Cheetah writes:
"Full Disclosure, the security mailing list created on 9 July 2002 by Len Rose and John Cartwright, closes its doors after threats from inside the security research community. In his final email Cartwright writes: "That 'one of our own' would undermine the efforts of the last 12 years is really the straw that broke the camel's back. I'm not willing to fight this fight any longer." and bitterly concludes: "This is all a sign of things to come, and a reflection on the sad state of an industry that should never have become an industry."
In its 12 years of operation, many notable security flaws have been exposed on the list, including all-time classics such as The history of a -probably- 13 years old Oracle bug: TNS Poison and Microsoft Windows Help Centre Handles Malformed Escape Sequences Incorrectly just to name a few.
Its presence will be missed."
Related Stories
The Full Disclosure mailing list been relaunched after one of its original co-founders pulled the plug after an internal conflict. One of its readers, Fyodor, decided to resurrect it:
Upon hearing the bad news, I immediately wrote to John offering help. He said he was through with the list, but suggested: "you don't need me. If you want to start a replacement, go for it." After some soul searching about how much I personally miss the list (despite all its flaws), I've decided to do so! I'm already quite familiar with handling legal threats and removal demands (usually by ignoring them) since I run Seclists.org, which has long been the most popular archive for Full Disclosure and many other great security lists.
We originally covered the shutdown of Full Disclosure a month ago.
(Score: 5, Interesting) by Open4D on Wednesday March 19 2014, @02:47PM
Was there any warning? The final email doesn't refer to any previous emails on the matter.
And is it effective immediately? So the list members don't have the opportunity to organize amongst themselves for the transition to a new list?
(Score: 2) by frojack on Wednesday March 19 2014, @08:55PM
And why didn't he name names?
What's the point of picking up your marbles and going home without so much as a fuck you when departing?
No, you are mistaken. I've always had this sig.
(Score: 4, Insightful) by RamiK on Wednesday March 19 2014, @02:53PM
Honestly? A mailing list is just not decentralized or anonymous enough to release important information to the public.
Maybe Freenet is a better option...
compiling...
(Score: 5, Informative) by omoc on Wednesday March 19 2014, @05:59PM
Wrong. A mailing list is the perfect way to release important information to the public. You subscribe to the lists that are of interest to you and information is pushed to all your devices as soon as available. I can then read that even offline at any time anywhere.
(Score: 4, Insightful) by Nerdfest on Wednesday March 19 2014, @06:50PM
I like RSS for that. I don't need to provide an identification of any sort.
(Score: 4, Informative) by frojack on Wednesday March 19 2014, @08:58PM
RSS still depends on the site being available, unless entire exploits appear in the RSS (which is not usually the case).
With the ease of obtaining throw-away email addresses, the archive capabilities of email make more sense.
No, you are mistaken. I've always had this sig.
(Score: 5, Insightful) by nitehawk214 on Wednesday March 19 2014, @05:13PM
Named "Full Disclosure", does not say who or what the threat is, only that it is a researcher and the threat is vaguely a legal one.
"Don't you ever miss the days when you used to be nostalgic?" -Loiosh
(Score: 0) by Anonymous Coward on Wednesday March 19 2014, @05:22PM
Good point. I'd "mod you up" if I had an account.
(Score: 2) by stderr on Wednesday March 19 2014, @07:50PM
<- You can make one right over there...
It's not that hard.
alias sudo="echo make it yourself #" #
(Score: 1, Interesting) by Anonymous Coward on Wednesday March 19 2014, @08:03PM
How about somebody throw in an ssl key to the server, so we don't have to broadcast our passwords in the clear?
(Score: 2) by frojack on Wednesday March 19 2014, @09:00PM
How critical is a password to a public site?
No, you are mistaken. I've always had this sig.
(Score: 3, Informative) by stderr on Thursday March 20 2014, @12:11AM
Somebody already did throw an ssl key to the server and https works.
Unfortunately there is a (known) redirect problem and somebody is working on fixing that.
alias sudo="echo make it yourself #" #
(Score: 5, Interesting) by Anonymous Coward on Wednesday March 19 2014, @05:13PM
I'm not that familiar with the list, but as best I can determine this is the operative quote:
"However, taking a virtual hatchet to the list archives on the whim of
an individual just doesn't feel right."
To me this means that a security person responsible for a significant portion of the past archives asserted copyright over his postings and demanded they be redacted from the archives (for whatever reason, economic, political, etc.). Or that a corporation "bought" his "intellectual property" and made that demand on his behalf.
And the list manager didn't want to "take a hatchet" to remove all the person's contributions.
Does this sound right?
(Score: 2) by c0lo on Wednesday March 19 2014, @07:33PM
<pendantic mode="on">
</pendantic>
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 0) by Anonymous Coward on Wednesday March 19 2014, @08:33PM
Pedantic.
(Score: 2) by c0lo on Wednesday March 19 2014, @09:12PM
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 1, Funny) by Anonymous Coward on Wednesday March 19 2014, @10:30PM
Your credibility is pendering by a thread at this point. :)
(Score: 2, Informative) by acapulco on Thursday March 20 2014, @06:28PM
(Score: 2) by c0lo on Friday March 21 2014, @12:06PM
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 1) by acapulco on Friday March 21 2014, @04:29PM
Haha. Shoot... I guess I you are correct.
Well... you can't win'em all!
(Score: 2) by Open4D on Wednesday March 26 2014, @04:36PM
http://threatpost.com/full-disclosure-list-rises-f rom-the-ashes-for-fresh-start/105029 [threatpost.com]