Re: [Full-Disclosure] Feeding Stray Cats

From: Josh (full-disclosure_at_nicepeople.org)
Date: 11/14/03

  • Next message: Larry Hand: "[Full-Disclosure] Fwd: YOUR PAYPAL.COM ACCOUNT EXPIRES"
    To: "Schmehl, Paul L" <pauls@utdallas.edu>
    Date: Thu, 13 Nov 2003 16:46:59 -0800
    
    

    A preface to this message:
    I am not partial to ad-hominem attacks, nor feeding flame wars. I feel
    however, that this is the only way to communicate with the individual I
    am replying to.
    My apologies for the chaos I am about to create. I am through with this
    thread after this post.
    -Josh

    Paul,
    So far, every comment you have made has been inflamatory. It was enough
    to chime in with the "You'll never succeed in affecting change" post
    once in this thread. If you have something constructive to add, it
    might be worth hearing. From what I have read about you and your
    organization(SEE BELOW), you promote a structure much like what I am
    proposing. The only difference is that yours is a member's only
    organization, definitely not friendly to full disclosure, yet you
    pitched a fit at morning_wood over his decision to withold source to a
    purported exploit.

    Not to endorse morning_wood in any way, but:

    " So there's the 1% l33ts like you, and then there's the 99% of the
    human populace that has other things to do besides squirrel around with
    code. I get it."
    Then there is you, who would rather sit and whine than learn to code.

    "I learned in high school (which was a long long time ago) that there
    are those that say they can do something, and then there are those who
    don't say anything but do a lot. You appear to fall into the first
    category based on your ramblings."
    You don't say alot, just the same thing over and over again.

    It is people like you who will drive this list into the ground. The
    only reason you are here is to hear yourself talk and possibly to get
    some 0-day sploitz that you can impress your computer lab buddies with.

    I once was in a position like yours: During college, I managed all of
    the VHDL and drafting labs, I had to sit in a lab all day and roll up
    e-size plots as they came off of the plotter, read logs, read email, and
    make sure workstations/servers were up. I was called a computer
    security person because I created and handed out accounts on the
    engineering unix systems. Back then, that job left me with enough time
    to sit and fight out flame wars on many lists.

    Not everyone works in academia, nor does everyone have as much time as
    you do. Many on this list have more experience than you
    do.(http://www.utdallas.edu/~pauls/plsresume.html) Why don't you try
    listening instead of constantly being a nay sayer?

    I have a distaste for bugtraq and believe this list could become a
    complete surrogate for it if it were handled correctly.

    I have read this list for a long time, and have chosen not to get
    involved, however I think it is about time to stand up for a resource I
    consider valuable. In the past slogging through the discussion was
    bearable, however, times change.

    We MUST adapt lest we lose ALL those with clue. (People post for credit,
    if there is no-one here worth posting to, it is unlikely that they will
    post)

    -Josh

    *********************************************************************************************
    AVIEN Membership Requirements
    AVIEN Membership is restricted to professionals, working in
    organizations, and meeting the following criteria:

    They do not work for an organization that commercially sells or markets
    Anti-Virus software/hardware or related products
    They manage or are responsible for a user population in excess of 1500
    (if you don't quite meet this requirement, please feel free to submit
    your application anyway - we'll take other factors into account, if
    warranted)
    They agree to abide by the group rules as described here and below.
    Specific AVIEN Terms and Conditions will also apply and members will
    understand that all violations will be dealt with by an elected
    Disciplinary Committee.
    Membership is at an individual level, not corporate. Membership does not
    imply endorsement in any shape or form of the organizations employing
    members.

    Mailing Lists - AVIEN members can subscribe to more than ten mailing
    lists, including:

    - AVI-EWS Alert: provides alert notifications (very low traffic)
    - AVI-EWS Advisory: provides updates on potential threats (low traffic)
    - AVI-EWS Virus Discuss: a forum to discuss viruses and other malware
    (medium-high traffic)
    - AVI-EWS Talk: talk about Anti-Virus topics in general (medium traffic)
    - AVI-EWS Vuln-Discuss: talk about security vulnerabilities which may be
    connected to malware (medium-low traffic)
    - Product certification: discussions on how to test and evaluate
    anti-malware products (low traffic)
    - Free tools: discussion on free software tools which can be used to
    fight malware (low traffic)
    - Cooperate: a list for discussing how we can work together to make it a
    safer computer world
    - SMB Lure tool: discussion on the SMB lure software tool which is used
    to track worms (the author of this tool participates).

    As well as a mailing list to discuss management of AV solutions and a
    number of AV product-specific lists.
    **********************************************************************************************

    Schmehl, Paul L wrote:

    >>-----Original Message-----
    >>From: full-disclosure-admin@lists.netsys.com
    >>[mailto:full-disclosure-admin@lists.netsys.com] On Behalf Of
    >>Stephen Clowater
    >>Sent: Thursday, November 13, 2003 8:58 AM
    >>To: Jonathan A. Zdziarski
    >>Cc: Kryptos; full-disclosure@lists.netsys.com
    >>Subject: Re: [Full-Disclosure] Feeding Stray Cats
    >>
    >>If anyone has an open solution, I think it should be posted
    >>to the list
    >>and cc'ed to Len. I think this is one off-topic disscusion
    >>that we need
    >>to have if full disclosure is to reamain a valid forum for
    >>discussing in
    >>a meaningful, restrained, and proffessional manner (pardon my
    >>spelling :) )
    >>
    >>
    >>
    >I don't know how long you've been subscribed to this list. I was one of
    >the first. And I can tell you that what you suggest has been stated and
    >restated here ad nauseum ad infinitum. This list *is* a valid forum and
    >always will be precisely *because* it is not moderated. Some people
    >like that. Others do not. If they don't, they're free to leave. The
    >list isn't going anywhere.
    >
    >And since I'm already wasting bandwidth by replying, let me voice my
    >biggest pet peeve to all readers. If you decide you want to leave a
    >list that you're on, just leave. Don't post your parting gripe about
    >why you can't take it any more and the list is going to hell in a hand
    >basket. No one cares. Just move on with your life and spare us the
    >histrionics.
    >
    >*That* one irritates me even more than the dolts who post "How do I
    >unsubscribe" and the idiots who send their OoO messages to the lists.
    >
    >Paul Schmehl (pauls@utdallas.edu)
    >Adjunct Information Security Officer
    >The University of Texas at Dallas
    >AVIEN Founding Member
    >http://www.utdallas.edu/~pauls/
    >
    >_______________________________________________
    >Full-Disclosure - We believe in it.
    >Charter: http://lists.netsys.com/full-disclosure-charter.html
    >
    >
    >
    >

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html


  • Next message: Larry Hand: "[Full-Disclosure] Fwd: YOUR PAYPAL.COM ACCOUNT EXPIRES"