>> Sorry. I made some changes to the list code [...] > Hahaha! Isn't that just like the thing - the owner of a 'full > disclosure' list resorts to security by obscurity when it's *his* > machine that's vulnerable. So would I, until I'd plugged the hole. When I find a hole, first priority is ensuring it isn't used to break into my system. Telling the world is distinctly second. In this case, the multiple message problem provoked the letter that upset you. While I would rather SC had been less vague about the problem, I can certainly understand dashing off a five-line response rather than a whole disclosure - the latter takes more time, and if I were trying to put a mailing list back together, I wouldn't want to spend lots of time explaining a bug until the list were back in shape. Or, of course, you could be entirely right - in which case SC is being a bit hypocritical, but I'm still grateful for bugtraq; it's better than what I had before. der Mouse mouse@collatz.mcrcim.mcgill.edu