Account Options

  1. Sign in
The old Google Groups will be going away soon, but your browser is incompatible with the new version.
Google Groups Home
« Groups Home
comp.text.tex
+ new post
About this group
Subscribe to this group
This is a Usenet group - learn more
Message from discussion Who is this guy...?
The group you are posting to is a Usenet group. Messages posted to this group will make your email address visible to anyone on the Internet.
Your reply message has not been sent.
Your post was successful
 
From:
To:
Cc:
Followup To:
Add Cc | Add Followup-to | Edit Subject
Subject:
Validation:
For verification purposes please type the characters you see in the picture below or the numbers you hear by clicking the accessibility icon. Listen and type the numbers you hear
 
Robin Fairbairns  
View profile  
 More options May 26 2009, 6:00 am
Newsgroups: comp.text.tex
From: r...@cl.cam.ac.uk (Robin Fairbairns)
Date: 26 May 2009 10:00:34 GMT
Local: Tues, May 26 2009 6:00 am
Subject: Re: Who is this guy...?
Print | View thread | Show original | Report this message | Find messages by this author

 JohnF <j...@please.see.sig.for.email.com> writes:
>I'm asking about the author of the email reproduced (without
>permission) below.  The simple errors described there have been
>fixed, with corrected code for the two ctan programs available at
>     http://www.forkosh.com/mimetex.zip
>     http://www.forkosh.com/mathtex.zip
>But it's not yet submitted to ctan as they're trivial errors very
>hard to trip over and hardly worth the administrative overhead (for
>me or for ctan).  However, they are errors worth my time to fix,
>and somebody (see cc's on email) must have taken a hard look
>at the programs to find them.  For that I'm grateful.

>What does bother me, however, is what seems to me like the
>pompous, supercilious attitude of self-proclaimed net police
>who write email to total strangers containing stuff like
>   IMPORTANT: Please let us know if you have any questions/concerns,
>   we would ask you not to disclose any of this information publicly
>   until we have confirmed an embargo date for these issues. (please
>   let me know if you are not familiar with this practice).
>Well, I'm not familiar with this practice!
>Embargo date?  Who does this guy think he is???

someone in a cert team somewhere, presumably.

their business is finding vulnerabilities in software, that could
cause vulnerabilities if installed on a web server.  unchecked
strcopy, iirc, was the ultimate source of the morris worm so it's the
sort of thing these people look for.

it's irrelevant whether it's difficult to "trip over the problem";
what's relevant is whether it's possible to use the problem to
construct an attack on the server that offers the program.

(we get personal service from our local cert team, because we know all
of the members well; if we get messages from any other -- even if it's
from the isp's team -- they tend to be pretty impersonal.  if you run
a service of any sort, you're likely to attract messages from cert
teams all over the place.  we do.)
--
Robin Fairbairns, Cambridge


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Create a group - Google Groups - Google Home - Terms of Service - Privacy Policy
©2012 Google