Wikipedia:Articles for deletion/Susam Pal


 * The following discussion is an archived debate of the proposed deletion of the article below. Please do not modify it. Subsequent comments should be made on the appropriate discussion page (such as the article's talk page or in a deletion review).  No further edits should be made to this page.  

The result was delete. Jaranda wat's sup 23:42, 5 January 2007 (UTC)

Susam Pal

 * — (View AfD)

Contested prod (prod tag removal was user's 6th edit). Respectable person who can be found at some security-related mailing lists, but not notable enough for Wikipedia. I could not find any reliable sources. See also Chris Sullo. Jyothisingh 09:01, 31 December 2006 (UTC)
 * Delete - fails WP:BIO. MER-C 09:25, 31 December 2006 (UTC)
 *  See AfD for Open Security Foundation, seems to be the same group of contributors --Kevin Murray 10:34, 31 December 2006 (UTC)
 * Keep - Susam Pal is quite notable among security folks. He features in each and every security list across the world. In the worst case, if the article is deleted, I suggest merging this with OSVDB. -- Root exploit 11:40, 31 December 2006 (UTC)
 * Delete Per MER-C. Daniel5127 &lt;Talk&gt; 00:25, 1 January 2007 (UTC)
 * Keep - Meets the following WP:BIO conditions.
 * 1) The person has been the primary subject of multiple non-trivial published works whose source is independent of the person. (References: Secunia, [ SecurityFocus]).
 * 2) The person made a widely recognized contribution that is part of the enduring historical record in their specific field. (References presented in support of the above point and references in the article are all part of enduring historical record.) -- Nareshhacker 07:17, 1 January 2007 (UTC)
 * The person is not the "primary subject" of the references provided. Also, IMHO, the references provided are not "non-trivial". I visited these sites (secunia and securityfocus) for the first time today -- it seems that on an average day, more than ten security vulnerabilites are reported at both the sites. As about the second point, you've grossly misunderstood the phrase "enduring historical record in their specific field". Jyothisingh 12:10, 1 January 2007 (UTC)
 * Delete. so he found a vulnerability in some website.  so have most people in this thread.
 * also, article is wrong. the article implies that this person found a dos vuln, yet the link says its sql injection. there's a big difference 207.229.176.46 08:37, 1 January 2007 (UTC)

(The above commenter means the Bugtraq Vulnerability Database which is different from the Bugtraq Mailing List. Bugtraq Mailing List may not be considered notable but Bugtraq Vulnerability Database should be IMHO) -- Nareshhacker 04:56, 2 January 2007 (UTC)
 * Delete - fails WP:BIO person is nn. Davidpdx 12:00, 1 January 2007 (UTC)
 * Keep - The irony of this post is that people voting here have not been actively involved with security or you would have already known who Susam Pal is. I wonder why an entry in Bugtraq is not considered notable or verifiable. -- Smith.norton 15:28, 1 January 2007 (UTC)


 * Comment - 207.229.176.46 states that the article is wrong. I refute this. The article states that Susam has discovered a few vulnerabilities which includes Windows, XSS, SQL Injection as well as Apache. An SQL Injection vulnerability in an Indian site can be used to cause a DoS. So what's the difference? Morover the link that this User ID has posted is a link to a forum which is non-notable. SecurityFocus Bugtraq is notable. -- Smith.norton 15:28, 1 January 2007 (UTC)


 * go to sql injection. hit ctrl+f5. do a search for "denial" or "dos". you won't get any results. sure, maybe it could help in a few rare circumstances, but they are, in actuality, two very different kinds of attacks. sql injection compromises databases. it allows attackers to read data they might not otherwise be able to read - to insert data they might not otherwise be able to insert. denial of service, per its very name, does not do this. denial of service attacks do just that - deny service. honestly, how can you presume to comment on the notability of anyone in the security field when your understanding of the fundamentals appears to be so piss poor? -- 207.229.176.46


 * You are about to start a flame war where as the fact is that you yourself have not gone through the article nicely. Where in the article did you find "dos vulnerability" being mentioned? Susam has found lots of vulnerabilities, a few of which are listed in this article with proper references as well. -- Nareshhacker 04:52, 2 January 2007 (UTC)


 * you should follow your own advice and go through the article nicely. check out Susam Pal. it says he found a vuln "which could be exploited by an attacker to bring the site down thereby making it inaccessible to intended users". "bring down the site" is the definition of a dos. and whether or not it can be is moot. it violates WP:NOR and mistates the vuln. 207.229.176.46 13:08, 2 January 2007 (UTC)
 * LOL! Whatever is written in the article is true. It is an SQL Injection in the site which can be used to drop tables in the site in question there by causing the DoS attack. I hope you have understood the meaning now. (How the tables can be dropped is not a publicly disclosed fact and is still a guarded secret of the Indian underground community). Ok if that particular statement violates WP:NOR, then that particular line can be removed and it can simply be written that he discovered SQL Injection in the site and demonstrated standard probing techniques. The reference for the latter fact is present in the article. --Root exploit 14:40, 2 January 2007 (UTC)


 * i will concede that i had not thought of dropping the tables. that said, you're still a fucking idiot. SQL injection allows an attacker do a hell of a lot more than DoS attacks do and to call it a DoS attack is highly inaccurate. here's an example:




 * would it be more accurate to call that xss or sql injection? technically, it's both, but if you could only chose one, it'd be more accurate to say sql injection, because that's, ultimately, what is enabling the xss. your calling of an sql injection vuln a dos is akin to saying that the above is xss, which is wrong. 207.229.176.46 18:11, 2 January 2007 (UTC)


 * as for the forum i posted a link to being non-notable... you're missing the point. you're claiming this guy should stay because he's found vulnerabilities. people in that forum have, too. so what if they're not posted on bugtraq? a vulnerability is a vulnerability regardless of whether or not it's posted on bugtraq. test the latest ones out for yourself if you think otherwise. -- 207.229.176.46


 * No, there is a difference between a vulnerability that you post in some XYZ forum like a school kid and some vulnerability that is reviewed by SecurityFocus Bugtraq team and included in the Bugtraq Vulnerability Database. If a vulnerability posted by you enters the Bugtraq Vulnerability Database, network scanners all over the world include this vulnerability in their scanning list. For instance, Susam's Apache vulnerability disclosure is used in scanners. Here's a reference. -- Nareshhacker 04:52, 2 January 2007 (UTC)


 * There's also a difference between a story that you post in some XYZ forum like a school kid and some story that is reviewed by the slashdot.org team and included on their website. If a story by you enters slashdot.org, websites all over the world cover the story. since your argument can be so easily adapted to advocate wikipedia entries on everyone who's ever gotten a slashdot.org story accepted, you must also believe that? otherwise, please explain to me how you're not being hypocritical.


 * also, your suggestion that people who post vulns on XYZ forums are as "school kids" is petty and childish. anyone who posts a vuln, in public, is an attention seeking whore who's more concerned about their own reputation then they are about a creating a safer anything and if you think bugtraq is an exception, you're a tool - an apologist - who conveniently truths when they disagree with your own vision 207.229.176.46 13:08, 2 January 2007 (UTC)


 * H. D. Moore does just that. So you mean to say H. D. Moore is an "attention seeking whore"? :-) -- Root exploit 14:40, 2 January 2007 (UTC)


 * yes, i think he is an "attention seeking whore". you can, of course, be notable and skilled, despite being an "attention seeking whore". 207.229.176.46 18:27, 2 January 2007 (UTC)

Note to the administrators - We are arguing here in good faith. We don't mind even if this article is deleted if it doesn't meet the policies. But we do object the language 207.229.176.46 is using for living people. He/She implies that all security researchers who go for public disclosures which include great researchers like H. D. Moore are "attention seeking whores". -- Root exploit 14:46, 2 January 2007 (UTC)


 * For what its worth, being an attention-seeking-whore isn't all bad. The upside is that "being known" allows projects like Metasploit to stay in active development. The more people that know about and use our tools, the less chance we will let the project die for lack of interest. The downside is that psuedo-anonymous Wikipedia users rag on you for being a whore :-) --Hdm 19:43, 4 January 2007 (UTC)


 * and if you think bugtraq does make a difference, consider the fact that it's a mailing list to which anyone can contribute. just because bugtraq is notable does not mean that every peon who sends emails to it is. jesus christ, how can you even believe your own arguments? -- 207.229.176.46


 * We are not talking of the Bugtraq mailing list. (Have you even bothered to click and open the references?) We are talking of the Bugtraq Vulnerability Database. . Not anyone and everyone can contribute there. Only vulnerabilities which are reviewed and considered notable and of importance to the whole world are kept in the BID list. Please have a look at the references in the article once again. Bugtraq vulnerability database and Bugtraq mailing list are quite different. -- Nareshhacker 04:52, 2 January 2007 (UTC)


 * in any event, Travis Schack should be deleted, too, not to mention most of the "manglers" at OSVDB. 207.229.176.46 00:18, 2 January 2007 (UTC)


 * Agreed! But this is not the place to discuss Travis Schack. Please do it in the appropriate page. -- Nareshhacker 04:52, 2 January 2007 (UTC)


 * Keep - Jyothisingh says that Susam is present in some security related mailing lists. I would like to add that Susam is also present in all reputed and notable security sites. Apart from this his work is being used in network scanners. -- Jeev


 * Comment - Jyothisingh also says, "it seems that on an average day, more than ten security vulnerabilites are reported at both the sites". How does this make Secunia, SecurityFoscus, FrSirt, etc. not notable or verifiable? This argument is funny. More than ten news articles come up at BBC on an average day. So going by Jyothisingh's argument we should stop citing BBC as a reference too. This is a rant, but I never thought arguments at Wikipedia would stoop so low. -- Jeev


 * your an idiot if you think including an article on someone who has a few stories on securityfocus is akin to citing the bbc. that comment is attacking the notability of securityfocus or secunia - it's attacking the notability of susam pal. a more proper analogy would be creating a wikipedia article on everyone who has ever written an article that's been published on the bbc. but no matter. you say wikipedia has stooped "so low". well, congratulation's - you've stooped even lower. if the only counter you have to arguments is by misrepresenting them, you shouldn't waste anyone's time trying to counter them in the first place. 207.229.176.46 13:16, 2 January 2007 (UTC)


 * @ 207.229.176.46 - I think a person who can't figure out how to cause a DoS attack using SQL Injection needs to be commenting on a person who is far more respectable in the field of Information Security. -- Nareshhacker 13:46, 2 January 2007 (UTC)


 * i think your fucking idiot. i am not saying that SQL injection can't be used to DoS - I am saying that you can do a fuck of a lot more with SQL injection than you can with a DoS attack. at best, DoS attacks are a subset of SQL injection. SQL injection allows things that DoS attacks do not and therefore, calling an SQL injection attack a DoS attack is highly misleading. 207.229.176.46 18:11, 2 January 2007 (UTC)


 * I never said that "Secunia, SecurityFoscus, FrSirt, etc. not notable or verifiable?". When I said "it seems that on an average day, more than ten security vulnerabilites are reported at both the sites", I meant that the subject of the article is just one of the many people who report vulnerabilities. Subscribing to all security-related mailing lists and registering at all security-related websites doesn't make a person notable. And if the person is so notable, where are reliable references? Jyothisingh 13:10, 2 January 2007 (UTC)


 * What else is a reliable reference? Please clarify this point. I admit we might not be understanding the Wikipedia policies well enough. But I don't understand why I am being attacked like this by 207.229.176.46. This is just turning into a flame war. And if this is the case I am never returning to Wikipedia again. -- Nareshhacker 13:46, 2 January 2007 (UTC)


 * Note to administrators: Please note that four people have voted keep: three of them (User:Smith.norton, Jeev and User:Nareshhacker) have made less than 10 edits outside Susam Pal or this page. The third, User:Root exploit has made less than 25 edits outside the subject. Jyothisingh 13:10, 2 January 2007 (UTC)


 * I am sorry I didn't get this. We are a bunch of guys from erstwhile Orkut hackers' community, erstwhile since the community itself was deleted, who were trying to write some wikipedia articles on the OSVDB volunteers. So our purpose was just that. We never intended to edit articles outside the domain of OSVDB. So why are we supposed to make more than 10 edits. We have made 2-5 edits per subject. Does that mean our arguments won't be given any importance here? -- Nareshhacker 13:37, 2 January 2007 (UTC)


 * for what it's worth, i do think your arguments should be given as much weight as anyone elses. to dismiss something because of someones edit count is an ad hominem and is something to be ashamed of. 207.229.176.46 18:30, 2 January 2007 (UTC)

Comment - The following comment was made:- "Subscribing to all security-related mailing lists and registering at all security-related websites doesn't make a person notable." by JyothiSingh. I would like to make a correction. We are talking of two differen things. Security Mailing Lists and Security Organization Reports. It is quite easy to get your name into every security mailing list of the world. Just post a mail in the Bugtraq mailing list and it would soon be copied by all other security mailing lists. I agree with this point. But the story is different in case of Security Reports. All the references in the article are those of security reports. A security report is published only after verifying the security incident or vulnerabiliy. Only when it is found verifiable and worthful by the security organization, it is published as a report or advisory. So the subject in question had no way of forcing his name into the thousands of security reports that are available in his name. This is just a clarification. Of course the administrators have the right to decide what is the best thing to do with this article. -- Root exploit 14:40, 2 January 2007 (UTC)
 * Delete I find the argument that "if you were active in security you'd have heard of him" to be unpersuasive. Lack of substantial secondary sources is the problem here. Guy (Help!) 17:01, 3 January 2007 (UTC)


 * The above discussion is preserved as an archive of the debate. Please do not modify it. Subsequent comments should be made on the appropriate discussion page (such as the article's talk page or in a deletion review). No further edits should be made to this page.