Cryptography Lessons
Tracy r reed   |  
BUGTRAQ is dead

The BUGTRAQ mailing list ain't what it used to be.

I sent the following to the bugtraq mailing list. The moderator of the list replied with basically a shrug of the shoulders and bounced my post back to me.


Subject: The utility of bugtraq
From: Tracy R Reed <>
Date: Mon, 26 Jun 2006 14:35:38 -0700

I have been a subscriber to bugtraq for over 10 years. I made the
acquaintance of Aleph1 and I think maybe he turned me onto the list, I
don't recall. When I first subscribed I read every email that came
across the list because it was probably something that applied to one of
the UNIX's I administered and could affect me. Many emails contained
actual exploit code which was very interesting in understanding what was
really going on.

But the list has changed a lot since then. Now it seems like every
platform is fair game for the list even though no one person cares about
more than a very small percentage of those platforms. We have tons of
XSS exploits being posted for webapps that nobody has heard of. We even
have XSS exploits being posted which are unique to individual websites.
What is the point of posting those? What are the rest of us going to
learn from a site-specific XSS exploit for that we
didn't learn from the previous thousand XSS exploits and why should we
read over a thousand emails a month about such things?

I don't know if the change in the population of the Internet in general
is responsible for the change in utility of the bugtraq list or if it is
due to the new ownership of the list but it went from being an
indispensable tool for the system administrator to being a massive
source of useless noise. I guess it's time for this old UNIX fogey (and
I'm just 31!) to move on.