Ding Dong! Full Disclosure Is Dead
Full Disclosure was a listserv based email system and website that glorified in the release of uncorroborated security vulnerabilities. I’m sure it had once hoped to get purchased by a giant corporation like SecurityFocus did back in the heydeys of large security acquisitions and market consolidation. But it didn’t. And after 12 years of giving away information for free, and allowing any jackass to post anything they wanted to up there, the site is rage-quitting. They picked up their marbles, threw a public temper tantrum, and closed up their doors.
Good riddance. As a reminder, they allowed anonymous people to blow a dog whistle at me in hopes they could get a mob of idiots to SWAT me or something for speaking out against the bomb plots of a CISSP named Byron Sonne. I had originally thought that noted fat security researcher James Arlen had posted it, but it may very well be his buddy at LiquidMatrix, Dave Lewis @gattaca who penned a teary-eyed obit to the failed vulnerability disclosure blog here.
For those interested, here is a copy of the rage-quit notice from FullDisclosure, with no need to cite the url:
From: John Cartwright
Date: Wed, 19 Mar 2014 10:30:15 +0000
HiWhen Len and I created the Full-Disclosure list way back in July 2002,
we knew that we’d have our fair share of legal troubles along the way.
We were right. To date we’ve had all sorts of requests to delete
things, requests not to delete things, and a variety of legal threats
both valid or otherwise. However, I always assumed that the turning
point would be a sweeping request for large-scale deletion of
information that some vendor or other had taken exception to.I never imagined that request might come from a researcher within the
‘community’ itself (and I use that word loosely in modern times). But
today, having spent a fair amount of time dealing with complaints from
a particular individual (who shall remain nameless) I realised that
I’m done. The list has had its fair share of trolling, flooding,
furry porn, fake exploits and DoS attacks over the years, but none of
those things really affected the integrity of the list itself.
However, taking a virtual hatchet to the list archives on the whim of
an individual just doesn’t feel right. That ‘one of our own’ would
undermine the efforts of the last 12 years is really the straw that
broke the camel’s back.I’m not willing to fight this fight any longer. It’s getting harder
to operate an open forum in today’s legal climate, let alone a
security-related one. There is no honour amongst hackers any more.
There is no real community. There is precious little skill. The
entire security game is becoming more and more regulated. This is all
a sign of things to come, and a reflection on the sad state of an
industry that should never have become an industry.I’m suspending service indefinitely. Thanks for playing.
Cheers
– John
So a site that made no revenue is now closed and only leftist looters who want stuff for free is lamenting its loss.
Full Disclosure has shut down. True to their original mission, they have published all the details of what happened and who threatened them.
— Fake Infosec News (@FakeInfosecNews) March 19, 2014
Shocker that a free service used by hackers & lowskilled researchers would shutdown over legal issues #FullDisclosure
— Dr. Jones (@BelchSpeak) March 19, 2014
#ragequit #tangodown #butthurt And nothing of value was lost. #FullDisclosure
— Dr. Jones (@BelchSpeak) March 19, 2014
And of course the owner of the site noted the abuse of posting false stuff in the lists, of which either James Arlen or Dave Lewis were participants, or certainly were affiliated and of the same mindset of the ones who did. Yeah, it was brought down by dicks in the security community. Taste the lulz.
