wow i've made a new friend
cool ya jets there hercules .
I never attacked Dave Watts but merely pointed out my opinion concerning his comments
about script kiddies on this list, i think its safe to say there is not a major
problem with script kiddies roaming this list lurking about in the shadows to grab
sensitive information for naughty purposes. Sorry i dont agree with you about script
kiddies, i guess that makes me the anti-christ to you or something. Dave Watts simply
had an opinion concerning the posting of the +.htr bug , thru that posting i know of
at least 3 working developers who learned about the bug and moved to fix it because of
that post, including myself. Now if we all had taken that hysterically cynical view of
the world that you seem to have, well that wouldn't have happened. would it?
As for ignorant, i guess you now hold the title as most ignorant post to any list :)
also if you think i should apologize to Dave Watts, then what will you do for me after
your calling me ignorant, are you going to buy me dinner now ?
You may despise script kiddies , but they are the future, not all script kiddies are
criminal in intent, and noone was defending the act of hacking.
So take a valium and relax
MikeC
> ** Original Subject: RE: Re: The +.htr bug strikes again
> ** Original Sender: "Benjamin S. Rogers" <[EMAIL PROTECTED]>
> ** Original Date: Tue, 26 Dec 2000 16:14:27 -0500
> ** Original Message follows...
>
> Mike,
>
> This may be one of the most ignorant statements I've seen posted to a list
> in awhile. I use the word "ignorant," first, because of the ill-conceived
> attack on Dave Watts, who has been contributing to this list (and the
> ColdFusion community at large) for some time. Although I'm sure Dave doesn't
> care, I would think an apology is in order.
>
> Second, I believe your statement was bred of ignorance if you think the
> destructive behavior of solitary script kiddies executing precompiled
> executables against distant servers is necessarily predisposed to becoming
> the skilled programmers that you would like to work with: a good part of
> what it takes to be on a team is trust and good natured comradery, things
> the script kiddies are more times than not lacking.
>
> Benjamin S. Rogers
> Web Developer, c4.net
> voice: (508) 240-0051
> fax: (508) 240-0057
>
> -----Original Message-----From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, December 26, 2000 1:26 PM
> To: CF-Talk
> Subject: re: Re: The +.htr bug strikes again
>
>
> I for one appreciate the heads up, not everyone considers people on this
> list to be script kiddies !!
> we are all developers here and we don't need mr Watts to baby sit us.
> on the topic of script kiddies, there is another side to that, there is the
> annoying older internet worker who looks at everything like a lawyer and put
> disclaimers on everything and want to protect us from ourselves. Gimme the
> script kiddies anyday, script kiddies grow up to be internet workers and
> innovators, annoying legally minded (old )programmers are just plain dull
>
>
> > ** Original Subject: Re: The +.htr bug strikes again
> > ** Original Sender: "Kevin Schmidt" <[EMAIL PROTECTED]>
> > ** Original Date: Fri, 22 Dec 2000 14:21:39 -0500
>
> > ** Original Message follows...
>
> >
> > Ok. I can see that my piece of information, that I intended to be totally
> > harmless, has caused quite a stir. From now on I will keep my mouth shut.
> > The only reason I let people on the list know is because the site uses CF
> > and there had been alot of discussion on the topic over the past few day.
> > Several people didn't even know the bug existed.
> > I told the sites administrators about the problem and I don't know if they
> > have fixed it yet or not. Maybe they don't care or maybe they do. There
> > have been other sites metioned in this thread that have the same problem.
> > People disclosed the information to warn consumers of the problem and to
> > choose someone else to provide the service that the said company provided
> > because the company hadn't fixed the issue. Some people on the list don't
> > think mentioning these types of issues is a problem, others do. I am
> > stepping of my soapbox now. If anyone has questions about the +.htr issue
> > i'll be happy to entertain them. There have also been numerous posts with
> > URL's to the patch posted to the list.
> >
> > Happy Holiday's
> >
> > Kevin Schmidt, Web Technology Manager
> > Allaire Certified Cold Fusion Developer
> > pwb inc.
> > integrated marketing communications
> > 350 S. Main St., Suite 350
> > Ann Arbor, MI 48104
> > 734.995.5000 (tel)
> > 734.995.5002 (fax)
> > www.pwb.com
> >
> >
> > ----- Original Message -----From: "Dave Watts" <[EMAIL PROTECTED]>
> > To: "CF-Talk" <[EMAIL PROTECTED]>
> > Sent: Friday, December 22, 2000 12:04 PM
> > Subject: RE: The +.htr bug strikes again
> >
> >
> > > > There are two sides to this issue. 1. Releasing bug/vulnerability
> > > > information to the public will release hoards of script
> > > > kiddies to cause havoc and dismay instantaniously without
> > > > recourse. 2. Releasing bug/vulnerability information will cause
> > > > industry leaders like Microsoft and respectively Allaire to
> > > > act on the information sooner than later.
> > > >
> > > > I can see both sides of the fence but would lean to alerting
> > > > the public to the problem. Security by obscurity is not a good
> > > > policy to live by.
> > >
> > > While I agree with this as far as product vendors are concerned, that's
> > not
> > > what's going on here. It's one thing to release general information
> about
> > > vulnerabilities in MS products to the public (although even within the
> > > security community, there's quite a bit of debate over whether and how
> > this
> > > should be done - should the vendor be notified privately first, how long
> > > between vendor notification and public release, etc.). It's another
> thing
> > to
> > > release specific information about who hasn't patched their
> installations
> > of
> > > vendor products, which is what's going on here - "so-and-so is
> vulnerable
> > to
> > > the .htr bug". This doesn't have any place within either side of the
> issue
> > > that you're talking about, and is pretty irresponsible in my opinion.
> > >
> > > Dave Watts, CTO, Fig Leaf Software
> > > http://www.figleaf.com/
> > > voice: (202) 797-5496
> > > fax: (202) 797-5444
> > >
> > >
> >
>
~~~~~~~~~~~~~ Paid Sponsorship ~~~~~~~~~~~~~
Get Your Own Dedicated Win2K Server! Instant Activation for $99/month w/Free Setup
from SoloServer PIII600 / 128 MB RAM / 20 GB HD / 24/7/365 Tech Support Visit
SoloServer, https://secure.irides.com/clientsetup.cfm.
Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
