RIP Full Disclosure: Security world reacts to key mailing list's death The legendary Full Disclosure mailing list, where security researchers posted details of exploits and software vulnerabilities, is shutting down. The service, which had been running for nearly 12 years since July 2002, has been suspended indefinitely after list admin John Cartwright was no longer prepared to put up with the …
Once they have gained? Err... They were there day one.
FD was started because BUGTRAQ became to orderly and corporate for the tastes of some of the anarchists prevalent in the world of Internet security 12 years ago. As a result it attracted everyone Aleph One kicked off from BUGTRAQ day one. It had the troll density of a popular dilapidated bridge - anywhere you look you could see a troll.
In any case, the internet (and internet security) has changed. Exploits are now a paying racket. The anarchy mentality of 0-day release and be damned which founded FD is not there any more. No real reason for FD to exist. I am surprised Carthright kept it running for so long.
[quote]
Good luck asking every USENET admin in the world to delete that embarrassing post that you don't want seen.
[/quote]
are you saying that you don't have a clue what a cancel message is? in case that is what you are saying, they are how you delete your usenet posts. you don't ask someone else to clean up your mess, ya know? ;)
I know exactly what a cancel message is, and a newgroup message, and various other control messages that most USENET servers are set up to either vet with a human or utterly ignore due to them being abused by trolls, malicious hackers, shills and other Internet low-life.
Next question.
" never imagined that request might come from a researcher within the 'community' itself (and I use that word loosely in modern times). But today, having spent a fair amount of time dealing with complaints from a particular individual (who shall remain nameless) I realised that I'm done. "
That's because you were afraid to use the world's most powerful word:
"NO"
As in, "NO, I will NOT delete your entries as, once posted, they come under the ToS that you agreed to when you joined; comments are subject to the list owner's discretion."
If you didn't put a reasonable clause into your that charter of yours stating that the list is yours, under your control, subject to your rules and regulations and that all decisions by the list owner / manager are final, then you need to change your ToS!
You are letting one loud-mouthed fool change your life?! That's when you tell him to "Go to hell" and move on. You've got a bully on your hands and that occurrence is so damn common in today's world that I'm sick of hearing it - push and push, complain and complain, until they get THEIR way regardless of how many other people [appeasing this one jerk] may hurt. Oh, yeah, that's our current Crimea headlines in a nutshell. The world needs to say "NO!" more often to these people, who are simply children and haven't had it said often enough in their face to learn that the world does not revolve around them.
"NO" - the perfect reply to your current "researcher" problem.
...fine and dandy until you get a message along the lines of "some people who believed they were acquiring access to XYZ zero-day on an exclusive basis would like to know why they also see it published here, and may or may not come around asking for answers in person at their convenience". Not that I'd suggest that's what actually happened.
I thought I had saved some of the first several messages from F-D, but apparently not.
Anyhoo: Around the time F-D was founded, the "responsible disclosure" debate was still in full swing. RFPolicy was first published in 2001. So yeah, no doubt there was still a lot of talk about how quickly vulnerabilities should be disclosed. (That debate is still going, of course, but with nothing like the heat it had around the turn of the century.)
got a great deal of stick from the "community" for posting an article on FD "Google vulnerabilities with POC" to the FD list.
This is one of the longest threads I have seen on FD. I suggest it is checked out. Some very strong words are used.
I know what I think, draw your own conclusions.
Whether or not this person is the catalyst for John throwing in the towel is supposition.
FD you will be missed :-(
This person made legal threats to FD if they did not comply in removing this thread - that's why it suspended. It is the guy who posted the 'vulnerability' and got shredded due to his response to the 'community'. The arbitrary file upload to YouTube is not a security vulnerability on its own, but it was the response to being told this combined with narcissistic self-delusion and denial that resulted in the meltdown that ensued.
Some background research into his satellite expertise and academic credentials, not to mention the recent article on Softpedia commenting on the disappearance of the Malaysian 777, are essential reading to understand the full extent of this individual's issues.
It seemed longer ago to me! I never used it, I got my vulnerability information from other sources. I'd say there were many like me. We all saw it in the news for a while then it seemed to disappear! We all forgot about it in my security circles. I'd say it will never be missed. I am slightly sentimental about that time period, but that is about it.
Whether it was the NSA, or an individual has written history... They marked the end of lameness and "no community".
The full disclosure should have closed down a long time ago. Nobody wants a full disclosure list that favours the big companies and not the researchers, but also where lamers and trolls find amusement in vandalising people's findings.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
