Date: Wed, 21 Jul 2004 10:54:52 -0500 (EST) From: Chris Wysopal To: intelligence.unit@mi2g.com, webmaster@mi2g.com Subject: Factual error in "Ransom demands come through..." report Gentlemen, I am one of the moderators of the Vulnwatch security mailing list. Your report, "Ransom demands come through to subdue negative publicity; Reputation damage accelerates through hoax postings", dated 20 July 2004, (http://www.mi2g.com/cgi/mi2g/press/200704.php) contains an erroneous statement. A factual error is contained in this paragraph below: Upon reading this hoax "vulnerability" posting, available through a number of security portals, it is clear that there is no purpose to it other than to smear reputation and cause damage. However, the organisations that originally took the posting did not bother to check for accuracy and include such well known names as: 1. bugtraq@securityfocus.com 2. full-disclosure@lists.netsys.com 3. vulnwatch@vulnwatch.org The Vulnwatch moderators did not approve the "Wendy's Drivethru" advisory for distribution to the list. We have a policy of not approving joke security advisories. Archives of the list show that the message was never approved: http://archives.neohapsis.com/archives/vulnwatch/2004-q3/ http://seclists.org/lists/vulnwatch/2004/Jul-Sep/ Remove "3. vulnwatch@vulnwatch.org" from your report as this information is incorrect and defamatory to the moderators of the Vulnwatch mailing list. Publish a correction to the mailing list(s) where the original erroneous report was distributed. I trust that mi2g will make a good faith effort to correct this error and notify those who received the erroneous information of the correction. Sincerely, Chris Wysopal Vulnwatch Moderator