Full Disclosure mailing list archives

Fwd: Returned post for bugtraq () securityfocus com

From: fooldisclosure () hushmail com (fooldisclosure () hushmail com)
Date: Thu, 5 Sep 2002 19:03:24 -0700

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi All

I encourage anyone who has a post rejected from bugtraq to forward any comments from the moderator(s) to this list.

Also, it would be useful to include dates. Ie. I posted this advisory to bugtraq on (date) and it was finally approved
by moderators on (date). Some people are already doing this; it emphasizes some of my points below.

It's important that bugtraq subscribers understand a few key issues:

* Most (MOST) posts to bugtraq get rejected

* Many posts that eventually make it through to a secfocus list will have a comment such as 'moderator: please allow
this because...' or 'this is the 3rd time I have tried to submit this...'

* Security issues sent to bugtraq get 'sat on' by secfocus. Priority customers get priority notice. This is
unacceptable. If I wish to alert the security industry to a new exploit, Bugtraq (traditionally) is the place to do so.
However, if I send my info to bugtraq, secfocus will sit on this information, and make money from their priority
customers for 'early warning'.

* The bugtraq moderators are technically incapable of distinguishing real issues from fake or non-issues.

* The bugtraq moderators have commercial interestes to look after. Do you think you will ever see Symantec-bashing
posts? How long until symantec and microsoft cut some kind of non-disclosure deal?

Obviously the bugtraq moderators cannot see any issues with obfuscated URL's that look like
http://www.ebay.com%252f%40evil.site.goes.here.

Maybe symantec should hire zenomorph () cgisecurity net? I'm sure he has the necessary expertise to fill this obvious
knowledge-gap at secfocus.

Regards,

.F.D.

Hi! This is the ezmlm program. I'm managing the
bugtraq () securityfocus com mailing list.

I'm working for my owner, who can be reached
at bugtraq-owner () securityfocus com.

I'm sorry, your message (enclosed) was not accepted by the mode
rator.
If the moderator has made any comments, they are shown below.

-------------------- >>>>>

What does that accomplish?
<<<<< -------------------- <<<<<


-----BEGIN PGP SIGNATURE-----
Version: Hush 2.1
Note: This signature can be verified at https://www.hushtools.com

wmMEARECACMFAj14DOscHGZvb2xkaXNjbG9zdXJlQGh1c2htYWlsLmNvbQAKCRAMkLNo
e92H9dJmAJ4uvEG+UDnpH/H66Bxbg2sqC3KY5wCfSVnfnsaxG26Pt/EhsSXQem+YO0Q=
=zwOh
-----END PGP SIGNATURE-----




Get your free encrypted email at https://www.hushmail.com

Current thread:

Fwd: Returned post for bugtraq () securityfocus com fooldisclosure () hushmail com (Sep 05)
- Fwd: Returned post for bugtraq () securityfocus com <mail () blazde co uk (Roland Postle) (Sep 05)
- Fwd: Returned post for bugtraq () securityfocus com Michal Zalewski (Sep 05)
- Fwd: Returned post for bugtraq () securityfocus com Fenris The Wolf (Sep 05)