Re: Please run windows update now
On May 15, 2017, at 4:31 PM, Jonathan Roach wrote: > What's key is that administrators need to know how to secure their > estates. If they've failed to apply the patch, that's their failure, not > Microsoft's, but patching was not the only way to have curtailed this > weekend's outbreak. But their failure leads to further intrusions elsewhere. Their failure has consequences beyond their own borders. IMO, this is a herd immunity problem that Microsoft needs to get better at. The analogy I would make here is the German versus the American approaches to road fatalities. In the German approach, if there are significant road fatalities in a given location, then that implies there is a failure with the way the road system is engineered, and it needs to be fixed so that the number of fatalities is brought down. No blame is automatically assumed on the part of the drivers who failed at that location. In the American approach, if there are a significant number of road fatalities, then it's the drivers own fault and they should have taken more care. They are automatically to blame for their own failure. But if you're one of the other drivers out there who might be impacted by the lack of due diligence practiced by another driver on the road, which approach are you going to want to see implemented? -- Brad Knowles
Re: vFlow :: IPFIX, sFlow and Netflow collector
Hello, Interesting, what receives and where do you keep flows at the other end of messaging bus ? PS: in my case I am talking about hundreds of kilo flows/s that I would like to keep for at least few weeks, so MemSQL or any other SQLs are out of the picture. Thank you On Mon, May 15, 2017 at 2:31 PM, Mehrdad Arshad Rad wrote: > Hi all, > > I just wanted to share the vFlow - IPFIX, sFlow and Netflow collector, it's > scalable and reliable, written by pure Golang! > It doesn't have any library dependency and works w/ Kafka and NSQ (you can > write your own MQ plugin). > > https://github.com/VerizonDigital/vflow > > For more information > https://www.linkedin.com/pulse/high-performance- > scalable-reliable-ipfix-sflow-open-arshad-rad > > It can be able to integrate w/ MemSQL easy and you can have kind of below > SQL query: > > memsql> select * from samples order by bytes desc limit 20; > ++-+-+-- > --++---+-+-+--++ > -+ > | device | src | dst | srcASN | dstASN > | proto | srcPort | dstPort | tcpFlags | bytes | datetime > | > ++-+-+-- > --++---+-+-+--++ > -+ > | 192.129.230.0 | 87.11.81.121| 61.231.215.18 | 131780 | 21773 > | 6 | 80 | 64670 | 0x10 | 342000 | 2017-04-27 22:05:55 > | > | 52.20.79.116 | 87.11.81.100| 216.38.140.154 | 41171 | 7994 > | 6 | 443 | 26798 | 0x18 | 283364 | 2017-04-27 22:06:00 > | > | 52.20.79.116 | 192.229.211.70 | 50.240.197.150 | 41171 | 33651 > | 6 | 80 | 23397 | 0x10 | 216000 | 2017-04-27 22:05:55 > | > | 108.161.249.16 | 152.125.33.113 | 74.121.78.10| 13768 | 9551 > | 6 | 80 | 49217 | 0x18 | 196500 | 2017-04-27 22:05:59 > | > | 192.229.130.0 | 87.21.81.254| 94.56.54.135| 132780 | 21773 > | 6 | 80 | 52853 | 0x18 | 165000 | 2017-04-27 22:05:55 > | > | 108.161.229.96 | 93.184.215.169 | 152.157.32.200 | 12768 | 11430 > | 6 | 443 | 50488 | 0x18 | 86400 | 2017-04-27 22:06:01 > | > | 52.22.49.106 | 122.229.210.189 | 99.31.208.183 | 22171 | 8018 > | 6 | 443 | 33059 | 0x18 | 73500 | 2017-04-27 22:05:55 > | > | 52.22.49.126 | 81.21.81.131| 66.215.169.120 | 22171 | 20115 > | 6 | 80 | 57468 | 0x10 | 66000 | 2017-04-27 22:05:59 > | > | 108.160.149.96 | 94.184.215.151 | 123.90.233.120 | 16768 | 14476 > | 6 | 80 | 63905 | 0x18 | 65540 | 2017-04-27 22:05:57 > | > | 52.22.79.116 | 162.129.210.181 | 60.180.253.156 | 21271 | 31651 > | 6 | 443 | 59652 | 0x18 | 64805 | 2017-04-27 22:06:00 > | > | 108.161.149.90 | 93.184.215.169 | 80.96.58.146| 13868 | 22394 > | 6 | 443 |1151 | 0x18 | 59976 | 2017-04-27 22:05:54 > | > | 102.232.179.20 | 111.18.232.131 | 121.62.44.149 | 24658 | 4771 > | 6 | 80 | 61076 | 0x10 | 59532 | 2017-04-27 22:05:54 > | > | 102.232.179.20 | 192.129.145.6 | 110.49.221.232 | 24658 | 4804 > | 6 | 443 | 50002 | 0x10 | 58500 | 2017-04-27 22:05:55 > | > | 102.232.179.20 | 192.129.232.112 | 124.132.217.101 | 24658 | 43124 > | 6 | 443 | 37686 | 0x10 | 57000 | 2017-04-27 22:06:00 > | > | 192.229.230.0 | 87.11.81.253| 219.147.144.22 | 132380 | 2900 > | 6 | 80 | 25202 | 0x18 | 56120 | 2017-04-27 22:05:58 > | > | 192.129.130.0 | 87.21.11.200| 180.239.187.151 | 132380 | 8151 > | 6 | 443 | 55062 | 0x18 | 52220 | 2017-04-27 22:05:59 > | > | 52.12.79.126 | 87.21.11.254| 64.30.125.221 | 21071 | 14051 > | 6 | 80 | 57072 | 0x10 | 51000 | 2017-04-27 22:05:54 > | > | 192.229.110.1 | 150.195.33.40 | 98.171.170.51 | 132980 | 28773 > | 6 | 80 | 53270 | 0x18 | 51000 | 2017-04-27 22:05:57 > | > | 192.229.110.1 | 87.21.81.254| 68.96.162.21| 132980 | 28773 > | 6 | 80 | 46727 | 0x18 | 49500 | 2017-04-27 22:06:01 > | > | 52.22.59.110 | 192.129.210.181 | 151.203.130.228 | 21271 | 12452 > | 6 | 80 | 43720 | 0x18 | 49500 | 2017-04-27 22:05:55 > | > ++-+-+-- > --++---+-+-+--++ > -+ > 20 rows in set (0.06 sec) > > > Please let me know if you have any questions. > > Thanks, > Mehrdad > > -- > *M*ehrdad Arshad Rad > *P*rincipal Software Engineer > https://www.linkedin.com/in/mehrdadrad > -- -- Vitaly Nikolaev
Re: Please run windows update now
On Tue, May 16, 2017 at 8:33 AM, Brad Knowles wrote: > On May 15, 2017, at 4:31 PM, Jonathan Roach > wrote: > > > What's key is that administrators need to know how to secure their > > estates. If they've failed to apply the patch, that's their failure, not > > Microsoft's, but patching was not the only way to have curtailed this > > weekend's outbreak. > > But their failure leads to further intrusions elsewhere. Their failure > has consequences beyond their own borders. > > IMO, this is a herd immunity problem that Microsoft needs to get better at. > > > The analogy I would make here is the German versus the American approaches > to road fatalities. > > In the German approach, if there are significant road fatalities in a > given location, then that implies there is a failure with the way the road > system is engineered, and it needs to be fixed so that the number of > fatalities is brought down. No blame is automatically assumed on the part > of the drivers who failed at that location. > > In the American approach, if there are a significant number of road > fatalities, then it's the drivers own fault and they should have taken more > care. They are automatically to blame for their own failure. > > But if you're one of the other drivers out there who might be impacted by > the lack of due diligence practiced by another driver on the road, which > approach are you going to want to see implemented? > LOL. I think that is a really bad example and I see many facilities in it, including a hasty generalization, as intersections, and roads for that matter, in America have been resigned to improve safety. Isn't it true, with any tech product, the more complex features, the less secure it is? Ask yourself why this is the case, and I believe the true issue with tech lays there. If a country must build a China Wall duplicate in 300 days (for some reason, to save money lets say), unless the team can pull it off and depending upon how long it must be, the wall you end up with will probably have some holes in it or pieces of it may collapse at later dates. I don't know. It is hard to imagine a professional IT nowadays, seriously blaming Microsoft for every bad thing out there. What would be more of an interesting discussion, to me, would be why doesn't Microsoft know about these hoarding of vulnerabilities by State actors and plug them up? Are they really that clever of vulnerabilities? Does Microsoft not have the resources? Is Windows like the ocean, where there are just hundreds of new species awaiting to be discovered? Did Microsoft at least know of the NSA vulnerabilities, for example, and kept it classified until NSA told them to plug them up? -- Later, Joe
Re: Please run windows update now
On May 16, 2017, at 11:40 AM, JoeSox wrote: > LOL. I think that is a really bad example and I see many facilities in it, > including a hasty generalization, as intersections, and roads for that > matter, in America have been resigned to improve safety. So, if you want to talk about roads in the US, the first thing you have to do is look at the budgets. There are trillions of dollars worth of road improvements that should have been made over the past decades, but which haven't. You'd have to ask the politicians as to what they think the real reasons are, but my guess is that they were unwilling to make long-term investment on critical infrastructure, because it was seen as being too expensive in the short-term. And I definitely see a strong analogy there with what Microsoft has/has not done. > Isn't it true, with any tech product, the more complex features, the less > secure it is? Ask yourself why this is the case, and I believe the true > issue with tech lays there. To a degree, this is true. But there are more iOS devices out there than there are Windows boxes, and while iOS certainly isn't perfect, it definitely has a much better security posture. So, there is at least one other company out there that can do the job. I have to believe that there is more than just one. > I don't know. It is hard to imagine a professional IT nowadays, seriously > blaming Microsoft for every bad thing out there. I don't blame Microsoft for every bad thing out there. I do think they are, by far, the worst of the Fortune 25. But there are 24 other companies on that list who all have their own part to play -- including Apple. > What would be more of an interesting discussion, to me, would be why > doesn't Microsoft know about these hoarding of vulnerabilities by State > actors and plug them up? Well, this one is actually an old vulnerability, right? One that Microsoft supposedly fixed years ago? So, why didn't they fix it properly back then? > Are they really that clever of vulnerabilities? Does Microsoft not have the > resources? Is Windows like the ocean, where there are just hundreds of new > species awaiting to be discovered? > Did Microsoft at least know of the NSA vulnerabilities, for example, and > kept it classified until NSA told them to plug them up? Good conspiracy questions to ask. But frankly, I don't care that Microsoft wants to blame the NSA for hoarding vulnerabilities. If Microsoft had spent more time/money/effort to get their crap right the first time, then we wouldn't have this mess. We might have a different mess, but we wouldn't have this one. -- Brad Knowles
Yahoo mail / DNS admin on the list?
Having an intermittent issue where Yahoo's mail-servers keep complaining about not finding MX records for a small handful of customers (and always the same customers.) Tried submitting a ticket through the postmaster web-site but haven't gotten any response. Could someone contact me off-list? It would be greatly appreciated. Thanks! - bryan
Re: IRNOG1 Meeting
Make it fun, with cake and for the apostates, bacon On May 13, 2017 3:15:51 AM PDT, Shahab Vahabzadeh wrote: >Hello Hello, >Proudly I want to announce that 1st IRNOG Meeting will launch at 24th >of >May in Tehran. >In the first day of public announce we had near 90 people registered to >attend the meeting. >Hope to find this meeting useful in Iranian Community. It would be >great to >get your ideas about the experiences of coordinating such a meetings. > >http://ir-nog.com > >Thanks > >-- >Regards, >Shahab Vahabzadeh, Network Engineer and System Administrator > >PGP Key Fingerprint = 1C43 988E 01A8 4D95 B662 9118 CD94 9F10 4DF4 6163 -- Sent from my Android device with K-9 Mail. Please excuse my brevity.
Re: Please run windows update now
On Tue, 16 May 2017 12:23:36 -0500, Brad Knowles said: > On May 16, 2017, at 11:40 AM, JoeSox wrote: > > Isn't it true, with any tech product, the more complex features, the less > > secure it is? Ask yourself why this is the case, and I believe the true > > issue with tech lays there. > > To a degree, this is true. But there are more iOS devices out there than > there are Windows boxes, and while iOS certainly isn't perfect, it definitely > has a much better security posture. Note that most of iOS's improved security posture is due to its design as a launcher of apps from a tightly controlled source that tightly control the user experience. It's pretty damned easy to harden Windows as well, if you're going to hobble it into being a canned app launcher. Of course, that will piss off everybody who's using Windows as a base for a generalized computing environment rather than an app-launching kiosk, pgpBzNpDe9D0J.pgp Description: PGP signature
Re: Please run windows update now
On Tue, 16 May 2017 09:40:50 -0700, JoeSox said: > What would be more of an interesting discussion, to me, would be why > doesn't Microsoft know about these hoarding of vulnerabilities by State > actors and plug them up? It's pretty hard for Microsoft to know about an exploit the NSA is sitting on, until Shadow Brokers or similar spills the beans. > Are they really that clever of vulnerabilities? Does Microsoft not have the > resources? The talent pool for top-flight hackers is not all that large. And even if you acquire a large skilled team, there is *zero* guarantee that some other talented team won't find a hole that your team didn't spot. In fact, there's a lot of good reason to believe that exact situation happens *all the time*. >Is Windows like the ocean, where there are just hundreds of new > species awaiting to be discovered? Find statistics on average number of bugs per thousand lines of code. Find estimate of how many 10s of millions of lines of code ships as part of Windows. Do the math - and have alcohol handy for the almost certain drinking binge that the answer will inspire. > Did Microsoft at least know of the NSA vulnerabilities, for example, and > kept it classified until NSA told them to plug them up? There's lots of informed speculation on that one, but I can almost guarantee that you'll never get a definitive answer from somebody who actually know. pgpf83hSmaaJq.pgp Description: PGP signature
Re: IRNOG1 Meeting
... I'll show myself out. On May 16, 2017 10:35:29 AM PDT, "LHC (k9m)" wrote: >Make it fun, with cake and for the apostates, bacon > >On May 13, 2017 3:15:51 AM PDT, Shahab Vahabzadeh > wrote: >>Hello Hello, >>Proudly I want to announce that 1st IRNOG Meeting will launch at 24th >>of >>May in Tehran. >>In the first day of public announce we had near 90 people registered >to >>attend the meeting. >>Hope to find this meeting useful in Iranian Community. It would be >>great to >>get your ideas about the experiences of coordinating such a meetings. >> >>http://ir-nog.com >> >>Thanks >> >>-- >>Regards, >>Shahab Vahabzadeh, Network Engineer and System Administrator >> >>PGP Key Fingerprint = 1C43 988E 01A8 4D95 B662 9118 CD94 9F10 4DF4 >6163 > >-- >Sent from my Android device with K-9 Mail. Please excuse my brevity. -- Sent from my Android device with K-9 Mail. Please excuse my brevity.
Re: Yahoo mail / DNS admin on the list?
Someone has already reached out ... thanks! On 5/16/17 12:28 PM, Bryan Holloway wrote: Having an intermittent issue where Yahoo's mail-servers keep complaining about not finding MX records for a small handful of customers (and always the same customers.) Tried submitting a ticket through the postmaster web-site but haven't gotten any response. Could someone contact me off-list? It would be greatly appreciated. Thanks! - bryan
Re: Please run windows update now
YOU WENT THERE (ignores enough to run for president) On May 15, 2017 1:48:51 AM PDT, Randy Bush wrote: >> Or BSD, or anything but Windows. Anyone running Microsoft products >> is quite clearly an unprofessional, unethical moron and fully >deserves >> all the pain they get -- including being sued into oblivion by their >> customers and clients for their obvious incompetence and negligence. > >aside from being grossly rude, hyperbolic, and uninteligent, this rant >ignores reality enough to make you a viable presidential candidate. > >80% of desk/laptops run windows. get over it. windows is embedded in >many systems which will be hard to update in an hour or 100 hours. and >rude ranting is not doing one micron to help deal with it. > >embedded systems are very hard to update, think special drivers, kinky >mods, ... aside from the long softdev time, how much time do you think >QA will take for moving a piece of medical equipment from xp to win10, >let alone bsd? and the state of the bsd update process is not >something >to describe in polite company. > >we have a vulnerable chain from weak software (which is improving, and >msoft has been in the lead there for a decade), to nsa/cia not >disclosing, to people choosing or having to run old versions (of >whatever (and linux/bsd are not immune) for financial or technical >reasons, to the conservative or lazy logistics of patching. we can try >to improve things at each link. but this is gonna be slow. > >though this ransomware attack is not really that much larger than other >attacks in the past (and the future is not cheering), at least it has >reached the front pages and maybe people will patch more and vendors >will issue more/better updates. but, as @zeynep says, the lack of >liability along the chain above allows bad practices to continue. > >in the meantime, backup, backup and take it offline so it does not get >encrypted for you, patch, turn off unnecessary services/options, rinse >repeat. and try to promote prudent use among friends, family, and >workplace. > >randy -- Sent from my Android device with K-9 Mail. Please excuse my brevity.
Re: vFlow :: IPFIX, sFlow and Netflow collector
> Hello, > > Interesting, what receives and where do you keep flows at the other end of > messaging bus ? > > PS: in my case I am talking about hundreds of kilo flows/s that I would > like to keep for at least few weeks, so MemSQL or any other SQLs are out of > the picture. > > Thank you I've seen a lot of different approaches for people trying to build their own at that scale (taking off of a bus and storing for medium-long term analysis), so I'll share some data re: what I've seen (not specific to vFlow). MemSQL as shown is one option, and is super fast even multi-tenant for the in-ram row store. They have a to-disk column store as well but it is less optimized for massively indexed retrieval. Still, it's worth noting that it's not only an in-RAM solution. And it does batched inserts from row to column store so can keep up with pretty high ingest rates to diskful column store. Another option in the "native" SQL-y space is citusdb, though the high ingest rate was an issue last I looked, and it didn't have multi-tenancy/ rate-limiting support so any 1 monster query could slow everything down. Both MemSQL and Citus are commercial, though a lot of Citus functionality is OSS. And for just forensics (vs ad hoc fast querying for operational or BI purposes), they can be a good augment, though, but are well behind on performance vs. at least one commercial solution, especially for multi-tenant use (reports, peering analysis, spelunking via portal use, alerting, DDoS detection, etc all going on at once). There are plenty of Hadoop-ecosystem column stores as well that can take directly from Kafka or with light translation: Presto, Impala, Drill, and others. Most of them can do multi-column indexing and support SQL as an interface, but multi-tenancy support is also lacking and if you don't get indexes right, many kinds of queries can take minutes to hours over months of data (even from a relatively few routers). But they can all do multi hundred k FPS from Kafka. You'll also need to run a Hadoop cluster. And there HDFS-topped column store implementations running at pretty large scale. Spark I've never seen people stick with - it can compute real-time aggregates with streaming, and if you try to store from RAM to disk, it's less badly slow than Hadoop for map/reduce patterns, but it's slower than just about every column store for accessing trillions of records and doing specific sub-selections to query or dynamically aggregate. Clickhouse from Yandex is interesting but for flow people generally get hung up on its single column for indexing. It can scan VERY fast though, but that still puts it a bit better at 100% forensics use cases for the data scale you're asking about. The leading DIY option we see for store-all is actually the Elastic stack. There are still issues with security (everyone who can access the Elastic backend can access all of the data), and it can require a tremendous # of machines to keep it fast - easily tens of machines for hundreds of k FPS over months. But it's doable and can be pretty fast, if a bit less network-savvy. There's some support for storing prefixes now but still lacks some network savviness (projecting across AS paths, multi hop lookup for finding ultimate exit, flexibility in variable prefixlen querying) and you need to frontend with something like pmacct to do fusion and then build that into an HA architecture if it's really important. But there are a number of DIY setups we've seen that are Elastic-based - more than that are Hadoop/SQL-based. And then, the biggest flow store I know of (1 or 2 carriers may want to argue but I haven't seen theirs) is at DISA for DoD - > a decade of un-sampled flow coming from SiLK. All stored in hourly un-indexed files, essentially nothing but CLI to access, and cluster-able with work (there is a non-OSS add-on to do it). But it works and is pretty neat in its own way, which is optimized around again a forensics-only set of queries (vs. operations, BGP, peering, cost analytics and optimization also). And it can certainly ingest at more than the scale you're talking about and is pretty efficient in storing it on disk. And if you ran it on top of a big MapR-ish NFS cluster (no flames please, though I'm not completely joking) you can effectively cluster it. Still will be pretty slow for anything but time-bounded forensic queries. And then (separate topic and equally long potential survey) there are a new wave of streaming databases that can be used, which can consume directly from Kafka. If you don't mind having to pre-define queries, or using it to augment a column store, they can be MUCH more lightweight than any of the above options, though also lacking in some networking primitives. And if you're running on sampled flow already, the extra lack of precision might not be an issue (they pretty much all use probabalistic data structures like HLLs to do count and topN). And MemSQL can operat
Re: vFlow :: IPFIX, sFlow and Netflow collector
"NANOG" wrote on 05/16/2017 03:34:39 PM: > From: freed...@freedman.net (Avi Freedman) > To: Vitaly Nikolaev > Cc: nanog@nanog.org, Mehrdad Arshad Rad > Date: 05/16/2017 03:36 PM > Subject: Re: vFlow :: IPFIX, sFlow and Netflow collector > Sent by: "NANOG" > I've seen a lot of different approaches for people trying to build their > own at that scale (taking off of a bus and storing for medium-long term > analysis), so I'll share some data re: what I've seen (not specific to vFlow). Nice analysis of the current state of the art. > And then, the biggest flow store I know of (1 or 2 carriers may want to argue > but I haven't seen theirs) is at DISA for DoD - > a decade of un-sampled flow > coming from SiLK. All stored in hourly un-indexed files, essentially nothing > but CLI to access, FlowViewer provides a web GUI for invoking SiLK analysis tools. Provides textual and graphical analysis with the ability to track filtered subsets over time. Screenshots, etc.: https://sourceforge.net/projects/flowviewer/ Joe
Re: vFlow :: IPFIX, sFlow and Netflow collector
> "NANOG" wrote on 05/16/2017 03:34:39 PM: > Nice analysis of the current state of the art. Thanks; of DIY for store-all approaches, at least :) Commercial options is a different thread and I'm conflicted so shouldn't try to summarize those... > > And then, the biggest flow store I know of (1 or 2 carriers may want to > argue > > but I haven't seen theirs) is at DISA for DoD - > a decade of un-sampled > flow > > coming from SiLK. All stored in hourly un-indexed files, essentially > nothing > > but CLI to access, > > FlowViewer provides a web GUI for invoking SiLK analysis tools. Provides > textual and graphical analysis with the ability to track filtered subsets > over time. Screenshots, etc.: > > https://sourceforge.net/projects/flowviewer/ Sorry, forgot about flowviewer - I've never seen it in use and asked at a bunch of Flocons - but it looks updated more recently than I had thought. On a related topic, I'd love to see NANOGers and general netops and perf-minded people go to Flocon (put on by CERT, and heavily but not exclusively SiLK- and security-focused). Cross-pollination of interests, tools, and techniques will help us all... > > Joe Thanks, Avi
RE: Please run windows update now
> What would be more of an interesting discussion, to me, would be why > doesn't Microsoft know about these hoarding of vulnerabilities by State > actors and plug them up? Some state actors they do know. They custom write the security flaws on the state actors request. > Are they really that clever of vulnerabilities? Does Microsoft not have > the resources? Is Windows like the ocean, where there are just hundreds of new > species awaiting to be discovered? > Did Microsoft at least know of the NSA vulnerabilities, for example, and > kept it classified until NSA told them to plug them up? Of course Microsoft knew, since they wrote in the backdoor in the first place. That is why when informed by their employers that the backdoor was going to be made public, they could undo the changes they had introduced so rapidly.
Re: Please run windows update now
On Tue, 16 May 2017 16:41:36 -0600, "Keith Medcalf" said: > Of course Microsoft knew, since they wrote in the backdoor in the first > place. That is why when informed by their employers that the backdoor was > going to be made public, they could undo the changes they had introduced so > rapidly. Do you have any actual evidence or citations that in fact, this was an intentionally inserted backdoor? pgp0eAjOEyDNL.pgp Description: PGP signature
Re: Please run windows update now
On Tue, May 16, 2017 at 08:12:41PM -0400, valdis.kletni...@vt.edu wrote: > On Tue, 16 May 2017 16:41:36 -0600, "Keith Medcalf" said: > > Of course Microsoft knew, since they wrote in the backdoor in the first > > place. That is why when informed by their employers that the backdoor was > > going to be made public, they could undo the changes they had introduced so > > rapidly. > > Do you have any actual evidence or citations that in fact, this was an > intentionally inserted backdoor? You'll have to speak up, he can't hear you over the rustling of the tin foil. - Matt
Re: Please run windows update now
On Wed, 17 May 2017, Matt Palmer wrote: > > > > Do you have any actual evidence or citations that in fact, this was an > > intentionally inserted backdoor? > > You'll have to speak up, he can't hear you over the rustling of the tin > foil. > > - Matt > Pretty low blow considering if I saw "greys" in my yard, I'd be all: "OMGF illuminati!" -- =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ J. Oquendo SGFA, SGFE, C|EH, CNDA, CHFI, OSCP, CPT, RWSP, GREM "Where ignorance is our master, there is no possibility of real peace" - Dalai Lama 0B23 595C F07C 6092 8AEB 074B FC83 7AF5 9D8A 4463 https://pgp.mit.edu/pks/lookup?op=get&search=0xFC837AF59D8A4463
RE: Please run windows update now
On Tuesday, 16 May, 2017 18:13, Valdis Kletnieks wrote: > On Tue, 16 May 2017 16:41:36 -0600, "Keith Medcalf" said: >> Of course Microsoft knew, since they wrote in the backdoor in the first >> place. That is why when informed by their employers that the backdoor >> was going to be made public, they could undo the changes they had >> introduced so rapidly. > Do you have any actual evidence or citations that in fact, this was an > intentionally inserted backdoor? Equal in quantity and quality to the evidence to the contrary.
Re: Please run windows update now
On Tue, 16 May 2017 20:55:37 -0600, "Keith Medcalf" said: > > On Tuesday, 16 May, 2017 18:13, Valdis Kletnieks wrote: > > On Tue, 16 May 2017 16:41:36 -0600, "Keith Medcalf" said: > > >> Of course Microsoft knew, since they wrote in the backdoor in the first > >> place. That is why when informed by their employers that the backdoor > >> was going to be made public, they could undo the changes they had > >> introduced so rapidly. > > > Do you have any actual evidence or citations that in fact, this was an > > intentionally inserted backdoor? > > Equal in quantity and quality to the evidence to the contrary. In that case, "Of course Microsoft didn't know" is equally probable. In fact, it's *more* probable, because if it was intentional, they'd have to have ways in place to make sure that if some random programmer managed to find it and report it, the bug wouldn't get fixed - and the fact that there was a long-standing bug not fixed didn't get noticed by the QA team and the rest. After all, once some TLA paid good money to get that backdoor installed, the *last* thing you want happening is the sentence, "What do you mean, you accidentally fixed it?" Plus, since "Microsoft didn't intentionally put the MS17-010 bug in as a backdoor" is the null hypothesis, it requires zero evidence, and it's your job to bring positive evidence for the non-null hypothesis. pgp87aeORfKPX.pgp Description: PGP signature
Re: Please run windows update now
Can we end this thread? I think the original intent has come and gone. Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On May 16, 2017 11:40 PM, wrote: > On Tue, 16 May 2017 20:55:37 -0600, "Keith Medcalf" said: > > > > On Tuesday, 16 May, 2017 18:13, Valdis Kletnieks wrote: > > > On Tue, 16 May 2017 16:41:36 -0600, "Keith Medcalf" said: > > > > >> Of course Microsoft knew, since they wrote in the backdoor in the > first > > >> place. That is why when informed by their employers that the backdoor > > >> was going to be made public, they could undo the changes they had > > >> introduced so rapidly. > > > > > Do you have any actual evidence or citations that in fact, this was an > > > intentionally inserted backdoor? > > > > Equal in quantity and quality to the evidence to the contrary. > > In that case, "Of course Microsoft didn't know" is equally probable. > > In fact, it's *more* probable, because if it was intentional, they'd > have to have ways in place to make sure that if some random programmer > managed to find it and report it, the bug wouldn't get fixed - and the > fact that there was a long-standing bug not fixed didn't get noticed by > the QA team and the rest. After all, once some TLA paid good money to > get that backdoor installed, the *last* thing you want happening is the > sentence, "What do you mean, you accidentally fixed it?" > > Plus, since "Microsoft didn't intentionally put the MS17-010 bug in as > a backdoor" is the null hypothesis, it requires zero evidence, and it's > your job to bring positive evidence for the non-null hypothesis. >
Re: Please run windows update now
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On Tue, 2017-05-16 at 10:33 -0500, Brad Knowles wrote: > > In the American approach, if there are a significant number of road > fatalities, then it's the drivers own fault and they should have taken > more care. They are automatically to blame for their own failure. Not in all parts of America. Highway 18 here just got a full metal barrier separating the opposing traffic in much of the 4 lane section. 55 mph limit, lots of tight curves, about 18 inches separation between the opposing traffic, and a bunch of drivers that don't know how to drive around a curve. Someone got tired of all the head on crashes, so they "fixed" the road. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.14 (GNU/Linux) iEYEAREKAAYFAlkb1NQACgkQL6j7milTFsESFwCfY956WrGCswGc2CNPt1nHhGF0 WGYAnRsj+MZ937fiKjEbfNvCEiyUBx8o =T1L3 -END PGP SIGNATURE-
