Text 6132, 340 rader
Skriven 2005-07-17 21:08:16 av Geo (1:379/45)
Kommentar till text 6130 av Rich (1:379/45)
Ärende: Re: eeye's irresponsible self-serving behavior
======================================================
From: "Geo" <georger@nls.net>
This is a multi-part message in MIME format.
------=_NextPart_000_038E_01C58B13.A6798B30
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
When I said "stuff fixed" I'm including things like default settings.
Geo.=20
"Rich" <@> wrote in message news:42dafd10@w3.nls.net...
Again the motivation was not for any "stuff fixed". If it was just =
that it would have been no more interesting than any other SP. What = made it
unusual were changes other than fixes to take advantage of new = hardware and
to help users avoid taking actions against their own = interest as that is a
common way, probably the most common way, for = users to get infected with
viruses, worms, etc. This is exactly what I = wrote in response to your
nonsense.
Try to remember your own bullshit and not try to pretend you wrote =
something else.
Rich
"Geo" <georger@nls.net> wrote in message news:42daee1c@w3.nls.net...
I spoke about the motivation behind the largest windows security =
update not what was patched. The issue was that it wasn't motivated by = bug
reports, it was motivated by virus, worms, and coded exploits. The = very first
sentence of MS's overview even says this specifically.
Geo.
"Rich" <@> wrote in message news:42d93a21@w3.nls.net...
you can't even remember your own bullshit. You wrote "all =
the stuff fixed ...". I replaced with what I viewed as the two major = visible
changes were new functionality and UI enhancements. The text = from
microsoft.com that you quote supports my statement not your = nonsense about
"stuff fixed".
Rich
"Geo" <georger@nls.net> wrote in message =
news:42d93529@w3.nls.net...
from =
http://www.microsoft.com/downloads/details.aspx?FamilyId=3D049C9DBE-3B8E-=
4F30-8245-9E368D3CDB5A&displaylang=3Den
Overview
Microsoft Windows XP Service Pack 2 (SP2) provides new proactive =
security technologies for Windows XP to better defend against viruses, = worms,
and hackers.=20
The very first sentence specifically says exactly what I was =
saying, you want to argue, argue with Microsoft. It was not motivated by =
people reporting bugs, it was motivated by virus, worms, and hackers.
Geo.
"Rich" <@> wrote in message news:42d830cd@w3.nls.net...
You are mistaken. IMHO, there are two major visible areas =
of change in SP2. One are the changes enabled by new hardware support = for NX
together with related protection backported from Windows Server = 2003 SP1.
These are visible to developers but not much to end users so = I would not be
surprised if this isn't considered a major visible change = to many. There are
no bug fixes here. Just using the new capabilities = to mitigate against harm
if an attack manages to get through. The = second are the UI changes like
changing from modal dialogs and message = boxes to the modeless information bar
in IE or text and graphics changes = to existing warnings. Again there are no
bug fixes here. The purpose = of these changes is to further discourage users
from taking action = against their own interest. SP2 includes fixes like those
you expect to = find in an SP but nothing stands out in my mind.
As for the claim that eeye was doing anything except =
creating harm to the public for their own self-interest is laughable. = Off
the top of my head I can't think of any instance of eeye doing more = than
exploiting trivial bugs. This is why I have stated several times = that their
work is interesting only in the great harm they promote and = not in any
technical sense. In particularl it has the feel of being = found by an
automated tool, which they had claimed in earlier press. If = you want
examples of folks that find interesting stuff, look at some of = the folks
doing HTML based attacks, which are more likely design flaws = not simple bugs,
or the Litchfields which report on interesting areas = though ones that usually
apply after exploiting some simple bug.
One thing I find humorous is that you from time to time go =
off on some "think like a hacker" rant as if it is a reflection on how = to
find problems. The eeye folks issue press releases on not so = interesting
problems and fail to demonstate any thinking like a hacker = in this sense.
Where they do fit this term is if you use it in the = sense of "think like a
criminal" in that they make an effort to cause = damage to others for their own
financial gain. It is entirely within = their power to change from
irresponsible self-serving jerks to serve the = greater good and still sell
their products and eat. They choose not to. =
You're not just excusing their reprehensible behavior but encouraging =
it reflects badly on you.
Rich
"Geo" <georger@nls.net> wrote in message =
news:42d81f37@w3.nls.net...
Almost all the stuff fixed in the biggest security update =
for windows, XPsp2, were motivated by worm writers, virus writers, and = other
exploit coders, not by people reporting bugs. Why weren't these = changes made
years before eeye existed when the security industry was = hammering on
microsoft for their unsafe defaults, insecure features, = etc? It took YEARS of
world wide infections to motivate Microsoft to = act.
Geo.
------=_NextPart_000_038E_01C58B13.A6798B30
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.2800.1505" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>When I said "stuff fixed" I'm including =
things like=20
default settings.</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=3DArial size=3D2>Geo.</FONT> </DIV>
<BLOCKQUOTE dir=3Dltr=20
style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; =
BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV>"Rich" <@> wrote in message <A=20
=
href=3D"news:42dafd10@w3.nls.net">news:42dafd10@w3.nls.net</A>...</DIV>
<DIV><FONT face=3DArial size=3D2> Again the motivation was =
not for any=20
"stuff fixed". If it was just that it would have been no more=20
interesting than any other SP. What made it unusual were changes =
other=20
than fixes to take advantage of new hardware and to help users avoid =
taking=20
actions against their own interest as that is a common way, probably =
the most=20
common way, for users to get infected with viruses, worms, etc. =
This is=20
exactly what I wrote in response to your nonsense.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2> Try to remember your own =
bullshit=20
and not try to pretend you wrote something else.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>Rich</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<BLOCKQUOTE dir=3Dltr=20
style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; =
BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV>"Geo" <<A =
href=3D"mailto:georger@nls.net">georger@nls.net</A>>=20
wrote in message <A=20
=
href=3D"news:42daee1c@w3.nls.net">news:42daee1c@w3.nls.net</A>...</DIV>
<DIV><FONT face=3DArial size=3D2>I spoke about the motivation behind =
the largest=20
windows security update not what was patched. The issue was that it =
wasn't=20
motivated by bug reports, it was motivated by virus, worms, and =
coded=20
exploits. The very first sentence of MS's overview even says this=20
specifically.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>Geo.</FONT></DIV>
<BLOCKQUOTE dir=3Dltr=20
style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; =
BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV>"Rich" <@> wrote in message <A=20
=
href=3D"news:42d93a21@w3.nls.net">news:42d93a21@w3.nls.net</A>...</DIV>
<DIV><FONT face=3DArial size=3D2> =
you can't even=20
remember your own bullshit. You wrote "all the stuff fixed=20
...". I replaced with what I viewed as the two major visible =
changes=20
were new functionality and UI enhancements. The text from=20
microsoft.com that you quote supports my statement not your =
nonsense about=20
"stuff fixed".</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>Rich</FONT></DIV>
<DIV> </DIV>
<BLOCKQUOTE dir=3Dltr=20
style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; =
BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV>"Geo" <<A =
href=3D"mailto:georger@nls.net">georger@nls.net</A>>=20
wrote in message <A=20
=
href=3D"news:42d93529@w3.nls.net">news:42d93529@w3.nls.net</A>...</DIV>
<DIV><FONT face=3DArial size=3D2>from <A=20
=
href=3D"http://www.microsoft.com/downloads/details.aspx?FamilyId=3D049C9D=
BE-3B8E-4F30-8245-9E368D3CDB5A&displaylang=3Den">http://www.microsoft=
.com/downloads/details.aspx?FamilyId=3D049C9DBE-3B8E-4F30-8245-9E368D3CDB=
5A&displaylang=3Den</A></FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV>
<H4>Overview</H4>
<DIV class=3DDetailsContent id=3Doverview>Microsoft Windows XP =
Service Pack=20
2 (SP2) provides new proactive security technologies for Windows =
XP to=20
better defend against viruses, worms, and hackers. </DIV>
<DIV class=3DDetailsContent> </DIV>
<DIV class=3DDetailsContent><FONT face=3DArial size=3D2>The very =
first=20
sentence specifically says exactly what I was saying, you want =
to argue,=20
argue with Microsoft. It was not motivated by people reporting =
bugs, it=20
was motivated by virus, worms, and hackers.</FONT></DIV>
<DIV class=3DDetailsContent><FONT face=3DArial =
size=3D2></FONT> </DIV>
<DIV class=3DDetailsContent><FONT face=3DArial=20
size=3D2>Geo.</FONT></DIV></DIV>
<BLOCKQUOTE dir=3Dltr=20
style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: =
5px; BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV>"Rich" <@> wrote in message <A=20
=
href=3D"news:42d830cd@w3.nls.net">news:42d830cd@w3.nls.net</A>...</DIV>
<DIV><FONT face=3DArial size=3D2> You are =
mistaken. =20
IMHO, there are two major visible areas of change in =
SP2. One=20
are the changes enabled by new hardware support for NX =
together with=20
related protection backported from Windows Server 2003 =
SP1. =20
These are visible to developers but not much to end users so I =
would=20
not be surprised if this isn't considered a major visible =
change to=20
many. There are no bug fixes here. Just using the =
new=20
capabilities to mitigate against harm if an attack manages to =
get=20
through. The second are the UI changes like changing =
from modal=20
dialogs and message boxes to the modeless information bar in =
IE or=20
text and graphics changes to existing warnings. Again =
there are=20
no bug fixes here. The purpose of these changes is to =
further=20
discourage users from taking action against their own =
interest. =20
SP2 includes fixes like those you expect to find in an SP but =
nothing=20
stands out in my mind.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2> As for the claim =
that eeye=20
was doing anything except creating harm to the public for =
their own=20
self-interest is laughable. Off the top of my head I =
can't think=20
of any instance of eeye doing more than exploiting trivial =
bugs. =20
This is why I have stated several times that their work is =
interesting=20
only in the great harm they promote and not in any technical=20
sense. In particularl it has the feel of being found by =
an=20
automated tool, which they had claimed in earlier press. =
If you=20
want examples of folks that find interesting stuff, look at =
some of=20
the folks doing HTML based attacks, which are more likely =
design flaws=20
not simple bugs, or the Litchfields which report on =
interesting areas=20
though ones that usually apply after exploiting some simple=20
bug.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2> One thing I find =
humorous is=20
that you from time to time go off on some "think like a =
hacker" rant=20
as if it is a reflection on how to find problems. =
The eeye=20
folks issue press releases on not so interesting problems =
and=20
fail to demonstate any thinking like a hacker in this =
sense. =20
Where they do fit this term is if you use it in the sense of =
"think=20
like a criminal" in that they make an effort to cause damage =
to others=20
for their own financial gain. It is entirely within =
their power=20
to change from irresponsible self-serving jerks to serve the =
greater=20
good and still sell their products and eat. They choose =
not=20
to. You're not just excusing their reprehensible =
behavior but=20
encouraging it reflects badly on you.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>Rich</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<BLOCKQUOTE dir=3Dltr=20
style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: =
5px; BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV>"Geo" <<A=20
href=3D"mailto:georger@nls.net">georger@nls.net</A>> =
wrote in=20
message <A=20
=
href=3D"news:42d81f37@w3.nls.net">news:42d81f37@w3.nls.net</A>...</DIV>
<DIV><FONT face=3DArial size=3D2>Almost all the stuff fixed =
in the=20
biggest security update for windows, XPsp2, were motivated =
by worm=20
writers, virus writers, and other exploit coders, not by =
people=20
reporting bugs. Why weren't these changes made years before =
eeye=20
existed when the security industry was hammering on =
microsoft for=20
their unsafe defaults, insecure features, etc? It took YEARS =
of=20
world wide infections to motivate Microsoft to =
act.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial=20
=
size=3D2>Geo.</FONT></DIV></BLOCKQUOTE></BLOCKQUOTE></BLOCKQUOTE></BLOCKQ=
UOTE></BLOCKQUOTE></BLOCKQUOTE></BODY></HTML>
------=_NextPart_000_038E_01C58B13.A6798B30--
--- BBBS/NT v4.01 Flag-5
* Origin: Barktopia BBS Site http://HarborWebs.com:8081 (1:379/45)
|