Text 6100, 248 rader
Skriven 2005-07-16 09:50:56 av Rich (1:379/45)
Kommentar till text 6094 av Geo (1:379/45)
Ärende: Re: eeye's irresponsible self-serving behavior
======================================================
From: "Rich" <@>
This is a multi-part message in MIME format.
------=_NextPart_000_012D_01C589EB.DCEF0920
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
you can't even remember your own bullshit. You wrote "all the =
stuff fixed ...". I replaced with what I viewed as the two major = visible
changes were new functionality and UI enhancements. The text = from
microsoft.com that you quote supports my statement not your = nonsense about
"stuff fixed".
Rich
"Geo" <georger@nls.net> wrote in message news:42d93529@w3.nls.net...
from =
http://www.microsoft.com/downloads/details.aspx?FamilyId=3D049C9DBE-3B8E-=
4F30-8245-9E368D3CDB5A&displaylang=3Den
Overview
Microsoft Windows XP Service Pack 2 (SP2) provides new proactive =
security technologies for Windows XP to better defend against viruses, = worms,
and hackers.=20
The very first sentence specifically says exactly what I was saying, =
you want to argue, argue with Microsoft. It was not motivated by people =
reporting bugs, it was motivated by virus, worms, and hackers.
Geo.
"Rich" <@> wrote in message news:42d830cd@w3.nls.net...
You are mistaken. IMHO, there are two major visible areas of =
change in SP2. One are the changes enabled by new hardware support for = NX
together with related protection backported from Windows Server 2003 = SP1.
These are visible to developers but not much to end users so I = would not be
surprised if this isn't considered a major visible change = to many. There are
no bug fixes here. Just using the new capabilities = to mitigate against harm
if an attack manages to get through. The = second are the UI changes like
changing from modal dialogs and message = boxes to the modeless information bar
in IE or text and graphics changes = to existing warnings. Again there are no
bug fixes here. The purpose = of these changes is to further discourage users
from taking action = against their own interest. SP2 includes fixes like those
you expect to = find in an SP but nothing stands out in my mind.
As for the claim that eeye was doing anything except creating =
harm to the public for their own self-interest is laughable. Off the = top of
my head I can't think of any instance of eeye doing more than = exploiting
trivial bugs. This is why I have stated several times that = their work is
interesting only in the great harm they promote and not in = any technical
sense. In particularl it has the feel of being found by = an automated tool,
which they had claimed in earlier press. If you want = examples of folks that
find interesting stuff, look at some of the folks = doing HTML based attacks,
which are more likely design flaws not simple = bugs, or the Litchfields which
report on interesting areas though ones = that usually apply after exploiting
some simple bug.
One thing I find humorous is that you from time to time go off on =
some "think like a hacker" rant as if it is a reflection on how to find =
problems. The eeye folks issue press releases on not so interesting = problems
and fail to demonstate any thinking like a hacker in this = sense. Where they
do fit this term is if you use it in the sense of = "think like a criminal" in
that they make an effort to cause damage to = others for their own financial
gain. It is entirely within their power = to change from irresponsible
self-serving jerks to serve the greater = good and still sell their products
and eat. They choose not to. You're = not just excusing their reprehensible
behavior but encouraging it = reflects badly on you.
Rich
"Geo" <georger@nls.net> wrote in message =
news:42d81f37@w3.nls.net...
Almost all the stuff fixed in the biggest security update for =
windows, XPsp2, were motivated by worm writers, virus writers, and other =
exploit coders, not by people reporting bugs. Why weren't these changes = made
years before eeye existed when the security industry was hammering = on
microsoft for their unsafe defaults, insecure features, etc? It took = YEARS of
world wide infections to motivate Microsoft to act.
Geo.
------=_NextPart_000_012D_01C589EB.DCEF0920
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.2900.2668" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2> you =
can't even=20
remember your own bullshit. You wrote "all the stuff fixed = ...".
I=20
replaced with what I viewed as the two major visible changes were new=20
functionality and UI enhancements. The text from microsoft.com = that
you=20
quote supports my statement not your nonsense about "stuff =
fixed".</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>Rich</FONT></DIV>
<DIV> </DIV>
<BLOCKQUOTE dir=3Dltr=20
style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; =
BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV>"Geo" <<A =
href=3D"mailto:georger@nls.net">georger@nls.net</A>> wrote=20
in message <A=20
=
href=3D"news:42d93529@w3.nls.net">news:42d93529@w3.nls.net</A>...</DIV>
<DIV><FONT face=3DArial size=3D2>from <A=20
=
href=3D"http://www.microsoft.com/downloads/details.aspx?FamilyId=3D049C9D=
BE-3B8E-4F30-8245-9E368D3CDB5A&displaylang=3Den">http://www.microsoft=
.com/downloads/details.aspx?FamilyId=3D049C9DBE-3B8E-4F30-8245-9E368D3CDB=
5A&displaylang=3Den</A></FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV>
<H4>Overview</H4>
<DIV class=3DDetailsContent id=3Doverview>Microsoft Windows XP Service =
Pack 2=20
(SP2) provides new proactive security technologies for Windows XP to =
better=20
defend against viruses, worms, and hackers. </DIV>
<DIV class=3DDetailsContent> </DIV>
<DIV class=3DDetailsContent><FONT face=3DArial size=3D2>The very first =
sentence=20
specifically says exactly what I was saying, you want to argue, argue =
with=20
Microsoft. It was not motivated by people reporting bugs, it was =
motivated by=20
virus, worms, and hackers.</FONT></DIV>
<DIV class=3DDetailsContent><FONT face=3DArial =
size=3D2></FONT> </DIV>
<DIV class=3DDetailsContent><FONT face=3DArial =
size=3D2>Geo.</FONT></DIV></DIV>
<BLOCKQUOTE dir=3Dltr=20
style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; =
BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV>"Rich" <@> wrote in message <A=20
=
href=3D"news:42d830cd@w3.nls.net">news:42d830cd@w3.nls.net</A>...</DIV>
<DIV><FONT face=3DArial size=3D2> You are =
mistaken. IMHO,=20
there are two major visible areas of change in SP2. One are =
the=20
changes enabled by new hardware support for NX together with related =
protection backported from Windows Server 2003 SP1. These are =
visible=20
to developers but not much to end users so I would not be surprised =
if this=20
isn't considered a major visible change to many. There are no =
bug=20
fixes here. Just using the new capabilities to mitigate =
against harm=20
if an attack manages to get through. The second are the UI =
changes=20
like changing from modal dialogs and message boxes to the modeless=20
information bar in IE or text and graphics changes to existing=20
warnings. Again there are no bug fixes here. The purpose =
of=20
these changes is to further discourage users from taking action =
against=20
their own interest. SP2 includes fixes like those you expect =
to find=20
in an SP but nothing stands out in my mind.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2> As for the claim that =
eeye was=20
doing anything except creating harm to the public for their own=20
self-interest is laughable. Off the top of my head I can't =
think of=20
any instance of eeye doing more than exploiting trivial bugs. =
This is=20
why I have stated several times that their work is interesting only =
in the=20
great harm they promote and not in any technical sense. In =
particularl=20
it has the feel of being found by an automated tool, which they had =
claimed=20
in earlier press. If you want examples of folks that find =
interesting=20
stuff, look at some of the folks doing HTML based attacks, which are =
more=20
likely design flaws not simple bugs, or the Litchfields which report =
on=20
interesting areas though ones that usually apply after exploiting =
some=20
simple bug.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2> One thing I find =
humorous is that=20
you from time to time go off on some "think like a hacker" rant as =
if it is=20
a reflection on how to find problems. The eeye folks =
issue press=20
releases on not so interesting problems and fail to demonstate =
any=20
thinking like a hacker in this sense. Where they do fit this =
term is=20
if you use it in the sense of "think like a criminal" in that they =
make an=20
effort to cause damage to others for their own financial gain. =
It is=20
entirely within their power to change from irresponsible =
self-serving jerks=20
to serve the greater good and still sell their products and =
eat. They=20
choose not to. You're not just excusing their reprehensible =
behavior=20
but encouraging it reflects badly on you.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>Rich</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<BLOCKQUOTE dir=3Dltr=20
style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; =
BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV>"Geo" <<A =
href=3D"mailto:georger@nls.net">georger@nls.net</A>>=20
wrote in message <A=20
=
href=3D"news:42d81f37@w3.nls.net">news:42d81f37@w3.nls.net</A>...</DIV>
<DIV><FONT face=3DArial size=3D2>Almost all the stuff fixed in the =
biggest=20
security update for windows, XPsp2, were motivated by worm =
writers, virus=20
writers, and other exploit coders, not by people reporting bugs. =
Why=20
weren't these changes made years before eeye existed when the =
security=20
industry was hammering on microsoft for their unsafe defaults, =
insecure=20
features, etc? It took YEARS of world wide infections to motivate=20
Microsoft to act.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial=20
size=3D2>Geo.</FONT></DIV></BLOCKQUOTE></BLOCKQUOTE></BLOCKQUOTE></BODY><=
/HTML>
------=_NextPart_000_012D_01C589EB.DCEF0920--
--- BBBS/NT v4.01 Flag-5
* Origin: Barktopia BBS Site http://HarborWebs.com:8081 (1:379/45)
|