Stories
Slash Boxes
Comments

SoylentNews is people

The End of "Full Disclosure" Security List

posted by LaminatorX on Wednesday March 19 2014, @02:19PM   Printer-friendly
from the infighting-and-you dept.
Security

Cheetah writes:

"Full Disclosure, the security mailing list created on 9 July 2002 by Len Rose and John Cartwright, closes its doors after threats from inside the security research community. In his final email Cartwright writes: "That 'one of our own' would undermine the efforts of the last 12 years is really the straw that broke the camel's back. I'm not willing to fight this fight any longer." and bitterly concludes: "This is all a sign of things to come, and a reflection on the sad state of an industry that should never have become an industry."

In its 12 years of operation, many notable security flaws have been exposed on the list, including all-time classics such as The history of a -probably- 13 years old Oracle bug: TNS Poison and Microsoft Windows Help Centre Handles Malformed Escape Sequences Incorrectly just to name a few.

Its presence will be missed."

Related Stories

Full Disclosure Mailing List Returns 4 comments

NCommander writes:

The Full Disclosure mailing list been relaunched after one of its original co-founders pulled the plug after an internal conflict. One of its readers, Fyodor, decided to resurrect it:

Upon hearing the bad news, I immediately wrote to John offering help. He said he was through with the list, but suggested: "you don't need me. If you want to start a replacement, go for it." After some soul searching about how much I personally miss the list (despite all its flaws), I've decided to do so! I'm already quite familiar with handling legal threats and removal demands (usually by ignoring them) since I run Seclists.org, which has long been the most popular archive for Full Disclosure and many other great security lists.

We originally covered the shutdown of Full Disclosure a month ago.

This discussion has been archived. No new comments can be posted.
The End of "Full Disclosure" Security List | Log In/Create an Account | Top | 21 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 5, Interesting) by Open4D on Wednesday March 19 2014, @02:47PM

    by Open4D (371) on Wednesday March 19 2014, @02:47PM (#18564) Journal

    Was there any warning? The final email doesn't refer to any previous emails on the matter.

    And is it effective immediately? So the list members don't have the opportunity to organize amongst themselves for the transition to a new list?

    • (Score: 2) by frojack on Wednesday March 19 2014, @08:55PM

      by frojack (1554) on Wednesday March 19 2014, @08:55PM (#18697) Journal

      And why didn't he name names?

      What's the point of picking up your marbles and going home without so much as a fuck you when departing?

      --
      No, you are mistaken. I've always had this sig.

  • (Score: 4, Insightful) by RamiK on Wednesday March 19 2014, @02:53PM

    by RamiK (1813) on Wednesday March 19 2014, @02:53PM (#18566)

    Honestly? A mailing list is just not decentralized or anonymous enough to release important information to the public.
    Maybe Freenet is a better option...

    --
    compiling...

    • (Score: 5, Informative) by omoc on Wednesday March 19 2014, @05:59PM

      by omoc (39) on Wednesday March 19 2014, @05:59PM (#18638)

      Wrong. A mailing list is the perfect way to release important information to the public. You subscribe to the lists that are of interest to you and information is pushed to all your devices as soon as available. I can then read that even offline at any time anywhere.

      • (Score: 4, Insightful) by Nerdfest on Wednesday March 19 2014, @06:50PM

        by Nerdfest (80) on Wednesday March 19 2014, @06:50PM (#18650)

        I like RSS for that. I don't need to provide an identification of any sort.

        • (Score: 4, Informative) by frojack on Wednesday March 19 2014, @08:58PM

          by frojack (1554) on Wednesday March 19 2014, @08:58PM (#18698) Journal

          RSS still depends on the site being available, unless entire exploits appear in the RSS (which is not usually the case).

          With the ease of obtaining throw-away email addresses, the archive capabilities of email make more sense.

          --
          No, you are mistaken. I've always had this sig.

  • (Score: 5, Insightful) by nitehawk214 on Wednesday March 19 2014, @05:13PM

    by nitehawk214 (1304) on Wednesday March 19 2014, @05:13PM (#18623)

    Named "Full Disclosure", does not say who or what the threat is, only that it is a researcher and the threat is vaguely a legal one.

    --
    "Don't you ever miss the days when you used to be nostalgic?" -Loiosh

    • (Score: 0) by Anonymous Coward on Wednesday March 19 2014, @05:22PM

      by Anonymous Coward on Wednesday March 19 2014, @05:22PM (#18628)

      Good point. I'd "mod you up" if I had an account.

      • (Score: 2) by stderr on Wednesday March 19 2014, @07:50PM

        by stderr (11) on Wednesday March 19 2014, @07:50PM (#18670) Journal

        ... if I had an account.

        <- You can make one right over there...

        It's not that hard.

        --
        alias sudo="echo make it yourself #" # ... and get off my lawn!

        • (Score: 1, Interesting) by Anonymous Coward on Wednesday March 19 2014, @08:03PM

          by Anonymous Coward on Wednesday March 19 2014, @08:03PM (#18677)

          How about somebody throw in an ssl key to the server, so we don't have to broadcast our passwords in the clear?

          • (Score: 2) by frojack on Wednesday March 19 2014, @09:00PM

            by frojack (1554) on Wednesday March 19 2014, @09:00PM (#18699) Journal

            How critical is a password to a public site?

            --
            No, you are mistaken. I've always had this sig.

          • (Score: 3, Informative) by stderr on Thursday March 20 2014, @12:11AM

            by stderr (11) on Thursday March 20 2014, @12:11AM (#18733) Journal

            Somebody already did throw an ssl key to the server and https works.

            Unfortunately there is a (known) redirect problem and somebody is working on fixing that.

            --
            alias sudo="echo make it yourself #" # ... and get off my lawn!

  • (Score: 5, Interesting) by Anonymous Coward on Wednesday March 19 2014, @05:13PM

    by Anonymous Coward on Wednesday March 19 2014, @05:13PM (#18624)

    I'm not that familiar with the list, but as best I can determine this is the operative quote:

    "However, taking a virtual hatchet to the list archives on the whim of
    an individual just doesn't feel right."

    To me this means that a security person responsible for a significant portion of the past archives asserted copyright over his postings and demanded they be redacted from the archives (for whatever reason, economic, political, etc.). Or that a corporation "bought" his "intellectual property" and made that demand on his behalf.

    And the list manager didn't want to "take a hatchet" to remove all the person's contributions.

    Does this sound right?

    • (Score: 2) by c0lo on Wednesday March 19 2014, @07:33PM

      by c0lo (156) Subscriber Badge on Wednesday March 19 2014, @07:33PM (#18665) Journal

      Does this sound right?

      <pendantic mode="on">

      • Correct? Highly likely.
      • Right? No way.

      </pendantic>

      --
      https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford

      • (Score: 0) by Anonymous Coward on Wednesday March 19 2014, @08:33PM

        by Anonymous Coward on Wednesday March 19 2014, @08:33PM (#18690)
        " pendantic mode="on" "
        Pedantic.
        :)
        /pedantic

        • (Score: 2) by c0lo on Wednesday March 19 2014, @09:12PM

          by c0lo (156) Subscriber Badge on Wednesday March 19 2014, @09:12PM (#18701) Journal
          :) Nope: pendantic [wikipedia.org]: from the Latin "pendere" = "to hang down" :)
          --
          https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford

          • (Score: 1, Funny) by Anonymous Coward on Wednesday March 19 2014, @10:30PM

            by Anonymous Coward on Wednesday March 19 2014, @10:30PM (#18716)

            Your credibility is pendering by a thread at this point. :)

          • (Score: 2, Informative) by acapulco on Thursday March 20 2014, @06:28PM

            by acapulco (1873) on Thursday March 20 2014, @06:28PM (#19005)
            wasn't he referring to Pedantic [wikipedia.org] ?

            "The origin of the Italian pedante is uncertain, but several dictionaries suggest that it was contracted from the medieval Latin pædagogans, present participle of pædagogare, "to act as pedagogue, to teach"

            • (Score: 2) by c0lo on Friday March 21 2014, @12:06PM

              by c0lo (156) Subscriber Badge on Friday March 21 2014, @12:06PM (#19248) Journal
              A Whooosh would be in order?
              --
              https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford

              • (Score: 1) by acapulco on Friday March 21 2014, @04:29PM

                by acapulco (1873) on Friday March 21 2014, @04:29PM (#19363)

                Haha. Shoot... I guess I you are correct.

                Well... you can't win'em all!

  • (Score: 2) by Open4D on Wednesday March 26 2014, @04:36PM

    by Open4D (371) on Wednesday March 26 2014, @04:36PM (#21587) Journal

    http://threatpost.com/full-disclosure-list-rises-f rom-the-ashes-for-fresh-start/105029 [threatpost.com]