Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 20 Mar 2014 09:50:00 +0200
From: Georgi Guninski <guninski@...inski.com>
To: oss-security@...ts.openwall.com
Subject: Re: [OT] FD mailing list died. Time for new one

I agree about BB.
To generalize your concerns: trust no one.
Even a honest person running mailing list
can be compromised say via blackmail/torture.
If you run a mailing list stuff like spam,
DDOS, legal threats will eat from your time.

The death of the Full Disclosure list is mystery
to me too. I don't think the last FD mail explains
it fully. Suspect deeper conspiracy than just the
google thread.


On Wed, Mar 19, 2014 at 11:29:11PM +0400, gremlin@...mlin.ru wrote:
> On 19-Mar-2014 09:33:58 -0700, Dean Pierce wrote:
> 
>  > Hosting? That's what the cloud is for.
> 
> Not for any sensitive data. And vulnerability descriptions are very
> sensitive...
> 
>  > I have no idea who runs
>  > https://groups.google.com/group/FullDisclosure
>  > but they seem modeled after original fd charter.
> 
> Modelling a charter is easy... But I bet they'll fail on gathering
> all previous FD members.
> 
>  > I trust Google as a neutral third party more than I would trust
>  > most security researchers.
> 
> Bwa-ha-ha-ha-ha...
> 
> Behind that party which you possibly may trust, there's a B.B.,
> which is even worse than a Big Brother - as it's a Big Business.
> 
> When a Big Business faces something, it asks itself two questions:
> 0. Could it cause any loss?
> 1. Could it bring any profit?
> 
> Suppose someone posts a zero-day vulnerability on the list which
> affects the BB; do you really think it wouldn't be censored out?
> 
> No doubt, it will - otherwise that will Cause a Loss, and that's
> inacceptable for BB.
> 
> Also, several days before FD shutdown there was a long thread
> related to some vulnerabilities in Google services... Although
> John Cartwright didn't name anyone, I can't be sure these two
> events are unrelated.
> 
>  > They already host all the old newsgroup archives. It's also
>  > free, easily consumable, and most importantly, babysat for
>  > security issues in a way that even a team of skilled volunteers
>  > would have a hard time pulling off.
> 
> I'd prefer participating on the list hosted by some party which
> isn't directly affected by list postings - say, some ISP.
> 
> 
> -- 
> Alexey V. Vissarionov aka Gremlin from Kremlin <gremlin ПРИ gremlin ТЧК ru>
> GPG: 8832FE9FA791F7968AC96E4E909DAC45EF3B1FA8 @ hkp://keys.gnupg.net

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ