> The Hack List sounds like a good idea,
> I would feel BEFORE a site is listed ...
I think it's a bad idea. The etiquette of normal society can be applied here.
Let's say that a crime has been committed: your house was broken into.
Let's further assume that eventually you find the culprit, and that he/she/they
live in another town, Town X.
Would it be appropriate for you (if you had the power) or your
municipal government to block *everybody* who lives in Town X where the
criminal lives from entering your town, until Town X ceases to exist?
And to run an advertisement in some wide-reaching newspaper (NYT? WSJ?
USA Today?) proclaiming that all persons living in town X are
If so, you have a very different view of the world than I. And if not,
why should you do electronically what you would not do by hand?
Now certainly there are some gray areas: if many crimes come from one neighborhood,
one may be justified in forming a general opinion of its inhabitants. And in doing
university-style research into why it should be so (even if it's a black/hispanic/
whatever neighborhood, even though you'll be falsely accused of racism). But you
still do not ban all residents of that town from visiting your town.
> But whatever we do, it should be a seperate NEWS/Listsrv feed
> or we could check with CERT/CIAC about managing the info
I don't think CERT wants to get into the business of libelling/slandering
other organizations, either.
Look, if all the energy that's going into this bad idea were directed someplace useful,
we could probably come up with a provably secure mail transfer agent, and be
done with the sendmail probes. :-)