Text 6130, 321 rader
Skriven 2005-07-17 17:57:14 av Rich (1:379/45)
Kommentar till text 6127 av Geo (1:379/45)
Ärende: Re: eeye's irresponsible self-serving behavior
======================================================
From: "Rich" <@>
This is a multi-part message in MIME format.
------=_NextPart_000_0065_01C58AF8.F76C9CA0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Again the motivation was not for any "stuff fixed". If it was just =
that it would have been no more interesting than any other SP. What = made it
unusual were changes other than fixes to take advantage of new = hardware and
to help users avoid taking actions against their own = interest as that is a
common way, probably the most common way, for = users to get infected with
viruses, worms, etc. This is exactly what I = wrote in response to your
nonsense.
Try to remember your own bullshit and not try to pretend you wrote =
something else.
Rich
"Geo" <georger@nls.net> wrote in message news:42daee1c@w3.nls.net...
I spoke about the motivation behind the largest windows security =
update not what was patched. The issue was that it wasn't motivated by = bug
reports, it was motivated by virus, worms, and coded exploits. The = very first
sentence of MS's overview even says this specifically.
Geo.
"Rich" <@> wrote in message news:42d93a21@w3.nls.net...
you can't even remember your own bullshit. You wrote "all the =
stuff fixed ...". I replaced with what I viewed as the two major = visible
changes were new functionality and UI enhancements. The text = from
microsoft.com that you quote supports my statement not your = nonsense about
"stuff fixed".
Rich
"Geo" <georger@nls.net> wrote in message =
news:42d93529@w3.nls.net...
from =
http://www.microsoft.com/downloads/details.aspx?FamilyId=3D049C9DBE-3B8E-=
4F30-8245-9E368D3CDB5A&displaylang=3Den
Overview
Microsoft Windows XP Service Pack 2 (SP2) provides new proactive =
security technologies for Windows XP to better defend against viruses, = worms,
and hackers.=20
The very first sentence specifically says exactly what I was =
saying, you want to argue, argue with Microsoft. It was not motivated by =
people reporting bugs, it was motivated by virus, worms, and hackers.
Geo.
"Rich" <@> wrote in message news:42d830cd@w3.nls.net...
You are mistaken. IMHO, there are two major visible areas of =
change in SP2. One are the changes enabled by new hardware support for = NX
together with related protection backported from Windows Server 2003 = SP1.
These are visible to developers but not much to end users so I = would not be
surprised if this isn't considered a major visible change = to many. There are
no bug fixes here. Just using the new capabilities = to mitigate against harm
if an attack manages to get through. The = second are the UI changes like
changing from modal dialogs and message = boxes to the modeless information bar
in IE or text and graphics changes = to existing warnings. Again there are no
bug fixes here. The purpose = of these changes is to further discourage users
from taking action = against their own interest. SP2 includes fixes like those
you expect to = find in an SP but nothing stands out in my mind.
As for the claim that eeye was doing anything except creating =
harm to the public for their own self-interest is laughable. Off the = top of
my head I can't think of any instance of eeye doing more than = exploiting
trivial bugs. This is why I have stated several times that = their work is
interesting only in the great harm they promote and not in = any technical
sense. In particularl it has the feel of being found by = an automated tool,
which they had claimed in earlier press. If you want = examples of folks that
find interesting stuff, look at some of the folks = doing HTML based attacks,
which are more likely design flaws not simple = bugs, or the Litchfields which
report on interesting areas though ones = that usually apply after exploiting
some simple bug.
One thing I find humorous is that you from time to time go =
off on some "think like a hacker" rant as if it is a reflection on how = to
find problems. The eeye folks issue press releases on not so = interesting
problems and fail to demonstate any thinking like a hacker = in this sense.
Where they do fit this term is if you use it in the = sense of "think like a
criminal" in that they make an effort to cause = damage to others for their own
financial gain. It is entirely within = their power to change from
irresponsible self-serving jerks to serve the = greater good and still sell
their products and eat. They choose not to. =
You're not just excusing their reprehensible behavior but encouraging =
it reflects badly on you.
Rich
"Geo" <georger@nls.net> wrote in message =
news:42d81f37@w3.nls.net...
Almost all the stuff fixed in the biggest security update for =
windows, XPsp2, were motivated by worm writers, virus writers, and other =
exploit coders, not by people reporting bugs. Why weren't these changes = made
years before eeye existed when the security industry was hammering = on
microsoft for their unsafe defaults, insecure features, etc? It took = YEARS of
world wide infections to motivate Microsoft to act.
Geo.
------=_NextPart_000_0065_01C58AF8.F76C9CA0
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.2900.2668" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2> Again the motivation was =
not for any=20
"stuff fixed". If it was just that it would have been no more =
interesting=20
than any other SP. What made it unusual were changes other than = fixes
to=20
take advantage of new hardware and to help users avoid taking actions =
against=20
their own interest as that is a common way, probably the most common = way,
for=20
users to get infected with viruses, worms, etc. This is exactly = what
I=20
wrote in response to your nonsense.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2> Try to remember your own =
bullshit and=20
not try to pretend you wrote something else.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>Rich</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<BLOCKQUOTE dir=3Dltr=20
style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; =
BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV>"Geo" <<A =
href=3D"mailto:georger@nls.net">georger@nls.net</A>> wrote=20
in message <A=20
=
href=3D"news:42daee1c@w3.nls.net">news:42daee1c@w3.nls.net</A>...</DIV>
<DIV><FONT face=3DArial size=3D2>I spoke about the motivation behind =
the largest=20
windows security update not what was patched. The issue was that it =
wasn't=20
motivated by bug reports, it was motivated by virus, worms, and coded=20
exploits. The very first sentence of MS's overview even says this=20
specifically.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>Geo.</FONT></DIV>
<BLOCKQUOTE dir=3Dltr=20
style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; =
BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV>"Rich" <@> wrote in message <A=20
=
href=3D"news:42d93a21@w3.nls.net">news:42d93a21@w3.nls.net</A>...</DIV>
<DIV><FONT face=3DArial size=3D2> you =
can't even=20
remember your own bullshit. You wrote "all the stuff fixed =
...". =20
I replaced with what I viewed as the two major visible changes were =
new=20
functionality and UI enhancements. The text from microsoft.com =
that=20
you quote supports my statement not your nonsense about "stuff=20
fixed".</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>Rich</FONT></DIV>
<DIV> </DIV>
<BLOCKQUOTE dir=3Dltr=20
style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; =
BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV>"Geo" <<A =
href=3D"mailto:georger@nls.net">georger@nls.net</A>>=20
wrote in message <A=20
=
href=3D"news:42d93529@w3.nls.net">news:42d93529@w3.nls.net</A>...</DIV>
<DIV><FONT face=3DArial size=3D2>from <A=20
=
href=3D"http://www.microsoft.com/downloads/details.aspx?FamilyId=3D049C9D=
BE-3B8E-4F30-8245-9E368D3CDB5A&displaylang=3Den">http://www.microsoft=
.com/downloads/details.aspx?FamilyId=3D049C9DBE-3B8E-4F30-8245-9E368D3CDB=
5A&displaylang=3Den</A></FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV>
<H4>Overview</H4>
<DIV class=3DDetailsContent id=3Doverview>Microsoft Windows XP =
Service Pack 2=20
(SP2) provides new proactive security technologies for Windows XP =
to=20
better defend against viruses, worms, and hackers. </DIV>
<DIV class=3DDetailsContent> </DIV>
<DIV class=3DDetailsContent><FONT face=3DArial size=3D2>The very =
first sentence=20
specifically says exactly what I was saying, you want to argue, =
argue with=20
Microsoft. It was not motivated by people reporting bugs, it was =
motivated=20
by virus, worms, and hackers.</FONT></DIV>
<DIV class=3DDetailsContent><FONT face=3DArial =
size=3D2></FONT> </DIV>
<DIV class=3DDetailsContent><FONT face=3DArial =
size=3D2>Geo.</FONT></DIV></DIV>
<BLOCKQUOTE dir=3Dltr=20
style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; =
BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV>"Rich" <@> wrote in message <A=20
=
href=3D"news:42d830cd@w3.nls.net">news:42d830cd@w3.nls.net</A>...</DIV>
<DIV><FONT face=3DArial size=3D2> You are =
mistaken. IMHO,=20
there are two major visible areas of change in SP2. One =
are the=20
changes enabled by new hardware support for NX together with =
related=20
protection backported from Windows Server 2003 SP1. These =
are=20
visible to developers but not much to end users so I would not =
be=20
surprised if this isn't considered a major visible change to =
many. =20
There are no bug fixes here. Just using the new =
capabilities to=20
mitigate against harm if an attack manages to get through. =
The=20
second are the UI changes like changing from modal dialogs and =
message=20
boxes to the modeless information bar in IE or text and graphics =
changes=20
to existing warnings. Again there are no bug fixes =
here. The=20
purpose of these changes is to further discourage users from =
taking=20
action against their own interest. SP2 includes fixes like =
those=20
you expect to find in an SP but nothing stands out in my=20
mind.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2> As for the claim =
that eeye was=20
doing anything except creating harm to the public for their own=20
self-interest is laughable. Off the top of my head I can't =
think=20
of any instance of eeye doing more than exploiting trivial =
bugs. =20
This is why I have stated several times that their work is =
interesting=20
only in the great harm they promote and not in any technical=20
sense. In particularl it has the feel of being found by an =
automated tool, which they had claimed in earlier press. =
If you=20
want examples of folks that find interesting stuff, look at some =
of the=20
folks doing HTML based attacks, which are more likely design =
flaws not=20
simple bugs, or the Litchfields which report on interesting =
areas though=20
ones that usually apply after exploiting some simple =
bug.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2> One thing I find =
humorous is=20
that you from time to time go off on some "think like a hacker" =
rant as=20
if it is a reflection on how to find problems. The =
eeye folks=20
issue press releases on not so interesting problems and =
fail to=20
demonstate any thinking like a hacker in this sense. Where =
they do=20
fit this term is if you use it in the sense of "think like a =
criminal"=20
in that they make an effort to cause damage to others for their =
own=20
financial gain. It is entirely within their power to =
change from=20
irresponsible self-serving jerks to serve the greater good and =
still=20
sell their products and eat. They choose not to. =
You're not=20
just excusing their reprehensible behavior but encouraging it =
reflects=20
badly on you.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>Rich</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<BLOCKQUOTE dir=3Dltr=20
style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: =
5px; BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV>"Geo" <<A=20
href=3D"mailto:georger@nls.net">georger@nls.net</A>> wrote =
in message=20
<A=20
=
href=3D"news:42d81f37@w3.nls.net">news:42d81f37@w3.nls.net</A>...</DIV>
<DIV><FONT face=3DArial size=3D2>Almost all the stuff fixed in =
the biggest=20
security update for windows, XPsp2, were motivated by worm =
writers,=20
virus writers, and other exploit coders, not by people =
reporting bugs.=20
Why weren't these changes made years before eeye existed when =
the=20
security industry was hammering on microsoft for their unsafe=20
defaults, insecure features, etc? It took YEARS of world wide=20
infections to motivate Microsoft to act.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial=20
=
size=3D2>Geo.</FONT></DIV></BLOCKQUOTE></BLOCKQUOTE></BLOCKQUOTE></BLOCKQ=
UOTE></BLOCKQUOTE></BODY></HTML>
------=_NextPart_000_0065_01C58AF8.F76C9CA0--
--- BBBS/NT v4.01 Flag-5
* Origin: Barktopia BBS Site http://HarborWebs.com:8081 (1:379/45)
|