-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 We seem to have come a terrible distance from the original post >1. If you want to post about a product positive or negative you >cannot do so from a Huhsmail or other such account. > >2. If you plan to post use your real name or do not post. > >3. Be polite period. > >4. Do not use this as a forum to take shots at your competitor or I >will see you and your company banned from every list we have here >(except Bugtraq). - - and it seems that a flame war erupted. Thank you for discontinuing the thread. Before its done though, I would like to state that it is instructive to hear other people's points of view as far as products for pen-testing (that is what we're here for right? PEN-TESTING?) so that I can make an informed choice. I don't personally care if the person is using a REAL email address or a REAL name or not - it quickly becomes apparent when someone is touting their own product or taking pot shots at competitors - I think I can tell the difference. My point is this - why is it important for you or anyone to attempt to shield me from these things? IMHO, this same sort of administrivia led to the downfall of bugtraq's credibility - not so full disclosure... but I digress. There are a number of tools, methodologies, and technologies pertaining to the craft and I think it is valuable to see all sides. Thanks for your work and your good intentions, =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Anthony R. Plastino III Security Engineer Sword & Shield Enterprise Security 8657775500 x521 =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= > -----Original Message----- > From: Alfred Huger [mailto:ahat_private] > Sent: Tuesday, July 08, 2003 3:15 PM > To: Gwendolynn ferch Elydyr > Cc: pen-testat_private > Subject: Re: Product review postings (was Administrivia) > > > > > > > > > How does that address accountability? > > >>You've stated that your concern is about the content of > posts being > >>inappropriate or damaging, and thus wanting accountability. If > >>you are moderating postings, than I'd expect you to drop postings > >>that are clearly inappropriate or obviously damaging. > > You would? You would expect me to censor obviously damaging > material to > the vendor? I think I must have missed something in your > earlier thread. > You think its OK for me to censor anything damaging to the > vendor but not > OK for me to expect people to be held accountable for their > musings I do > decide are OK? I am not going to re-iterate my previous > concerns because I > am not sure I am articulating them well enough for you to > understand. > Suffice it to say this exercise is not about protecting vendors > from negative opinions. > > >>Beyond that, if a vendor is sufficiently concerned about a given > >>posting, I'd suggest that they respond (as regularly happens) to > >>he posting with calm, factual information. > > Again, youre missing the point here. I am at a loss as to > how to explain > the issues at hand here in a more clear concise way for you. > > >I'm still curious about how you intend to determine what addresses > >are valid and accountable. Would a post from "Fook Yoo" be > allowed? If > >it was fyooat_private, Fook_Yooat_private ? > > Thats a tough one Ill give you that. > > > > > > Please point out to me one single instance of a > *security* vendor suing > > anyone (individual or otherwise) for a bad review. > > >>Let me point you to: > >>http://www.chillingeffects.org/johndoe/ > > Great but it does not answer my question, care to try? Both > of the URLs > you provided speak to these issues in both generic and > specific instances > but none citing this industry in regards to Product Reviews > the issue in > question here. Also keep in mind this in legal terms is > hardly an issue > specific to the USA. In fact this list and its moderators > are not in the > USA. Symantec SF is also not a US based company. > > > Please do not confuse this with Full Disclosure of > vulnerabilities and > > criticism of products. The two issues are wholey separate and I > > am guessing you actually do understand the distinction. I > have no problem > > with critical information being posted so long as the poster is > > accountable for his or her statements. > > >>...and I'd ask again, "accountable"? Does that mean 'has > an established > >>dentity online' > > Thats a good start actually. > > >, 'posts from a recognizable domain', 'has what looks > >like a real name', 'has provided drivers licence and > credit card as a > >part of list subscription' ? > > Yes and dont forget a blood sample. Youre expanding this > into an argument > for privacy and anonymity in the greater sense whereas this is a > discussion around one item for a small community (this > list). I suspect > you have strong feelings about the greater issues here and > I applaud you > for it but this is simply not the right argument for you to > bring them to > bear. > > > > There's a difference between polite frank and open > discussion, and > > > newspeak. > > I'm afraid you've got me there what is newspeak? > > >>It's the language that the government expects all party > members to speak > >>in Orwell's 1984. It's an interesting read - I recommend it. > > Great, Ive gone from a list moderator to a servant of the faceless > Government Concern bent on spinning policy for the > subjugated masses. I > have to wonder if thats a promotion. Perhaps you can start > throwing around terms like ZOG in your next message so we can > really > bring out the > conspiracy theories. > > -al > > > > > ------------------------------------------------------------ > --------------- > The Lightning Console aggregates IDS events, correlates them with > vulnerability info, reduces false positives with the click > of a button, anddistributes this information to hundreds of users. > > Visit Tenable Network Security at http://www.tenablesecurity.com to learn more. - -------------------------------------------------------------------- -- - ------ -----BEGIN PGP SIGNATURE----- Version: PGP 7.1 iQA/AwUBPws8fM230banfQtmEQK+kwCfTjekUjEBPOM8uNLz9fHF9Hq+WnsAoMSk xcvylTIyAkxxLQj/OM/2EHnk =AzYz -----END PGP SIGNATURE----- --------------------------------------------------------------------------- The Lightning Console aggregates IDS events, correlates them with vulnerability info, reduces false positives with the click of a button, anddistributes this information to hundreds of users. Visit Tenable Network Security at http://www.tenablesecurity.com to learn more. ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Tue Jul 08 2003 - 16:16:44 PDT