Full-Disclosure Security List Suspended Indefinitely 162
An anonymous reader writes with news that John Cartwright has been forced to shut down the full disclosure list. The list was created in 2002 in response to the perception that Bugtraq was too heavily moderated, allowing security issues to remain unpublished and unpatched for too long. Quoting: "When Len and I created the Full-Disclosure list way back in July 2002, we knew that we'd have our fair share of legal troubles along the way. We were right. To date we've had all sorts of requests to delete things, requests not to delete things, and a variety of legal threats both valid or otherwise. However, I always assumed that the turning point would be a sweeping request for large-scale deletion of information that some vendor or other had taken exception to.
I never imagined that request might come from a researcher within the 'community' itself (and I use that word loosely in modern times). But today, having spent a fair amount of time dealing with complaints from a particular individual (who shall remain nameless) I realised that I'm done. The list has had its fair share of trolling, flooding, furry porn, fake exploits and DoS attacks over the years, but none of those things really affected the integrity of the list itself. However, taking a virtual hatchet to the list archives on the whim of an individual just doesn't feel right. That 'one of our own' would undermine the efforts of the last 12 years is really the straw that broke the camel's back.
I'm not willing to fight this fight any longer. It's getting harder to operate an open forum in today's legal climate, let alone a security-related one. There is no honour amongst hackers any more. There is no real community. There is precious little skill. The entire security game is becoming more and more regulated. This is all a sign of things to come, and a reflection on the sad state of an industry that should never have become an industry.
I'm suspending service indefinitely. Thanks for playing." The archives are still up on seclists.org, gmane, and Mail Archive. For now at least.
I never imagined that request might come from a researcher within the 'community' itself (and I use that word loosely in modern times). But today, having spent a fair amount of time dealing with complaints from a particular individual (who shall remain nameless) I realised that I'm done. The list has had its fair share of trolling, flooding, furry porn, fake exploits and DoS attacks over the years, but none of those things really affected the integrity of the list itself. However, taking a virtual hatchet to the list archives on the whim of an individual just doesn't feel right. That 'one of our own' would undermine the efforts of the last 12 years is really the straw that broke the camel's back.
I'm not willing to fight this fight any longer. It's getting harder to operate an open forum in today's legal climate, let alone a security-related one. There is no honour amongst hackers any more. There is no real community. There is precious little skill. The entire security game is becoming more and more regulated. This is all a sign of things to come, and a reflection on the sad state of an industry that should never have become an industry.
I'm suspending service indefinitely. Thanks for playing." The archives are still up on seclists.org, gmane, and Mail Archive. For now at least.
Re:Nonsense. (Score:5, Informative)
Air gaps are fun.
Engineering workstation on the air-gapped system is connected to the same keyboard and monitor as an office machine.
Space constraints in the office on an oil rig.
The same engineer who went around pushing orange 'locks' in all the usb ports on the whole damn plant, including on the switches etc also created this gem.
Unlock the USb port on the KVM, add a usb stick. That way he could easily 'move files between the systems without looking for a stick'.....
You cannot fix stupid.
Re:Nonsense. (Score:1, Informative)
Yes it did. The intrinsic problem is one of the fact that Windows itself is set up to do blindingly stupid things. Even if you picked "perfect" programming languages to suit the idiot GP poster (and, yes, he/she's an IDIOT.) you'd *STILL* have had a vulnerability because Windows blindly and stupidly runs *ANYTHING* that's a proper executable on insertion to the machine by a USB Mass Storage Device or a CD/DVD/BD. . In fact, it's one of Windows' selling points. Thing is, even if you didn't have that, there'd be some other weakness. The best you can *EVER* hope for is intrinsically secure, which means it is unlikely to be vulnerable. Problem is...if you're there, unless it's something like a hammer in the way of simplicity of use and function, you're not assured it is secure. Physical locks? I can break into most of them with a pick gun or a bump key- even the supposedly bump-proof ones. He'd call them secure- but they're not.
Security is a state of mind as much as it's a technique or a technology. Anyone that tells you that you can make things perfectly secure is lying or selling something.
Re: Who? (Score:2, Informative)
Twitter seems to agree (!!!!) that it was Nicholas Lemonias.
Re:Nonsense. (Score:2, Informative)