Text 5347, 431 rader
Skriven 2005-06-23 17:27:48 av Rich (1:379/45)
Kommentar till text 5335 av Mike '/m' (1:379/45)
Ärende: Re: Microsoft meets the hackers
=======================================
From: "Rich" <@>
This is a multi-part message in MIME format.
------=_NextPart_000_02E3_01C57818.E04602C0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
As I said, you are pretty clear that you believe only what you want to =
believe. Maybe you want to surprise us all and state publicly that you = have
so much trust in me that you would take my word on whether or not = you should
believe a third party. Is that what you want to do?
Rich
"Mike '/m'" <mike@barkto.com> wrote in message =
news:ebbmb19d1usj44vol0ir4cnhfvbjd8s430@4ax.com...
I think is it a matter of you being deliberately evasive.
/m
On Wed, 22 Jun 2005 16:41:52 -0700, "Rich" <@> wrote:
> You are pretty clear that you believe only what you want to =
believe.
>
>Rich
>
> "Mike '/m'" <mike@barkto.com> wrote in message =
news:egnjb19bg13ail2588m87un2r08b9j7ke5@4ax.com...
>
> All I am asking is whether I can believe what that Microsoft =
security
> bulletin says. =20
>
> /m
>
>
> On Tue, 21 Jun 2005 15:20:32 -0700, "Rich" <@> wrote:
>
> > You aren't saying much of anything except your typical =
propaganda. What do you hope to gain by making claims regarding = something
about which you know something to someone who actually does = know something?
Is this how you try to feel better about yourself?
> >
> >Rich
> >
> > "Mike '/m'" <mike@barkto.com> wrote in message =
news:081hb1hkkat3tf0s5fk5be6d09sbju0bf6@4ax.com...
> >
> > Once again, I am not saying anything about what the reporter =
claimed.
> >
> > The Microsoft security bulletin states, "There is an unchecked =
buffer".
> > http://www.microsoft.com/technet/security/bulletin/MS01-059.mspx
> >
> > Are you saying that the person who wrote that security bulletin
> > published incorrect information about the security problem, and =
left it
> > in place even after a revision of the bulletin?
> >
> >
> > /m
> >
> >
> >
> > On Mon, 20 Jun 2005 21:05:07 -0700, "Rich" <@> wrote:
> >
> > > And this is what the reporter claimed. Maybe you would not =
report what was reported to you. We likely will never know. All we = know
today is that you are willing to make all sorts of claims about = something you
know nothing about trying to refute the statements of = someone with very good
knowledge of the issue. It's not like you will = be any less clueless by
repeating yourself over and over. Is this how = you feel better about
yourself?
> > >
> > >Rich
> > >
> > > "Mike '/m'" <mike@barkto.com> wrote in message =
news:buveb1lm4bkds04ndd83g288f8ti81v4dc@4ax.com...
> > >
> > > I am not talking about what the reporter wrote, I am talking =
about what
> > > the Microsoft security bulletin says in the Technical Details =
section.
> > >
> > > =3D=3D=3D
> > > The first vulnerability is a buffer overrun vulnerability. =
There is an
> > > unchecked buffer in one of the components that handle NOTIFY =
directives
> > > - messages that advertise the availability of UPnP-capable =
devices on
> > > the network. By sending a specially malformed NOTIFY =
directive, it would
> > > be possible for an attacker to cause code to run in the =
context of the
> > > UPnP subsystem, which runs with System privileges on Windows =
XP. (On
> > > Windows 98 and Windows ME, all code executes as part of the =
operating
> > > system). This would enable the attacker to gain complete =
control over
> > > the system.
> > > =3D=3D=3D
> > >
> > > "There is an unchecked buffer". Man, that sounds rather =
specific to
> > > me.=20
> > >
> > > /m
> > >
> > >
> > >
> > >
> > >
> > > On Mon, 20 Jun 2005 19:44:07 -0700, "Rich" <@> wrote:
> > >
> > > > That and of course that bulletins rarely if ever mention =
this level of detail. Unchecked buffers are one of the few exceptions = and
that I already explained. The reporter claimed he could overflow a = buffer
though did not, and has not since that I can see, given any = evidence of this.
My speculation is that better err on the side of = caution.
> > > >
> > > >Rich
> > > >
> > > > "Rich" <@> wrote in message news:42b77b11$1@w3.nls.net...
> > > > Not odd. I didn't analyze it until after I saw the =
public bulletin release and what the reporter claims in his PR was the =
scenario that generated overflows. I don't believe the reporter = understands
what he saw or if he did he kept that out of his PR and = anything else I could
find, public or private, on the topic. Unlike the = reporter, I don't issue
press releases or call reporters with what I = find even if it could be
embarrassing to him. But then I don't have a = financial interest in putting
others at risk just to try to make myself = look good.
> > > >
> > > > Rich
> > > >
> > > > "Mike '/m'" <mike@barkto.com> wrote in message =
news:15seb1pu019glla3ph9mnje9h2rogh4mnh@4ax.com...
> > > > Oddly, I see no mention of a race condition in the =
official Microsoft
> > > > security bulletin that was originally posted on December =
20, 2001 and=20
> > > > updated on May 09, 2003
> > > > =
http://www.microsoft.com/technet/security/bulletin/MS01-059.mspx
> > > >
> > > > /m
> > > >
> > > >
> > > > On Mon, 20 Jun 2005 08:00:02 -0700, "Rich" <@> wrote:
> > > >
> > > > > A race condition.
> > > > >
> > > > >Rich
> > > > >
> > > > > "Geo" <georger@nls.net> wrote in message =
news:42b699ed$2@w3.nls.net...
> > > > > Well what was it then?
> > > > >
> > > > > Geo.
> > > > > "Rich" <@> wrote in message =
news:42b5feb2@w3.nls.net...
> > > > > It is not a buffer overflow. It is not a buffer =
overrun. Neither.
> > > > >
> > > > > Rich
------=_NextPart_000_02E3_01C57818.E04602C0
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.2900.2668" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2> As I said, <FONT face=3D"Times =
New Roman"=20
size=3D3>you are pretty clear that you believe only what you want to=20
believe. Maybe you want to surprise us all and state publicly that =
you=20
have so much trust in me that you would take my word on whether or not = you=20
should believe a third party. Is that what you want to=20
do?</FONT></FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=3DArial size=3D2>Rich</FONT></DIV>
<DIV> </DIV>
<BLOCKQUOTE=20
style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; =
BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV>"Mike '/m'" <<A =
href=3D"mailto:mike@barkto.com">mike@barkto.com</A>>=20
wrote in message <A=20
=
href=3D"news:ebbmb19d1usj44vol0ir4cnhfvbjd8s430@4ax.com">news:ebbmb19d1us=
j44vol0ir4cnhfvbjd8s430@4ax.com</A>...</DIV><BR>I=20
think is it a matter of you being deliberately=20
evasive.<BR><BR> /m<BR><BR>On Wed, 22 Jun 2005 16:41:52 -0700, =
"Rich"=20
<@> wrote:<BR><BR>> You are pretty clear that you =
believe=20
only what you want to =
believe.<BR>><BR>>Rich<BR>><BR>> "Mike=20
'/m'" <<A href=3D"mailto:mike@barkto.com">mike@barkto.com</A>> =
wrote in=20
message <A=20
=
href=3D"news:egnjb19bg13ail2588m87un2r08b9j7ke5@4ax.com">news:egnjb19bg13=
ail2588m87un2r08b9j7ke5@4ax.com</A>...<BR>><BR>> =20
All I am asking is whether I can believe what that Microsoft=20
security<BR>> bulletin says. =
<BR>><BR>> =20
/m<BR>><BR>><BR>> On Tue, 21 Jun 2005 15:20:32 -0700, =
"Rich"=20
<@> wrote:<BR>><BR>> > You aren't =
saying much=20
of anything except your typical propaganda. What do you hope to =
gain by=20
making claims regarding something about which you know something to =
someone=20
who actually does know something? Is this how you try to feel =
better=20
about yourself?<BR>> ><BR>> =
>Rich<BR>> =20
><BR>> > "Mike '/m'" <<A=20
href=3D"mailto:mike@barkto.com">mike@barkto.com</A>> wrote in =
message <A=20
=
href=3D"news:081hb1hkkat3tf0s5fk5be6d09sbju0bf6@4ax.com">news:081hb1hkkat=
3tf0s5fk5be6d09sbju0bf6@4ax.com</A>...<BR>> =20
><BR>> > Once again, I am not saying anything =
about what=20
the reporter claimed.<BR>> ><BR>> > The=20
Microsoft security bulletin states, "There is an unchecked=20
buffer".<BR>> > <A=20
=
href=3D"http://www.microsoft.com/technet/security/bulletin/MS01-059.mspx"=
>http://www.microsoft.com/technet/security/bulletin/MS01-059.mspx</A><BR>=
> =20
><BR>> > Are you saying that the person who wrote =
that=20
security bulletin<BR>> > published incorrect =
information=20
about the security problem, and left it<BR>> > in =
place even=20
after a revision of the bulletin?<BR>> ><BR>> =20
><BR>> > /m<BR>> =
><BR>> =20
><BR>> ><BR>> > On Mon, 20 Jun 2005 =
21:05:07=20
-0700, "Rich" <@> wrote:<BR>> ><BR>> =
> =20
> And this is what the reporter claimed. Maybe =
you would=20
not report what was reported to you. We likely will never =
know. =20
All we know today is that you are willing to make all sorts of claims =
about=20
something you know nothing about trying to refute the statements of =
someone=20
with very good knowledge of the issue. It's not like you will be =
any=20
less clueless by repeating yourself over and over. Is this how =
you feel=20
better about yourself?<BR>> > ><BR>> =
> =20
>Rich<BR>> > ><BR>> > =
> =20
"Mike '/m'" <<A =
href=3D"mailto:mike@barkto.com">mike@barkto.com</A>> wrote=20
in message <A=20
=
href=3D"news:buveb1lm4bkds04ndd83g288f8ti81v4dc@4ax.com">news:buveb1lm4bk=
ds04ndd83g288f8ti81v4dc@4ax.com</A>...<BR>> =20
> ><BR>> > > I am not talking =
about=20
what the reporter wrote, I am talking about what<BR>> =
> =20
> the Microsoft security bulletin says in the Technical =
Details=20
section.<BR>> > ><BR>> > =
> =20
=3D=3D=3D<BR>> > > The first vulnerability =
is a buffer=20
overrun vulnerability. There is an<BR>> > > =
unchecked buffer in one of the components that handle NOTIFY=20
directives<BR>> > > - messages that =
advertise the=20
availability of UPnP-capable devices on<BR>> > =
> =20
the network. By sending a specially malformed NOTIFY directive, it=20
would<BR>> > > be possible for an attacker =
to cause=20
code to run in the context of the<BR>> > > =
UPnP=20
subsystem, which runs with System privileges on Windows XP. =
(On<BR>> =20
> > Windows 98 and Windows ME, all code executes as =
part of=20
the operating<BR>> > > system). This would =
enable=20
the attacker to gain complete control over<BR>> > =
> =20
the system.<BR>> > > =
=3D=3D=3D<BR>> > =20
><BR>> > > "There is an unchecked=20
buffer". Man, that sounds rather specific to<BR>> =
> > me. <BR>> > ><BR>> =
> > /m<BR>> > =
><BR>> =20
> ><BR>> > ><BR>> > =
><BR>> > ><BR>> > > =
On Mon,=20
20 Jun 2005 19:44:07 -0700, "Rich" <@> wrote:<BR>> =
> =20
><BR>> > > > That and of =
course=20
that bulletins rarely if ever mention this level of detail. =
Unchecked=20
buffers are one of the few exceptions and that I already =
explained. The=20
reporter claimed he could overflow a buffer though did not, and has =
not since=20
that I can see, given any evidence of this. My speculation is =
that=20
better err on the side of caution.<BR>> > > =
><BR>> > > >Rich<BR>> =
> =20
> ><BR>> > > > "Rich"=20
<@> wrote in message <A=20
=
href=3D"news:42b77b11$1@w3.nls.net">news:42b77b11$1@w3.nls.net</A>...<BR>=
> =20
> > > Not odd. I =
didn't=20
analyze it until after I saw the public bulletin release and what the =
reporter=20
claims in his PR was the scenario that generated overflows. I =
don't=20
believe the reporter understands what he saw or if he did he kept that =
out of=20
his PR and anything else I could find, public or private, on the =
topic. =20
Unlike the reporter, I don't issue press releases or call reporters =
with what=20
I find even if it could be embarrassing to him. But then I don't =
have a=20
financial interest in putting others at risk just to try to make =
myself look=20
good.<BR>> > > ><BR>> =
> =20
> > Rich<BR>> > > =20
><BR>> > > > "Mike =
'/m'"=20
<<A href=3D"mailto:mike@barkto.com">mike@barkto.com</A>> wrote =
in message=20
<A=20
=
href=3D"news:15seb1pu019glla3ph9mnje9h2rogh4mnh@4ax.com">news:15seb1pu019=
glla3ph9mnje9h2rogh4mnh@4ax.com</A>...<BR>> =20
> > > Oddly, I see no mention =
of a race=20
condition in the official Microsoft<BR>> > =
> =20
> security bulletin that was originally posted on =
December 20, 2001 and <BR>> > > =20
> updated on May 09, 2003<BR>> =
> =20
> > <A=20
=
href=3D"http://www.microsoft.com/technet/security/bulletin/MS01-059.mspx"=
>http://www.microsoft.com/technet/security/bulletin/MS01-059.mspx</A><BR>=
> =20
> > ><BR>> > > =20
> /m<BR>> > > =20
><BR>> > > ><BR>> > =
> > On Mon, 20 Jun 2005 08:00:02 -0700, =
"Rich"=20
<@> wrote:<BR>> > > =
><BR>> =20
> > > > A race=20
condition.<BR>> > > > =20
><BR>> > > > =20
>Rich<BR>> > > > =20
><BR>> > > > =
> =20
"Geo" <<A href=3D"mailto:georger@nls.net">georger@nls.net</A>> =
wrote in=20
message <A=20
=
href=3D"news:42b699ed$2@w3.nls.net">news:42b699ed$2@w3.nls.net</A>...<BR>=
> =20
> > > > Well what was =
it=20
then?<BR>> > > > =20
><BR>> > > > =
> =20
Geo.<BR>> > > > =20
> "Rich" <@> wrote in message <A=20
=
href=3D"news:42b5feb2@w3.nls.net">news:42b5feb2@w3.nls.net</A>...<BR>>=
=20
> > > =20
> It is not a buffer =
overflow. It=20
is not a buffer overrun. Neither.<BR>> > =
> =20
> ><BR>> > > =20
> > =20
Rich<BR></BLOCKQUOTE></BODY></HTML>
------=_NextPart_000_02E3_01C57818.E04602C0--
--- BBBS/NT v4.01 Flag-5
* Origin: Barktopia BBS Site http://HarborWebs.com:8081 (1:379/45)
|