Jump to content

Full Disclosure (mailing list)

From Wikipedia, the free encyclopedia

This is an old revision of this page, as edited by Jericho347 (talk | contribs) at 05:30, 3 May 2020 (add mention of why list was created). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

Full disclosure is a "lightly moderated" security mailing list generally used for discussion about information security and disclosure of vulnerabilities. The list was created on July 9, 2002 by Len Rose and was administered by Len Rose, who later handed it off to John Cartwright. After Len Rose shut down netsys.com, the list was hosted and sponsored by Secunia.[1]

The Full Disclosure mailing list was originally created because many people felt that the Bugtraq mailing list had "changed for the worse"[2]. On 25 March 2014 the list was "rebooted" by Fyodor.[3] The site is now part of seclists.org and no longer associated with grok.org.uk.

Notable 0-days first disclosed in Full-disclosure

Email subject Software Date Ref.
Defense in depth -- the Microsoft way (part 14): incomplete, misleading and dangerous documentation Windows NT 2013-11-24 [4]
Defense in depth -- the Microsoft way (part 11): privilege escalation for dummies Windows NT 2013-10-02 [5]
The history of a -probably- 13 years old Oracle bug: TNS Poison Oracle Database 2012-04-18 [6]
Apache Killer Apache HTTP Server 2011-08-26 [7]
Microsoft Windows Help Centre Handles Malformed Escape Sequences Incorrectly Help and Support Center 2010-06-10 [8]
Microsoft Windows NT #GP Trap Handler Allows Users to Switch Kernel Stack Windows NT 2010-01-19 [9]

References

  1. ^ "Full-Disclosure Mailing List Charter".
  2. ^ https://seclists.org/fulldisclosure/2002/Jul/7. {{cite web}}: Missing or empty |title= (help)
  3. ^ Fyodor (2014-03-26). "Rebooting the Full Disclosure list". Retrieved 2014-03-26.
  4. ^ "MS14-019 - Fixing a binary hijacking via .cmd or .bat file".
  5. ^ "Lawful Hacking: Using Existing Vulnerabilities for Wiretapping on the Internet".
  6. ^ "Unpatched Oracle database vulnerability accidentally disclosed".
  7. ^ "Defending Against The 'Apache Killer' Exploit".
  8. ^ "Google researcher gives Microsoft 5 days to fix XP zero-day bug".
  9. ^ "Unpatched Microsoft Windows (all versions) Privilege Escalation Vulnerability Released".