Reporting not blogging

It is often the case that I look at the blog and want to post the latest vulnerability found on one of the systems we use or look at here and there. Unfortunately for security reasons all we are allowed to do is report the issue to the provider of the service and keep quite for a while (i.e., till it is fixed).

The main reason for this post, I guess, is to demonstrate that our silence does not necessarily constitute that we are inactive as a security group. In the past we have been in trouble with problems found in software[1].

Hopefully people will seek security experts to review their products, from time to time. Probably this would eliminate third people finding the problems and exploiting them. Technology moves at such a fast pace security has to be reviewed continuously.

Link used:

[1] Grigorios Fragkos and Huw Read,(2006) ‘IE7 ‘critical update’ causes headaches for managed desktop environments’ –

This entry was posted in Uncategorized. Bookmark the permalink.

11 Responses to Reporting not blogging

  1. Matt Davies says:

    Hi Konstantinos

    I feel your pain

    There were alot of people who did not agree with the decision made to remove the post that you are referring to in this post, albeit surreptitiously.

    Please don’t feel alone

    Publish and be damned I say

  2. Mike Lloyd says:

    I want to make a number of matters clear here.

    Firstly, I did not require the original blog referred to as [1] above
    to be removed. However, I did require it to be edited. This is
    because it was sloppily worded and as such appeared to incite
    members of the University to make unauthorised modifications
    to a computer system and hence possibly be in breach of the
    Computer Misuse Act. As I understand it was not possible
    technically to edit the blog, it was removed and not replaced.
    That was someone else’s choice.

    Secondly, sloppy wording is going to be criticised and corrected.
    I do not see any issue with correcting what research students
    write or what members of staff write either. It may well help
    them when they write up their own research.

    Thirdly and most importantly, the University has no intention in
    interfering with anyone’s freedom of expression provided it is
    within the law as laid down by the Human Rights Act and
    European Convention of Human Rights.

  3. Kosta Xynos says:

    Along these lines, some notes about the blogs:
    I agree that some type of proof reading might be required. The blogs are editable and any suggestions usually are noted and the content is corrected. We must not forget though that blogs tend to be a bit informal.
    I will not go into details about the removal. The reworded document did make it to as it was a serious issue Microsoft had introduced by automatically updating Internet Explorer to the newest version. Once again we see the usual tactic being played, administrators are free to choose what they want to upgrade to through opting out instead of opting in.
    On a final note let me add that we are extra careful to what we post. Most of the posts have emails so you can address any issues with the blog writers, I have added a Contact Us page (also found above, next to Weblog Home) to help moderation.

  4. Matt Davies says:

    Mike, how did you come to reach this understanding?

    “As I understand it was not possible
    technically to edit the blog”

    It’s not correct.

  5. Mike Lloyd says:

    In answer to Matt: I was informed of this. I cannot now remember
    who told me and I did not have the technical knowledge to
    question it.

  6. Smock says:

    Is it me or does this page do some weird Orange colour thing on the text when it loads??

  7. Matt Davies says:

    Not for me Smock

    macosx 10.4.9

    What are you browsing with?

    I’ll check it out.

  8. Grigorios Fragkos says:

    To make things clear:
    The original article on the security blog was saying exactly same thing as the article posted on The Register. Due to the fact a blog post is not a formal document, less words used to describe the issue. This is because it was focused to be understood by people who are familiar with advance scripting and geeky talk. By the way, it even had a disclaimer at the end of the post.
    This matter has ended. I think it is pointless of discussing it any further.
    To cheer you up, same post in geeky talk:
    post == TheRegister. Blog ε !=formal, < words used. Wanted 2readby 3l1t3s, b@/sh users. btw, had disclo2. Elune be praised.

    ps. My screen displays the fonts fine. Opera 9x

    ..the truth is out there

  9. Smock says:

    I’m just using the Universities version of IE (6.1.2900.2180.xpsp_sp2_gdr.061219-0316)

    I’ve just check it in firefox and it’s fine!

    It’s really weird in IE though.
    The “About:” box (which I assume is set to float right) appears undernteah the comment/submit box (as do all the things that appear on the right hand side in firefox – search/links/etc)

    But when the page first loads it’s like the background bleeds down from the orange of “Inside Security”

  10. Smock says:

    I also need an edit button. I’ve just noticed some terrible typos 🙁

  11. Smock says:

    I know what it is now. the link to the register is being kept intact on one line and is forcing the text column wider, which pushes all the stuff on the right hand side all over the place!

Leave a Reply

Your email address will not be published. Required fields are marked *