> > Well, it appears that someone has tried to take advantage of the (now) well > Wrong! You start broadcasting news about security holes, some unscrupulous > person(s) will abuse the security hole. It is up to agencies like CERT and > the manufacturers of the software to produce fixed versions of the software. > > While I understand your position, there are more people out there trying > to bust into sites instead of protecting them. This details of how a site > was broken into it should not be discussed on this type of list until it > has been determined that software susceptible to the security hole has > been patched or replaced. > (for bugtraq only) Whoa there Thag! Your response of "Wrong!" is very WRONG here. This list was created for the sole reason that other lists would not talk about the details. I am very grateful to this list (as well as others) for the information I gain. If you have a problem with this policy then move to Iran or China where freedom of speech is not protected. I do agree that there is a problem with divulging information to the bad guys. I think you should have noted that he did let CERT and others know and that they appearently ignored him. That has always been the problem. I for one don't give a damm about CERT and have stopped asking to talk with them as they rarely if ever fix anything or respond and I've been reliably known to them for many a year from a number of companies. This list is well justified and the "good" it serves well outbalances the "bad."