> No, but the situations I'm talking about are *not* those types of
> situations. There's no reason why input coming in from a web server
> should not be properly bounds checked.
As you suggest later on, maybe I wasn't reading clearly. I thought we
were discussing BSOD crashes, which are typicall
James Tucker wrote:
One of the primary laws for speed optimisation is to trust your input
and allow for data flow instantly. Especially if your trying to send
say, an interrupt, we could re-index all of the interrupts available,
and then send it. But we'd have missed any time dependancy we were
I do see how it all comes together, and I agree as a whole. I'm
certainly not excusing MS of their responsibility to the matter.
My comments only referred to legitimate use of the OS, using
supporting software and drivers, in which case you should be able to
depend on proper coding from every par
Micheal Espinola Jr wrote:
I'm not and have not been referring to hackers what-so-ever. I'm
referring to poorly written drivers.
You guys are all over the place. I'm done.
On 10/4/05, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
On Tue, 04 Oct 2005 08:16:34 EDT, Micheal Espinola Jr said:
Micheal Espinola Jr wrote:
Bruce, I don't think you are going to find hard "evidence" for either
conclusion. But Bruce's conclusion is consistent with my own
experiences, and that of many other Administrators that I discuss
issues like this with.
Since its inception, supporting NT 3.0 beta and
: You know, I wouldn't mind it IF the conversation was properly
: [re]directed in context. In fact it often leads to many fascinating
: discussions. But other times it feels like some people that
: contributing are schizophrenic.
Seems like the people that didn't catch that "leap" don't quit
Thanks Randall :-)
You know, I wouldn't mind it IF the conversation was properly
[re]directed in context. In fact it often leads to many fascinating
discussions. But other times it feels like some people that
contributing are schizophrenic.
Why if someone doesn't like or agree with a particula
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Micheal Espinola Jr
Sent: Tuesday, October 04, 2005 12:12 PM
To: full-disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure] Bigger burger roll needed
I'
I'm not and have not been referring to hackers what-so-ever. I'm
referring to poorly written drivers.
You guys are all over the place. I'm done.
On 10/4/05, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
> On Tue, 04 Oct 2005 08:16:34 EDT, Micheal Espinola Jr said:
>
> > Without getting into spec
On Tue, 04 Oct 2005 08:16:34 EDT, Micheal Espinola Jr said:
> Without getting into specifics that no longer matter, surely they
> could have did their part better to handle malformed input - but who
> was malform'ing the input in the first place?
That's right. Blame the hackers. Sounds like a so
On Tue, Oct 04, 2005 at 07:51:34AM -0400, security curmudgeon wrote:
> Fine, it isn't PR spin. But, compare this to Unix. How many times do you
> run user-land, 3rd party applications, that cause a kernel panic?
They don't, but they don't in Windows either: We're talking about
*drivers* doing thi
: I don't appreciate you changing caps in my name. I'm not 'spin'ing
: anything - I addressed a specific question with an honest real-world
: answer. I did not include propaganda nor did I denounce any alternate
: products. There's no need to be a disrespectful ass.
A decade of close exposu
I don't appreciate you changing caps in my name. I'm not 'spin'ing
anything - I addressed a specific question with an honest real-world
answer. I did not include propaganda nor did I denounce any alternate
products. There's no need to be a disrespectful ass.
Absolutely, Win95 was a pain in the
: Since its inception, supporting NT 3.0 beta and onward, I have been
: dealing with BSOD's. In total, there have been comparatively very few
: times were it was a direct fault of MS code. It has very commonly been
: in relation to 3rd party drivers that needed reworking or updating by
: the
On Mon, Oct 03, 2005 at 03:41:58PM -0400, TheGesus wrote:
> In NT4 they redesigned the GDI so that the user could bypass
> "userland" and talk straight to the kernel.
>
> It's been so long I don't recall the exact details, but this re-hack
> paved the way for DirectX and sped up the response of t
> On Mon, 03 Oct 2005 06:42:37 PDT, Steve Friedl said:
> > On Mon, Oct 03, 2005 at 08:50:27AM -0400, [EMAIL PROTECTED] wrote:
> Perhaps if they hadn't been so busy designing baroque undocumented APIs for
> the
> use of their own monopolistic software(*), they could have designed a cleaner
> API
On Mon, 03 Oct 2005 06:42:37 PDT, Steve Friedl said:
> On Mon, Oct 03, 2005 at 08:50:27AM -0400, [EMAIL PROTECTED] wrote:
> > One acronym: BSOD. Why have users learned what it is, and grown accepting
> > of
> > seeing one? Do you know any Windows users who have *never* encountered one?
>
> The
On Mon, Oct 03, 2005 at 10:37:05AM -0600, Bruce Ediger wrote:
> Does any kind of evidence (apart from PR-flack-based spin) exist
> for this conclusion?
This is what Microsoft tells me what they gather from the online error
reporting and crash analysis, and it comports with my experience as
well. I
err, But Steve's conclusion is consistent with my own...
On 10/3/05, Micheal Espinola Jr <[EMAIL PROTECTED]> wrote:
> Bruce, I don't think you are going to find hard "evidence" for either
> conclusion. But Bruce's conclusion is consistent with my own
> experiences, and that of many other Administ
Bruce, I don't think you are going to find hard "evidence" for either
conclusion. But Bruce's conclusion is consistent with my own
experiences, and that of many other Administrators that I discuss
issues like this with.
Since its inception, supporting NT 3.0 beta and onward, I have been
dealing w
On Mon, 3 Oct 2005, Steve Friedl wrote:
The majority of BSODs are caused by buggy third-party drivers and malware
(rootkits, etc.) Is that part of "Microsoft's monopolistic abuse"?
Does any kind of evidence (apart from PR-flack-based spin) exist for this
conclusion?
Can you point me to it?
S
While its easy to recognize your point, it's also quite moot.
The supportability issues of long ago, are just that - long ago. The
customer base was, when the PC market first expanded and continues to
be, vastly larger from when computer companies offered that type of
service. ...and at at much
On Mon, Oct 03, 2005 at 08:50:27AM -0400, [EMAIL PROTECTED] wrote:
> One acronym: BSOD. Why have users learned what it is, and grown accepting of
> seeing one? Do you know any Windows users who have *never* encountered one?
The majority of BSODs are caused by buggy third-party drivers and malwar
On Mon, 03 Oct 2005 07:49:33 EDT, "J. Oquendo" said:
>
> On Mon, 3 Oct 2005, Randall M wrote:
> > is a known fact that the major cause of computer criminal acts is the result
> > of careless and uneducated users. I have said it again and again, the "User"
> > is the best defense any Admin can have
On Mon, 03 Oct 2005 07:49:33 EDT, "J. Oquendo" said:
>
> On Mon, 3 Oct 2005, Randall M wrote:
>
> > Virus Friendly and phased might be to young to remember the old saying "what
> > you want the next generation to believe begin teaching this generation". It
>
> That's a nicely worded brainwashing
On Mon, 3 Oct 2005, Randall M wrote:
> Virus Friendly and phased might be to young to remember the old saying "what
> you want the next generation to believe begin teaching this generation". It
That's a nicely worded brainwashing statement. How about having the next
generation believe truth not
festations;
and other unknown vulnerabilities.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of phased
Sent: Monday, October 03, 2005 5:26 AM
To: full-disclosure@lists.grok.org.uk
Subject: Re[2]: [Full-disclosure] Bigger burger rol
especially when someone else is being paid to, or do
you want to be out of a job? :)
-Original Message-
From: Virus Friendly <[EMAIL PROTECTED]>
To: n3td3v <[EMAIL PROTECTED]>
Date: Mon, 3 Oct 2005 04:47:09 -0400
Subject: Re: [Full-disclosure] Bigger burger roll needed
I like how security professionals see themselves as part of the intellectual elite and the "computer users" as the ignorant hoards.
In a field where anyone is call an "expert", and 16 year olds can pass a CISSP, how is it that these "experts" forget they are only a certification away from being clu
Hello to security community,
n3td3v thought you might like to be alerted to his latest internet
posting on corporate security and the relation between corporations,
the consumer. and computer security.
Details:
http://news.com.com/5208-12-0.html?forumID=1&threadID=10054&messageID=72865&start
30 matches
Mail list logo