mailing list archives
Re: Should it be better ...
From: Pablo <paa.listas () gmail com>
Date: Fri, 18 Jul 2014 15:38:34 -0300
Another possible consequence: This 'link-friendly' advisories lets the
originator (a person, an institution or a fake of anyone of those) track
the individual that routinely click on that links. Maybe just to build a
list of people (IP->ISP->Country->Client of the ISP->Your home)
interested in security, maybe not only for that. Who knows!? Just don't
click on them ... or do it, nobody is watching! ;)
El 10/07/2014 02:07 p.m., Fyodor escribió:
On Thu, Jul 10, 2014 at 7:51 AM, Pablo <paa.listas () gmail com
<mailto:paa.listas () gmail com>> wrote:
[Would] it be better to include the Advisory Details/exploit/code
in the body of the email to FD, and not in a link to a
blog/site/company so the list archive will be an archive and not a
index to some, possible down, link?
Yes, it is absolutely better to include full details in the body of
the message rather than just a link. I haven't been rejecting the
link-only messages (as long as there is at least a brief summary), but
they are annoying. Not only are they a pain to read (need to open a
browser and/or follow a link), but they screw up the archives. Right
now we're able to browse Bugtraq from more than 20 years ago, and it's
But if those messages were just links to other sites, how many would
still work? Hardly any.
Now it's perfectly fine to ALSO include a link to the advisory on a
web site. Just include full details in the body of the post too. The
main exception is binary attachments. If an attachment is more than
500K or a megabyte, just link it that attachment (in the descriptive
text body of your post) to avoid clogging up people's mail spools.
Also, if you're posting someone else's work (like a news story or 3rd
party blog or whatever), there may be copyright issues with just
pasting the whole thing into your message. Still, try to include at
least the first few paragraphs or a summary so we know what it is.
Sent through the Full Disclosure mailing list
Web Archives & RSS: http://seclists.org/fulldisclosure/