Text 6134, 378 rader
Skriven 2005-07-17 19:10:50 av Rich (1:379/45)
Kommentar till text 6132 av Geo (1:379/45)
Ärende: Re: eeye's irresponsible self-serving behavior
======================================================
From: "Rich" <@>
This is a multi-part message in MIME format.
------=_NextPart_000_007D_01C58B03.3F28AC00
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
I have no doubt you are but that would still be wrong. The stuff =
referred to by the first sentence is the same stuff I mentioned, the =
technology improvements and new features to better protect users against = the
damage promoted by eeye and the like.
Rich
"Geo" <georger@nls.net> wrote in message news:42db0123@w3.nls.net...
When I said "stuff fixed" I'm including things like default settings.
Geo.=20
"Rich" <@> wrote in message news:42dafd10@w3.nls.net...
Again the motivation was not for any "stuff fixed". If it was =
just that it would have been no more interesting than any other SP. = What
made it unusual were changes other than fixes to take advantage of = new
hardware and to help users avoid taking actions against their own = interest as
that is a common way, probably the most common way, for = users to get infected
with viruses, worms, etc. This is exactly what I = wrote in response to your
nonsense.
Try to remember your own bullshit and not try to pretend you =
wrote something else.
Rich
"Geo" <georger@nls.net> wrote in message =
news:42daee1c@w3.nls.net...
I spoke about the motivation behind the largest windows security =
update not what was patched. The issue was that it wasn't motivated by = bug
reports, it was motivated by virus, worms, and coded exploits. The = very first
sentence of MS's overview even says this specifically.
Geo.
"Rich" <@> wrote in message news:42d93a21@w3.nls.net...
you can't even remember your own bullshit. You wrote "all =
the stuff fixed ...". I replaced with what I viewed as the two major = visible
changes were new functionality and UI enhancements. The text = from
microsoft.com that you quote supports my statement not your = nonsense about
"stuff fixed".
Rich
"Geo" <georger@nls.net> wrote in message =
news:42d93529@w3.nls.net...
from =
http://www.microsoft.com/downloads/details.aspx?FamilyId=3D049C9DBE-3B8E-=
4F30-8245-9E368D3CDB5A&displaylang=3Den
Overview
Microsoft Windows XP Service Pack 2 (SP2) provides new =
proactive security technologies for Windows XP to better defend against =
viruses, worms, and hackers.=20
The very first sentence specifically says exactly what I was =
saying, you want to argue, argue with Microsoft. It was not motivated by =
people reporting bugs, it was motivated by virus, worms, and hackers.
Geo.
"Rich" <@> wrote in message news:42d830cd@w3.nls.net...
You are mistaken. IMHO, there are two major visible =
areas of change in SP2. One are the changes enabled by new hardware = support
for NX together with related protection backported from Windows = Server 2003
SP1. These are visible to developers but not much to end = users so I would
not be surprised if this isn't considered a major = visible change to many.
There are no bug fixes here. Just using the = new capabilities to mitigate
against harm if an attack manages to get = through. The second are the UI
changes like changing from modal dialogs = and message boxes to the modeless
information bar in IE or text and = graphics changes to existing warnings.
Again there are no bug fixes = here. The purpose of these changes is to
further discourage users from = taking action against their own interest. SP2
includes fixes like those = you expect to find in an SP but nothing stands out
in my mind.
As for the claim that eeye was doing anything except =
creating harm to the public for their own self-interest is laughable. = Off
the top of my head I can't think of any instance of eeye doing more = than
exploiting trivial bugs. This is why I have stated several times = that their
work is interesting only in the great harm they promote and = not in any
technical sense. In particularl it has the feel of being = found by an
automated tool, which they had claimed in earlier press. If = you want
examples of folks that find interesting stuff, look at some of = the folks
doing HTML based attacks, which are more likely design flaws = not simple bugs,
or the Litchfields which report on interesting areas = though ones that usually
apply after exploiting some simple bug.
One thing I find humorous is that you from time to time =
go off on some "think like a hacker" rant as if it is a reflection on = how to
find problems. The eeye folks issue press releases on not so = interesting
problems and fail to demonstate any thinking like a hacker = in this sense.
Where they do fit this term is if you use it in the = sense of "think like a
criminal" in that they make an effort to cause = damage to others for their own
financial gain. It is entirely within = their power to change from
irresponsible self-serving jerks to serve the = greater good and still sell
their products and eat. They choose not to. =
You're not just excusing their reprehensible behavior but encouraging =
it reflects badly on you.
Rich
"Geo" <georger@nls.net> wrote in message =
news:42d81f37@w3.nls.net...
Almost all the stuff fixed in the biggest security update =
for windows, XPsp2, were motivated by worm writers, virus writers, and = other
exploit coders, not by people reporting bugs. Why weren't these = changes made
years before eeye existed when the security industry was = hammering on
microsoft for their unsafe defaults, insecure features, = etc? It took YEARS of
world wide infections to motivate Microsoft to = act.
Geo.
------=_NextPart_000_007D_01C58B03.3F28AC00
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.2900.2668" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2> I have no doubt you are =
but that would=20
still be wrong. The stuff referred to by the first sentence is the =
same=20
stuff I mentioned, the technology improvements and new features to = better=20
protect users against the damage promoted by eeye and the = like.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>Rich</FONT></DIV>
<DIV> </DIV>
<BLOCKQUOTE dir=3Dltr=20
style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; =
BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV>"Geo" <<A =
href=3D"mailto:georger@nls.net">georger@nls.net</A>> wrote=20
in message <A=20
=
href=3D"news:42db0123@w3.nls.net">news:42db0123@w3.nls.net</A>...</DIV>
<DIV><FONT face=3DArial size=3D2>When I said "stuff fixed" I'm =
including things=20
like default settings.</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=3DArial size=3D2>Geo.</FONT> </DIV>
<BLOCKQUOTE dir=3Dltr=20
style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; =
BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV>"Rich" <@> wrote in message <A=20
=
href=3D"news:42dafd10@w3.nls.net">news:42dafd10@w3.nls.net</A>...</DIV>
<DIV><FONT face=3DArial size=3D2> Again the motivation =
was not for=20
any "stuff fixed". If it was just that it would have been no =
more=20
interesting than any other SP. What made it unusual were =
changes other=20
than fixes to take advantage of new hardware and to help users avoid =
taking=20
actions against their own interest as that is a common way, probably =
the=20
most common way, for users to get infected with viruses, worms, =
etc. =20
This is exactly what I wrote in response to your =
nonsense.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2> Try to remember your =
own bullshit=20
and not try to pretend you wrote something else.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>Rich</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<BLOCKQUOTE dir=3Dltr=20
style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; =
BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV>"Geo" <<A =
href=3D"mailto:georger@nls.net">georger@nls.net</A>>=20
wrote in message <A=20
=
href=3D"news:42daee1c@w3.nls.net">news:42daee1c@w3.nls.net</A>...</DIV>
<DIV><FONT face=3DArial size=3D2>I spoke about the motivation =
behind the=20
largest windows security update not what was patched. The issue =
was that=20
it wasn't motivated by bug reports, it was motivated by virus, =
worms, and=20
coded exploits. The very first sentence of MS's overview even says =
this=20
specifically.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>Geo.</FONT></DIV>
<BLOCKQUOTE dir=3Dltr=20
style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; =
BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV>"Rich" <@> wrote in message <A=20
=
href=3D"news:42d93a21@w3.nls.net">news:42d93a21@w3.nls.net</A>...</DIV>
<DIV><FONT face=3DArial size=3D2> =
you can't=20
even remember your own bullshit. You wrote "all the stuff =
fixed=20
...". I replaced with what I viewed as the two major =
visible=20
changes were new functionality and UI enhancements. The =
text from=20
microsoft.com that you quote supports my statement not your =
nonsense=20
about "stuff fixed".</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>Rich</FONT></DIV>
<DIV> </DIV>
<BLOCKQUOTE dir=3Dltr=20
style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: =
5px; BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV>"Geo" <<A=20
href=3D"mailto:georger@nls.net">georger@nls.net</A>> wrote =
in message=20
<A=20
=
href=3D"news:42d93529@w3.nls.net">news:42d93529@w3.nls.net</A>...</DIV>
<DIV><FONT face=3DArial size=3D2>from <A=20
=
href=3D"http://www.microsoft.com/downloads/details.aspx?FamilyId=3D049C9D=
BE-3B8E-4F30-8245-9E368D3CDB5A&displaylang=3Den">http://www.microsoft=
.com/downloads/details.aspx?FamilyId=3D049C9DBE-3B8E-4F30-8245-9E368D3CDB=
5A&displaylang=3Den</A></FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV>
<H4>Overview</H4>
<DIV class=3DDetailsContent id=3Doverview>Microsoft Windows XP =
Service=20
Pack 2 (SP2) provides new proactive security technologies for =
Windows=20
XP to better defend against viruses, worms, and hackers. =
</DIV>
<DIV class=3DDetailsContent> </DIV>
<DIV class=3DDetailsContent><FONT face=3DArial size=3D2>The =
very first=20
sentence specifically says exactly what I was saying, you want =
to=20
argue, argue with Microsoft. It was not motivated by people =
reporting=20
bugs, it was motivated by virus, worms, and =
hackers.</FONT></DIV>
<DIV class=3DDetailsContent><FONT face=3DArial =
size=3D2></FONT> </DIV>
<DIV class=3DDetailsContent><FONT face=3DArial=20
size=3D2>Geo.</FONT></DIV></DIV>
<BLOCKQUOTE dir=3Dltr=20
style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: =
5px; BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV>"Rich" <@> wrote in message <A=20
=
href=3D"news:42d830cd@w3.nls.net">news:42d830cd@w3.nls.net</A>...</DIV>
<DIV><FONT face=3DArial size=3D2> You are =
mistaken. =20
IMHO, there are two major visible areas of change in =
SP2. One=20
are the changes enabled by new hardware support for NX =
together with=20
related protection backported from Windows Server 2003 =
SP1. =20
These are visible to developers but not much to end users so =
I would=20
not be surprised if this isn't considered a major visible =
change to=20
many. There are no bug fixes here. Just using =
the new=20
capabilities to mitigate against harm if an attack manages =
to get=20
through. The second are the UI changes like changing =
from=20
modal dialogs and message boxes to the modeless information =
bar in=20
IE or text and graphics changes to existing warnings. =
Again=20
there are no bug fixes here. The purpose of these =
changes is=20
to further discourage users from taking action against their =
own=20
interest. SP2 includes fixes like those you expect to =
find in=20
an SP but nothing stands out in my mind.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2> As for the =
claim that eeye=20
was doing anything except creating harm to the public for =
their own=20
self-interest is laughable. Off the top of my head I =
can't=20
think of any instance of eeye doing more than exploiting =
trivial=20
bugs. This is why I have stated several times that =
their work=20
is interesting only in the great harm they promote and not =
in any=20
technical sense. In particularl it has the feel of =
being found=20
by an automated tool, which they had claimed in earlier =
press. =20
If you want examples of folks that find interesting stuff, =
look at=20
some of the folks doing HTML based attacks, which are more =
likely=20
design flaws not simple bugs, or the Litchfields which =
report on=20
interesting areas though ones that usually apply after =
exploiting=20
some simple bug.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2> One thing I =
find humorous=20
is that you from time to time go off on some "think like a =
hacker"=20
rant as if it is a reflection on how to =
find problems. =20
The eeye folks issue press releases on not =
so interesting=20
problems and fail to demonstate any thinking like a hacker =
in this=20
sense. Where they do fit this term is if you use it in =
the=20
sense of "think like a criminal" in that they make an effort =
to=20
cause damage to others for their own financial gain. =
It is=20
entirely within their power to change from irresponsible=20
self-serving jerks to serve the greater good and still sell =
their=20
products and eat. They choose not to. You're not =
just=20
excusing their reprehensible behavior but encouraging it =
reflects=20
badly on you.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>Rich</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<BLOCKQUOTE dir=3Dltr=20
style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: =
5px; BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV>"Geo" <<A=20
href=3D"mailto:georger@nls.net">georger@nls.net</A>> =
wrote in=20
message <A=20
=
href=3D"news:42d81f37@w3.nls.net">news:42d81f37@w3.nls.net</A>...</DIV>
<DIV><FONT face=3DArial size=3D2>Almost all the stuff =
fixed in the=20
biggest security update for windows, XPsp2, were motivated =
by worm=20
writers, virus writers, and other exploit coders, not by =
people=20
reporting bugs. Why weren't these changes made years =
before eeye=20
existed when the security industry was hammering on =
microsoft for=20
their unsafe defaults, insecure features, etc? It took =
YEARS of=20
world wide infections to motivate Microsoft to =
act.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial=20
=
size=3D2>Geo.</FONT></DIV></BLOCKQUOTE></BLOCKQUOTE></BLOCKQUOTE></BLOCKQ=
UOTE></BLOCKQUOTE></BLOCKQUOTE></BLOCKQUOTE></BODY></HTML>
------=_NextPart_000_007D_01C58B03.3F28AC00--
--- BBBS/NT v4.01 Flag-5
* Origin: Barktopia BBS Site http://HarborWebs.com:8081 (1:379/45)
|