Talk:Przemysław Frasunek

This article was previously nominated for deletion. The result of the discussion was keep.

This article must adhere to the biographies of living persons (BLP) policy, even if it is not a biography, because it contains material about living persons. Contentious material about living persons that is unsourced or poorly sourced must be removed immediately from the article and its talk page, especially if potentially libellous. If such material is repeatedly inserted, or if you have other concerns, please report the issue to this noticeboard.

If you are a subject of this article, or acting on behalf of one, and you need help, please see this help page.

Biography

This article is within the scope of WikiProject Biography, a collaborative effort to create, develop and organize Wikipedia's articles about people. All interested editors are invited to join the project and contribute to the discussion. For instructions on how to use this banner, please refer to the documentation.BiographyWikipedia:WikiProject BiographyTemplate:WikiProject Biographybiography articles

Computer Security: Computing Low‑importance

This article is within the scope of WikiProject Computer Security, a collaborative effort to improve the coverage of computer security on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.Computer SecurityWikipedia:WikiProject Computer SecurityTemplate:WikiProject Computer SecurityComputer Security articles

Low

This article has been rated as Low-importance on the project's importance scale.

This article is supported by WikiProject Computing.

Things you can help WikiProject Computer Security with:

Article alerts will be generated shortly by AAlertBot. Please allow some days for processing. More information...

Answer question about Same-origin_policy
Review importance and quality of existing articles
Identify categories related to Computer Security
Tag related articles
Identify articles for creation (see also: Article requests)
Identify articles for improvement
Create the Project Navigation Box including lists of adopted articles, requested articles, reviewed articles, etc.
Find editors who have shown interest in this subject and ask them to take a look here.

Poland

	Poland portal This article is within the scope of WikiProject Poland, a collaborative effort to improve the coverage of Poland on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.PolandWikipedia:WikiProject PolandTemplate:WikiProject PolandPoland articles
???	This article has not yet received a rating on the project's importance scale.

Notability of vulnerabilities[edit]

First, are you Przemysław Frasunek?

No, I'm not. Adom11 (talk) 19:58, 17 January 2008 (UTC)[reply]

I put my contact data on the user page, so it could help verifying my intentions. Adom11 (talk) 21:09, 17 January 2008 (UTC)[reply]

Second, you need to provide a reference to a reliable source that says the vulnerability was actually notable. In the same time period, I see plenty of press hits for WU-FTPD vulns, but none of them appear to be this one.

Third, you need to verify that Przemysław Frasunek actually found the vulnerability. The Bugtraq post linked from the CVE post credits tf8, and only offers a "shout-out" to "venglin".

[1] & [2], CVE links to both. Adom11 (talk) 19:58, 17 January 2008 (UTC)[reply]

The first link you provided explicitly says he did not discover that vulnerability. I'm striking it from the article. --- tqbf 20:34, 17 January 2008 (UTC)[reply]

Thank you for not simply restoring the entire list of vulnerabilities, but if we can't provide actual references that establish your notability, I'm going to propose the article be deleted. Plenty of people have found major vulnerabilities, and yet have not been written about in sufficient detail to merit a Wikipedia article.

I understand your point of view, although IMO discovery of the exploitation technique for one of the most known form of software vulnerability (format string attack) is quite enough to be noted on wikipedia. See articles on Robert Tappan Morris or Michal Zalewski. Adom11 (talk) 19:58, 17 January 2008 (UTC)[reply]

I'm a total skeptic on vuln researchers of marginal notability being on WP; we lack articles for hugely respected researchers, for what I think is good reason. You're not a skeptic. I can be convinced that this isn't an AfD candidate --- but if I feel like "delete" will win when you're done, I'm sending it there. --- tqbf 20:13, 17 January 2008 (UTC)[reply]

Also --- nothing you've provided verifies that this person "discovered the exploit technique" for format string attacks, and I tend to doubt that's true. --- tqbf 20:14, 17 January 2008 (UTC)[reply]

Your user page suggests you're interested in a computer security, so why not helping me with verifying the article theses (or proving it wrong) using bugtraq or securityfocus archives (or any other well-known source)? It sould be easy, huh :)? Adom11 (talk) 20:30, 17 January 2008 (UTC)[reply]

"Discoverer of how to exploit format string vulnerabilities" is an extraordinary claim. The burden is not on me to verify it. --- tqbf 20:33, 17 January 2008 (UTC)[reply]

If you agree on that TESO's paper is a reliable source; which says that the first exploitation technique comes from tf8; and if you compare those exploits [3] & [4], so you could spot different approach to the problem (having in mind his informal comment on the issue), maybe it will be easier to you accept the phrase 'Co-discoverer of how to exploit format string vulnerabilities'. Even if not, I believe that we can agree on 'author of one of the firsts exploits for the format string bugs'. The problem we need to resolve then if it's whether it meets wikipedia notability standards or not. A query of [5] returns ~12.5k results, [6] returns ~11k results, and [7] returns ~7k results. Adom11 (talk) 10:49, 23 January 2008 (UTC)[reply]

~~:::::: Ok, what about current state of the article? Adom11 (talk) 21:05, 17 January 2008 (UTC)~~[reply]

--- tqbf 14:59, 17 January 2008 (UTC)[reply]

I can't evaluate the first cite; it's not in English. This is the English Wikipedia.

http://www.diva-portal.org/diva/getDocument?urn_nbn_se_liu_diva-7866-1__fulltext.pdf? We usually don't delete sources on quantum mechanics, because taxi driver cannot understand it. There are people fluent in the language of the document, so let them verify it. Many wikipedias refer to sources in other languages (esp. english), I don't see a reason why not let it here. What about marking it with a flag or with some other language descriptor? Adom11 (talk) 20:05, 17 January 2008 (UTC)[reply]

No, but you might delete a source on quantum mechanics if a physicist couldn't verify it. I'm not anonymous; check out my user page, and Google. --- tqbf 20:13, 17 January 2008 (UTC)[reply]

So, please, translate the article, and on the basis of your knowledge save it or delete the link. Adom11 (talk) 20:30, 17 January 2008 (UTC)[reply]

I can't translate the article, but given context about where the article was published, who wrote it, and what it says, I can evaluate whether it establishes notability for this researcher. Note that the other examples you gave --- Zalewski and RTM --- are "famous", having appeared regularly in the mainstream english press. --- tqbf 20:32, 17 January 2008 (UTC)[reply]

Why did you remove link to the CVE on WU-FTPD exploit? It just said he was an author of "one of the first exploits for...". Adom11 (talk) 21:05, 17 January 2008 (UTC)[reply]

Because the link you provided credits somebody else with the discovery of the vulnerability. --- tqbf 21:30, 17 January 2008 (UTC)[reply]

A vulnerability and an exploit are two different things. Adom11 (talk) 21:42, 17 January 2008 (UTC)[reply]

Thanks for informing me of that. Your link doesn't verify he wrote the exploit, either: again, it's credited to tf8. You can fix it this time, or I'm just going to list this on AfD. If this is the best you can do, I'm convinced this person isn't notable. --- tqbf 22:02, 17 January 2008 (UTC)[reply]

It's probably no proof by wikedia standards but this is comment by Frasunek from the polish wiki at pl:Dyskusja:Format string attack. In badly translation it says In 2000, there was an informal computer security group called b0f, which me (Ptrzemyslaw Frasunek), tf8, and for some time also lcamtuf (Michal Zalewski), were members. The original discoverer of the vulnerability was unknown to us, and we were informed about the vulnerability by tf8. From that point several independent analyses of the vulnerability has been started. We had agreed that out work will be published under the name of b0f group. On the June 22th 2000, me and tf8 had have independently created exploits, which (what almost anybody can spot) were working differently. Unfortunately, tf8 released the exploit without coordination with the rest of the group, and what is more he falsified the date in the exploit header (1999 vs 2000). Just after I had read it on the Bugtraq, I sent my version of the exploit and because of the bugtraq moderation it appeared a few hours later. To sum up: the vulnerability had been found by an unknown person, but exploits were developed simultaneously by me and tf8, thus the credit in the exploit header. I have an emails archive confirming that scenario -Venglin 00:51, 20 lut 2007 (CET) Adom11 (talk) 22:36, 17 January 2008 (UTC)[reply]

(<-dent) See WP:RS. Wikis are never reliable sources; email messages are not sources unless posted somewhere reliable, not usable to verify disputed facts, and are primary sources subject to WP:OR. You haven't verified this fact. I see no evidence this person is notable. --- tqbf 01:31, 18 January 2008 (UTC)[reply]

Don't you think, that it would be quite silly that this hacker, with quite respectable security research history http://www.frasunek.com/#security, would send somebody's else exploit to the bugtraq list? The proof is in the bugtraq's archives: tf8's version [8], frasunek's version [9]. Explanation of the credits given in each exploit is in here (my poor translation somewhere above). Analysis of the exploits' source code is another proof, for those who are capable of performing so. Here's TESO's document stating ...tf8, who wrote the first format string exploit ever.... I don't even try to argue that that tf8's version was or was not the first on the Bugtraq (I never did say or write so). What I put down in the article, is that Frasunek's (venglin's) version was one of the first published; and the truth about whose method was the first developed is known probably only to them right now. Adom11 (talk) 05:44, 23 January 2008 (UTC)[reply]

I dispute that the cite to "economy-point.org" is reliable: there is no evidence of editorial oversight, and the content is badly machine-translated. --- tqbf 19:47, 17 January 2008 (UTC)[reply]

Agreed Adom11 (talk) 20:05, 17 January 2008 (UTC)[reply]

Deleting this article[edit]

I'm convinced this person isn't notable, to the degree required by WP:N.

I'm giving this page another week, from today, and then I'm going to propose deletion, and, if necessary, submit it to AfD. If reliable sources are added between now and then, of course I'll leave the article alone.

--- tqbf 01:33, 18 January 2008 (UTC)[reply]