Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. Full Disclosure>
  3. Full-Disclosure
VulnWatch.Org Release
steve at vulnwatch
Aug 1, 2002, 5:35 PM
Post #1 of 7 (1079 views)
Permalink
Las Vegas, August 1, 2002 - At the Black Hat and Defcon security
conferences, security community volunteers announce two important new
services for the security community and a new partnership for
community-based security information sources.
The first is the VulnDiscuss mailing list, a new full disclosure forum
that compliments the existing VulnWatch accouncement list. VulnDiscuss is
meant to foster the discussion of security issues and vulnerabilities by
providing a forum for recent security announcements to be discussed.
VulnDiscuss will be under moderator control to keep it topical, and access
is open to anyone who wishes to participate or observe.

The second is the Open Source Vulnerability Database (OSVDB). OSVDB - A
database built and maintained for the community, by the community. The
goal of the Open Source Vulnerability Database is to provide accurate,
technical, up to date, unbiased, and reliable vulnerability information to
the community for free.

The redundant time, effort and money that individual people and companies
put into maintaining proprietary databases will be cut by exorbitant
amounts by participating in a community that is working toward a common
goal. The database will have no commercial licensing restrictions,
allowing corporations, businesses, and individuals alike to use this
information in any way they wish without having to pay a dime.

The OSVDB project will be debuting with thousands of vulnerability entries
provided by databases donated by Digital Defense, Inc., and SensePost.
This will provide a strong base to start from, allowing OSVDB to
immediately track new vulnerabilities and provide quality data from the
start. The continued help of Farm9, NMRC, Neohapsis, Packetstorm,
VulnWatch, and many other industry experts is invaluable to this project.

And finally the third is a formal partnership between multiple
community-based security information sources: PacketStorm, Open Source
Vulnerability Database, Alldas.org, and VulnWatch. The partnership will
come together under the Internetworked Security Information Services
initiative (ISISi) title, which will remain a non-profit, vendor-neutral
entity run by volunteers from the security community. All involved
projects share the common goal of providing accessible information
security resources useful for researchers, IT Professionals, and the
general public, while adhering to a not-for-profit operation model. The
initiative allows the projects to share resources and volunteers,
eliminate redundancy, and provide a single organized access point to all
information which is currently dispersed amongst the individual projects.
Current ISISi information is available at www.isisi.org.

"[ISISi] allows us to pool our resources and increase the effectiveness of
our respective initiatives while giving information security professionals
co-ordinated, higher quality, open source security information than was
possible previously."
- Emerson Tan, Spokesman and Ideologue, Packetstormsecurity.org

"Each of the projects involved in this initiative have committed to
remaining independent and not-for-profit, this is a key requirement for
participation as we want this to be a community supported effort, for the
community by the community."
- Steve Manzuik, founder and co-moderator of VulnWatch.

The individual projects can be contacted at the addresses below.

VulnWatch -- Full disclosure security forums and resources. Press contact:
Steve Manzuik, steve@vulnwatch.org.

Alldas.org . The most complete and up to date mirror of web site
defacements that includes statistics and trend analysis. Press contact:
press@alldas.org

PacketStorm -- Repository of vulnerability and exploit information. Press
contact: Emerson Tan, et@c4i.org

OSVDB.ORG - A database built and maintained for the community, by the
community. Press contact: osvdb@osvdb.org
Re: VulnWatch.Org Release [ In reply to ]
choose.a.username at hushmail
Aug 1, 2002, 5:38 PM
Post #2 of 7 (1075 views)
Permalink
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Oh great, ANOTHER mailing list, ANOTHER .org and ANOTHER database. Just what we need.

win2ksecadvice@listserv is flop, vulnwatch.org is flop. Flop flop flop like a little fish.

[Full-Disclosure] rules. No need for ANOTHER mailing list. You'll never be Elias or Russ and none of these flopping lists you keep coming up with will succeed.

Steve Manzuik, founder and co-moderator, owner, tinker, tailor, sailor, flop, flop, flop....

Get a real job whydontcha.

On Fri, 2 Aug 2002 00:35:11 +0000 (GMT), Steve <steve@vulnwatch.org> wrote:
>Las Vegas, August 1, 2002 - At the Black Hat and Defcon security
>conferences, security community volunteers announce two important new
>services for the security community and a new partnership for
>community-based security information sources.
>The first is the VulnDiscuss mailing list, a new full disclosure forum
>that compliments the existing VulnWatch accouncement list. VulnDiscuss is
>meant to foster the discussion of security issues and vulnerabilities by
>providing a forum for recent security announcements to be discussed.
>VulnDiscuss will be under moderator control to keep it topical, and access
>is open to anyone who wishes to participate or observe.
>
>The second is the Open Source Vulnerability Database (OSVDB). OSVDB - A
>database built and maintained for the community, by the community. The
>goal of the Open Source Vulnerability Database is to provide accurate,
>technical, up to date, unbiased, and reliable vulnerability information to
>the community for free.
>
>The redundant time, effort and money that individual people and companies
>put into maintaining proprietary databases will be cut by exorbitant
>amounts by participating in a community that is working toward a common
>goal. The database will have no commercial licensing restrictions,
>allowing corporations, businesses, and individuals alike to use this
>information in any way they wish without having to pay a dime.
>
>The OSVDB project will be debuting with thousands of vulnerability entries
>provided by databases donated by Digital Defense, Inc., and SensePost.
>This will provide a strong base to start from, allowing OSVDB to
>immediately track new vulnerabilities and provide quality data from the
>start. The continued help of Farm9, NMRC, Neohapsis, Packetstorm,
>VulnWatch, and many other industry experts is invaluable to this project.
>
>And finally the third is a formal partnership between multiple
>community-based security information sources: PacketStorm, Open Source
>Vulnerability Database, Alldas.org, and VulnWatch. The partnership will
>come together under the Internetworked Security Information Services
>initiative (ISISi) title, which will remain a non-profit, vendor-neutral
>entity run by volunteers from the security community. All involved
>projects share the common goal of providing accessible information
>security resources useful for researchers, IT Professionals, and the
>general public, while adhering to a not-for-profit operation model. The
>initiative allows the projects to share resources and volunteers,
>eliminate redundancy, and provide a single organized access point to all
>information which is currently dispersed amongst the individual projects.
>Current ISISi information is available at www.isisi.org.
>
>"[ISISi] allows us to pool our resources and increase the effectiveness of
>our respective initiatives while giving information security professionals
>co-ordinated, higher quality, open source security information than was
>possible previously."
>- Emerson Tan, Spokesman and Ideologue, Packetstormsecurity.org
>
>"Each of the projects involved in this initiative have committed to
>remaining independent and not-for-profit, this is a key requirement for
>participation as we want this to be a community supported effort, for the
>community by the community."
>- Steve Manzuik, founder and co-moderator of VulnWatch.
>
>The individual projects can be contacted at the addresses below.
>
>VulnWatch -- Full disclosure security forums and resources. Press contact:
>Steve Manzuik, steve@vulnwatch.org.
>
>Alldas.org . The most complete and up to date mirror of web site
>defacements that includes statistics and trend analysis. Press contact:
>press@alldas.org
>
>PacketStorm -- Repository of vulnerability and exploit information. Press
>contact: Emerson Tan, et@c4i.org
>
>OSVDB.ORG - A database built and maintained for the community, by the
>community. Press contact: osvdb@osvdb.org
>
>
>
>_______________________________________________
>Full-Disclosure - We believe in it.
>Full-Disclosure@lists.netsys.com
>http://lists.netsys.com/mailman/listinfo/full-disclosure
>

-----BEGIN PGP SIGNATURE-----
Version: Hush 2.1
Note: This signature can be verified at https://www.hushtools.com

wmYEARECACYFAj1J034fHGNob29zZS5hLnVzZXJuYW1lQGh1c2htYWlsLmNvbQAKCRDT
5JkCl0iMkKwjAJ9Xv/yjA2vo3+bKKtCKYgo25J267QCeKATFLcT6XZ5r/yz4bWRRY1vV
xiA=
=BWFr
-----END PGP SIGNATURE-----


Communicate in total privacy.
Get your free encrypted email at https://www.hushmail.com/?l=2

Looking for a good deal on a domain name? http://www.hush.com/partners/offers.cgi?id=domainpeople
Re: VulnWatch.Org Release [ In reply to ]
hellnbak at nmrc
Aug 1, 2002, 7:00 PM
Post #3 of 7 (1074 views)
Permalink
Thanks for your concern and thank you for letting me know that I will
never be like Russ Cooper -- that is not my intent, please, I would rather
hang myself. Win2KSecAdvice -- it served a purpose and it seems to have
died which is unfortunate but a reality of the commercialization of
mailing lists.

You are right about the Full-Disclosure list, it is a great list and
probably will continue to be one - providing the assclowns who keep
posting this garbage eventually go away. As for the vulnerability
database, so what other open source vulnerability database exists? I
would be very curious to know if there is another completely open source,
free vulnerability database out there. I really have nothing to do with
OSVDB except for the fact that they are a part of the ISIS initiative.

So do you really have something to critisize about or are you just going
to continue on with the personal attack garbage that really gets nowhere?
If you truly have a valid concern of critisizm please feel free to email
me OFF LIST and we can discuss it.

-Steve

On Thu, 1 Aug 2002 choose.a.username@hushmail.com wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Oh great, ANOTHER mailing list, ANOTHER .org and ANOTHER database. Just what we need.
>
> win2ksecadvice@listserv is flop, vulnwatch.org is flop. Flop flop flop like a little fish.
>
> [Full-Disclosure] rules. No need for ANOTHER mailing list. You'll never be Elias or Russ and none of these flopping lists you keep coming up with will succeed.
>
> Steve Manzuik, founder and co-moderator, owner, tinker, tailor, sailor, flop, flop, flop....
>
> Get a real job whydontcha.
>

--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

"I don't intend to offend, I offend with my intent"

hellNbak@nmrc.org
http://www.nmrc.org/~hellnbak

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Re: VulnWatch.Org Release [ In reply to ]
jonathan at xcorps
Aug 1, 2002, 7:54 PM
Post #4 of 7 (1077 views)
Permalink
On Thu, 1 Aug 2002, hellNbak wrote:

> So do you really have something to critisize about or are you just going
> to continue on with the personal attack garbage that really gets nowhere?
> If you truly have a valid concern of critisizm please feel free to email
> me OFF LIST and we can discuss it.

I second that motion. All this cross posting is giving me a headache.
Things are bad enough as it is. Please grind all personal axes in private.

That being said, I wouldn't just lump vuln-watch in the same category as
bugtraq or full-disclosure. It seems to me that the folks running it have
something entirely different in mind. Rather than being the catch-all that
bugtraq has become, they have stated that their intent is to discuss the
vulnerability...period. IMHO, that's a good thing.

--
Jonathan Rickman
X Corps Security
http://www.xcorps.net
Re: VulnWatch.Org Release [ In reply to ]
pmeunier at cerias
Aug 2, 2002, 6:59 AM
Post #5 of 7 (1069 views)
Permalink
At 10:00 PM -0400 8/1/02, hellNbak wrote:
>Thanks for your concern and thank you for letting me know that I will
>never be like Russ Cooper -- that is not my intent, please, I would rather
>hang myself. Win2KSecAdvice -- it served a purpose and it seems to have
>died which is unfortunate but a reality of the commercialization of
>mailing lists.
>
>You are right about the Full-Disclosure list, it is a great list and
>probably will continue to be one - providing the assclowns who keep
>posting this garbage eventually go away. As for the vulnerability
>database, so what other open source vulnerability database exists? I
>would be very curious to know if there is another completely open source,
>free vulnerability database out there. I really have nothing to do with
>OSVDB except for the fact that they are a part of the ISIS initiative.


Should CERIAS make its cooperative vulnerability database open source
and provide database dumps (excluding the entries that are still
under review), e.g., in mysql format?

thanks,
Pascal


>
>So do you really have something to critisize about or are you just going
>to continue on with the personal attack garbage that really gets nowhere?
>If you truly have a valid concern of critisizm please feel free to email
>me OFF LIST and we can discuss it.
>
>-Steve
>
>On Thu, 1 Aug 2002 choose.a.username@hushmail.com wrote:
>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Oh great, ANOTHER mailing list, ANOTHER .org and ANOTHER database.
>>Just what we need.
>>
>> win2ksecadvice@listserv is flop, vulnwatch.org is flop. Flop flop
>>flop like a little fish.
>>
>> [Full-Disclosure] rules. No need for ANOTHER mailing list. You'll
>>never be Elias or Russ and none of these flopping lists you keep
>>coming up with will succeed.
>>
>> Steve Manzuik, founder and co-moderator, owner, tinker, tailor,
>>sailor, flop, flop, flop....
>>
>> Get a real job whydontcha.
>>
>
>--
>-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
>
>"I don't intend to offend, I offend with my intent"
>
>hellNbak@nmrc.org
>http://www.nmrc.org/~hellnbak
>
>-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
>
>_______________________________________________
>Full-Disclosure - We believe in it.
>Full-Disclosure@lists.netsys.com
>http://lists.netsys.com/mailman/listinfo/full-disclosure

--
Pascal Meunier, Ph.D., M.Sc.
Assistant Research Scientist,
CERIAS
Purdue University
Re: VulnWatch.Org Release [ In reply to ]
pmeunier at cerias
Aug 2, 2002, 7:09 AM
Post #6 of 7 (1084 views)
Permalink
At 10:54 PM -0400 8/1/02, Jonathan Rickman wrote:
>On Thu, 1 Aug 2002, hellNbak wrote:
>
>> So do you really have something to critisize about or are you just going
>> to continue on with the personal attack garbage that really gets nowhere?
>> If you truly have a valid concern of critisizm please feel free to email
>> me OFF LIST and we can discuss it.
>
>I second that motion. All this cross posting is giving me a headache.
>Things are bad enough as it is. Please grind all personal axes in private.
>
>That being said, I wouldn't just lump vuln-watch in the same category as
>bugtraq or full-disclosure. It seems to me that the folks running it have
>something entirely different in mind. Rather than being the catch-all that
>bugtraq has become, they have stated that their intent is to discuss the
>vulnerability...period. IMHO, that's a good thing.


Good point -- please send me directly any opinions about my question
(copied below), if you have any, and not to the list. I don't want
to get people more annoyed than they already are if I can avoid it.

thank you,
Pascal


Should CERIAS make its cooperative vulnerability database open
source and provide database dumps (excluding the entries that are
still under review), e.g., in mysql format?


--
Pascal Meunier, Ph.D., M.Sc.
Assistant Research Scientist,
CERIAS
Purdue University
Re: Re: VulnWatch.Org Release [ In reply to ]
coastalhope at hushmail
Aug 2, 2002, 10:16 AM
Post #7 of 7 (1061 views)
Permalink
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


On Thu, 1 Aug 2002 22:00:30 -0400 (EDT), full-disclosure@lists.netsys.com wrote:
>Thanks for your concern and thank you for letting me know that I will
>never be like Russ Cooper -- that is not my intent, please, I would rather
>hang myself.

Well it does seem like your intent on that at least (hanging yourself). The predilection for it is painfully obvious each and every time you open your mouth.


>Win2KSecAdvice -- it served a purpose and it seems to have
>died which is unfortunate but a reality of the commercialization of
>mailing lists.

Unless I have missed my mark the purpose for your earlier list was to capitalize on it, which you did by selling it. You’ve spent the rest of your rather lackluster career trying to start other endeavors you could match it on.


>
>You are right about the Full-Disclosure list, it is a great list and
>probably will continue to be one - providing the assclowns who keep
>posting this garbage eventually go away.

Strange how vitriol is only unattractive when the mouth spewing it is someone else’s. From the looks of your talk at Defcon you plan on doing much of the same on your ‘sell out’ talk. It makes sense though. When you have nothing of technical merit to provide it’s easy to pick up an emotionally loaded subject and attempt to bolster your (remarkably limited) credibility on it. Your write-up for the talk mentions you plan expose ‘dirty industry secrets’. You might want to consider the amount of dirt you yourself have accumulated before you start casting stones. Keep that in mind while you haul your copious girth onto the podium. It’s basic physics – each reaction has an equal and opposite reaction.


>As for the vulnerability
>database, so what other open source vulnerability database exists? I
>would be very curious to know if there is another completely open source,
>free vulnerability database out there. I really have nothing to do with
>OSVDB except for the fact that they are a part of the ISIS initiative.

It’s a bit of a shame that you’re a spokesperson for ISIS. It sounds like a noble initiative one that will not benefit from your rampant stupidity.


>
>So do you really have something to critisize about or are you just going
>to continue on with the personal attack garbage that really gets nowhere?
>If you truly have a valid concern of critisizm please feel free to email
>me OFF LIST and we can discuss it.


You see Steve; the thing about taking you to task in public is that you invariably respond. When you do so you further showcase your limited intellect. It’s like shooting fish in a barrel.



-----BEGIN PGP SIGNATURE-----
Version: Hush 2.1
Note: This signature can be verified at https://www.hushtools.com

wmAEARECACAFAj1KvpgZHGNvYXN0YWxob3BlQGh1c2htYWlsLmNvbQAKCRBDBwAROkyo
ksywAJ9G3mul/AebKdTfJfqXRU8qmrViUwCgg5EKr34i2qr3tDAPQqCkbnN00IM=
=Ymdn
-----END PGP SIGNATURE-----


Communicate in total privacy.
Get your free encrypted email at https://www.hushmail.com/?l=2

Looking for a good deal on a domain name? http://www.hush.com/partners/offers.cgi?id=domainpeople

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal