Re: [Full-Disclosure] pissed off

From: Melvyn Sopacua (msopacua_at_idg.nl)
Date: 04/26/03

  • Next message: morning_wood: "[Full-Disclosure] SPOOFED HOTMAIL ADDRESS --- http://www.security-hotmail.com/" 
    To: Valdis.Kletnieks@vt.edu
Date: Sat, 26 Apr 2003 10:51:20 +0200

    At 17:50 25-4-2003, Valdis.Kletnieks@vt.edu wrote:

    >On Thu, 24 Apr 2003 23:36:22 CDT, cyn0n@myrealbox.com said:
    > > greets-
    > > Is anyone else pissed off at stupid *** like this flying around lists
    > > that are supposed to be respectable? Arguing over this type of stuff and
    > > even reporting this is just the most stupid fucking thing I've ever
    > > seen.
    >
    >Umm.. I've seen lots of stupid *** on lists, but I have to disagree with
    >your assessment of this as "stupid ***". We have the following:

    [ snip i18n note ]

    >1) somebody (badpack3t? attrib/quoting lost) posts a vulnerability
    >in Xeneo.
    >
    >2) Tamer Sahin posts that it was a known thing already posted, and that
    >people shouldn't post without searching first. Quite politely phrased
    >and good advice.
    >
    >3) badpack3t posts back saying that this vulnerability is a new and different
    >one, and asks for clarification from Tamer of why he thinks it's the same
    >hole.
    >Everybody is being mostly civil, and there's a definite lack of any ad-hominem
    >attacks. If badpack3t *has* found a different hole, then he certainly
    >deserves credit for it, and Tamer owes him a "Sorry, you're right, that's
    >a different hole".

    If you try objectify the conversation do it well:
    1) vuln post
    2) Hey, that's mine, I own that and you are violating copyright law
    3) That's a different hole, unless I'm mistaken.

    The stupid part, which has been annoying me as well, is nr. 2.
    The focus in part 2 is not the vulnerability, but a psychological defect in
    Tamer
    Sahin's selfesteam, accompanied with legal crap about owning rights to
    discoveries
    of other people's mistakes.

    What IS that copyright stuff anyways? Are we now 'legally owning karma'? Is
    credit
    for a vulnerability profitable? Can you borrow money on your 'stock of legally
    owned vulnerability advisories'? Or is it yet another reason to sue the
    hell outof
    competitors, for reasons of 'loss of possible income, derived from the
    publicity'?

    I don't work for a security company, so please explain.

    Met vriendelijke groeten / With kind regards,

    Webmaster IDG.nl
    Melvyn Sopacua

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html

  • Next message: morning_wood: "[Full-Disclosure] SPOOFED HOTMAIL ADDRESS --- http://www.security-hotmail.com/"