'Re: [Full-disclosure] Why the censorship?'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       full-disclosure
Subject:    Re: [Full-disclosure] Why the censorship?
From:       "jamesleesmith67 () aol ! co ! uk" <jamesleesmith67 () aol ! co ! uk>
Date:       2009-08-30 14:04:43
Message-ID: 8CBF791F537A20C-1690-1A40E () webmail-m067 ! sysops ! aol ! com
[Download RAW message or body]

[Attachment #2 (multipart/alternative)]


There is no censorship on Full-disclosure. Oh, we banned n3td3v didn't we? Wooooops.

 

-----Original Message-----
From: security curmudgeon <jericho@attrition.org>
To: webmaster@neohapsis.com
Cc: full-disclosure@lists.grok.org.uk
Sent: Sun, Aug 30, 2009 7:56 am
Subject: [Full-disclosure] Why the censorship? (was re: Inquira: Multiple Vulnerabilities)











Hi Neohapsis,

The mail to Full-disclosure on Mar 20, 2009 has been edited on the 
archives of Neohapsis:

http://archives.neohapsis.com/archives/fulldisclosure/2009-03/0326.html

Every occurrence of "Inquira" has been redacted. Since the original 
disclosure suggests the vendor was contacted, and chose not to reply, it 
is curious that their name would be removed from your archive.

Could you explain why, or at the very least share what I suspect was a C&D 
style letter demanding their name be removed?

I ask because other archives do not redact their name for whatever reason:

http://seclists.org/fulldisclosure/2009/Mar/0300.html
http://marc.info/?l=full-disclosure&m=123753854425289&w=2
http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2009-03/msg00300.html
http://www.opensubscriber.com/message/full-disclosure@lists.grok.org.uk/11725824.html
[..]


- security curmudgeon

---------- Forwarded message ----------
From: Kristian Erik Hermansen <kristian.hermansen@gmail.com>
To: full-disclosure@lists.grok.org.uk
Date: Fri, 20 Mar 2009 01:34:28 -0700
Subject: [Full-disclosure] Inquira: Multiple Vulnerabilities

Bonjour,

During a recent penetration test, we discovered and worked with
Inquira to close numerous web-based issues.  The vendor has not
replied back about a formal release of these issues, so I am posting
this notice here to inform customers to check for an update for their
products.  You can contact Inquira via the link below.

http://www.inquira.com/

Additionally, it is also advised that customers change the default
passwords used by the affected software.  For instance, the default
Apache Tomcat administrator account details are listed below and
should probably be added to publicly listed default password databases
(phenoelit, etc).

Vendor: Inquira
Products: (multiple)
Username: inquira
Password: inquira123

Cheers,
-- 
Kristian Erik Hermansen
http://www.linkedin.com/in/kristianerikhermansen

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



 


[Attachment #5 (unknown)]

<font face="Arial, Helvetica, sans-serif">There is no censorship on Full-disclosure. Oh, we \
banned n3td3v didn't we? Wooooops.<br> </font>
<div> <br>
</div>
-----Original Message-----<br>
From: security curmudgeon &lt;<font face="Arial, Helvetica, \
                sans-serif">jericho@attrition.org</font>&gt;<br>
To: webmaster@neohapsis.com<br>
Cc: <font face="Arial, Helvetica, sans-serif">full-disclosure@lists.grok.org.uk</font><br>
Sent: Sun, Aug 30, 2009 7:56 am<br>
Subject: [Full-disclosure] Why the censorship? (was re: Inquira: Multiple Vulnerabilities)<br>
<br>






<div id="AOLMsgPart_0_db552752-539f-4e8d-9160-2c703dea1eab" style="margin: 0px; font-family: \
Tahoma,Verdana,Arial,Sans-Serif; font-size: 12px; color: rgb(0, 0, 0); background-color: \
rgb(255, 255, 255);">

<pre style="font-size: 9pt;"><tt><br>
Hi Neohapsis,<br>
<br>
The mail to Full-disclosure on Mar 20, 2009 has been edited on the <br>
archives of Neohapsis:<br>
<br>
<a __removedlink__39630732__href="http://archives.neohapsis.com/archives/fulldisclosure/2009-03/0326.html" \
target="_blank">http://archives.neohapsis.com/archives/fulldisclosure/2009-03/0326.html</a><br> \
<br> Every occurrence of "Inquira" has been redacted. Since the original <br>
disclosure suggests the vendor was contacted, and chose not to reply, it <br>
is curious that their name would be removed from your archive.<br>
<br>
Could you explain why, or at the very least share what I suspect was a C&amp;D <br>
style letter demanding their name be removed?<br>
<br>
I ask because other archives do not redact their name for whatever reason:<br>
<br>
<a __removedlink__39630732__href="http://seclists.org/fulldisclosure/2009/Mar/0300.html" \
target="_blank">http://seclists.org/fulldisclosure/2009/Mar/0300.html</a><br> <a \
__removedlink__39630732__href="http://marc.info/?l=full-disclosure&amp;m=123753854425289&amp;w=2" \
target="_blank">http://marc.info/?l=full-disclosure&amp;m=123753854425289&amp;w=2</a><br> <a \
__removedlink__39630732__href="http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2009-03/msg00300.html" \
target="_blank">http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2009-03/msg00300.html</a><br>
 <a __removedlink__39630732__href="http://www.opensubscriber.com/message/full-disclosure@lists.grok.org.uk/11725824.html" \
target="_blank">http://www.opensubscriber.com/message/full-disclosure@lists.grok.org.uk/11725824.html</a><br>
 [..]<br>
<br>
<br>
- security curmudgeon<br>
<br>
---------- Forwarded message ----------<br>
From: Kristian Erik Hermansen &lt;<a \
__removedlink__39630732__href="mailto:kristian.hermansen@gmail.com">kristian.hermansen@gmail.com</a>&gt;<br>
                
To: <a __removedlink__39630732__href="mailto:full-disclosure@lists.grok.org.uk">full-disclosure@lists.grok.org.uk</a><br>
                
Date: Fri, 20 Mar 2009 01:34:28 -0700<br>
Subject: [Full-disclosure] Inquira: Multiple Vulnerabilities<br>
<br>
Bonjour,<br>
<br>
During a recent penetration test, we discovered and worked with<br>
Inquira to close numerous web-based issues.  The vendor has not<br>
replied back about a formal release of these issues, so I am posting<br>
this notice here to inform customers to check for an update for their<br>
products.  You can contact Inquira via the link below.<br>
<br>
<a __removedlink__39630732__href="http://www.inquira.com/" \
target="_blank">http://www.inquira.com/</a><br> <br>
Additionally, it is also advised that customers change the default<br>
passwords used by the affected software.  For instance, the default<br>
Apache Tomcat administrator account details are listed below and<br>
should probably be added to publicly listed default password databases<br>
(phenoelit, etc).<br>
<br>
Vendor: Inquira<br>
Products: (multiple)<br>
Username: inquira<br>
Password: inquira123<br>
<br>
Cheers,<br>
-- <br>
Kristian Erik Hermansen<br>
<a __removedlink__39630732__href="http://www.linkedin.com/in/kristianerikhermansen" \
target="_blank">http://www.linkedin.com/in/kristianerikhermansen</a><br> <br>
_______________________________________________<br>
Full-Disclosure - We believe in it.<br>
Charter: <a __removedlink__39630732__href="http://lists.grok.org.uk/full-disclosure-charter.html" \
target="_blank">http://lists.grok.org.uk/full-disclosure-charter.html</a><br> Hosted and \
sponsored by Secunia - <a __removedlink__39630732__href="http://secunia.com/" \
target="_blank">http://secunia.com/</a><br> <br>
_______________________________________________<br>
Full-Disclosure - We believe in it.<br>
Charter: <a __removedlink__39630732__href="http://lists.grok.org.uk/full-disclosure-charter.html" \
target="_blank">http://lists.grok.org.uk/full-disclosure-charter.html</a><br> Hosted and \
sponsored by Secunia - <a __removedlink__39630732__href="http://secunia.com/" \
target="_blank">http://secunia.com/</a><br> </tt></pre>
</div>
 <!-- end of AOLMsgPart_0_db552752-539f-4e8d-9160-2c703dea1eab -->



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic