Tillbaka till svenska Fidonet
English   Information   Debug  
OS2BBS   0/787
OS2DOSBBS   0/580
OS2HW   0/42
OS2INET   0/37
OS2LAN   0/134
OS2PROG   0/36
OS2REXX   0/113
OS2USER-L   207
OS2   0/4786
OSDEBATE   7333/18996
PASCAL   0/490
PERL   0/457
PHP   0/45
POINTS   0/405
POLITICS   0/29554
POL_INC   0/14731
PSION   103
R20_ADMIN   1121
R20_AMATORRADIO   0/2
R20_BEST_OF_FIDONET   13
R20_CHAT   0/893
R20_DEPP   0/3
R20_DEV   399
R20_ECHO2   1379
R20_ECHOPRES   0/35
R20_ESTAT   0/719
R20_FIDONETPROG...
...RAM.MYPOINT
  0/2
R20_FIDONETPROGRAM   0/22
R20_FIDONET   0/248
R20_FILEFIND   0/24
R20_FILEFOUND   0/22
R20_HIFI   0/3
R20_INFO2   3205
R20_INTERNET   0/12940
R20_INTRESSE   0/60
R20_INTR_KOM   0/99
R20_KANDIDAT.CHAT   42
R20_KANDIDAT   28
R20_KOM_DEV   112
R20_KONTROLL   0/13258
R20_KORSET   0/18
R20_LOKALTRAFIK   0/24
R20_MODERATOR   0/1852
R20_NC   76
R20_NET200   245
R20_NETWORK.OTH...
...ERNETS
  0/13
R20_OPERATIVSYS...
...TEM.LINUX
  0/44
R20_PROGRAMVAROR   0/1
R20_REC2NEC   534
R20_SFOSM   0/340
R20_SF   0/108
R20_SPRAK.ENGLISH   0/1
R20_SQUISH   107
R20_TEST   2
R20_WORST_OF_FIDONET   12
RAR   0/9
RA_MULTI   106
RA_UTIL   0/162
REGCON.EUR   0/2056
REGCON   0/13
SCIENCE   0/1206
SF   0/239
SHAREWARE_SUPPORT   0/5146
SHAREWRE   0/14
SIMPSONS   0/169
STATS_OLD1   0/2539.065
STATS_OLD2   0/2530
STATS_OLD3   0/2395.095
STATS_OLD4   0/1692.25
SURVIVOR   0/495
SYSOPS_CORNER   0/3
SYSOP   0/84
TAGLINES   0/112
TEAMOS2   0/4530
TECH   0/2617
TEST.444   0/105
TRAPDOOR   0/19
TREK   0/755
TUB   0/290
UFO   0/40
UNIX   0/1316
USA_EURLINK   0/102
USR_MODEMS   0/1
VATICAN   0/2740
VIETNAM_VETS   0/14
VIRUS   0/378
VIRUS_INFO   0/201
VISUAL_BASIC   0/473
WHITEHOUSE   0/5187
WIN2000   0/101
WIN32   0/30
WIN95   0/4288
WIN95_OLD1   0/70272
WINDOWS   0/1517
WWB_SYSOP   0/419
WWB_TECH   0/810
ZCC-PUBLIC   0/1
ZEC   4

 
4DOS   0/134
ABORTION   0/7
ALASKA_CHAT   0/506
ALLFIX_FILE   0/1313
ALLFIX_FILE_OLD1   0/7997
ALT_DOS   0/152
AMATEUR_RADIO   0/1039
AMIGASALE   0/14
AMIGA   0/331
AMIGA_INT   0/1
AMIGA_PROG   0/20
AMIGA_SYSOP   0/26
ANIME   0/15
ARGUS   0/924
ASCII_ART   0/340
ASIAN_LINK   0/651
ASTRONOMY   0/417
AUDIO   0/92
AUTOMOBILE_RACING   0/105
BABYLON5   0/17862
BAG   135
BATPOWER   0/361
BBBS.ENGLISH   0/382
BBSLAW   0/109
BBS_ADS   0/5290
BBS_INTERNET   0/507
BIBLE   0/3563
BINKD   0/1119
BINKLEY   0/215
BLUEWAVE   0/2173
CABLE_MODEMS   0/25
CBM   0/46
CDRECORD   0/66
CDROM   0/20
CLASSIC_COMPUTER   0/378
COMICS   0/15
CONSPRCY   0/899
COOKING   32677
COOKING_OLD1   0/24719
COOKING_OLD2   0/40862
COOKING_OLD3   0/37489
COOKING_OLD4   0/35496
COOKING_OLD5   9370
C_ECHO   0/189
C_PLUSPLUS   0/31
DIRTY_DOZEN   0/201
DOORGAMES   0/2053
DOS_INTERNET   0/196
duplikat   6002
ECHOLIST   0/18295
EC_SUPPORT   0/318
ELECTRONICS   0/359
ELEKTRONIK.GER   1534
ENET.LINGUISTIC   0/13
ENET.POLITICS   0/4
ENET.SOFT   0/11701
ENET.SYSOP   33888
ENET.TALKS   0/32
ENGLISH_TUTOR   0/2000
EVOLUTION   0/1335
FDECHO   0/217
FDN_ANNOUNCE   0/7068
FIDONEWS   24094
FIDONEWS_OLD1   0/49742
FIDONEWS_OLD2   0/35949
FIDONEWS_OLD3   0/30874
FIDONEWS_OLD4   0/37224
FIDO_SYSOP   12852
FIDO_UTIL   0/180
FILEFIND   0/209
FILEGATE   0/212
FILM   0/18
FNEWS_PUBLISH   4393
FN_SYSOP   41678
FN_SYSOP_OLD1   71952
FTP_FIDO   0/2
FTSC_PUBLIC   0/13598
FUNNY   0/4886
GENEALOGY.EUR   0/71
GET_INFO   105
GOLDED   0/408
HAM   0/16069
HOLYSMOKE   0/6791
HOT_SITES   0/1
HTMLEDIT   0/71
HUB203   466
HUB_100   264
HUB_400   39
HUMOR   0/29
IC   0/2851
INTERNET   0/424
INTERUSER   0/3
IP_CONNECT   719
JAMNNTPD   0/233
JAMTLAND   0/47
KATTY_KORNER   0/41
LAN   0/16
LINUX-USER   0/19
LINUXHELP   0/1155
LINUX   0/22090
LINUX_BBS   0/957
mail   18.68
mail_fore_ok   249
MENSA   0/341
MODERATOR   0/102
MONTE   0/992
MOSCOW_OKLAHOMA   0/1245
MUFFIN   0/783
MUSIC   0/321
N203_STAT   924
N203_SYSCHAT   313
NET203   321
NET204   69
NET_DEV   0/10
NORD.ADMIN   0/101
NORD.CHAT   0/2572
NORD.FIDONET   189
NORD.HARDWARE   0/28
NORD.KULTUR   0/114
NORD.PROG   0/32
NORD.SOFTWARE   0/88
NORD.TEKNIK   0/58
NORD   0/453
OCCULT_CHAT   0/93
Möte OSDEBATE, 18996 texter
 lista första sista föregående nästa
Text 6094, 215 rader
Skriven 2005-07-16 12:29:18 av Geo (1:379/45)
   Kommentar till text 6083 av Rich (1:379/45)
Ärende: Re: eeye's irresponsible self-serving behavior
======================================================
From: "Geo" <georger@nls.net>

This is a multi-part message in MIME format.

------=_NextPart_000_0060_01C58A01.FD13A290
Content-Type: text/plain;
        charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

from =
http://www.microsoft.com/downloads/details.aspx?FamilyId=3D049C9DBE-3B8E-=
4F30-8245-9E368D3CDB5A&displaylang=3Den

Overview
Microsoft Windows XP Service Pack 2 (SP2) provides new proactive = security
technologies for Windows XP to better defend against viruses, = worms, and
hackers.=20

The very first sentence specifically says exactly what I was saying, you = want
to argue, argue with Microsoft. It was not motivated by people = reporting
bugs, it was motivated by virus, worms, and hackers.

Geo.
  "Rich" <@> wrote in message news:42d830cd@w3.nls.net...
     You are mistaken.  IMHO, there are two major visible areas of =
change in SP2.  One are the changes enabled by new hardware support for = NX
together with related protection backported from Windows Server 2003 = SP1. 
These are visible to developers but not much to end users so I = would not be
surprised if this isn't considered a major visible change = to many.  There are
no bug fixes here.  Just using the new capabilities = to mitigate against harm
if an attack manages to get through.  The = second are the UI changes like
changing from modal dialogs and message = boxes to the modeless information bar
in IE or text and graphics changes = to existing warnings.  Again there are no
bug fixes here.  The purpose = of these changes is to further discourage users
from taking action = against their own interest.  SP2 includes fixes like those
you expect to = find in an SP but nothing stands out in my mind.

     As for the claim that eeye was doing anything except creating harm =
to the public for their own self-interest is laughable.  Off the top of = my
head I can't think of any instance of eeye doing more than exploiting = trivial
bugs.  This is why I have stated several times that their work = is interesting
only in the great harm they promote and not in any = technical sense.  In
particularl it has the feel of being found by an = automated tool, which they
had claimed in earlier press.  If you want = examples of folks that find
interesting stuff, look at some of the folks = doing HTML based attacks, which
are more likely design flaws not simple = bugs, or the Litchfields which report
on interesting areas though ones = that usually apply after exploiting some
simple bug.

     One thing I find humorous is that you from time to time go off on =
some "think like a hacker" rant as if it is a reflection on how to find =
problems.  The eeye folks issue press releases on not so interesting = problems
and fail to demonstate any thinking like a hacker in this = sense.  Where they
do fit this term is if you use it in the sense of = "think like a criminal" in
that they make an effort to cause damage to = others for their own financial
gain.  It is entirely within their power = to change from irresponsible
self-serving jerks to serve the greater = good and still sell their products
and eat.  They choose not to.  You're = not just excusing their reprehensible
behavior but encouraging it = reflects badly on you.

  Rich

    "Geo" <georger@nls.net> wrote in message news:42d81f37@w3.nls.net...
    Almost all the stuff fixed in the biggest security update for =
windows, XPsp2, were motivated by worm writers, virus writers, and other =
exploit coders, not by people reporting bugs. Why weren't these changes = made
years before eeye existed when the security industry was hammering = on
microsoft for their unsafe defaults, insecure features, etc? It took = YEARS of
world wide infections to motivate Microsoft to act.

    Geo.
------=_NextPart_000_0060_01C58A01.FD13A290
Content-Type: text/html;
        charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.2800.1505" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>from <A=20
href=3D"http://www.microsoft.com/downloads/details.aspx?FamilyId=3D049C9D=
BE-3B8E-4F30-8245-9E368D3CDB5A&amp;displaylang=3Den">http://www.microsoft=
.com/downloads/details.aspx?FamilyId=3D049C9DBE-3B8E-4F30-8245-9E368D3CDB=
5A&amp;displaylang=3Den</A></FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
<DIV>
<H4>Overview</H4>
<DIV class=3DDetailsContent id=3Doverview>Microsoft Windows XP Service =
Pack 2 (SP2)=20
provides new proactive security technologies for Windows XP to better =
defend=20
against viruses, worms, and hackers. </DIV>
<DIV class=3DDetailsContent>&nbsp;</DIV>
<DIV class=3DDetailsContent><FONT face=3DArial size=3D2>The very first =
sentence=20
specifically says exactly what I was saying, you want to argue, argue = with=20
Microsoft. It was not motivated by people reporting bugs, it was = motivated
by=20
virus, worms, and hackers.</FONT></DIV>
<DIV class=3DDetailsContent><FONT face=3DArial =
size=3D2></FONT>&nbsp;</DIV>
<DIV class=3DDetailsContent><FONT face=3DArial =
size=3D2>Geo.</FONT></DIV></DIV>
<BLOCKQUOTE dir=3Dltr=20
style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; =
BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
  <DIV>"Rich" &lt;@&gt; wrote in message <A=20
  =
href=3D"news:42d830cd@w3.nls.net">news:42d830cd@w3.nls.net</A>...</DIV>
  <DIV><FONT face=3DArial size=3D2>&nbsp;&nbsp; You are mistaken.&nbsp; =
IMHO, there=20
  are two major visible areas of change in SP2.&nbsp; One are the =
changes=20
  enabled by new hardware support for NX together with related =
protection=20
  backported from Windows Server 2003 SP1.&nbsp; These are visible to =
developers=20
  but not much to end users so I would not be surprised if this isn't =
considered=20
  a major visible change to many.&nbsp; There are no bug fixes =
here.&nbsp; Just=20
  using the new capabilities to mitigate against harm if an attack =
manages to=20
  get through.&nbsp; The second are the UI changes like changing from =
modal=20
  dialogs and message boxes to the modeless information bar in IE or =
text and=20
  graphics changes to existing warnings.&nbsp; Again there are no bug =
fixes=20
  here.&nbsp; The purpose of these changes is to further discourage =
users from=20
  taking action against their own interest.&nbsp; SP2 includes fixes =
like those=20
  you expect to find in an SP but nothing stands out in my =
mind.</FONT></DIV>
  <DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
  <DIV><FONT face=3DArial size=3D2>&nbsp;&nbsp; As for the claim that =
eeye was doing=20
  anything except creating harm to the public for their own =
self-interest is=20
  laughable.&nbsp; Off the top of my head I can't think of any instance =
of eeye=20
  doing more than exploiting trivial bugs.&nbsp; This is why I have =
stated=20
  several times that their work is interesting only in the great harm =
they=20
  promote and not in any technical sense.&nbsp; In particularl it has =
the feel=20
  of being found by an automated tool, which they had claimed in earlier =

  press.&nbsp; If you want examples of folks that find interesting =
stuff, look=20
  at some of the folks doing HTML based attacks, which are more likely =
design=20
  flaws not simple bugs, or the Litchfields which report on interesting =
areas=20
  though ones that usually apply after exploiting some simple =
bug.</FONT></DIV>
  <DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
  <DIV><FONT face=3DArial size=3D2>&nbsp;&nbsp; One thing I find =
humorous is that=20
  you from time to time go off on some "think like a hacker" rant as if =
it is a=20
  reflection on how to find&nbsp;problems.&nbsp; The eeye folks issue =
press=20
  releases on not so&nbsp;interesting problems and fail to demonstate =
any=20
  thinking like a hacker in this sense.&nbsp; Where they do fit this =
term is if=20
  you use it in the sense of "think like a criminal" in that they make =
an effort=20
  to cause damage to others for their own financial gain.&nbsp; It is =
entirely=20
  within their power to change from irresponsible self-serving jerks to =
serve=20
  the greater good and still sell their products and eat.&nbsp; They =
choose not=20
  to.&nbsp; You're not just excusing their reprehensible behavior but=20
  encouraging it reflects badly on you.</FONT></DIV>
  <DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
  <DIV><FONT face=3DArial size=3D2>Rich</FONT></DIV>
  <DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
  <BLOCKQUOTE dir=3Dltr=20
  style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; =
BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
    <DIV>"Geo" &lt;<A =
href=3D"mailto:georger@nls.net">georger@nls.net</A>&gt;=20
    wrote in message <A=20
    =
href=3D"news:42d81f37@w3.nls.net">news:42d81f37@w3.nls.net</A>...</DIV>
    <DIV><FONT face=3DArial size=3D2>Almost all the stuff fixed in the =
biggest=20
    security update for windows, XPsp2, were motivated by worm writers, =
virus=20
    writers, and other exploit coders, not by people reporting bugs. Why =
weren't=20
    these changes made years before eeye existed when the security =
industry was=20
    hammering on microsoft for their unsafe defaults, insecure features, =
etc? It=20
    took YEARS of world wide infections to motivate Microsoft to=20
    act.</FONT></DIV>
    <DIV><FONT face=3DArial size=3D2></FONT>&nbsp;</DIV>
    <DIV><FONT face=3DArial=20
size=3D2>Geo.</FONT></DIV></BLOCKQUOTE></BLOCKQUOTE></BODY></HTML>

------=_NextPart_000_0060_01C58A01.FD13A290--

--- BBBS/NT v4.01 Flag-5
 * Origin: Barktopia BBS Site http://HarborWebs.com:8081 (1:379/45)