|
Message-ID: <20140320075000.GB2503@sivokote.iziade.m$> Date: Thu, 20 Mar 2014 09:50:00 +0200 From: Georgi Guninski <guninski@...inski.com> To: oss-security@...ts.openwall.com Subject: Re: [OT] FD mailing list died. Time for new one I agree about BB. To generalize your concerns: trust no one. Even a honest person running mailing list can be compromised say via blackmail/torture. If you run a mailing list stuff like spam, DDOS, legal threats will eat from your time. The death of the Full Disclosure list is mystery to me too. I don't think the last FD mail explains it fully. Suspect deeper conspiracy than just the google thread. On Wed, Mar 19, 2014 at 11:29:11PM +0400, gremlin@...mlin.ru wrote: > On 19-Mar-2014 09:33:58 -0700, Dean Pierce wrote: > > > Hosting? That's what the cloud is for. > > Not for any sensitive data. And vulnerability descriptions are very > sensitive... > > > I have no idea who runs > > https://groups.google.com/group/FullDisclosure > > but they seem modeled after original fd charter. > > Modelling a charter is easy... But I bet they'll fail on gathering > all previous FD members. > > > I trust Google as a neutral third party more than I would trust > > most security researchers. > > Bwa-ha-ha-ha-ha... > > Behind that party which you possibly may trust, there's a B.B., > which is even worse than a Big Brother - as it's a Big Business. > > When a Big Business faces something, it asks itself two questions: > 0. Could it cause any loss? > 1. Could it bring any profit? > > Suppose someone posts a zero-day vulnerability on the list which > affects the BB; do you really think it wouldn't be censored out? > > No doubt, it will - otherwise that will Cause a Loss, and that's > inacceptable for BB. > > Also, several days before FD shutdown there was a long thread > related to some vulnerabilities in Google services... Although > John Cartwright didn't name anyone, I can't be sure these two > events are unrelated. > > > They already host all the old newsgroup archives. It's also > > free, easily consumable, and most importantly, babysat for > > security issues in a way that even a team of skilled volunteers > > would have a hard time pulling off. > > I'd prefer participating on the list hosted by some party which > isn't directly affected by list postings - say, some ISP. > > > -- > Alexey V. Vissarionov aka Gremlin from Kremlin <gremlin ПРИ gremlin ТЧК ru> > GPG: 8832FE9FA791F7968AC96E4E909DAC45EF3B1FA8 @ hkp://keys.gnupg.net
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.