Full-Disclosure Security List Suspended Indefinitely 162
An anonymous reader writes with news that John Cartwright has been forced to shut down the full disclosure list. The list was created in 2002 in response to the perception that Bugtraq was too heavily moderated, allowing security issues to remain unpublished and unpatched for too long. Quoting: "When Len and I created the Full-Disclosure list way back in July 2002, we knew that we'd have our fair share of legal troubles along the way. We were right. To date we've had all sorts of requests to delete things, requests not to delete things, and a variety of legal threats both valid or otherwise. However, I always assumed that the turning point would be a sweeping request for large-scale deletion of information that some vendor or other had taken exception to.
I never imagined that request might come from a researcher within the 'community' itself (and I use that word loosely in modern times). But today, having spent a fair amount of time dealing with complaints from a particular individual (who shall remain nameless) I realised that I'm done. The list has had its fair share of trolling, flooding, furry porn, fake exploits and DoS attacks over the years, but none of those things really affected the integrity of the list itself. However, taking a virtual hatchet to the list archives on the whim of an individual just doesn't feel right. That 'one of our own' would undermine the efforts of the last 12 years is really the straw that broke the camel's back.
I'm not willing to fight this fight any longer. It's getting harder to operate an open forum in today's legal climate, let alone a security-related one. There is no honour amongst hackers any more. There is no real community. There is precious little skill. The entire security game is becoming more and more regulated. This is all a sign of things to come, and a reflection on the sad state of an industry that should never have become an industry.
I'm suspending service indefinitely. Thanks for playing." The archives are still up on seclists.org, gmane, and Mail Archive. For now at least.
I never imagined that request might come from a researcher within the 'community' itself (and I use that word loosely in modern times). But today, having spent a fair amount of time dealing with complaints from a particular individual (who shall remain nameless) I realised that I'm done. The list has had its fair share of trolling, flooding, furry porn, fake exploits and DoS attacks over the years, but none of those things really affected the integrity of the list itself. However, taking a virtual hatchet to the list archives on the whim of an individual just doesn't feel right. That 'one of our own' would undermine the efforts of the last 12 years is really the straw that broke the camel's back.
I'm not willing to fight this fight any longer. It's getting harder to operate an open forum in today's legal climate, let alone a security-related one. There is no honour amongst hackers any more. There is no real community. There is precious little skill. The entire security game is becoming more and more regulated. This is all a sign of things to come, and a reflection on the sad state of an industry that should never have become an industry.
I'm suspending service indefinitely. Thanks for playing." The archives are still up on seclists.org, gmane, and Mail Archive. For now at least.
Who? (Score:5, Interesting)
Come on then, let's have full disclosure. WHO made the threats?
Re:He's right. (Score:5, Interesting)
Nor would health & safety, auditing, repair shops, replacement parts, the guy who checks the pitot tube on aircraft is clean, etc. nor countless thousands of other industries. The fact that the industry exists shows you that a) we cannot secure things perfectly but b) we try hard to do so.
Fact is, you cannot make a secure product, no matter how cocky you are. So you need experts to secure things, whether or not they are forced to do so on sub-standard operating systems, hardware or applications.
Personally, I think we've come on leaps and bounds in terms of OS security in the time I've been around, but it's application security that's the problem - and the biggest problem comes from OS's not being "allowed" to lock down applications to their bare minimum necessary resources in the first place.
And now we have a new threat - hardware security where our own machines are being used against us.
It's like saying that if everyone put rubbish in a bin, we wouldn't need street cleaners. Almost true, not quite, but almost. But it's honestly, never, ever, ever going to happen until we are literally redefining "rubbish", "bin" and "cleaner" (i.e. automated robots running around doing it for us).
And real life, as shown here, is much more affected by stupid people, making stupid decisions and even enacting stupid laws. In a perfect world we wouldn't have any of those either. But still we have lawyers.
Re:Who? (Score:2, Interesting)
Fuck that. My torch is already burning.
Skills Levels of Hacking Community (Score:5, Interesting)
This quote should concern everyone. We have now had an entire generation of programmers raised on walled garden apps, cookie-cutter scripting libraries, and above all a wave of cheap VC funding and hardware. How many people are left out there that can build the likes of Bittorrent, Bitcoin, a language like C, a game like Elite, or even a site like Slashdot? How many people, young people, are there who can write an OS kernel, design a basic circuit, and at a more pertinently serious level, reliably write software to implement mathematical encryption algorithms.
Reading this I'm inclined to believe that recent meme post about how the programming/silicon valley community has been taken over by "brogrammers", "hipsters" and "neckbeads", which to my mind are simply constitute cultural re-skinnings of the infamous Visual Basic programmers of old.
I worry that the unglamorous, mostly uncompensated, and largely intellectually driven practice of pure software programming and creation has been left behind in recent years. I personally have noticed little progression and indeed in many areas a general regression in the quality and reliability of software since approximately 2006/7.
While I would attribute this to my general "civilization is in decline" zeitgeist worries, my frustrations with software, UIs, and websites in particular has undoubtedly increased manifestly in the last 2-3 years or so. Maybe I'm just getting old -- or maybe programmers really are getting worse.