It's me who sent out both messages.

Here was my reply to Georgi:

   Actually nothing big deal is going on here. I am using a
   documented feature of Windows Media Player. In addition,
   this clearly isn't as serious of an issue as a buffer overflow
   that allows someone to run programs on the sly. I think a bit
   of basic common sense is in order here.

I've been posting demo/test code for years now for security and privacy
problems. However, for the more serious problems, I keep the details
private. It's a policy that has worked pretty well for me.

Also here is the ultimate example of why full disclosure in certain
situations is an extremely bad idea:

   Bush May Limit Germ Weapons Info
   http://dailynews.yahoo.com/h/ap/20020113/ts/us_germ_weapons_1.html

Richard

-----Original Message-----
From: Dave Vehrs [mailto:davevspiremedia.com]
Sent: Wednesday, January 16, 2002 12:59 PM
To: 'Georgi Guninski'; webappsecsecurityfocus.com
Subject: RE: Full disclosure opponent discloses *full details* of
significant privacy problem

Are you sure that this is the same Richard M. Smith? It does sound like
a fairly common name to me and I don't see anything in either message to
tie it to the other, except for the use of 'rms' in the email address.

First Richard M. Smith is:
Richard M. Smith
CTO, Privacy Foundation
http://www.privacyfoundation.org
Email address: rmsprivacyfoundation.org

But the second is:
Richard M. Smith
http://www.computerbytesman.com
Email address: rmscomputerbytesman.com

If it is the same Richard M. Smith, how about letting the rest of us in
on the collaborating information? If not,....

Thanks

Dave V.
SpireMedia

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]