comp.security - LET'S DO IT! CALL FOR VOTES

[Michael H. Warfield Mike]

In article <32417 at bbn.COM> cosell at BBN.COM (Bernie Cosell) writes:

>Just so -- the call for comp.security is pretty much misguided.  The problem
>with misc.security is that the moderator moved machines and, apparently, has
>not yet been able to reestablish connection to the news world, and so the
>list has been moderator-blocked for something like eight months now.

     Well maybe slightly misguided?  I may have jumped the gun a bit on calling
for votes but apparently the "misc.security" group is not well known.  Judging
from the response I have gotten in over less than two days, there is
considerable support for an unmoderated group devoted to "computer" security.
The charter on misc.security (yes, NOW I'm finally doing my homework!) states
that it is "security in general, not just computers".  There is also the
question of whether the moderator wants to deal with all this goo we have
oozing through about a dozen other groups.  The seems to be a demand for a
place to go and bullsh*t about security (along the lines of who's likely to
take out a contract on rtm) as well as a quiet place for serious discussions
on real security issues (although these should probably be in the mailing
lists when they real get going!).

     Lets face it folks.  Not having a group does not mean the discussions and
the bullsh*t won't take place.  It just means it will probably take place in
a group you're not reading or be in an article you skip because your interested
in the other topics in the group (Subject lines arn't all that clear and I don't
read everything).  Arguements along the lines "well we really shouldn't be
discussing this in the open" are (VOID)&NULL .  The discussions are taking
place RIGHT NOW and in most cases out of your sight!  There is no way to
stop them (even if all of us wanted to) or even control it.  There are books
in the bookstores RIGHT NOW with serious security issues covered.  These are
far more accessible to Joe Blow Hacker than our discussion groups!

>Instead of rushing off to start a new newsgroup, why don't we just unmoderate
>misc.security and see how it works moving all of the security stuff OUT of
>the random newsgroups for a while.

     I agree completely.  We need something rolling as quickly as possible.
It seems like the most lasting damage rtm may have done is raising the noise
levels in a dozen or so groups to astronomical levels (there are better ways
to do this as a few past individuals have show us, but....).  One way or
another, let's get it all in one spot.  Unmoderating misc.security may well
be the answer, whose cage do we rattle?

     I'm out on UUCP so I've not had to deal with "the WORM" but I have had
to deal with a few practical jokers getting into "galbp" (much worse for me,
these clowns kept coming back for more).  I have had to find out about a lot
of this nonsense the hard way following serious security breaches.  I have
not lost a day and a half dealing with a slow down in my system, I have lost
weeks in some cases preventing "ghost messages" appearing out of nowhere on
my printers and in our mail.  These guys even got on our system and were
posting forgery USNET articles from galbp!  I don't know if I plugged all
their holes or if they finally got bored.  I will never know and I have to
assume that there is something I have missed or that I don't know about!
I need to know what everybody else has had to deal with so I can prevent
it on my system.  You won't find me posting what they did to insert their more
devious holes into my system or the stupid mistakes they made which let me
I don't need "cookbook" cracking techniques but I haven't seen anyone
discussing anything of that sort to date anyways.

     BTW) It has been pointed out to me by one individual that I should have
had a "Followup-To: news.groups" specified in my original call for votes.
Largely true and an oversight in my haste, my apologies to everyone.
Please carry on the discussion ABOUT THE GROUP in news.groups.  Part of my
objective was to make some of the discussions aware of each other.  That
would not have involved a followup (till we get our own working group).
Sorry if I tried to cover too much ground in one article (guilty here too I
guess).

     As I said in my original posting, I am processing the votes by "hand".
I have received some software for automating this to some extent.  Please,
if and when you vote, include the following in the "Subject:" line:

	"yes"		If you want the group unconditionally.
	"no"		If you don't want it under any circumstances.
	"moderated"	If you only want it if it is moderated.
	"unmoderated"	If you only want it if it is unmoderated.

     I will attempt to send out acknowledgements as soon as I can.  Summaries
will be mailed as well as posted.  If you've already sent me a vote, don't
worry, your counted.  No need to send another.

     If I am failing to follow some guidlines that I haven't found yet or
some unwritten rules please EMAIL them to me!  I just run this show over
here, I don't pretend to really understand it!

     Thanks
---
Michael H. Warfield  (The Mad Wizard)	| gatech.edu!galbp!wittsend!mhw
  (404)  270-2123 / 270-2098		| mhw at wittsend.LBP.HARRIS.COM
An optimist believes we live in the best of all possible worlds.
A pessimist is sure of it!