Eitan Caspi wrote: > I'm confused. It escapes me, really. There is no excuse not to know exactly when, why and how anything happens on a Windows machine, not with the excellent, affordable tracing tools we have at our disposal in this time and age. I loathe the term "security researchers" - it conjures mental images of Dutch naturalists in colonial pith helmets marvelling at the sight of some exotic kind of blue orchid under their oversize magnifying lens, deep in a tropical jungle - but I have to say both the term and the image fit your kind like a glove. Get up close and personal with Process Explorer and Process Monitor (it records the *stack backtrace* for every operation! that's the IT security equivalent of downloading and installing Christmas and getting to run it everyday) and never publically embarass yourself thus again. The most disheartening aspect of the current generation of security research is how an army of basement dwellers suddenly turned into a kind of paranoid, power-hungry freaks who, at the war cry of "EVERY CRASH IS A VULNERABILITY", toil away day and night to get the respect, the cred, the Russian spam botnet they so long for.
In fact, I hate the whole attitude of treating technical issues like security issues, with the lack of subtlety, politeness, humility and plain SENSE that seems to go with that. So one day ЗАРАЗА finds a regression in Microsoft's C runtime, potentially leading to crashes in all applications compiled with it; security-minded as he is, he promptly reports it to [EMAIL PROTECTED], making a godawful job of it, describing the kind of awkward contorted terror scenario only a security researcher could be capable of conceiving (oooh! I know! I know! let's ship the whole IT security circus to Guantanamo bay!), and, characteristically, proposing ass-backwards solutions (even my good pals and ex-ReactOS-ites Alex Ionescu and Skywing, otherwise veritable metahumans capable of mentally indexing unimaginable amounts of technical information, bleed IQ points by the dozen when presented with the challenge of writing a "Workarounds" section); technically-minded as I am, I register on <URL: http://connect.microsoft.com/ >, report the issue as a bug, making a purely technical case of it, and the issue is acknowledged in a matter of two days and a fix scheduled for Visual Studio 2005 SP1 (KB927580 seems to be related, too: <URL: http://support.microsoft.com/kb/927580/en-us >). No fuss, no drama, no veiled threatening, no blackmail. [EMAIL PROTECTED] is just too overloaded - please TRY and discuss the matter with your friendly neighborhood Windows expert first. It might even turn out - what a concept! - that you were wrong all along (sorry! you must be _this_ reputable to ride this botnet/azn waifu/wiggermobile!) As I see it, Microsoft has made an earnest attempt to get as close as allowed by corporate policy (and common dignity) to your crazy, wacky world of drama bombz (see: Harry Potter hoax, last year's furry porn flood, etc.) and reputation warz (see: n3td3v, Gobbles, etc.) and powerwordz (see: the PsyOps counter-hoax, Gadi Evron's Garden of Eden complex of asserting ownership through christening, etc.) and make it all somehow work, the least you could do is lose some of that fucking sense of _entitlement_. To get back to the matter at hand, might I hazard the suggestion that maybe, probably, you granted the Debug privilege to the Users group? (what's the output of "whoami /priv" in the run-as command prompt?) _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
