From: Anthony R. Plastino III (arp@sses.net)
Date: Tue Jul 08 2003 - 17:49:48 EDT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
We seem to have come a terrible distance from the original post
>1. If you want to post about a product positive or negative you
>cannot do so from a Huhsmail or other such account.
>
>2. If you plan to post use your real name or do not post.
>
>3. Be polite period.
>
>4. Do not use this as a forum to take shots at your competitor or I
>will see you and your company banned from every list we have here
>(except Bugtraq).
- - and it seems that a flame war erupted. Thank you for
discontinuing
the thread.
Before its done though, I would like to state that it is instructive
to hear other people's points of view as far as products for
pen-testing (that is what we're here for right? PEN-TESTING?) so
that I can make an informed choice. I don't personally care if the
person is using a REAL email address or a REAL name or not - it
quickly becomes apparent when someone is touting their own product or
taking pot shots at competitors - I think I can tell the difference.
My point is this - why is it important for you or anyone to attempt
to shield me from these things? IMHO, this same sort of
administrivia led to the downfall of bugtraq's credibility - not so
full disclosure... but I digress.
There are a number of tools, methodologies, and technologies
pertaining to the craft and I think it is valuable to see all sides.
Thanks for your work and your good intentions,
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Anthony R. Plastino III
Security Engineer
Sword & Shield Enterprise Security
8657775500 x521
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
> -----Original Message-----
> From: Alfred Huger [mailto:ah@securityfocus.com]
> Sent: Tuesday, July 08, 2003 3:15 PM
> To: Gwendolynn ferch Elydyr
> Cc: pen-test@securityfocus.com
> Subject: Re: Product review postings (was Administrivia)
>
>
>
>
> > >
> > How does that address accountability?
>
> >>You've stated that your concern is about the content of
> posts being
> >>inappropriate or damaging, and thus wanting accountability. If
> >>you are moderating postings, than I'd expect you to drop postings
> >>that are clearly inappropriate or obviously damaging.
>
> You would? You would expect me to censor obviously damaging
> material to
> the vendor? I think I must have missed something in your
> earlier thread.
> You think its OK for me to censor anything damaging to the
> vendor but not
> OK for me to expect people to be held accountable for their
> musings I do
> decide are OK? I am not going to re-iterate my previous
> concerns because I
> am not sure I am articulating them well enough for you to
> understand.
> Suffice it to say this exercise is not about protecting vendors
> from negative opinions.
>
> >>Beyond that, if a vendor is sufficiently concerned about a given
> >>posting, I'd suggest that they respond (as regularly happens) to
> >>he posting with calm, factual information.
>
> Again, youre missing the point here. I am at a loss as to
> how to explain
> the issues at hand here in a more clear concise way for you.
>
> >I'm still curious about how you intend to determine what addresses
> >are valid and accountable. Would a post from "Fook Yoo" be
> allowed? If
> >it was fyoo@hotmail.com, Fook_Yoo@aw.com ?
>
> Thats a tough one Ill give you that.
>
>
>
>
> > Please point out to me one single instance of a
> *security* vendor suing
> > anyone (individual or otherwise) for a bad review.
>
> >>Let me point you to:
> >>http://www.chillingeffects.org/johndoe/
>
> Great but it does not answer my question, care to try? Both
> of the URLs
> you provided speak to these issues in both generic and
> specific instances
> but none citing this industry in regards to Product Reviews
> the issue in
> question here. Also keep in mind this in legal terms is
> hardly an issue
> specific to the USA. In fact this list and its moderators
> are not in the
> USA. Symantec SF is also not a US based company.
>
> > Please do not confuse this with Full Disclosure of
> vulnerabilities and
> > criticism of products. The two issues are wholey separate and I
> > am guessing you actually do understand the distinction. I
> have no problem
> > with critical information being posted so long as the poster is
> > accountable for his or her statements.
>
> >>...and I'd ask again, "accountable"? Does that mean 'has
> an established
> >>dentity online'
>
> Thats a good start actually.
>
> >, 'posts from a recognizable domain', 'has what looks
> >like a real name', 'has provided drivers licence and
> credit card as a
> >part of list subscription' ?
>
> Yes and dont forget a blood sample. Youre expanding this
> into an argument
> for privacy and anonymity in the greater sense whereas this is a
> discussion around one item for a small community (this
> list). I suspect
> you have strong feelings about the greater issues here and
> I applaud you
> for it but this is simply not the right argument for you to
> bring them to
> bear.
>
> > > There's a difference between polite frank and open
> discussion, and
> > > newspeak.
> > I'm afraid you've got me there what is newspeak?
>
> >>It's the language that the government expects all party
> members to speak
> >>in Orwell's 1984. It's an interesting read - I recommend it.
>
> Great, Ive gone from a list moderator to a servant of the faceless
> Government Concern bent on spinning policy for the
> subjugated masses. I
> have to wonder if thats a promotion. Perhaps you can start
> throwing around terms like ZOG in your next message so we can
> really
> bring out the
> conspiracy theories.
>
> -al
>
>
>
>
> ------------------------------------------------------------
> ---------------
> The Lightning Console aggregates IDS events, correlates them with
> vulnerability info, reduces false positives with the click
> of a button, anddistributes this information to hundreds of users.
>
> Visit Tenable Network Security at
http://www.tenablesecurity.com to learn
more.
- --------------------------------------------------------------------
-- - ------ -----BEGIN PGP SIGNATURE----- Version: PGP 7.1 iQA/AwUBPws8fM230banfQtmEQK+kwCfTjekUjEBPOM8uNLz9fHF9Hq+WnsAoMSk xcvylTIyAkxxLQj/OM/2EHnk =AzYz -----END PGP SIGNATURE----- --------------------------------------------------------------------------- The Lightning Console aggregates IDS events, correlates them with vulnerability info, reduces false positives with the click of a button, anddistributes this information to hundreds of users. Visit Tenable Network Security at http://www.tenablesecurity.com to learn more. ----------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:36 EDT