Re: [Full-disclosure] Bigger burger roll needed
No, but the situations I'm talking about are *not* those types of situations. There's no reason why input coming in from a web server should not be properly bounds checked. As you suggest later on, maybe I wasn't reading clearly. I thought we were discussing BSOD crashes, which are typically caused by ring 0 code, or dependant hardware. I'm not so much of a moron to be suggesting that you allow arbritrary forreign data to flow unchecked. You are correct if your response is about to be but i'm not talking about ring 0 code. We could always trust all input... but the fact of the matter is that... life is never that simple. input regarding drivers should be within known ranges. outside of that, I would strongly suggest the driver is incomplete. Data stream tracking is one method of protecting against both of the above, however it is very costly in processing, aswell as requiring significantly sized validation tables to be built. This is not used in any public domain kernels I have seen. Actually, I'm talking about situations where we know what causes specific crashes. It's very easy to find these situations as they're included in security disclosures. Many of the crashes which get down to the kernel only manage to do so because they actually target kernel code. Yes, such input should not get there, thus my reference to design architecture. This however leads directly back to speed of handling, which is why things are changing these days and not before. There is a simple way to remove remote vulnerabilities from crashing a kernel, never let networking code touch kernel code. Clearly however, this is not how *nix, or nt are built; i re-iterate again, that this is with good reason. Obviously, it's not possible to trace every crash and fringe situations do occur. That doesn't change the fact that MS is handling their procedures poorly and they're making sloppy mistakes. Many other companies/groups make sloppy mistakes as well. I didn't see anyone in this thread claiming that MS was the only company that did this... just that they were the most exposed one. I was refering more to the fact that most apps which cause these kind of vulnerabilities are not following standard well documented procedures and architectures (several of the vulnerabilities you are probably thinking of existed prior to the new documentation and procedures however). Yes, that is sloppy coding, but that is becoming more and more rare in just-released code from many of the giants. I would say they are learning their lesson. In my real experience, people who try to point out how they have real experience and others don't... i think you read something between the lines there. Unless you have a memory management flaw where the partitioning of the memory is compromised. Such is the situation in Windows 9x... as I stated in the thread, it's unlikely that that type of situation would occur in a Windows NT style environment, but you still get other forms of crashes for a number of different reasons. 9x has so many well known vulnerabilities and faults now, it's hardly worth discussing. Yes memory corruption was always an issue there, but by the nature of the OS, of course it was. With regard to it's architecture, you needed to trust almost every application on the system to ensure stability. With NT, you may want to be a little more specific. A few years ago a client had trouble with some hp printer drivers running accross 2000 servers and clients. In a later driver update which fixed the issue, a new control code parser was implemented (our specific issue) and the whole driver was lifted away from kernel mode (the more general architecture issue). The latter prevented the possiblity of a further BSOD by printer driver for anything that was redeveloped under that branch. Legacy code base re-development had lead to poor driver architecture, and this was a financially based business decision, obviously. A BSOD isn't the only type of software crash and it's silly to only talk about BSODs when you're talking about customer satisfaction. Maybe, but it depends what is being discussed. An application from a 3rd party (defined here as anything other than the kernel and it's dependencies) can crash on it's own, and provided the developer has done what they were told, the kernel will stay up. To talk about crash prevention further than this is to suggest then that the OS should prevent apps from crashing. With regard to the operating system and it's dependant services, yes, they should be entirely re-loadable, maybe... Example: lsass is started from a specifically defined location during system boot, however if it were to be restarted after a crash, with a kernel still up (but incompletely now), you have little method of tracking what you are loading (the kernel is blind to certain events). It can be decided in this state therefore, that the system should be restarted as per general good security procedures amoung
Re: [Full-disclosure] Bigger burger roll needed
James Tucker wrote: One of the primary laws for speed optimisation is to trust your input and allow for data flow instantly. Especially if your trying to send say, an interrupt, we could re-index all of the interrupts available, and then send it. But we'd have missed any time dependancy we were relying on. Life is never that simple. No, but the situations I'm talking about are *not* those types of situations. There's no reason why input coming in from a web server should not be properly bounds checked. If you're taking input and you have a reason to believe that you can't trust that input, it's irresponsible not to check it. That includes virtually all input from the internet. We could always trust all input... but the fact of the matter is that... life is never that simple. And that is a very valid point. The same flaws in code that cause exploits also cause crashes by their very nature. It's not all over the place, it's a fact of system design. If they can't avoid mishandling input, then people's expectations will be low. See how it all comes together? I see how people think that other kernels actually do a better job over this, however they haven't actually looked at the the code to verify that fact. Furhtermore it is extremely rare that any of you are running debugger versions of the MS os's so in reality, you don't have a clue what is causing the crashes. This thread is starting to sound a bit like an MS bash rather than a discussion of something that is fact. Actually, I'm talking about situations where we know what causes specific crashes. It's very easy to find these situations as they're included in security disclosures. Obviously, it's not possible to trace every crash and fringe situations do occur. That doesn't change the fact that MS is handling their procedures poorly and they're making sloppy mistakes. Many other companies/groups make sloppy mistakes as well. I didn't see anyone in this thread claiming that MS was the only company that did this... just that they were the most exposed one. In my real experience where I HAVE verified the cause of a crash, particularly in the server world, but also for many many client crashes, it's normally a hardware failure. Be it a particular memory bank doesn't refresh in time due to a slightly lower than normal voltage level or a bus controller problem that is in fact an unusual, but nonetheless problematic fault with the design of the motherboard. This is very far from software faults. In my real experience, there are many different causes for crashes. Hardware is a significant cause. See, you're not the only person with real world experience. In my real experience, people who try to point out how they have real experience and others don't (whom they don't even know) are talking out their asses. Many of the examples being used are examples of software that in itself cannot cause a BSOD. IE being the perfect example. Unless you have a memory management flaw where the partitioning of the memory is compromised. Such is the situation in Windows 9x... as I stated in the thread, it's unlikely that that type of situation would occur in a Windows NT style environment, but you still get other forms of crashes for a number of different reasons. A BSOD isn't the only type of software crash and it's silly to only talk about BSODs when you're talking about customer satisfaction. More to the point, the other software also mentioned tends to be the kind of software that you can replicate the crash over and over again. If the crash is replicatable in this way, then sure, it's probably a software problem, but why not dump that software package, rather than claiming that the OS should fix every bit of bad coding you've ever seen. Where did anyone claim that it's the OS' job to fix application code? Oh, wait, no one did. Try reading. It's a beautiful thing. How many of you are really using (neh, in fact, have EVER used) a kernel that CANNOT crash by design? Anyone? Right, enough said then. Maybe for you... but for the rest of us, life isn't that simple. -bkfsec (ps. I'm assuming you meant to send this to the list from your tone. Or, maybe you got embarassed last minute and decided only to send it to me. Either way, it's going to the list.) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Bigger burger roll needed
Micheal Espinola Jr wrote: Bruce, I don't think you are going to find hard evidence for either conclusion. But Bruce's conclusion is consistent with my own experiences, and that of many other Administrators that I discuss issues like this with. Since its inception, supporting NT 3.0 beta and onward, I have been dealing with BSOD's. In total, there have been comparatively very few times were it was a direct fault of MS code. It has very commonly been in relation to 3rd party drivers that needed reworking or updating by the 3rd-party manufacturer. This is not PR spin (of which I don't think you could find any published PR spin for either side of this argument either). This is real world experience with the NT+ products across i386 and Alpha hardware platforms using peripheral devices from many different major manufactures. There are admins on both sides of the anti-MS fence that I communicate with that would agree with this conclusion. I agree, in general, that the vast majority of the BSODs I've seen on the NT line have been caused by bad drivers. On occassion, though, I have seen poorly written software that has BSOD'ed NT 4.0 before. However, the original topic was about users and their exposure to Microsoft products. User exposure to the NT line really began with Windows XP (aside from a smattering of Win2k installed desktops)... so the real initial exposure that users have had to Microsoft products is actually the DOS/Win9x line and those most certainly crashed frequently in situations where a driver wasn't necessarily the culprit. Not to mention the fact that a Windows XP or 2000 system can still crash without getting a BSOD, and that crashes of either the OS or applications can and do regularly occur. Further, the argument that third party drivers are always the cause and that merging code bases is not Microsoft's problem completely and totally ignores the fact that other OS' don't have the frequency of crashes experienced while using third party code that MS does. So, whether it be the shoddy coding that causes BSOD's in the DOS-dependant line of MS apps, or the shoddy coding that causes IE to freeze on Windows XP... or the shoddy coding that third parties carry out and that Microsoft allows to affect the system in such a way... nonetheless the net result is the same... the user's expectation has been lowered. -bkfsec ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Bigger burger roll needed
Micheal Espinola Jr wrote: I'm not and have not been referring to hackers what-so-ever. I'm referring to poorly written drivers. You guys are all over the place. I'm done. On 10/4/05, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: On Tue, 04 Oct 2005 08:16:34 EDT, Micheal Espinola Jr said: Without getting into specifics that no longer matter, surely they could have did their part better to handle malformed input - but who was malform'ing the input in the first place? That's right. Blame the hackers. Sounds like a sound bite from a Ballmer keynote speech. :) But, Curmudgeon's right... you can't just say yeah, the OS can't handle malformed data, but that's not their problem. One of the primary rules of coding is never trust the input. And that is a very valid point. The same flaws in code that cause exploits also cause crashes by their very nature. It's not all over the place, it's a fact of system design. If they can't avoid mishandling input, then people's expectations will be low. See how it all comes together? -bkfsec ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Bigger burger roll needed
I do see how it all comes together, and I agree as a whole. I'm certainly not excusing MS of their responsibility to the matter. My comments only referred to legitimate use of the OS, using supporting software and drivers, in which case you should be able to depend on proper coding from every party involved. Running software/drivers that were properly written for the OS should provide a failure free platform, and it does. That was my only point to egregious comments to Windows being BSOD prone. It could be a balancing act at times, but it could be done if done right. Yes, absolutely, any OS should be able to handle bad data without crashing. I think its apparent that MS is no longer ignorant (or perhaps naive) about the issue, and I honestly can't remember the last BSOD I got. It's been years. On 10/6/05, bkfsec [EMAIL PROTECTED] wrote: But, Curmudgeon's right... you can't just say yeah, the OS can't handle malformed data, but that's not their problem. One of the primary rules of coding is never trust the input. And that is a very valid point. The same flaws in code that cause exploits also cause crashes by their very nature. It's not all over the place, it's a fact of system design. If they can't avoid mishandling input, then people's expectations will be low. See how it all comes together? ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Bigger burger roll needed
: Since its inception, supporting NT 3.0 beta and onward, I have been : dealing with BSOD's. In total, there have been comparatively very few : times were it was a direct fault of MS code. It has very commonly been : in relation to 3rd party drivers that needed reworking or updating by : the 3rd-party manufacturer. : : This is not PR spin (of which I don't think you could find any published : PR spin for either side of this argument either). This is real world : experience with the NT+ products across i386 and Alpha hardware : platforms using peripheral devices from many different major : manufactures. There are admins on both sides of the anti-MS fence that : I communicate with that would agree with this conclusion. Fine, it isn't PR spin. But, compare this to Unix. How many times do you run user-land, 3rd party applications, that cause a kernel panic? Why does Windows *let* third party applications BSOD the core operating system? Fine, Microsoft didn't code the application causing it, but they sure coded the operating system that doesn't know how to handle malformed input. And the first few years of Windows 95 saw many, *many* BSODs that were due to Microsoft code. That lead to the general impression and sentiment you see today. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Bigger burger roll needed
I don't appreciate you changing caps in my name. I'm not 'spin'ing anything - I addressed a specific question with an honest real-world answer. I did not include propaganda nor did I denounce any alternate products. There's no need to be a disrespectful ass. Absolutely, Win95 was a pain in the ass So was 98 and Me. But I disagree with the sentiment that it was solely due to MS code. Without getting into specifics that no longer matter, surely they could have did their part better to handle malformed input - but who was malform'ing the input in the first place? Again, as an administrator having dealt with these issues in very large numbers, its was commonly an isolated distinguishable issue of drivers - that not only related to improper handling by the OS but also with inoperabilities with other drivers and devices. Properly configured, and not mucked with, I've had 95 boxes run for years without crashing or having to be rebuilt. You can call it luck if you want. I called it my job. I didn't bitch about it - I figured it out, got the job done and went on with life. On 10/4/05, security curmudgeon [EMAIL PROTECTED] wrote: : Since its inception, supporting NT 3.0 beta and onward, I have been : dealing with BSOD's. In total, there have been comparatively very few : times were it was a direct fault of MS code. It has very commonly been : in relation to 3rd party drivers that needed reworking or updating by : the 3rd-party manufacturer. : : This is not PR spin (of which I don't think you could find any published : PR spin for either side of this argument either). This is real world : experience with the NT+ products across i386 and Alpha hardware : platforms using peripheral devices from many different major : manufactures. There are admins on both sides of the anti-MS fence that : I communicate with that would agree with this conclusion. Fine, it isn't PR spin. But, compare this to Unix. How many times do you run user-land, 3rd party applications, that cause a kernel panic? Why does Windows *let* third party applications BSOD the core operating system? Fine, Microsoft didn't code the application causing it, but they sure coded the operating system that doesn't know how to handle malformed input. And the first few years of Windows 95 saw many, *many* BSODs that were due to Microsoft code. That lead to the general impression and sentiment you see today. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Bigger burger roll needed
: I don't appreciate you changing caps in my name. I'm not 'spin'ing : anything - I addressed a specific question with an honest real-world : answer. I did not include propaganda nor did I denounce any alternate : products. There's no need to be a disrespectful ass. A decade of close exposure to Windows boxen has destroyed your sense of humor. =( Hope you aren't sterile too. : Absolutely, Win95 was a pain in the ass So was 98 and Me. But I : disagree with the sentiment that it was solely due to MS code. Without : getting into specifics that no longer matter, surely they could have did : their part better to handle malformed input - but who was malform'ing : the input in the first place? By this reasoning, we can blame all the hax0rs and security professionals for SQL injection, cross-site scripting, file inclusion, path disclosure, overflows and format string vulnerabilities too, right? Because hey, *they* provided the malformed input to the application in the first place! ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Bigger burger roll needed
On Tue, Oct 04, 2005 at 07:51:34AM -0400, security curmudgeon wrote: Fine, it isn't PR spin. But, compare this to Unix. How many times do you run user-land, 3rd party applications, that cause a kernel panic? They don't, but they don't in Windows either: We're talking about *drivers* doing this. If an application causes a BSOD by its own account, then it's a bug in the OS. And the first few years of Windows 95 saw many, *many* BSODs that were due to Microsoft code. That lead to the general impression and sentiment you see today. No disagreement with this. Steve -- Stephen J Friedl | Security Consultant | UNIX Wizard | +1 714 544-6561 www.unixwiz.net | Tustin, Calif. USA | Microsoft MVP | [EMAIL PROTECTED] ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Bigger burger roll needed
On Tue, 04 Oct 2005 08:16:34 EDT, Micheal Espinola Jr said: Without getting into specifics that no longer matter, surely they could have did their part better to handle malformed input - but who was malform'ing the input in the first place? That's right. Blame the hackers. Sounds like a sound bite from a Ballmer keynote speech. :) pgpaxI2BMJkoQ.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Bigger burger roll needed
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Micheal Espinola Jr Sent: Tuesday, October 04, 2005 12:12 PM To: full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] Bigger burger roll needed I'm not and have not been referring to hackers what-so-ever. I'm referring to poorly written drivers. You guys are all over the place. I'm done. Think of it as a philosophy class. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Bigger burger roll needed
Thanks Randall :-) You know, I wouldn't mind it IF the conversation was properly [re]directed in context. In fact it often leads to many fascinating discussions. But other times it feels like some people that contributing are schizophrenic. Why if someone doesn't like or agree with a particular answer or topic its OK to respond with something completely different without any qualification is really bizarre - especially from a technical community. On 10/4/05, Randall M [EMAIL PROTECTED] wrote: Think of it as a philosophy class. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Bigger burger roll needed
: You know, I wouldn't mind it IF the conversation was properly : [re]directed in context. In fact it often leads to many fascinating : discussions. But other times it feels like some people that : contributing are schizophrenic. Seems like the people that didn't catch that leap don't quite grok the security industry at all. : Why if someone doesn't like or agree with a particular answer or topic : its OK to respond with something completely different without any : qualification is really bizarre - especially from a technical community. Microsoft / Windows / BSODs no, wrong / 3rd Parties / BSODs This lead to a comment of blame the 3rd party for providing malformed input, not microsoft/windows! At this point, two of us reply blame hackers for malformed input, referring to the numerous input manipulation vulnerabilities (XSS, SQL Injection, Format String, Overflow, et al), as it is a fairly direct comparison to those who blame hackers for shoddy programming. By the logic of that quote, we should blame hackers for *vulnerabilities* in code, not just exploiting them. To lay blame on the person providing malformed input is silly, be it a hacker or 3rd party device driver author. It all boils down to coding that can't handle unexpected input, which is a utopian attitude in a world that is anything but. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Bigger burger roll needed
I like how security professionals see themselves as part of the intellectual elite and the computer users as the ignorant hoards. In a field where anyone is call an expert, and 16 year olds can pass a CISSP, how is it that these experts forget they are only a certification away from being clueless. On 10/1/05, n3td3v [EMAIL PROTECTED] wrote: Hello to security community,n3td3v thought you might like to be alerted to his latest internet posting on corporate security and the relation between corporations,the consumer. and computer security.Details: http://news.com.com/5208-12-0.html?forumID=1threadID=10054messageID=72865start=-196Yours truely,n3td3v___Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.htmlHosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Bigger burger roll needed
Virus Friendly and phased might be to young to remember the old saying what you want the next generation to believe begin teaching this generation. It is a known fact that the major cause of computer criminal acts is the result of careless and uneducated users. I have said it again and again, the User is the best defense any Admin can have. If she or he understands the dangers they will not click the tempting link or download the pretty card. And if they take what they have learned home with them they diminish the Botnet army. As far as 16 year olds can pass the CISSP exam statement, that's a dam educated user. Thank You Randall M = You too can have your very own Computer! Note: Side effects include: Blue screens; interrupt violation; illegal operations; remote code exploitations; virus and mailware infestations; and other unknown vulnerabilities. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of phased Sent: Monday, October 03, 2005 5:26 AM To: full-disclosure@lists.grok.org.uk Subject: Re[2]: [Full-disclosure] Bigger burger roll needed Put information infront of the user, on unrelated pages. Keep doing it and eventually users will educated on a reasonable level to better check and patch systems, before the authors of malicious code and script kids get to them first. n3td3v No, your receptionist really couldnt give a shit, they have enough to do without reading security advisories spammed to them every day. What you would find is that they will probably learn more about adding a spam filter than securing their PC. Educating end users on risk is good, but you cant expect them to patch their own systems especially when someone else is being paid to, or do you want to be out of a job? :) -Original Message- From: Virus Friendly [EMAIL PROTECTED] To: n3td3v [EMAIL PROTECTED] Date: Mon, 3 Oct 2005 04:47:09 -0400 Subject: Re: [Full-disclosure] Bigger burger roll needed I like how security professionals see themselves as part of the intellectual elite and the computer users as the ignorant hoards. In a field where anyone is call an expert, and 16 year olds can pass a CISSP, how is it that these experts forget they are only a certification away from being clueless. On 10/1/05, n3td3v [EMAIL PROTECTED] wrote: Hello to security community, n3td3v thought you might like to be alerted to his latest internet posting on corporate security and the relation between corporations, the consumer. and computer security. Details: http://news.com.com/5208-12-0.html?forumID=1threadID=10054messageI D=72865start=-196 Yours truely, n3td3v ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Bigger burger roll needed
On Mon, 3 Oct 2005, Randall M wrote: Virus Friendly and phased might be to young to remember the old saying what you want the next generation to believe begin teaching this generation. It That's a nicely worded brainwashing statement. How about having the next generation believe truth not what you want them to believe. Do you by chance work for Cisco or Microsoft They're not really vulnerabilities believe me... is a known fact that the major cause of computer criminal acts is the result of careless and uneducated users. I have said it again and again, the User is the best defense any Admin can have. How is this a known fact rather than an ASSumption. Facts speak louder than words so rather than repeat what others have... well repeated some nice facts pointed out would have been nice. From my inference on your comment, that would mean every major malicious hack ever done was done by someone who didn't have a clue. The user is the biggest security risk and THAT is a known and published fact, not vice versa. If she or he understands the dangers they will not click the tempting link or download the pretty card. And if they take what they have learned home with them they diminish the Botnet army. As far as 16 year olds can pass the CISSP exam statement, that's a dam educated user. Could they diminish any botnet army? I'm thinking in tunes of 16 year old with hormones out of control, acting up out of rebellion and I'm wondering if the mental capacity is fully there to not spread malice if they had the mental capacity to cause malice electronically. I picture some frustrated 16 year old using a botnet to take out his school because someone bullied him, Because his little girlfriend left him so he decides to socially engineer some crap on his machine. I'm picturing a 16 year old with misguided morals nuking a country's infrastructure because his brain is filled with crapaganda. As for the dam educated user statement, not to discount the studies involved and passions possessed by those with certs, but quite frankly those (certs) mean little to me considering I've seen those with signatures the size of San Francisco have a clue the size of a flea. I agree and disagree. On a side note I'm wondering what the ISC will begin doing in about a decade considering the statistics nowadays: Growing at a rate of about 900 inmates each week between mid-2003 and mid-2004, the nation's prisons and jails held 2.1 million people, or one in every 138 U.S. residents [http://tinyurl.com/dwplj] Perhaps abolish their guidelines. =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ J. Oquendo GPG Key ID 0x97B43D89 http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0x97B43D89 Every man builds his world in his own image. He has the power to choose, but no power to escape the necessity of choice. -- Ayn Rand ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Bigger burger roll needed
On Mon, 03 Oct 2005 07:49:33 EDT, J. Oquendo said: On Mon, 3 Oct 2005, Randall M wrote: Virus Friendly and phased might be to young to remember the old saying what you want the next generation to believe begin teaching this generation. It That's a nicely worded brainwashing statement. How about having the next generation believe truth not what you want them to believe. Do you by chance work for Cisco or Microsoft They're not really vulnerabilities believe me... One acronym: BSOD. Why have users learned what it is, and grown accepting of seeing one? Do you know any Windows users who have *never* encountered one? How many Windows users would believe that before Microsoft, vendors actually would take a *single* crash reported by *one* user seriously enough to investigate and produce a bugfix, and that vendors would escalate to the point of sending developers to the customer site if a system crashed multiple times and no fix was in sight in a week? For all its monopolistic abuses, the single worst thing Microsoft has done for the computer industry is lowered user expectations regarding software. pgp3Ns5YEm24y.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Bigger burger roll needed
On Mon, 03 Oct 2005 07:49:33 EDT, J. Oquendo said: On Mon, 3 Oct 2005, Randall M wrote: is a known fact that the major cause of computer criminal acts is the result of careless and uneducated users. I have said it again and again, the User is the best defense any Admin can have. by someone who didn't have a clue. The user is the biggest security risk and THAT is a known and published fact, not vice versa. Umm.. That's exactly what Randall said - *security-unclued* users are the biggest risk, and the sysadmin's best defense is having trained and clued users. pgp5dVimAoO4S.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Bigger burger roll needed
On Mon, Oct 03, 2005 at 08:50:27AM -0400, [EMAIL PROTECTED] wrote: One acronym: BSOD. Why have users learned what it is, and grown accepting of seeing one? Do you know any Windows users who have *never* encountered one? The majority of BSODs are caused by buggy third-party drivers and malware (rootkits, etc.) Is that part of Microsoft's monopolistic abuse? How many Windows users would believe that before Microsoft, vendors actually would take a *single* crash reported by *one* user seriously enough to investigate and produce a bugfix, and that vendors would escalate to the point of sending developers to the customer site if a system crashed multiple times and no fix was in sight in a week? Before Microsoft, you got your hardware and OS from the same vendor, so there was a much larger revenue stream to support that kind of service. When you pay $100-ish (OEM) for your operating system, it's not so clear that anybody really ought to expect Bill to get in the car and swing by on his way home. Steve --- Stephen J Friedl | Security Consultant | UNIX Wizard | +1 714 544-6561 www.unixwiz.net | Tustin, Calif. USA | Microsoft MVP | [EMAIL PROTECTED] ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Bigger burger roll needed
While its easy to recognize your point, it's also quite moot. The supportability issues of long ago, are just that - long ago. The customer base was, when the PC market first expanded and continues to be, vastly larger from when computer companies offered that type of service. ...and at at much heftier price I might add. Lets not forget that back in the day, hardware and software combinations were a tightly controlled package deal. The PC market expansion changed that forever, and the multitude of hardware/software combination have long since made the support you are longing for an impossibility to maintain. However, those of us that have discovered significant flaws in the MS OS over the years know that MS takes bugs and flaws very seriously. Over the course of the past 10 years, I have had MS supply me with a patch, within hours of a bug report, on many occasions. This type of service certainly can't be expected or applied to all types of errors and circumstance, many of which strongly depend on unlucky combinations of hardware and 3rd-party drivers. FWIW IME, most users know what a BSOD looks like (a blue screen), but don't know it by that acronym. On 10/3/05, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: One acronym: BSOD. Why have users learned what it is, and grown accepting of seeing one? Do you know any Windows users who have *never* encountered one? How many Windows users would believe that before Microsoft, vendors actually would take a *single* crash reported by *one* user seriously enough to investigate and produce a bugfix, and that vendors would escalate to the point of sending developers to the customer site if a system crashed multiple times and no fix was in sight in a week? For all its monopolistic abuses, the single worst thing Microsoft has done for the computer industry is lowered user expectations regarding software. -- ME2 http://www.santeriasys.net/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Bigger burger roll needed
On Mon, 3 Oct 2005, Steve Friedl wrote: The majority of BSODs are caused by buggy third-party drivers and malware (rootkits, etc.) Is that part of Microsoft's monopolistic abuse? Does any kind of evidence (apart from PR-flack-based spin) exist for this conclusion? Can you point me to it? Sincerely, Bruce Ediger ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Bigger burger roll needed
Bruce, I don't think you are going to find hard evidence for either conclusion. But Bruce's conclusion is consistent with my own experiences, and that of many other Administrators that I discuss issues like this with. Since its inception, supporting NT 3.0 beta and onward, I have been dealing with BSOD's. In total, there have been comparatively very few times were it was a direct fault of MS code. It has very commonly been in relation to 3rd party drivers that needed reworking or updating by the 3rd-party manufacturer. This is not PR spin (of which I don't think you could find any published PR spin for either side of this argument either). This is real world experience with the NT+ products across i386 and Alpha hardware platforms using peripheral devices from many different major manufactures. There are admins on both sides of the anti-MS fence that I communicate with that would agree with this conclusion. On 10/3/05, Bruce Ediger [EMAIL PROTECTED] wrote: On Mon, 3 Oct 2005, Steve Friedl wrote: The majority of BSODs are caused by buggy third-party drivers and malware (rootkits, etc.) Is that part of Microsoft's monopolistic abuse? Does any kind of evidence (apart from PR-flack-based spin) exist for this conclusion? Can you point me to it? Sincerely, Bruce Ediger ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- ME2 http://www.santeriasys.net/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Bigger burger roll needed
err, But Steve's conclusion is consistent with my own... On 10/3/05, Micheal Espinola Jr [EMAIL PROTECTED] wrote: Bruce, I don't think you are going to find hard evidence for either conclusion. But Bruce's conclusion is consistent with my own experiences, and that of many other Administrators that I discuss issues like this with. Since its inception, supporting NT 3.0 beta and onward, I have been dealing with BSOD's. In total, there have been comparatively very few times were it was a direct fault of MS code. It has very commonly been in relation to 3rd party drivers that needed reworking or updating by the 3rd-party manufacturer. This is not PR spin (of which I don't think you could find any published PR spin for either side of this argument either). This is real world experience with the NT+ products across i386 and Alpha hardware platforms using peripheral devices from many different major manufactures. There are admins on both sides of the anti-MS fence that I communicate with that would agree with this conclusion. On 10/3/05, Bruce Ediger [EMAIL PROTECTED] wrote: On Mon, 3 Oct 2005, Steve Friedl wrote: The majority of BSODs are caused by buggy third-party drivers and malware (rootkits, etc.) Is that part of Microsoft's monopolistic abuse? Does any kind of evidence (apart from PR-flack-based spin) exist for this conclusion? Can you point me to it? Sincerely, Bruce Ediger ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- ME2 http://www.santeriasys.net/ -- ME2 http://www.santeriasys.net/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Bigger burger roll needed
On Mon, Oct 03, 2005 at 10:37:05AM -0600, Bruce Ediger wrote: Does any kind of evidence (apart from PR-flack-based spin) exist for this conclusion? This is what Microsoft tells me what they gather from the online error reporting and crash analysis, and it comports with my experience as well. I know I've caused my own share when I was writing print drivers: no way those were Microsoft's fault. I suppose that even if this data is as claimed, it could be skewed by those who primarily see MS-caused faults choosing not to submit these reports. I very much doubt the details are public, so one is probably left to the mercy of whether you believe Microsoft or not. Steve -- Stephen J Friedl | Security Consultant | UNIX Wizard | +1 714 544-6561 www.unixwiz.net | Tustin, Calif. USA | Microsoft MVP | [EMAIL PROTECTED] ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Bigger burger roll needed
On Mon, 03 Oct 2005 06:42:37 PDT, Steve Friedl said: On Mon, Oct 03, 2005 at 08:50:27AM -0400, [EMAIL PROTECTED] wrote: One acronym: BSOD. Why have users learned what it is, and grown accepting of seeing one? Do you know any Windows users who have *never* encountered one? The majority of BSODs are caused by buggy third-party drivers and malware (rootkits, etc.) Is that part of Microsoft's monopolistic abuse? Perhaps if they hadn't been so busy designing baroque undocumented APIs for the use of their own monopolistic software(*), they could have designed a cleaner API that would have resulted in more stable third-party drivers ;) (*) Yes, they exist. Remember MS having to open and document them as part of one of their anti-trust losses? ;) pgpr9ctjdPU2H.pgp Description: PGP signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Bigger burger roll needed
On Mon, 03 Oct 2005 06:42:37 PDT, Steve Friedl said: On Mon, Oct 03, 2005 at 08:50:27AM -0400, [EMAIL PROTECTED] wrote: Perhaps if they hadn't been so busy designing baroque undocumented APIs for the use of their own monopolistic software(*), they could have designed a cleaner API that would have resulted in more stable third-party drivers ;) They did have such an API at one time... in NT 3.51. In NT4 they redesigned the GDI so that the user could bypass userland and talk straight to the kernel. It's been so long I don't recall the exact details, but this re-hack paved the way for DirectX and sped up the response of the new desktop, which of course was lifted from WIndows 95. After NT4 anything that hooked into the GDI could BSOD. New video driver? BSOD. New printer driver? BSOD. It was quite a mess. Still is. Worst design flaw ever. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Bigger burger roll needed
On Mon, Oct 03, 2005 at 03:41:58PM -0400, TheGesus wrote: In NT4 they redesigned the GDI so that the user could bypass userland and talk straight to the kernel. It's been so long I don't recall the exact details, but this re-hack paved the way for DirectX and sped up the response of the new desktop, which of course was lifted from WIndows 95. After NT4 anything that hooked into the GDI could BSOD. New video driver? BSOD. New printer driver? BSOD. It was quite a mess. This is only partly the case; this is the history. In NT3.51, *all* GDI (printer and video) was done in userland, but GDI calls involved an expensive context switch and/or local procedure call. I guess for printer drivers this was not really a big deal, but for video it matters a lot. Gamers care about this, right? In NT4 all GDI dove into kernel space, and it provided a substantial performance boost, but it completely sucked for print driver writers. No thread support, no real support for floating point math, not any performance difference to write home about, and a BSOD was as easy as an assertion failure. Porting a complex user-mode driver to kernel mode could be a daunting task. Well, all that silly but kernel-mode print drivers won't be as robust talk turned out to be true, so Windows 2000 supported both kernel mode (version 2) and user mode (version 3) drivers. I assume that version 1 drivers were NT3.51 usermode. XP is the same way, and in Server 2003 there is a Group Policy option that disables kernel mode drivers, and I understand that Vista/Longhorn will forbid kernel mode print drivers altogether. Saying that the user bypasses user mode and talks directly to the kernel is not really that meaningful: it doesn't talk to the kernel, just to the GDI, and it's not really any different from an IOCTL. It wasn't terribly robust, but I don't think it was inherently insecure. Steve (who writes print drivers too) --- Stephen J Friedl | Security Consultant | UNIX Wizard | +1 714 544-6561 www.unixwiz.net | Tustin, Calif. USA | Microsoft MVP | [EMAIL PROTECTED] ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/