back to article RIP Full Disclosure: Security world reacts to key mailing list's death

The legendary Full Disclosure mailing list, where security researchers posted details of exploits and software vulnerabilities, is shutting down. The service, which had been running for nearly 12 years since July 2002, has been suspended indefinitely after list admin John Cartwright was no longer prepared to put up with the …


This topic is closed for new posts.
  1. Crazy Operations Guy

    "Can be done with a tweet"

    Except when twitter sees a legal threat they fold faster than a ninja making origami cranes.

    1. Frumious Bandersnatch

      Re: "Can be done with a tweet"

      ... faster than a ninja making origami cranes.

      or my personal favourite, "Superman on laundry day".

  2. Solmyr ibn Wali Barad

    So long, and thanks for all the bugs.

    It's hard for the lone admin to fend off the trolls. Once they've gained enough presence, the whole place starts to stink.

    1. Anonymous Bullard

      Re: So long, and thanks for all the bugs.

      Just like this forum.

    2. Anonymous Coward
      Anonymous Coward

      Re: So long, and thanks for all the bugs.

      Once they have gained? Err... They were there day one.

      FD was started because BUGTRAQ became to orderly and corporate for the tastes of some of the anarchists prevalent in the world of Internet security 12 years ago. As a result it attracted everyone Aleph One kicked off from BUGTRAQ day one. It had the troll density of a popular dilapidated bridge - anywhere you look you could see a troll.

      In any case, the internet (and internet security) has changed. Exploits are now a paying racket. The anarchy mentality of 0-day release and be damned which founded FD is not there any more. No real reason for FD to exist. I am surprised Carthright kept it running for so long.

  3. M Gale


    Good luck asking every USENET admin in the world to delete that embarrassing post that you don't want seen.

    1. Anonymous Coward
      Anonymous Coward

      Re: USENET?


      Good luck asking every USENET admin in the world to delete that embarrassing post that you don't want seen.


      are you saying that you don't have a clue what a cancel message is? in case that is what you are saying, they are how you delete your usenet posts. you don't ask someone else to clean up your mess, ya know? ;)

      1. M Gale

        Re: USENET?

        I know exactly what a cancel message is, and a newgroup message, and various other control messages that most USENET servers are set up to either vet with a human or utterly ignore due to them being abused by trolls, malicious hackers, shills and other Internet low-life.

        Next question.

        1. Daniel B.

          Re: USENET?

          Yeah, the first thing that popped into my mind was the lame Scientology attempt to kill one of the USENET groups that was critical against them. Which of course was ignored.

    2. Alan J. Wylie

      Re: USENET?

  4. Anonymous Coward
    Anonymous Coward

    NSA take down?

    Don't want their favourite new exploits being known?

  5. Trevor_Pott Gold badge
  6. asdf


    Hey look another thing the lawyers (indirectly) have ruined.

  7. Anonymous Coward
    Anonymous Coward

    The power of the word

    " never imagined that request might come from a researcher within the 'community' itself (and I use that word loosely in modern times). But today, having spent a fair amount of time dealing with complaints from a particular individual (who shall remain nameless) I realised that I'm done. "

    That's because you were afraid to use the world's most powerful word:


    As in, "NO, I will NOT delete your entries as, once posted, they come under the ToS that you agreed to when you joined; comments are subject to the list owner's discretion."

    If you didn't put a reasonable clause into your that charter of yours stating that the list is yours, under your control, subject to your rules and regulations and that all decisions by the list owner / manager are final, then you need to change your ToS!

    You are letting one loud-mouthed fool change your life?! That's when you tell him to "Go to hell" and move on. You've got a bully on your hands and that occurrence is so damn common in today's world that I'm sick of hearing it - push and push, complain and complain, until they get THEIR way regardless of how many other people [appeasing this one jerk] may hurt. Oh, yeah, that's our current Crimea headlines in a nutshell. The world needs to say "NO!" more often to these people, who are simply children and haven't had it said often enough in their face to learn that the world does not revolve around them.

    "NO" - the perfect reply to your current "researcher" problem.

    1. Anonymous Coward
      Anonymous Coward

      Re: The power of the word

      Well if you seem to feel all you have to say is NO, feel free to take it over.

      Good luck.

      1. Anonymous Coward
        Anonymous Coward

        Re: The power of the word

        ...fine and dandy until you get a message along the lines of "some people who believed they were acquiring access to XYZ zero-day on an exclusive basis would like to know why they also see it published here, and may or may not come around asking for answers in person at their convenience". Not that I'd suggest that's what actually happened.

  8. X41

    Not on my watch!

    I've written a scraper to backup all of FD in case the archive goes down too and i'm working to get a Mailing list running to keep it alive. They might not be willing to fight this fight any longer, but i'm here to take that place

  9. Destroy All Monsters Silver badge

    Anyone remember the history of Full Disclosure's creation? I remember there was some discussion about whether people should voluntarily restrict talking about vulnerabilities in wake of serial exploits for Windows (and possibly Linux) immediately before that, but I'm hazy about the details.

    1. Michael Wojcik Silver badge

      I thought I had saved some of the first several messages from F-D, but apparently not.

      Anyhoo: Around the time F-D was founded, the "responsible disclosure" debate was still in full swing. RFPolicy was first published in 2001. So yeah, no doubt there was still a lot of talk about how quickly vulnerabilities should be disclosed. (That debate is still going, of course, but with nothing like the heat it had around the turn of the century.)

  10. druck Silver badge

    Whoever is making the delete request should be named, so they can be subjected to the wrath they so richly deserve.

  11. Rob Crawford

    Shall we play a game

    Lets call it Name the idiot that annoyed the admin.

  12. adnim


    got a great deal of stick from the "community" for posting an article on FD "Google vulnerabilities with POC" to the FD list.

    This is one of the longest threads I have seen on FD. I suggest it is checked out. Some very strong words are used.

    I know what I think, draw your own conclusions.

    Whether or not this person is the catalyst for John throwing in the towel is supposition.

    FD you will be missed :-(

    1. bogsheet

      Re: Someone

      This person made legal threats to FD if they did not comply in removing this thread - that's why it suspended. It is the guy who posted the 'vulnerability' and got shredded due to his response to the 'community'. The arbitrary file upload to YouTube is not a security vulnerability on its own, but it was the response to being told this combined with narcissistic self-delusion and denial that resulted in the meltdown that ensued.

      Some background research into his satellite expertise and academic credentials, not to mention the recent article on Softpedia commenting on the disappearance of the Malaysian 777, are essential reading to understand the full extent of this individual's issues.

  13. JCitizen

    Wow! Ten years?

    It seemed longer ago to me! I never used it, I got my vulnerability information from other sources. I'd say there were many like me. We all saw it in the news for a while then it seemed to disappear! We all forgot about it in my security circles. I'd say it will never be missed. I am slightly sentimental about that time period, but that is about it.

  14. Anonymous Coward
    Anonymous Coward

    Whether it was the NSA, or an individual has written history... They marked the end of lameness and "no community".

    The full disclosure should have closed down a long time ago. Nobody wants a full disclosure list that favours the big companies and not the researchers, but also where lamers and trolls find amusement in vandalising people's findings.

This topic is closed for new posts.

Other stories you might like