Fulldisclosure -- Improving network security through full disclosure

 

About Fulldisclosure
English (USA)

The Full Disclosure mailing list is a public forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. FD differs from other security lists in its open nature, light (versus restrictive) moderation, and support for researchers' right to decide how to disclose their own discovered bugs. The full disclosure movement has been credited with forcing vendors to better secure their products and to publicly acknowledge and fix flaws rather than hide them. Vendor legal intimidation and censorship attempts are not tolerated here!

This list is meant as a spiritual successor to the grok.org.uk Full-Disclosure list started by Len Rose and John Cartwright in 2002 and terminated abruptly in March 2014 due to bogus legal threats. We are giving this list a fresh start, so members of the old list need to resubscribe here.

This list is run by and for the network security community. We need light moderation to prevent trolls from filling the list with furry porn (again), but we try to accept all posts with valuable security content. Moderation is performed by a team of volunteers. Time is truly of the essence in vulnerability disclosure, so we try to keep the moderation delay below an hour on average. When we need more moderators we will recruit from the most active and insightful list members.

You must join the list before you can post to it. Submit posts to fulldisclosure@seclists.org. If you don't want list message delivery to the address you post from, you can disable it in list config.

Posts are publicly archived at the Seclists.org Full Disclosure web archive and the list RSS feed is available there too. Various unofficial archives exist as well. You can prevent archiving (at least for Seclists) by specifying the X-No-Archive mail header in your post, but you might reconsider whether to post such a sensitive message to a public list in the first place.

Given the light moderation policy and that we generally don't verify posted information, and that email forgery is easy, deal with all list content at your own risk! In particular, running any "exploit scripts" or executables posted to this list can be disastrous.

Using Fulldisclosure
To post a message to all the list members, send email to fulldisclosure@seclists.org.

You can subscribe to the list, or change your existing subscription, in the sections below.

Subscribing to Fulldisclosure

Subscribe to Fulldisclosure by filling out the following form. You will be sent email requesting confirmation, to prevent others from gratuitously subscribing you. This is a hidden list, which means that the list of members is available only to the list administrator.

    Your email address:  
    Your name (optional):  
    You may enter a privacy password below. This provides only mild security, but should prevent others from messing with your subscription. Do not use a valuable password as it will occasionally be emailed back to you in cleartext.

    If you choose not to enter a password, one will be automatically generated for you, and it will be sent to you once you've confirmed your subscription. You can always request a mail-back of your password when you edit your personal options.
    Pick a password:  
    Reenter password to confirm:  
    Which language do you prefer to display your messages? English (USA)  
    Would you like to receive list mail batched in a daily digest? No Yes
Fulldisclosure Subscribers
(The subscribers list is only available to the list administrator.)

Enter your admin address and password to visit the subscribers list:

Admin address: Password:   

To unsubscribe from Fulldisclosure, get a password reminder, or change your subscription options enter your subscription email address:

If you leave the field blank, you will be prompted for your email address


Fulldisclosure list run by fyodor at nmap.org
Fulldisclosure administrative interface (requires authorization)
Overview of all seclists.org mailing lists

Delivered by Mailman
version 2.1.15
Python Powered Gnu's Not Unix