Date: Thu, 20 Mar 2014 09:50:00 +0200 From: Georgi Guninski <guninski@...inski.com> To: oss-security@...ts.openwall.com Subject: Re: [OT] FD mailing list died. Time for new one I agree about BB. To generalize your concerns: trust no one. Even a honest person running mailing list can be compromised say via blackmail/torture. If you run a mailing list stuff like spam, DDOS, legal threats will eat from your time. The death of the Full Disclosure list is mystery to me too. I don't think the last FD mail explains it fully. Suspect deeper conspiracy than just the google thread. On Wed, Mar 19, 2014 at 11:29:11PM +0400, gremlin@...mlin.ru wrote: > On 19-Mar-2014 09:33:58 -0700, Dean Pierce wrote: > > > Hosting? That's what the cloud is for. > > Not for any sensitive data. And vulnerability descriptions are very > sensitive... > > > I have no idea who runs > > https://groups.google.com/group/FullDisclosure > > but they seem modeled after original fd charter. > > Modelling a charter is easy... But I bet they'll fail on gathering > all previous FD members. > > > I trust Google as a neutral third party more than I would trust > > most security researchers. > > Bwa-ha-ha-ha-ha... > > Behind that party which you possibly may trust, there's a B.B., > which is even worse than a Big Brother - as it's a Big Business. > > When a Big Business faces something, it asks itself two questions: > 0. Could it cause any loss? > 1. Could it bring any profit? > > Suppose someone posts a zero-day vulnerability on the list which > affects the BB; do you really think it wouldn't be censored out? > > No doubt, it will - otherwise that will Cause a Loss, and that's > inacceptable for BB. > > Also, several days before FD shutdown there was a long thread > related to some vulnerabilities in Google services... Although > John Cartwright didn't name anyone, I can't be sure these two > events are unrelated. > > > They already host all the old newsgroup archives. It's also > > free, easily consumable, and most importantly, babysat for > > security issues in a way that even a team of skilled volunteers > > would have a hard time pulling off. > > I'd prefer participating on the list hosted by some party which > isn't directly affected by list postings - say, some ISP. > > > -- > Alexey V. Vissarionov aka Gremlin from Kremlin <gremlin ПРИ gremlin ТЧК ru> > GPG: 8832FE9FA791F7968AC96E4E909DAC45EF3B1FA8 @ hkp://keys.gnupg.net
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ