-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 By the way, my response post to pen-test (quoted below), merely defining the reasons for which I choose not to post from my corporate email, was also denied. Note that this post infringes neither on the original list charter, nor on the moderator's ammendments as stated. </quote> Al - I understand all of your points below. I personally avoid using my business email on lists such as this for a couple of reasons. It's a fact that spam robots troll web archives for valid email addresses. This is not a knock against the list administrators - no one expects you to control who reads the web archives. There is also the question of backlash - If I were to post something like "I can't get service pack 4 to install" from an emailat_private, it's a sure bet that I've just made my entire company a target for pre- sp4 attacks. This is an unacceptable risk. Perhaps the second point reveals my paranoia, but I work in security - - - paranoia is what keeps the network clean! </quote> Cheers, Max On Mon, 07 Jul 2003 12:51:42 -0700 Gwendolynn ferch Elydyr <gwenat_private> wrote: > >I've CC'd this email to full-disclosure, so that those folks that >aren't >on pen-test are aware of the policy change to posting requirements >on >that list - and potentially to more of the securityfocus lists. >It's >interesting to note that the only list that appears to have an exemption >from this type of policy or arbitrary action is bugtraq. > >On Mon, 7 Jul 2003, Alfred Huger wrote: >> Recently someone posted a question regarding a product (CORE Impact) >to >> the list. These types of posts always make me leery because this >industry, >> being what it is, rarely has anything nice to say about anything. >Being a >> product vendor myself I am particularly aware of how ugly people >can be. >> Often, if not always, when these come out the competitors to the >product >> generate email addresses elsewhere and have their way. Or the >vendor >> itself does the same thing and pumps their product. > >When I first read this posting, I went and checked the headers, >to see >if it was a forgery. The style seemed rather unlike AH, and the >content >was (at best) distressing. To my chagrin, this actually appears >to be >valid email. > >> The list has 13,000 + people on it. Many of them decision makers >so I need >> to be fairly careful about this. So here are the ground rules >moving >> forward: >> >> 1. If you want to post about a product positive or negative you >> cannot do so from a Huhsmail or other such account. >> >> 2. If you plan to post use your real name or do not post. >> >> 3. Be polite period. >> >> 4. Do not use this as a forum to take shots at your competitor >or I >> will see you and your company banned from every list we have here >(except >> Bugtraq). > >I have to ask. > >Why? > >Did the Symantec lawyers have a sudden bout of panic about potential >defamation lawsuits? Are there so many posts to the list that contain >problematic content? > >This isn't full-disclosure, the last time I checked. To the best >of >my knowledge, pen-test is a moderated list. Surely the moderator >is >capable of noting the difference between "Your product sukz0rs" >and >"The product proved unable to stand up to traffic above 100Mhz" >- and >of passing the appropriate posting through, whether it has "John >Doe" >or "thunderfallingdown" attached to it as a moniker. > >Beyond that, threats seem inappropriate. "...I will see you and >your >company banned from every list we have..." Has Symantec stooped >to this >level, or is this personal opinion. > >I lament the former list - and the free flow of useful information. > >cheers! >========================================================================== >"A cat spends her life conflicted between a deep, passionate and >profound >desire for fish and an equally deep, passionate and profound desire >to >avoid getting wet. This is the defining metaphor of my life right >now." > > >_______________________________________________ >Full-Disclosure - We believe in it. >Charter: http://lists.netsys.com/full-disclosure-charter.html > > -----BEGIN PGP SIGNATURE----- Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 2.3 wkYEARECAAYFAj8KJeMACgkQ6muvpb42jIB6egCfcguAjCYWQudGQLYNX6kG0AIni38A njBRdluvaXkXj5kDOKWuzoP/fwZ5 =2Nxq -----END PGP SIGNATURE----- Concerned about your privacy? Follow this link to get FREE encrypted email: https://www.hushmail.com/?l=2 Free, ultra-private instant messaging with Hush Messenger https://www.hushmail.com/services.php?subloc=messenger&l=434 Promote security and make money with the Hushmail Affiliate Program: https://www.hushmail.com/about.php?subloc=affiliate&l=427 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
This archive was generated by hypermail 2b30 : Mon Jul 07 2003 - 21:28:03 PDT