Full disclosure is a "lightly moderated" security mailing list generally used for discussion about information security and disclosure of vulnerabilities. The list was created on July 9, 2002, by Len Rose and also administered by him, who later handed it off to John Cartwright. After Len Rose shut down netsys.com, the list was hosted and sponsored by Secunia.[1]
The Full Disclosure mailing list was originally created because many people felt that the Bugtraq mailing list had "changed for the worse".[2]
In March 2014 Cartwright shutdown the original Full-Disclosure mailing list because an "unnamed" security researcher made requests for large-scale deletion of information and threatened legal action.[3] Cartwright wrote on the list's homepage, "I always assumed that the turning point would be a sweeping request for large-scale deletion of information that some vendor or other had taken exception to. I never imagined that request might come from a researcher within the 'community' itself."[3][4]
On March 25, 2014, the list was "rebooted" by Fyodor.[5] The site is now part of seclists.org and no longer associated with grok.org.uk.
Notable 0-days first disclosed in Full-disclosureedit
Email subject
Software
Date
Ref.
Defense in depth -- the Microsoft way (part 14): incomplete, misleading and dangerous documentation
^Cartwright, John (July 7, 2002). "Announcing new security mailing list". Retrieved November 15, 2020.
^ abConstantin, Lucian (March 19, 2014). "Full Disclosure mailing list shuts down indefinitely". Computerworld. Retrieved November 15, 2020.
^Cartwright, John (February 6, 2019). "Full-Disclosure mailing list". Retrieved November 15, 2020.
^Fyodor (2014-03-26). "Rebooting the Full Disclosure list". Retrieved 2014-03-26.
^"MS14-019 - Fixing a binary hijacking via .cmd or .bat file". 28 August 2023.
^Bellovin, Steven; Blaze, Matt; Clark, Sandy; Landau, Susan (April 2014). "Lawful Hacking: Using Existing Vulnerabilities for Wiretapping on the Internet". Northwestern Journal of Technology and Intellectual Property. 12 (1): 1.
^"Unpatched Oracle database vulnerability accidentally disclosed". 5 January 2012.
full, disclosure, mailing, list, full, disclosure, lightly, moderated, security, mailing, list, generally, used, discussion, about, information, security, disclosure, vulnerabilities, list, created, july, 2002, rose, also, administered, later, handed, john, ca. Full disclosure is a lightly moderated security mailing list generally used for discussion about information security and disclosure of vulnerabilities The list was created on July 9 2002 by Len Rose and also administered by him who later handed it off to John Cartwright After Len Rose shut down netsys com the list was hosted and sponsored by Secunia 1 The Full Disclosure mailing list was originally created because many people felt that the Bugtraq mailing list had changed for the worse 2 In March 2014 Cartwright shutdown the original Full Disclosure mailing list because an unnamed security researcher made requests for large scale deletion of information and threatened legal action 3 Cartwright wrote on the list s homepage I always assumed that the turning point would be a sweeping request for large scale deletion of information that some vendor or other had taken exception to I never imagined that request might come from a researcher within the community itself 3 4 On March 25 2014 the list was rebooted by Fyodor 5 The site is now part of seclists org and no longer associated with grok org uk Notable 0 days first disclosed in Full disclosure editEmail subject Software Date Ref Defense in depth the Microsoft way part 14 incomplete misleading and dangerous documentation Windows NT 2013 11 24 6 Defense in depth the Microsoft way part 11 privilege escalation for dummies Windows NT 2013 10 02 7 The history of a probably 13 years old Oracle bug TNS Poison Oracle Database 2012 04 18 8 Apache Killer Apache HTTP Server 2011 08 26 9 Microsoft Windows Help Centre Handles Malformed Escape Sequences Incorrectly Help and Support Center 2010 06 10 10 Microsoft Windows NT GP Trap Handler Allows Users to Switch Kernel Stack Windows NT 2010 01 19 11 References edit Full Disclosure Mailing List Charter Cartwright John July 7 2002 Announcing new security mailing list Retrieved November 15 2020 a b Constantin Lucian March 19 2014 Full Disclosure mailing list shuts down indefinitely Computerworld Retrieved November 15 2020 Cartwright John February 6 2019 Full Disclosure mailing list Retrieved November 15 2020 Fyodor 2014 03 26 Rebooting the Full Disclosure list Retrieved 2014 03 26 MS14 019 Fixing a binary hijacking via cmd or bat file 28 August 2023 Bellovin Steven Blaze Matt Clark Sandy Landau Susan April 2014 Lawful Hacking Using Existing Vulnerabilities for Wiretapping on the Internet Northwestern Journal of Technology and Intellectual Property 12 1 1 Unpatched Oracle database vulnerability accidentally disclosed 5 January 2012 Defending Against The Apache Killer Exploit Google researcher gives Microsoft 5 days to fix XP zero day bug 10 June 2010 Unpatched Microsoft Windows all versions Privilege Escalation Vulnerability Released External links editFull Disclosure mailing list Archive nbsp This computer security article is a stub You can help Wikipedia by expanding it vte Retrieved from https en wikipedia org w index php title Full disclosure mailing list amp oldid 1208901813, wikipedia, wiki, book, books, library,
