Account Options

  1. Sign in
The old Google Groups will be going away soon, but your browser is incompatible with the new version.
Google Groups Home
« Groups Home
comp.text.tex
+ new post
About this group
Subscribe to this group
This is a Usenet group - learn more
Message from discussion Who is this guy...?
The group you are posting to is a Usenet group. Messages posted to this group will make your email address visible to anyone on the Internet.
Your reply message has not been sent.
Your post was successful
 
From:
To:
Cc:
Followup To:
Add Cc | Add Followup-to | Edit Subject
Subject:
Validation:
For verification purposes please type the characters you see in the picture below or the numbers you hear by clicking the accessibility icon. Listen and type the numbers you hear
 
Robin Fairbairns  
View profile  
 More options May 26 2009, 9:58 am
Newsgroups: comp.text.tex
From: r...@cl.cam.ac.uk (Robin Fairbairns)
Date: 26 May 2009 13:58:19 GMT
Local: Tues, May 26 2009 9:58 am
Subject: Re: Who is this guy...?
Print | View thread | Show original | Report this message | Find messages by this author

 JohnF <j...@please.see.sig.for.email.com> writes:
>Robin Fairbairns <r...@cl.cam.ac.uk> wrote:
>> JohnF <j...@please.see.sig.for.email.com> writes:
>>>Embargo date?  Who does this guy think he is???

>> someone in a cert team somewhere, presumably.

>Thanks, Robin.  I agree that can be a useful community service,
>and maybe I overreacted a little.  But I get emails from people
>with requests or pointing out errors all the time, none of whom
>have felt the need to use words like "embargo" until now.

cert teams embargo details of problems that have been reported to them
so that the supplier of the software has time to put it right.

why do you think m$ releases can be so precisely scheduled? -- because
the cert people have embargoed their information.  once the patches
have propagated, cert will release the information.

>As for mathtex.c, I've fixed the explicit vulnerability that was
>pointed out.  But anyone using it should realize it's essentially
>a script written in C that just runs latex and friends.  So it's
>going to remain as exploitable as all the similar script cgi's
>that are out there.  I'm not sure there's much I can do about that.

>So far (knock on wood), however, I haven't received any emails
>from people who think their systems have been hacked into
>through either mimetex or mathtex.  Though more people use these
>programs than I'd have originally guessed, it's still a vanishingly
>small user base in web terms.  And I'd guess that seriously
>dangerous hackers/crackers might focus their efforts on jucier
>targets.

any website that's capable of doing anything other than just serving
pages is a worthy target of attack by the slime who do these things.
(and sometimes they even have an agenda related to nothing more than
the pages that are served.)
--
Robin Fairbairns, Cambridge

 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Create a group - Google Groups - Google Home - Terms of Service - Privacy Policy
©2012 Google