R: Antivirus scanner DoS with zip archives

["Stefano Zanero" <stefano.zanero () ieee org>]

> For the record The Register contacted us for information regarding
> this issue. I did mention the Dev list and I assume this is the
> source where the reporter got his information from.

As a (rather technical) journalist myself, I would suggest a simple way of
cooperating with my colleagues of non-specialized press. Ask them to mail or
fax to you their article before it is published. Tell them it's established
policy of your group/enterprise/whatever to do this for any public news
release. Obviously for the colleagues of the daily newspapers this means
that YOU should be able to call back and give your corrections within 1-2
hours from receiving the article. But - I can assure this - they will be
grateful if you suggest clearer and simpler ways of saying more correct
things.

Another point you may want to consider is that we as technicians are prone
to the subtleties of any problem, e.g. we wish to know why something doesn't
work and how to exploit that. Public, and non-specialized press, wish to
know two things: which amount of maximum damage could come from an
exploit/vuln, and how do they protect themselves.

Should I do an example ? This could be a good quote for a press article on
the vulnerability recently pointed out by G. Guninski (for MS it's
MS01-038):

-----
"This vulnerability is present in any installazion of Outlook XP" says
computer security expert <YOUR NAME HERE> "Using this vulnerability an
hacker could execute easily any program on a target computer, and could
completely control the machine. You can protect yourself by downloading a
patch from http://www.microsoft.com/technet/security/bulletin/ms01-038.asp "
-----

Be clear, be fast, be simple, and don't add too much information. Otherwise
they could have to "rewrite" your sentence. And THAT could be a real
problem.

Stefano Zanero

ComputerWorld Italia (www.cwi.it)