Full Disclosure mailing list archives
Re: [WEB SECURITY] noise about full-width encoding bypass?
From: Amit Klein <aksecurity () gmail com>
Date: Wed, 23 May 2007 13:27:17 +0200
Arian J. Evans wrote:
On 5/22/07, *Amit Klein* <aksecurity () gmail com <mailto:aksecurity () gmail com>> wrote: Fair enough. Still, I expect at least the websecurity mailing list to give credit where credit is due... Hmm, good point, No argument, but...as we see more of this character encoding set awareness I wonder: 1. Where do you draw the line on what is "new"?
The way I see it, and I think it addresses the rest of your points (in your original email) is that the researcher should attempt to find the most similar/relevant prior art, and then discuss how (if at all...) his/her findings differ. This provides the public with: - Acknowledgment (and credit) of prior art - Explanation of what is "really" new So if say the web-app-sec researcher applies techniques from the AV world to the web-app-sec world, he/she should credit the AV prior-art, and explain that those techniques are applied in the paper to the web-app-sec world, with the twists X, Y and Z. Or you can say something like: In this research I combine evasion techniques A (credit to...), B (credit to...) and C (credit to...) to bypass system X. By subscribing to this scheme, the author makes it much easier to evaluate his/her paper. The author does most of the work (finding prior art, comparing their findings to prior art), and the readers judge whether this is new enough/interesting. As for research in non-English languages - that's where *I* draw the line. I assume that everyone can (and should) read English nowadays, and I do not expect anyone to be aware of non-English prior art. However, if such prior art becomes known to the author, it's his/her duty to credit the authors of such text, of course. -Amit _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: [WEB SECURITY] Re: noise about full-width encoding bypass?, (continued)
- Re: [WEB SECURITY] Re: noise about full-width encoding bypass? Arian J. Evans (May 21)
- Re: [WEB SECURITY] Re: noise about full-width encoding bypass? Brian Eaton (May 22)
- Re: [WEB SECURITY] Re: noise about full-width encoding bypass? Arian J. Evans (May 22)
- Re: [WEB SECURITY] Re: noise about full-width encoding bypass? Arian J. Evans (May 21)
- Re: [WEB SECURITY] noise about full-width encoding bypass? Arian J. Evans (May 21)
- Re: [WEB SECURITY] noise about full-width encoding bypass? Arian J. Evans (May 21)
- Re: [WEB SECURITY] noise about full-width encoding bypass? Amit Klein (May 22)
- Re: [WEB SECURITY] noise about full-width encoding bypass? Arian J. Evans (May 22)
- Re: [WEB SECURITY] noise about full-width encoding bypass? Amit Klein (May 22)
- Re: [WEB SECURITY] noise about full-width encoding bypass? Amit Klein (May 23)
- Re: [WEB SECURITY] noise about full-width encoding bypass? Arian J. Evans (May 23)
- Re: [WEB SECURITY] noise about full-width encoding bypass? Amit Klein (May 23)
- Re: [WEB SECURITY] noise about full-width encoding bypass? Arian J. Evans (May 22)
- Re: noise about full-width encoding bypass? Brian Eaton (May 21)