OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Michal Zalewski (lcamtufcoredump.cx)
Date: Tue Dec 04 2001 - 13:56:44 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    On Tue, 4 Dec 2001, Blue Boar wrote:

    > Goobles sent another post to vuln-dev today, which was rejected due to
    > personal attacks in their note.

    GOBBLES is a good, one-time joke gone annoying... This guy is certainly a
    good english speaker - the nature of "mistakes" made by him are not ones
    newbies do; people with poor English skills tend to traslate idioms or
    grammar constructions literally, to use the incorrect meaning of a word,
    to use synonyms in their language that are not synonyms in English, to
    make _certain_ spelling mistakes and such. Actually, he either knows
    English very good (I guess better than me), or, more likely, is a native
    English speaker. He personally attacks AtStake, Alfred Huger and many
    other people, so apparently has a good knowledge of the community. This
    might be a way of someone to disclose some less revelant findings and have
    some fun. One way or another, I can hardly say any of GOBBLES advisories
    so far had a real value. I must say I do not find this offensive style
    entertaining, and I do not perceive it as something clever. Anyone
    familiar with the Usenet should have a good idea what a troll is, and how
    to deal with it... GOBBLES posts are written exclusively to cause endless
    discussions, flame wars, unnecessary noise - or, to be short, to get some
    attention.

    I hate to say so, but maybe it is time to ignore him? Instead of
    forwarding posts or excerpts or notification about yet another
    vulnerability in a discontinued line of scientific calculators,
    command-line buffer overflow / format string bug in a program that is not
    supposed to be setuid, claims that a failure to log authentication failure
    is a "remote root exploit", or an advisory on data leak as revelant to the
    security of your system as disclosing your system time or username by
    Sendmail in mail headers? I am not saying we should ignore valuable
    research if it does not conform to some "style guidelines", or that we
    should reject such very minor (and often unverified) bug reports if
    described in an acceptable manner, but if it does not have any value and
    lacks style, it is just sad.

    Just my $.02... or even less. 

    -- 
_____________________________________________________
Michal Zalewski [lcamtufbos.bindview.com] [security]
[http://lcamtuf.coredump.cx] <=-=> bash$ :(){ :|:&};:
=-=> Did you know that clones never use mirrors? <=-=
          http://lcamtuf.coredump.cx/photo/