified to pontificate on this subject. [0]

per the monthly statistics summarized at
http://seclists.org/fulldisclosure/ one can easily see how the careful
pruning of noise on this channel has resulted in double digit density
goodness, e.g. Aug 2014 at 89 posts; a new record of brevity and
decorum!

i for one gladly await the day a more properly, more aggressively
moderated full-disclosure reaches single digits and utmost
conciseness. you can do it, Fyodor!

On 10/15/14, Solar Designer <[email protected]> wrote:
> Looks like I need to comment on the specific questions on list policy:
> ...
> Whatever is sent to the list, if on-topic and otherwise appropriate
> ... is posted with no artificial delay... the only difference from the
> Full-Disclosure mailing list (as far as I understand how it's run) is
> that oss-security is limited to / focused on Open Source.

i for one agree with Full-Disclosure's policy that active
monkey-in-the-middle attacks are of zero interest. spectrum hi jinx?
how cross site...
 [ "The Internet Threat Model" finds your privacy not cost effective. sorry! ]

given such undeniable logic, i must fully support the ongoing total
moderation with infinite delay of [email protected] on the
full-disclosure list.  never again from coderman is too soon!

finally,

regarding other aspects of full-disclosure, i must disclose that i
have nothing further to say on the conspiracy in the information
security industry to assist various intelligence agencies, including
Attrition.org collaboration with NSA TAO [1] and Fyodor's relationship
with GCHQ's HACIENDA scanner [2].

best regards,

0. see "RC4 is dangerous in ways not yet known - heads up on near
injection WPA2 downgrade to TKIP RC4" - moderated on F-D since Sept.
 , also "Preferred Roaming List Zero Intercept Attack [was: DEF CON
nostalgia [before that: going double cryptome at DEF CON 22]][still
confusing]" moderated days to Aug 4 post send on 1st.

1. "Tailored Access Operations ... Details on a program titled
QUANTUMSQUIRREL indicate NSA ability to masquerade as any routable
IPv4 or IPv6 host."
 - https://en.wikipedia.org/wiki/Tailored_Access_Operations#Virtual_locations

2. "GCHQ project HACIENDA [...] uses [nmap] port scanning to find
vulnerable systems for Five Eyes intelligence agencies."
 - https://en.wikipedia.org/wiki/TCP_Stealth

Prev by Date: POTUS jammin'
Next by Date: Privacy has never been “an absolute right”
Previous by thread: RC4 still sucks in the year 2014 - A Practical Attack Against the HIVE Hidden Volume Encryption System
Next by thread: Privacy has never been “an absolute right”
Index(es):
- Date
- Thread