lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20031030160513.GB404@sentinelchicken.org>
Date: Thu, 30 Oct 2003 08:05:13 -0800
From: Tim <tim-security@...tinelchicken.org>
To: Bipin Gautam <door_hUNT3R@...ckcodemail.com>
Cc: full-disclosure@...ts.netsys.com, bugtraq@...urityfocus.com
Subject: Re: Shortcut...... may cause 100% cpu use!!!



> PLEASE READ IT BEFORE YOU POST!!!

LOL.  Think about what you are saying to me.


> >I haven't looked at your shortcut file(s) yet, but it sounds like the

And yes, I admitted, I hadn't looked at your files.  For a vulnerability
such as you describe, it really wasn't worth my time.  After all, it was
just a DoS, and there are already two known ways to acheive this with
.lnk files.


The point is, research is never done in a vacuum.  It is the duty of any
researcher to understand the topic they are publishing on before they
publish.  That includes knowing about any other published research in
that area, even if it isn't the same information.  You have added about
5 cents worth of knowledge to what was already known about shortcut
files.  However, the casual reader might think that you came up with
this all on your own.  Are you taking complete credit for finding this
problem without any knowledge of previous work?  If so, then you are
foolish for wasting your time in not looking for others' work
beforehand.  Afterall, there is information out there that would have
made this particular find trivial.

On the other hand, if you did use the previous work to learn about the
topic and to find your own bug, then you are ripping off those others
who did all of the hard work for you.  Nothing wrong with publishing
anyway, but you should *credit your sources*.  That is how research is
done.  Each researcher builds on previous work in order to bring more
knowledge to humanity.

So, you are either a fool, or a plagiarist.  Take your pick.

tim

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ