Full-Disclosure Security List Suspended Indefinitely 162
An anonymous reader writes with news that John Cartwright has been forced to shut down the full disclosure list. The list was created in 2002 in response to the perception that Bugtraq was too heavily moderated, allowing security issues to remain unpublished and unpatched for too long. Quoting: "When Len and I created the Full-Disclosure list way back in July 2002, we knew that we'd have our fair share of legal troubles along the way. We were right. To date we've had all sorts of requests to delete things, requests not to delete things, and a variety of legal threats both valid or otherwise. However, I always assumed that the turning point would be a sweeping request for large-scale deletion of information that some vendor or other had taken exception to.
I never imagined that request might come from a researcher within the 'community' itself (and I use that word loosely in modern times). But today, having spent a fair amount of time dealing with complaints from a particular individual (who shall remain nameless) I realised that I'm done. The list has had its fair share of trolling, flooding, furry porn, fake exploits and DoS attacks over the years, but none of those things really affected the integrity of the list itself. However, taking a virtual hatchet to the list archives on the whim of an individual just doesn't feel right. That 'one of our own' would undermine the efforts of the last 12 years is really the straw that broke the camel's back.
I'm not willing to fight this fight any longer. It's getting harder to operate an open forum in today's legal climate, let alone a security-related one. There is no honour amongst hackers any more. There is no real community. There is precious little skill. The entire security game is becoming more and more regulated. This is all a sign of things to come, and a reflection on the sad state of an industry that should never have become an industry.
I'm suspending service indefinitely. Thanks for playing." The archives are still up on seclists.org, gmane, and Mail Archive. For now at least.
I never imagined that request might come from a researcher within the 'community' itself (and I use that word loosely in modern times). But today, having spent a fair amount of time dealing with complaints from a particular individual (who shall remain nameless) I realised that I'm done. The list has had its fair share of trolling, flooding, furry porn, fake exploits and DoS attacks over the years, but none of those things really affected the integrity of the list itself. However, taking a virtual hatchet to the list archives on the whim of an individual just doesn't feel right. That 'one of our own' would undermine the efforts of the last 12 years is really the straw that broke the camel's back.
I'm not willing to fight this fight any longer. It's getting harder to operate an open forum in today's legal climate, let alone a security-related one. There is no honour amongst hackers any more. There is no real community. There is precious little skill. The entire security game is becoming more and more regulated. This is all a sign of things to come, and a reflection on the sad state of an industry that should never have become an industry.
I'm suspending service indefinitely. Thanks for playing." The archives are still up on seclists.org, gmane, and Mail Archive. For now at least.
Seconded (Score:3, Funny)
"I believe in full disclosure! And I'm not going to tell you why I'm doing this!" Fail, fail. Name and shame or fuck off, we have no time for your enabling bullshit. You have served your purpose, and are now useless. Er, not you, you know who I mean.
Re:Nonsense. (Score:5, Funny)
If you want to securely control your HVAC systems in your data centre, don't connect it to the Internet: Hire a person to operate it. If you want to securely control your nuclear reactor, don't connect it to the Internet but hire a staff to operate it using air-gapped systems.
Because we all know humans can be trusted completely instead of often being the weakest link in a security chain.
This includes the guys that operate the machine, the people that build the machine, the people that supplied to components for the machine, the contractor that build the datacenter, their subcontractors, the people supplying bricks to the builders, etc.
In theory, it's possible to create a perfectly secure product, in practice there isn't enough money, time and knowledge in the world to do so.
The real priority here... (Score:5, Funny)
Isn't finding out who made the threats. Where can we find the Furry porn?
Re:Nonsense. (Score:2, Funny)
You've clearly never had a hammer bounce back and hit you in the head.
Re:Who? (Score:4, Funny)
Snoden,
I believe this was a result of your efforts,
And now Insiders are attacking the lists,
Amoung many other things - I have seen, heard and witnessed many IT 9-to-5ers, Unlike thy,
Whom are all whining now, about NSA hacking, Infiltrations, Etc. Its happening 10 fold.
Tell the world the truth before Anonymous is forced to: That you are still working with the NSA and you are a giant psyop.
Not a haiku!
Re:A tragedy (Score:5, Funny)
Security dept: (n) A deptartment in a company that if it doesn't exist will cause the development department to be directly blamed for anything that goes wrong. See also: (n) scapegoat.
Seriously, my IT dept calls us "the latex department" because if we're involved they're protected. Otherwise they get the blame.
Min