On Tue, Oct 14, 2014 at 10:48:00PM -0700, Walter Parker wrote:

...

What is this list's policy on Full Disclosure? ...

as one who enjoys a significant moderation delay on Full-Disclosure, i feel qualified to pontificate on this subject. [0] per the monthly statistics summarized at http://seclists.org/fulldisclosure/ one can easily see how the careful pruning of noise on this channel has resulted in double digit density goodness, e.g. Aug 2014 at 89 posts; a new record of brevity and decorum! i for one gladly await the day a more properly, more aggressively moderated full-disclosure reaches single digits and utmost conciseness. you can do it, Fyodor! On 10/15/14, Solar Designer <solar@openwall.com> wrote:

Looks like I need to comment on the specific questions on list policy: ... Whatever is sent to the list, if on-topic and otherwise appropriate ... is posted with no artificial delay... the only difference from the Full-Disclosure mailing list (as far as I understand how it's run) is that oss-security is limited to / focused on Open Source.

i for one agree with Full-Disclosure's policy that active monkey-in-the-middle attacks are of zero interest. spectrum hi jinx? how cross site... [ "The Internet Threat Model" finds your privacy not cost effective. sorry! ] given such undeniable logic, i must fully support the ongoing total moderation with infinite delay of coderman@gmail.com on the full-disclosure list. never again from coderman is too soon! finally, regarding other aspects of full-disclosure, i must disclose that i have nothing further to say on the conspiracy in the information security industry to assist various intelligence agencies, including Attrition.org collaboration with NSA TAO [1] and Fyodor's relationship with GCHQ's HACIENDA scanner [2]. best regards, 0. see "RC4 is dangerous in ways not yet known - heads up on near injection WPA2 downgrade to TKIP RC4" - moderated on F-D since Sept. , also "Preferred Roaming List Zero Intercept Attack [was: DEF CON nostalgia [before that: going double cryptome at DEF CON 22]][still confusing]" moderated days to Aug 4 post send on 1st. 1. "Tailored Access Operations ... Details on a program titled QUANTUMSQUIRREL indicate NSA ability to masquerade as any routable IPv4 or IPv6 host." - https://en.wikipedia.org/wiki/Tailored_Access_Operations#Virtual_locations 2. "GCHQ project HACIENDA [...] uses [nmap] port scanning to find vulnerable systems for Five Eyes intelligence agencies." - https://en.wikipedia.org/wiki/TCP_Stealth