Re: was [Full-Disclosure] Core Internet Vulnerable - News at 11:00 -= Your message to Full-Disclosure awaits moderator approval

From: Byron Copeland (nodialtone_at_comcast.net)
Date: 04/21/04

  • Next message: Wojciech Purczynski: "Linux kernel setsockopt MCAST_MSFILTER integer overflow" 
    To: Steve Menard <smenard@nbnet.nb.ca>
Date: 20 Apr 2004 23:04:41 -0400

    heh,

    I know, Sucks. I've been moderated on occasion myself a couple of times
    on this 'non-moderated list'.

    Does it now mean FULL-DISCLOSURE = 'Post at your own risk?' it's
    getting like the security-basics or bug-traq list, or anything else
    SECURITY-FOCUS IS_NOT_CONCENTRATING_ON' LIST. Anything you post there
    gets 5 days of scrutiny because it isn't politically correct to post
    expert opinions or comments to such f'd up lists.

    Try to send people to the bank to buy a clue or research the problem and
    then they say isn't appropriate for this forums or the moderators answer
    to is that the reply is:
    tooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo

    break, toooooooooooooooooooooooooooo, long.

    I could add more bytes, then this would be censored as well.

    Ok, Ok, solution?

    -b

    On Tue, 2004-04-20 at 21:45, Steve Menard wrote:
    > Moderation of an un-moderated list at it's best
    > on an valid subject no less ....
    > I guess it's my bad as its not named early disclosure
    >
    > So, malware below 20k ........ Ca CHING
    > Bet this fits whithin the 20K ;-)
    > and takes what xx minutes to make it to the last victim
    >
    > At 16:48 AST [1548EST]
    > I sent David Ahmed's copy of [NISCC Vulnerability Advisory 236929:
    > Vulnerability Issues in TCP] forwarded from the UK
    > In reply to
    >
    > Crist J. Clark wrote:
    >
    > >Does anyone know WTF they are trying to say in this AP article,
    > >"Core Internet Technology Is Vulnerable,"
    > >
    > > http://story.news.yahoo.com/news?tmpl=story&cid=562&ncid=738&e=1&u=/ap/20040420/ap_on_hi_te/internet_threat
    > >
    > >It sounds like they are talking about a sequence number guessing
    > >attack on TCP BGP sessions? Sequence number prediction isn't really
    > >a new attack, but the story says,
    > >
    > > "Experts previously maintained such attacks could take between
    > > four years and 142 years to succeed because they require guessing
    > > a rotating number from roughly 4 billion possible combinations.
    > > Watson said he can guess the proper number with as few as four
    > > attempts, which can be accomplished within seconds."
    > >
    > >Hmmm... Four attempts... And the story makes it sound like a
    > >cross-platform attack, not a bug in a particular OS's ISN generation.
    > >FUD or is there something here?
    > >
    > >
    >
    > I found this [below] in my in basket
    > Luckily I sent Christ the email OFF_LINE
    > smenard
    >
    > PS BONUS POINTS: Dr Phil can't participate
    > can any one tell me why I feel like swearing?
    > full disclosure.....................Limited of course ;-)
    >
    > Your mail to 'Full-Disclosure' with the subject
    >
    > Re: [Full-Disclosure] Core Internet Vulnerable - News at 11:00
    >
    > Is being held until the list moderator can review it for approval.
    >
    > The reason it is being held:
    >
    > Message body is too big: 46716 bytes but there's a limit of 20 KB
    >
    > Either the message will get posted to the list, or you will receive
    > notification of the moderator's decision.
    >
    >
    > _______________________________________________
    > Full-Disclosure - We believe in it.
    > Charter: http://lists.netsys.com/full-disclosure-charter.html

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html

  • Next message: Wojciech Purczynski: "Linux kernel setsockopt MCAST_MSFILTER integer overflow"

    Relevant Pages

    • RE: [Full-disclosure] Corporate Virus Threats
      ... dedicated securityfocus lists are being moderated, ... because you can bet even the stuff the Securityfocus moderators get to ... moderator doesn't let the thread go live on the securityfocus lists. ... John Cartwright hasn't responded to my calls to have multiple FD lists, ...
      (Full-Disclosure)
    • Re: Moderation of the "roadgeek" Yahoo group
      ... As the Roadgeek List Owner let me chime in here. ... This is when myself or the other Moderators step in and say ... When this occurred in the instant discussion, one member complained on ... me from his lists for whatever reason he wishes. ...
      (misc.transport.road)
    • Announcing: Moderated global change discussion forum
      ... ANNOUNCING MODERATED GLOBAL CHANGE DISCUSSION FORUM ... of environmental science, economics, policy and politics, especially as ... discussion lists has dropped to the point where it can no longer ... people outside the spectrum of opinion represented by the moderators. ...
      (talk.environment)
    • Re: karl-desktop
      ... > "Write your email underneath the email which you are replying to." ... real moderators job to enforce it not the wannabes. ... Some lists I belong to, ... Another thing is that many MLs and every Usenet groups have charters, ...
      (Ubuntu)
    • Re: [FAQ] R.T.TF.MOD Moderation FAQ & Charter
      ... Posting and rtt-request email addresses HAVE CHANGED ... YET AGAIN since the last iteration of this FAQ. ... so it goes through and saves us moderators the ... line lists at a glance, ...
      (rec.toys.transformers.moderated)
    • Quantcast