On Wed, 6 Mar 2002, Starks, Michael stated: > What is the consensus in regards to anonymously posting to security mailing > lists and USENET when discussing specific network configurations? Is it > considered the prudent thing to do? Is credibility affected? It doesn't > seem wise to me to discuss a specific vulnerability which points back to you > own network.
I can't speak for everyone else, but here's my opinion: As you say, it's not very clever to talk about vulnerabilities or other security issues that may be traceable right back to you network. I would recomend you to set up a e-mail account on Hotmail (or equiv.) for use in this issue. Regarding the credability issue I don't see any problem, unless you are making posts like "How can I sploit this or that", "Could anyone give me sploit code for...", etc... in which case you will most likely be ignored (or flamed). Making such postings isn't very clever, regardless of the e-mail address used. On USENET (especially) it's _very_ common to use "secondary" or even bogus addresses, just for the security reason. Patrik Birgersson
