[VIM] Bogus RFI Reports Getting Out of Hand

security curmudgeon jericho at attrition.org
Mon Jan 8 02:18:26 EST 2007

: > I swear, Bugtraq moderators should seriously consider blocking any RFI 
: > disclosure from hotmail.com. Would save us a lot of time.
: Should the moderators be performing analysis of each post in detail 
: before allowing it to post? I'm thinking this would drag out the 
: postings to the point of being lagged weeks behind the other lists. Have 

I don't. The moderation is already a bit slow at times, especially on 
holidays or anytime there is a transition between moderators. 
Unfortunately, they really can't even take my suggestion to heart because 
it would likely block a handful of legitimate disclosures, and that 
doesn't fly.

: you considered making a list of bogus vuln authors and forwarding them 
: to the list moderators?

Yes. OSVDB is adding all of these bogus reports to our database and 
tracking creditee with the intent of being able to easily generate such a 
list for many purposes, including that.

Call me a bastard, but i'd like to see the people *repeatedly* posting 
bogus RFI bugs get harassed more so they stop posting without validating 
their findings.

More information about the VIM mailing list