From proff Sun May 5 18:26:30 1996 Received: (proff@localhost) by suburbia.net (8.7.4/Proff-950810) id SAA06982 for best-of-security; Sun, 5 May 1996 18:26:30 +1000 From: Julian Assange Message-Id: <199605050826.SAA06982@suburbia.net> Subject: BOS Changes [read] To: best-of-security Date: Sun, 5 May 1996 18:26:30 +1000 (EST) X-Mailer: ELM [version 2.4 PL23] Content-Type: text BOS was inactive for a few days while I disposed of majordumbo [ Sorry Brent ;] in favour of SmartList, slightly rewritten, to add the few majordomo features that were missed. Below follows the updated subscription information. [[[]]] Best of all available security resources. _/_/_/ _/_/ _/_/_/ _/ _/ _/ _/ _/ _/_/_/ _/ _/ _/_/ _/ _/ _/ _/ _/ _/_/_/ _/_/ _/_/_/ Best Of Security "echo subscribe|mail best-of-security-request@suburbia.net" or "echo subscribe|mail best-of-security-request-d@suburbia.net" (weekly digest) REASONS FOR INCEPTION --------------------- In order to compile the average security administrator, it was found that the compiler had to parse a foreboding number of exceptionally noisy and semantically devoid data sets. This typically resulted in dramatically high load averages and a frightening increase in core entropy. Further, the number, names and locations of required datum seem to change on an almost daily basis; requiring tedious version control on the part of the mental maintainer. OVERVIEW --------- Best-of-Security is at presently moderated randomly based on a cryptographically secure RNG. Bizarre? Sound strange given our stated purpose of massive entropy reduction? Because best often equates with "vital" and the moderator doesn't have an MDA habit it is important that material sent to this list be delivered to its subscribers' in as minimal period of time as is (in)humanly possible. [ Actually, that isn't the only reason; following the Prodigy liability verdict, content-active moderators were found to have the legal burdens of regular publishers. BOS gets some dubious people posting very interesting things from undisclosed sources. -Mod ] If you find information from *any* source (including other mailinglists, newsgroups, conference notes, papers, etc) that fits into one of the acceptable categories described at the end of this document then you should *immediately* send it to "best-of-security@suburbia.net". Do not try and predict whether or not someone else will send the item in question to the list in the immediate future. Unless your on a time-delayed mail vector such as polled uucp or the item has already appeared on best-of-security, mail the info to the list! Even if it is a widely deployed piece of information such as a CERT advisory the proceeding argument still applies. If the information hasn't appeared on this list yet, then SEND IT. It is far better to run the risk of minor duplication in exchange for having the information out where it is needed than act conservatively about occasional doubling up on content. We do, of course take original posts. In the famous last words of Marylin Munroe, CORE Digest and Joachim Kroll: "meat, we want meat". Consult the below lists for what we will and will not accept. WILL WILL WILL WILL WONT WONT WONT WONT DO DO DO DO DONT DONT DONT DONT ------------------- ------------------- 8lgm, cert, ciac, dod and other Any flames. non-vendor advisories. Any questions. Vendor advisories of security Any rumors. weaknesses in own or other products. Sigs with >2 lines of Vendor new security-product line commercial information. release or MAJOR upgrade. Minor upgrade information. Fully disclosed security weaknesses. "there is a hole in X" Exploitation details. Any advertising. Exploitation code. Subscription, unsubscription or Patch code. mailing list queries. Patch announcements. Any requests. Hard to obtain or otherwise occulted Vague or incomprehensible source code or uuencoded executables. statements of dysfuctional Conference announcements. persons. Security tools. Opinionated rantings such as Blond jokes. those on the ethics of full NEW or hard to obtain security disclosure or computer hackers. documents (ascii), or pointers to Quotes from the Uliad. the location of such documents/papers. Old or otherwise well known Announcements of new security archives information or pointers to or mailinglists. that information. Human language translations of the above. Messages under 700 bytes. SUBSCRIBING ----------- Send mail to: best-of-security-request@suburbia.net or best-of-security-request-d@suburbia.net (digest) with the subject or body of: subscribe UN-SUBSCRIBING ------------- Send mail to: best-of-security-request@suburbia.net or best-of-security-request-d@suburbia.net (digest) with the subject or body: unsubscribe POSTING ------- To send a message to the list, address it to: best-of-security@suburbia.net ARCHIVES -------- Back issues of best-of-security digest are available from: ftp://suburbia.net/pub/mailinglists/best-of-security You can also instruct the mailing list processor to automatically scan and retrive messages from the archive. It understands thethe following commands: get filename ... ls directory ... egrep case_insensitive_regular_expression filename ... maxfiles nnn version Aliases for 'get': send, sendme, getme, gimme, retrieve, mail Aliases for 'ls': dir, directory, list, show Aliases for 'egrep': search, grep, fgrep, find Lines starting with a '#' are ignored. Multiple commands per mail are allowed. Setting maxfiles to zero will remove the limit (to protect you against yourself no more than maxfiles files will be returned per request). Egrep supports most common flags. Examples: ls latest (the latest directory containes the archived messages) get latest/12 egrep some.word latest/* TECHNICAL --------- The list processor software is based on the excellent Procmail/Smartlist by Stephen R. van den Berg with some minor extensions by Julian Assange . "I mean, after all; you have to consider we're only made out of dust. That's admittedly not much to go on and we shouldn't forget that. But even considering, I mean it's sort of a bad beginning, we're not doing too bad. So I personally have faith that even in this lousy situation we're faced with we can make it. You get me?" - Leo Burlero/PKD +---------------------+--------------------+----------------------------------+ |Julian Assange RSO | PO Box 2031 BARKER | Secret Analytic Guy Union | |proff@suburbia.net | VIC 3122 AUSTRALIA | finger for PGP key hash ID = | |proff@gnu.ai.mit.edu | FAX +61-3-98199066 | 0619737CCC143F6DEA73E27378933690 | +---------------------+--------------------+----------------------------------+