Scott Chasin notes : "Copyrighted Source code (without the consent of the owner), passwords, credit card numbers or anything else illegal in nature is against the charter of this list and if continued will force this list to become moderated or digestified. " This is tough to disagree with. But, on the other hand ... has anyone considered the possibility that this is a double-feinted 'denial of service' attack upon both bugtraq, and firewalls ? Consider. If party A previously enjoyed free access to certain bugs on certain systems, and suddenly found them being closed up as fast as they were discovered ... well, s/he would be miffed, to say the least. Tracing the source of her or his distress, s/he would find the sources to be bugtraq and firewalls. ( This, IMHO, reflects quite positively upon both of these lists ... and these lists' originators, as well. ) S/he would then, naturally enough, set out to eradicate this annoyance. It would not take long for her or him to arrive at a simple solution for discrediting ( little pun, there :-) the lists in question. As one person has already noted, the data posted did not appear to be in the correct format for VISA numbers. That is, it is most likely a spoof. But the problem of liability remains ... and I think that's what some of the more faint-hearted were worried about. If it *were* real data, it could end up distributed on a bunch of machines, the names of which would be gained by a subpoena filed by the credit agencies involved, upon crimelab.com. Or greatcircle.com. Or both. Those machines and their owners might next be subpoena'd. All very unpleasant. There is genuine room for concern, here. All emoting aside, for the moment. And I think we all ought to thank the wanna-be who posted this stuff, for having brought this issue to the fore before it *really* happened. -=8=- "I really don't want to start moderating each message being sent to the bugtraq reflector but if the current noise traffic continues I will be forced to take some action." I vote for Digestifying. ( There's that disgusting democratic spirit crop- -ping up, again ... quick, someone grab a rock !! :-) Or adding a 12-hour lapse between reception and retransmission ? During that 12-hour period, a monitoring individual will have received the incoming mail and will have had an opportunity to remove it from the queue before it gets propogated to bugtraq. All of this is a pain, because the crackers' distribution channels are not so hindered - being private, rather than public, they are not subject to this kind of attack. On the other hand, I don't believe that they communi- -cate with one another any more efficiently than do the rest of us. (-: If we did, we wouldn't need a mailing list. We'd use email, directly. It's been well established, that doesn't work. And, let's face it, I go twelve hours without reading my email, already. Once in a while. (-: -- richard "I gathered I wasn't very well liked. Somehow, the feeling pleased me." _Nine Princes In Amber_, by Roger Zelazny richard childers san francisco, california pascal@netcom.com