No, but the situations I'm talking about are *not* those types of
situations. There's no reason why input coming in from a web server
should not be properly bounds checked.
As you suggest later on, maybe I wasn't reading clearly. I thought we
were discussing BSOD crashes, which are typically
James Tucker wrote:
One of the primary laws for speed optimisation is to trust your input
and allow for data flow instantly. Especially if your trying to send
say, an interrupt, we could re-index all of the interrupts available,
and then send it. But we'd have missed any time dependancy we were
Micheal Espinola Jr wrote:
Bruce, I don't think you are going to find hard evidence for either
conclusion. But Bruce's conclusion is consistent with my own
experiences, and that of many other Administrators that I discuss
issues like this with.
Since its inception, supporting NT 3.0 beta and
Micheal Espinola Jr wrote:
I'm not and have not been referring to hackers what-so-ever. I'm
referring to poorly written drivers.
You guys are all over the place. I'm done.
On 10/4/05, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
On Tue, 04 Oct 2005 08:16:34 EDT, Micheal Espinola Jr said:
I do see how it all comes together, and I agree as a whole. I'm
certainly not excusing MS of their responsibility to the matter.
My comments only referred to legitimate use of the OS, using
supporting software and drivers, in which case you should be able to
depend on proper coding from every
: Since its inception, supporting NT 3.0 beta and onward, I have been
: dealing with BSOD's. In total, there have been comparatively very few
: times were it was a direct fault of MS code. It has very commonly been
: in relation to 3rd party drivers that needed reworking or updating by
:
I don't appreciate you changing caps in my name. I'm not 'spin'ing
anything - I addressed a specific question with an honest real-world
answer. I did not include propaganda nor did I denounce any alternate
products. There's no need to be a disrespectful ass.
Absolutely, Win95 was a pain in the
: I don't appreciate you changing caps in my name. I'm not 'spin'ing
: anything - I addressed a specific question with an honest real-world
: answer. I did not include propaganda nor did I denounce any alternate
: products. There's no need to be a disrespectful ass.
A decade of close
On Tue, Oct 04, 2005 at 07:51:34AM -0400, security curmudgeon wrote:
Fine, it isn't PR spin. But, compare this to Unix. How many times do you
run user-land, 3rd party applications, that cause a kernel panic?
They don't, but they don't in Windows either: We're talking about
*drivers* doing
On Tue, 04 Oct 2005 08:16:34 EDT, Micheal Espinola Jr said:
Without getting into specifics that no longer matter, surely they
could have did their part better to handle malformed input - but who
was malform'ing the input in the first place?
That's right. Blame the hackers. Sounds like a
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of Micheal Espinola Jr
Sent: Tuesday, October 04, 2005 12:12 PM
To: full-disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure] Bigger burger roll needed
I'm
Thanks Randall :-)
You know, I wouldn't mind it IF the conversation was properly
[re]directed in context. In fact it often leads to many fascinating
discussions. But other times it feels like some people that
contributing are schizophrenic.
Why if someone doesn't like or agree with a
: You know, I wouldn't mind it IF the conversation was properly
: [re]directed in context. In fact it often leads to many fascinating
: discussions. But other times it feels like some people that
: contributing are schizophrenic.
Seems like the people that didn't catch that leap don't quite
I like how security professionals see themselves as part of the intellectual elite and the computer users as the ignorant hoards.
In a field where anyone is call an expert, and 16 year olds can pass a CISSP, how is it that these experts forget they are only a certification away from being
someone else is being paid to, or do
you want to be out of a job? :)
-Original Message-
From: Virus Friendly [EMAIL PROTECTED]
To: n3td3v [EMAIL PROTECTED]
Date: Mon, 3 Oct 2005 04:47:09 -0400
Subject: Re: [Full-disclosure] Bigger burger roll needed
I like how security professionals see
.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On
Behalf Of phased
Sent: Monday, October 03, 2005 5:26 AM
To: full-disclosure@lists.grok.org.uk
Subject: Re[2]: [Full-disclosure] Bigger burger roll needed
Put information infront of the user
On Mon, 3 Oct 2005, Randall M wrote:
Virus Friendly and phased might be to young to remember the old saying what
you want the next generation to believe begin teaching this generation. It
That's a nicely worded brainwashing statement. How about having the next
generation believe truth not
On Mon, 03 Oct 2005 07:49:33 EDT, J. Oquendo said:
On Mon, 3 Oct 2005, Randall M wrote:
Virus Friendly and phased might be to young to remember the old saying what
you want the next generation to believe begin teaching this generation. It
That's a nicely worded brainwashing statement.
On Mon, 03 Oct 2005 07:49:33 EDT, J. Oquendo said:
On Mon, 3 Oct 2005, Randall M wrote:
is a known fact that the major cause of computer criminal acts is the result
of careless and uneducated users. I have said it again and again, the User
is the best defense any Admin can have.
by
On Mon, Oct 03, 2005 at 08:50:27AM -0400, [EMAIL PROTECTED] wrote:
One acronym: BSOD. Why have users learned what it is, and grown accepting of
seeing one? Do you know any Windows users who have *never* encountered one?
The majority of BSODs are caused by buggy third-party drivers and malware
While its easy to recognize your point, it's also quite moot.
The supportability issues of long ago, are just that - long ago. The
customer base was, when the PC market first expanded and continues to
be, vastly larger from when computer companies offered that type of
service. ...and at at much
On Mon, 3 Oct 2005, Steve Friedl wrote:
The majority of BSODs are caused by buggy third-party drivers and malware
(rootkits, etc.) Is that part of Microsoft's monopolistic abuse?
Does any kind of evidence (apart from PR-flack-based spin) exist for this
conclusion?
Can you point me to it?
Bruce, I don't think you are going to find hard evidence for either
conclusion. But Bruce's conclusion is consistent with my own
experiences, and that of many other Administrators that I discuss
issues like this with.
Since its inception, supporting NT 3.0 beta and onward, I have been
dealing
err, But Steve's conclusion is consistent with my own...
On 10/3/05, Micheal Espinola Jr [EMAIL PROTECTED] wrote:
Bruce, I don't think you are going to find hard evidence for either
conclusion. But Bruce's conclusion is consistent with my own
experiences, and that of many other Administrators
On Mon, Oct 03, 2005 at 10:37:05AM -0600, Bruce Ediger wrote:
Does any kind of evidence (apart from PR-flack-based spin) exist
for this conclusion?
This is what Microsoft tells me what they gather from the online error
reporting and crash analysis, and it comports with my experience as
well. I
On Mon, 03 Oct 2005 06:42:37 PDT, Steve Friedl said:
On Mon, Oct 03, 2005 at 08:50:27AM -0400, [EMAIL PROTECTED] wrote:
One acronym: BSOD. Why have users learned what it is, and grown accepting
of
seeing one? Do you know any Windows users who have *never* encountered one?
The majority
On Mon, 03 Oct 2005 06:42:37 PDT, Steve Friedl said:
On Mon, Oct 03, 2005 at 08:50:27AM -0400, [EMAIL PROTECTED] wrote:
Perhaps if they hadn't been so busy designing baroque undocumented APIs for
the
use of their own monopolistic software(*), they could have designed a cleaner
API
that
On Mon, Oct 03, 2005 at 03:41:58PM -0400, TheGesus wrote:
In NT4 they redesigned the GDI so that the user could bypass
userland and talk straight to the kernel.
It's been so long I don't recall the exact details, but this re-hack
paved the way for DirectX and sped up the response of the new
28 matches
Mail list logo
