Text 6088, 226 rader
Skriven 2005-07-15 18:47:26 av Geo (1:379/45)
Kommentar till text 6080 av Rich (1:379/45)
Ärende: Re: eeye's irresponsible self-serving behavior
======================================================
From: "Geo" <georger@nls.net>
This is a multi-part message in MIME format.
------=_NextPart_000_006C_01C5896D.A5A98CC0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
eeye is not posting instructions on how to kill computer users, they are =
posting details of flaws in consumer product.
And I picked the SMB flaw as an example because it's the kind of flaw = that's
likely to be the next worm vector.
As for the question of eeye providing protection and at the same time =
providing details of a flaw, how did you feel about the details of that =
bicycle lock that could be opened with a ball point pen? Did you have an =
issue with those details being released on the national news because I =
thought that was a good thing. It showed the public just how piss poor a = lock
that junk was. I would however imagine the lock manufacturer has an = attitude
similar to yours, that the information never should have been = released and I
would imagine they would use the same bs arguments you = are using.
Consumers have a right to know the details of the flaws found in = consumer
products. Be it a kids car seat, a bicycle lock, software, a = circuit breaker,
their cars, whatever.
Geo.
"Rich" <@> wrote in message news:42d82aee@w3.nls.net...
Do you really believe that your doors and windows protect you from =
outright attack? If so you are surely going to be sorry. You escape = harm
simply because you one attacks you. Post instructions on how to do = so and
thereby lower the threshold and you will increase the likelihood = of attack.
If someone like eeye came to you and said that they would = sell you protection
and at the same time provided attackers the = information they need, how you
would feel about that extortion?
Where do you get the idea that detailed instructions are missing? =
Maybe the description isn't sufficient for you but I assure you that it = is
sufficient for others. And this example, which I'm sure you picked = because
you thought it weak on details, is not representitive. If you = want to
demonstrate that they do not cause the great harm that they do = you will need
to show that they never do this not that there exists a = single instance where
you thought they did not.
Rich
"Geo" <georger@nls.net> wrote in message news:42d822d0@w3.nls.net...
First off, if the security of my home was compromised by a flaw in a =
consumer product I would fully support the posting of the details of = that
flaw.
Second, the detailed exploit instructions are not there, only a flaw =
description is there and only that description is what I and others want =
access to. I believe the attached is the detailed exploit instructions = and
they are only for a DOS not for the remote root exploit. Of course = since you
claim this is already available to all of us at the eeye URL I = linked to you
shouldn't have an issue with me posting it here, huh?
Geo.
"Rich" <@> wrote in message news:42d7d7c8@w3.nls.net...
Such bullshit. It's not just that you are paranoid, you are =
being silly. Please post the detailed instructions for anyone to break = into
your home and kill your wife and family. You shouldn't keep this = information
exclusive to you. Others may find this useful to protect = themselves. If it
puts your family at risk, so what. "Information" = like this should be free
for all.
As for the eeye press release to which you refer, it sure does =
provide detailed instructions. It may be that you don't recognize the =
terminology but it is there, specific, and detailed.
Rich
------=_NextPart_000_006C_01C5896D.A5A98CC0
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.2800.1505" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>eeye is not posting instructions on how =
to kill=20
computer users, they are posting details of flaws in consumer=20
product.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>And I picked the SMB flaw as an example =
because=20
it's the kind of flaw that's likely to be the next worm=20
vector.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>As for the question of eeye providing =
protection=20
and at the same time providing details of a flaw, how did you feel about =
the=20
details of that bicycle lock that could be opened with a ball point pen? = Did
you=20
have an issue with those details being released on the national news = because
I=20
thought that was a good thing. It showed the public just how piss poor a =
lock=20
that junk was. I would however imagine the lock manufacturer has an =
attitude=20
similar to yours, that the information never should have been released = and
I=20
would imagine they would use the same bs arguments you are =
using.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>Consumers have a right to know the =
details of the=20
flaws found in consumer products. Be it a kids car seat, a bicycle lock, =
software, a circuit breaker, their cars, whatever.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>Geo.</FONT></DIV>
<BLOCKQUOTE dir=3Dltr=20
style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; =
BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV>"Rich" <@> wrote in message <A=20
=
href=3D"news:42d82aee@w3.nls.net">news:42d82aee@w3.nls.net</A>...</DIV>
<DIV><FONT face=3DArial size=3D2> Do you really believe =
that your=20
doors and windows protect you from outright attack? If so you =
are surely=20
going to be sorry. You escape harm simply because you one =
attacks=20
you. Post instructions on how to do so and thereby lower the =
threshold=20
and you will increase the likelihood of attack. If someone like =
eeye=20
came to you and said that they would sell you protection and at the =
same time=20
provided attackers the information they need, how you would feel about =
that=20
extortion?</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2> Where do you get the =
idea that=20
detailed instructions are missing? Maybe the description isn't=20
sufficient for you but I assure you that it is sufficient for =
others. =20
And this example, which I'm sure you picked because you thought it =
weak on=20
details, is not representitive. If you want to demonstrate that =
they do=20
not cause the great harm that they do you will need to show that they =
never do=20
this not that there exists a single instance where you thought they =
did=20
not.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>Rich</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<BLOCKQUOTE dir=3Dltr=20
style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; =
BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV>"Geo" <<A =
href=3D"mailto:georger@nls.net">georger@nls.net</A>>=20
wrote in message <A=20
=
href=3D"news:42d822d0@w3.nls.net">news:42d822d0@w3.nls.net</A>...</DIV>
<DIV><FONT face=3DArial size=3D2>First off, if the security of my =
home was=20
compromised by a flaw in a consumer product I would fully support =
the=20
posting of the details of that flaw.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>Second, the detailed exploit =
instructions=20
are not there, only a flaw description is there and only that =
description is=20
what I and others want access to. I believe the attached is=20
the detailed exploit instructions and they are only for a =
DOS not=20
for the remote root exploit. Of course since you claim this is =
already=20
available to all of us at the eeye URL I linked to you =
shouldn't have=20
an issue with me posting it here, huh?</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>Geo.</FONT></DIV>
<BLOCKQUOTE dir=3Dltr=20
style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; =
BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV>"Rich" <@> wrote in message <A=20
=
href=3D"news:42d7d7c8@w3.nls.net">news:42d7d7c8@w3.nls.net</A>...</DIV>
<DIV><FONT face=3DArial size=3D2> Such bullshit. =
It's not=20
just that you are paranoid, you are being silly. Please post =
the=20
detailed instructions for anyone to break into your home and kill =
your=20
wife and family. You shouldn't keep this information =
exclusive to=20
you. Others may find this useful to protect =
themselves. If it=20
puts your family at risk, so what. "Information" like this =
should be=20
free for all.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2> As for the eeye =
press release to=20
which you refer, it sure does provide detailed instructions. =
It may=20
be that you don't recognize the terminology but it is there, =
specific, and=20
detailed.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>Rich</FONT></DIV>
<DIV><FONT face=3DArial=20
size=3D2></FONT> </DIV></BLOCKQUOTE></BLOCKQUOTE></BLOCKQUOTE></BODY=
></HTML>
------=_NextPart_000_006C_01C5896D.A5A98CC0--
--- BBBS/NT v4.01 Flag-5
* Origin: Barktopia BBS Site http://HarborWebs.com:8081 (1:379/45)
|