×

Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!

Rebooting the Full Disclosure List

Unknown Lamer posted about 9 months ago | from the whack-a-mole dept.

Security 15

An anonymous reader writes with good news for advocates of Full Disclosure of security vulnerabilities. A week ago, the venerable full-disclosure list was shut down; now, a successor has arisen run by fyodor. From the announcement email: "As an F-D subscriber and occasional poster myself, I was as shocked as you all last week when John Cartwright threw in the towel and shuttered the list. Now I don't blame him one bit. He performed a thankless job admirably for 12 years and deserves some time off. But I, for one, already miss Full Disclosure. So I decided to make a new list today which is a successor in name and spirit. Like the old one, it uses Mailman and is being archived by my Seclists.org site as well as numerous other archives around the world. This list is a fresh start, so the old userbase won't automatically transfer over. And I haven't added any of you either, because it is your choice. ... I hope you'll join us and resume posting your security info and advisories. If not now, then someday."

Sorry! There are no comments related to the filter you selected.

Only if Flappy Birds is also REBOOTED! (-1)

Anonymous Coward | about 9 months ago | (#46583099)

Because one without the other is not the same!

I suggest the ultimate legal protection: (1)

SuricouRaven (1897204) | about 9 months ago | (#46583183)

TOR hidden service. They can't threaten to sue who they can't identify.

Re:I suggest the ultimate legal protection: (3, Insightful)

Zanadou (1043400) | about 9 months ago | (#46583295)

TOR hidden service. They'll just threaten to sue the person who runs the TOR endpoint - they don't care.

FT (a lot) FY

Re:I suggest the ultimate legal protection: (1)

Anonymous Coward | about 9 months ago | (#46583321)

You are not using an endpoint when vising a hidden service. The traffic stays in the tor network. You have (obviously) an entry point, but that is only known to the visitor, not outsiders.

Re:I suggest the ultimate legal protection: (1)

fustakrakich (1673220) | about 9 months ago | (#46584979)

Yes, and how do you trust your "visitors"?

Re:I suggest the ultimate legal protection: (1)

Dahan (130247) | about 9 months ago | (#46588469)

Yes, and how do you trust your "visitors"?

You don't trust yourself? And even if you don't, how does that reveal info on who is running the hidden service? Of course you know your own entry point into the Tor network; the Tor client even shows you. netstat shows you. But if you want to find/sue the person running the hidden service, you need to find that person's entry point.

Re:I suggest the ultimate legal protection: (4, Interesting)

JMJimmy (2036122) | about 9 months ago | (#46583457)

TOR is one idea but I think this would be a perfect place for the EFF to step in. Hosting full disclosure on their site would likely limit the legal harassment and is inline with their mission.

Re:I suggest the ultimate legal protection: (3, Interesting)

mlts (1038732) | about 9 months ago | (#46583641)

TOR is one thing, but I'd rather have the EFF step in, so there isn't any appearance of the list being shady. It might be legal to hide in a back alley and make sales transactions in cash, but it is a lot better for first impressions to have a storefront and the appearance of being a mainstream service.

This FD list is probably one of the most critical items to general computer security we have next to a vetted cipher suite.

Re:I suggest the ultimate legal protection: (0)

Anonymous Coward | about 9 months ago | (#46585101)

It wouldn't look so 'shady' if the hidden services like Tor were used for more and more ethical reasons or just on the general principle of desiring anonymity. The weapons we have against authoritarianism often work better the more people use them. If everyone takes your attitude and it only ends up being used by real kiddy fiddlers and terrorists, that makes it easier to a.) single out people using these types of technology and b.) justify making it illegal.

Re:I suggest the ultimate legal protection: (2)

mlts (1038732) | about 9 months ago | (#46585279)

Very true. In fact, this is something mentioned in the pramble of Phil Zimmerman's PGP, with that people should encrypt their writings just as one sticks papers in an envelope and doesn't send everything via postcards.

However, appearance matters, and TOR has a negative connotation. Having a website that appears on the up and up to discuss full disclosure, and have it have the appearances of being legit is a completely different issue from getting TOR out of the shadows.

Re:I suggest the ultimate legal protection: (0)

Anonymous Coward | about 9 months ago | (#46585365)

You could run a list via Tor, but then it wouldn't be a mailing list.

Re:I suggest the ultimate legal protection: (1)

SuricouRaven (1897204) | about 9 months ago | (#46590879)

Does it need to be?

hard to discern the spooks from the gremlins (0)

Anonymous Coward | about 9 months ago | (#46583347)

until the gargoyles swoop in....

As a long-time subscriber to FD (3)

Noryungi (70322) | about 9 months ago | (#46583355)

Thank you Fyodor!!

you 1nsensiti7e clod! (-1)

Anonymous Coward | about 9 months ago | (#46584067)

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?