Text 6106, 303 rader
Skriven 2005-07-16 10:11:10 av Rich (1:379/45)
Kommentar till text 6099 av Geo (1:379/45)
Ärende: Re: eeye's irresponsible self-serving behavior
======================================================
From: "Rich" <@>
This is a multi-part message in MIME format.
------=_NextPart_000_0150_01C589EE.B08D9E20
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
I find eeye's behavior reprehensible for all the vendors for which =
they provide exploits to the public. I would find it so regardless of = my
employer. You pretend there is some relationship that does not exist = and
even if it did it wouldn't be with me.
Rich
"Geo" <georger@nls.net> wrote in message news:42d93a04@w3.nls.net...
and nobody cares when an employee of the manufacturer of the flawed =
product bitches about the people exposing the flaws. Eeye does not need = you
to excuse them.
Geo.
"Rich" <@> wrote in message news:42d88a08@w3.nls.net...
eeye's irresponsible self-serving actions are not excused by =
anyone else's actions good or bad, particularly when you make bad = analogies.
Rich
"Geo" <georger@nls.net> wrote in message =
news:42d83d33$1@w3.nls.net...
eeye is not posting instructions on how to kill computer users, =
they are posting details of flaws in consumer product.
And I picked the SMB flaw as an example because it's the kind of =
flaw that's likely to be the next worm vector.
As for the question of eeye providing protection and at the same =
time providing details of a flaw, how did you feel about the details of = that
bicycle lock that could be opened with a ball point pen? Did you = have an
issue with those details being released on the national news = because I
thought that was a good thing. It showed the public just how = piss poor a lock
that junk was. I would however imagine the lock = manufacturer has an attitude
similar to yours, that the information = never should have been released and I
would imagine they would use the = same bs arguments you are using.
Consumers have a right to know the details of the flaws found in =
consumer products. Be it a kids car seat, a bicycle lock, software, a = circuit
breaker, their cars, whatever.
Geo.
"Rich" <@> wrote in message news:42d82aee@w3.nls.net...
Do you really believe that your doors and windows protect you =
from outright attack? If so you are surely going to be sorry. You = escape
harm simply because you one attacks you. Post instructions on = how to do so
and thereby lower the threshold and you will increase the = likelihood of
attack. If someone like eeye came to you and said that = they would sell you
protection and at the same time provided attackers = the information they need,
how you would feel about that extortion?
Where do you get the idea that detailed instructions are =
missing? Maybe the description isn't sufficient for you but I assure = you
that it is sufficient for others. And this example, which I'm sure = you
picked because you thought it weak on details, is not = representitive. If you
want to demonstrate that they do not cause the = great harm that they do you
will need to show that they never do this = not that there exists a single
instance where you thought they did not.
Rich
"Geo" <georger@nls.net> wrote in message =
news:42d822d0@w3.nls.net...
First off, if the security of my home was compromised by a =
flaw in a consumer product I would fully support the posting of the = details
of that flaw.
Second, the detailed exploit instructions are not there, only =
a flaw description is there and only that description is what I and = others
want access to. I believe the attached is the detailed exploit = instructions
and they are only for a DOS not for the remote root = exploit. Of course since
you claim this is already available to all of = us at the eeye URL I linked to
you shouldn't have an issue with me = posting it here, huh?
Geo.
"Rich" <@> wrote in message news:42d7d7c8@w3.nls.net...
Such bullshit. It's not just that you are paranoid, you =
are being silly. Please post the detailed instructions for anyone to = break
into your home and kill your wife and family. You shouldn't keep = this
information exclusive to you. Others may find this useful to = protect
themselves. If it puts your family at risk, so what. = "Information" like
this should be free for all.
As for the eeye press release to which you refer, it sure =
does provide detailed instructions. It may be that you don't recognize = the
terminology but it is there, specific, and detailed.
Rich
------=_NextPart_000_0150_01C589EE.B08D9E20
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.2900.2668" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2> I find eeye's behavior =
reprehensible=20
for all the vendors for which they provide exploits to the public. = I
would=20
find it so regardless of my employer. You pretend there is some=20
relationship that does not exist and even if it did it wouldn't be with=20
me.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>Rich</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<BLOCKQUOTE dir=3Dltr=20
style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; =
BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV>"Geo" <<A =
href=3D"mailto:georger@nls.net">georger@nls.net</A>> wrote=20
in message <A=20
=
href=3D"news:42d93a04@w3.nls.net">news:42d93a04@w3.nls.net</A>...</DIV>
<DIV><FONT face=3DArial size=3D2>and nobody cares when an employee of =
the=20
manufacturer of the flawed product bitches about the people exposing =
the=20
flaws. Eeye does not need you to excuse them.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>Geo.</FONT></DIV>
<BLOCKQUOTE dir=3Dltr=20
style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; =
BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV>"Rich" <@> wrote in message <A=20
=
href=3D"news:42d88a08@w3.nls.net">news:42d88a08@w3.nls.net</A>...</DIV>
<DIV><FONT face=3DArial size=3D2> eeye's irresponsible =
self-serving=20
actions are not excused by anyone else's actions good or bad, =
particularly=20
when you make bad analogies.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>Rich</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<BLOCKQUOTE dir=3Dltr=20
style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; =
BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV>"Geo" <<A =
href=3D"mailto:georger@nls.net">georger@nls.net</A>>=20
wrote in message <A=20
=
href=3D"news:42d83d33$1@w3.nls.net">news:42d83d33$1@w3.nls.net</A>...</DI=
V>
<DIV><FONT face=3DArial size=3D2>eeye is not posting instructions =
on how to=20
kill computer users, they are posting details of flaws in consumer =
product.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>And I picked the SMB flaw as an =
example=20
because it's the kind of flaw that's likely to be the next =
worm=20
vector.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>As for the question of eeye =
providing=20
protection and at the same time providing details of a flaw, how =
did you=20
feel about the details of that bicycle lock that could be opened =
with a=20
ball point pen? Did you have an issue with those details being =
released on=20
the national news because I thought that was a good thing. It =
showed the=20
public just how piss poor a lock that junk was. I would however =
imagine=20
the lock manufacturer has an attitude similar to yours, that the=20
information never should have been released and I would imagine =
they would=20
use the same bs arguments you are using.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>Consumers have a right to know =
the details of=20
the flaws found in consumer products. Be it a kids car seat, a =
bicycle=20
lock, software, a circuit breaker, their cars, =
whatever.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>Geo.</FONT></DIV>
<BLOCKQUOTE dir=3Dltr=20
style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; =
BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV>"Rich" <@> wrote in message <A=20
=
href=3D"news:42d82aee@w3.nls.net">news:42d82aee@w3.nls.net</A>...</DIV>
<DIV><FONT face=3DArial size=3D2> Do you really =
believe that=20
your doors and windows protect you from outright attack? =
If so you=20
are surely going to be sorry. You escape harm simply =
because you=20
one attacks you. Post instructions on how to do so and =
thereby=20
lower the threshold and you will increase the likelihood of=20
attack. If someone like eeye came to you and said that =
they would=20
sell you protection and at the same time provided attackers the=20
information they need, how you would feel about that=20
extortion?</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2> Where do you get =
the idea that=20
detailed instructions are missing? Maybe the description =
isn't=20
sufficient for you but I assure you that it is sufficient for=20
others. And this example, which I'm sure you picked =
because you=20
thought it weak on details, is not representitive. If you =
want to=20
demonstrate that they do not cause the great harm that they do =
you will=20
need to show that they never do this not that there exists a =
single=20
instance where you thought they did not.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>Rich</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<BLOCKQUOTE dir=3Dltr=20
style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: =
5px; BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV>"Geo" <<A=20
href=3D"mailto:georger@nls.net">georger@nls.net</A>> wrote =
in message=20
<A=20
=
href=3D"news:42d822d0@w3.nls.net">news:42d822d0@w3.nls.net</A>...</DIV>
<DIV><FONT face=3DArial size=3D2>First off, if the security of =
my home was=20
compromised by a flaw in a consumer product I would fully =
support the=20
posting of the details of that flaw.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>Second, the detailed =
exploit=20
instructions are not there, only a flaw description is there =
and only=20
that description is what I and others want access to. I =
believe the=20
attached is the detailed exploit instructions and =
they are=20
only for a DOS not for the remote root exploit. Of course =
since you=20
claim this is already available to all of us at the eeye =
URL I=20
linked to you shouldn't have an issue with me posting it here, =
huh?</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>Geo.</FONT></DIV>
<BLOCKQUOTE dir=3Dltr=20
style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: =
5px; BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV>"Rich" <@> wrote in message <A=20
=
href=3D"news:42d7d7c8@w3.nls.net">news:42d7d7c8@w3.nls.net</A>...</DIV>
<DIV><FONT face=3DArial size=3D2> Such =
bullshit. It's=20
not just that you are paranoid, you are being silly. =
Please=20
post the detailed instructions for anyone to break into your =
home=20
and kill your wife and family. You shouldn't keep this =
information exclusive to you. Others may find this =
useful to=20
protect themselves. If it puts your family at risk, so =
what. "Information" like this should be free for=20
all.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2> As for the =
eeye press=20
release to which you refer, it sure does provide detailed=20
instructions. It may be that you don't recognize the=20
terminology but it is there, specific, and =
detailed.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>Rich</FONT></DIV>
<DIV><FONT face=3DArial=20
=
size=3D2></FONT> </DIV></BLOCKQUOTE></BLOCKQUOTE></BLOCKQUOTE></BLOC=
KQUOTE></BLOCKQUOTE></BLOCKQUOTE></BODY></HTML>
------=_NextPart_000_0150_01C589EE.B08D9E20--
--- BBBS/NT v4.01 Flag-5
* Origin: Barktopia BBS Site http://HarborWebs.com:8081 (1:379/45)
|