This just in: http://www.netsys.com/cgi-bin/display_news_article.cgi?359

you know if you are goona waste space on the board, you could at least link to the patch or the vuln... :) something to think about

He did. Go to the "OpenBSD Security Advisory: Select Boundary Condition" link.

i know that, i ment directly link to it

If you think my posting of significant security issues is a "waste of space" I'll be very happy to simply stop. (netsys.com gets alot of traffic and is well known as a unix and security site.. i was only doing this as a favor to the people who might be concerned about security issues. )

Originally posted by BiaSecurity
i know that, i ment directly link to it

Don't be so lazy and find it yourself. He did a good thing letting people know about it and I bet didn't need your comments.

Originally posted by BiaSecurity
i know that, i ment directly link to it


Not the most auspicious of starts here....

I agree that we don't need users to be posting links to their own web site to read about security advisories.

Seems it would be much more appropriate to include the article in your post.

We're not even supposed to post links to our own FAQs or Manuals that reside on our web sites, even if they answer another user's technical questions, as far as I know.

At least my post was deleted after doing so, even though the only reason I didn't include the article instead of a link is because I didn't know how posting our copyrighted material in the forum would affect it's copyright.

Originally posted by BiaSecurity
i know that, i ment directly link to it

Blah...

ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.1/common/014_scarg.patch

Only 2 clicks away....

Yeah... 700.... :D... Didn't notice till after i posted...

For instance, the SuSE exploit (and fix) were first posted on the security mailing list run by my site.. From the sounds of it, you folks don't want me to post these here, so unless I hear from the moderator saying to go ahead, I will not. Good luck securing your hosts and networks. Unless I hear from the owner/moderator I doubt that I'll be reading (or posting) anything on this site again. The best place to reach me will be the mail address below.

Len

Ah damn, now I gotta upgrade all my boxen. :(

What difference does it make if he posts a link to his site? He has nothing to advertise. If he would post a link to a hosting company then that could be a problem, but it's just a security site. Does it bother you that much that he posts exploit updates? Just don't read them then.

The guy was just trying to help, remove the poll out of your ass and be greatful people are trying to help eachother. Next thing you are going to post is that it wasnt politically correct enough.

Originally posted by Shyne
What difference does it make if he posts a link to his site? He has nothing to advertise. If he would post a link to a hosting company then that could be a problem, but it's just a security site. Does it bother you that much that he posts exploit updates? Just don't read them then.

The "security site" is covered with ads.

Originally posted by goodness0001
The guy was just trying to help, remove the poll out of your ass and be greatful people are trying to help eachother. Next thing you are going to post is that it wasnt politically correct enough.

Your post wasn't politically correct.

I'm not a moderator, and no one here wants me to be one. I'm just agreeing with the biasecurity user that it seems inappropriate to post a link to your site instead of just posting the security advisory information.

It seems odd that len has an issue with including the information in the post and will only spread the information if it will result in visits to his site.

Next thing we'll have is everyone and their brother publishing information (of any kind) on their site and posting the links here. Might as well start putting your posts on your site and just posting the link instead of your post.

So if he would be the owner of securityfocus.com or linuxsecurity.org what would you say then? Bitserve I want you to have the honor of informing the forum of exploit updates. If you can't do it, then let other people.

Originally posted by Shyne
So if he would be the owner of securityfocus.com or linuxsecurity.org what would you say then? Bitserve I want you to have the honor of informing the forum of exploit updates. If you can't do it, then let other people.

Then the owner of securityfocus.com or linuxsecurity.com would hopefully post the article instead of a link to their own site.

If you want netsys's information, and len won't post it here, just sign up for the mailing list. If you want to give me your email address, I'll sign you up. Bitserve isn't going to post security vulnerabilities in a timely manner.

Do you really think it would be appropriate for me to start posting security advisories on here as links to a site that I am a part of?