On Wed, 2003-10-01 at 02:30, Schmehl, Paul L wrote:
> We don't let people drive cars without some proof that they know how.
> We don't even let them neglect the maintenance any more (think emissions
> inspections.) Why should we let people use computers with no training,
> no awareness of the pote
Yeah you know, that has always been my theory as to why,
in Star Trek (and others), the control panels on starship
bridges sometimes explode with sparks and smoke for no better reason
than that some component on the outer hull got shot up by the
Klingons (or whoever); its an important feedback
mech
Yeah you know, that has always been my theory as to why,
in Star Trek (and others), the control panels on starship
bridges sometimes explode with sparks and smoke for no better reason
than that some component on the outer hull got shot up by the
Klingons (or whoever); its an important feedback
mech
On 30 Sep 2003 at 14:27, Cael Abal wrote:
> "We counted the number of application and operating systems failures and
> found that Windows XP Professional ran over 30 times as long without
> encountering problems as those systems running Windows 98 SE."
>
> http://microsoft.com/windowsxp/pro/eva
Oh come on. We don't expect our mechanics to brake and steer for us,
fer cryin' out loud. We're not talking about *maintaining the computer.
We're talking about *operating* it. Things like passwords, awareness of
attachment dangers, the need for routine patching (think oil changes)
and up to dat
On Mon, 2003-09-29 at 18:30, Bruce Ediger wrote:
> Rodrigo Barbosa wrote:
> > > As I said, I also think that Micro$oft is as insecure as my 8
> > > y/o daughter playing with a handgun.
>
> And then, On Mon, 29 Sep 2003, Schmehl, Paul L replied:
> > Your daughter wouldn't be insecure playing with a
CTED] Behalf Of morning_wood
Sent: Tuesday, September 30, 2003 8:57 AM
To: Curt Purdy; 'Georgi Guninski'; [EMAIL PROTECTED]
Subject: Re: [inbox] Re: [Full-Disclosure] CyberInsecurity: The cost of
Monopoly
>What ever happened to that great crew
> at L0pht Heavy Industries? Personally, I wil
>-Original Message-
>From: Chris Cozad [mailto:[EMAIL PROTECTED]
>Sent: Tuesday, September 30, 2003 1:10 AM
>To: Schmehl, Paul L
>Cc: '[EMAIL PROTECTED]'
>Subject: RE: [inbox] Re: [Full-Disclosure] CyberInsecurity: The cost of
Monopoly
>
>Do you really th
ski [mailto:[EMAIL PROTECTED]
Sent: Tuesday, September 30, 2003 1:04 AM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: Re: [Full-Disclosure] CyberInsecurity: The cost of Monopoly
Knowing m$, i am not surprised by this accident.
This is just more FUD - you bash m$, you lose your job.
Question
On Mon, 29 Sep 2003 00:36:42 EDT, Kristian Hermansen <[EMAIL PROTECTED]> said:
> reason for the lack of security patches. If there are so few boxes on the
> net with relatively little use, why do we need Netware exploits? They do
> exist, but who here has ever used one? If Netware were as popu
>What ever happened to that great crew
> at L0pht Heavy Industries? Personally, I will never purchase another
@Stake
> product or service again.
>
sellouts, but then again... driving new BMW M8's are a bit better than
staying
tru-2-da-kr3w. I just wish they stopped giving crap advice to the masses
al Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Rodrigo
Barbosa
Sent: Tuesday, September 30, 2003 2:01 AM
To: [EMAIL PROTECTED]
Subject: Re: [inbox] Re: [Full-Disclosure] CyberInsecurity: The cost of
Monopoly
On Mon, Sep 29, 2003 at 11:51:03PM -0500, Paul Schmehl wr
Knowing m$, i am not surprised by this accident.
This is just more FUD - you bash m$, you lose your job.
Question to the Microsoft Certified Solitaire Experts and simlar crowd:
Is your freedom so cheap?
georgi
On Sat, 27 Sep 2003 00:43:36 + (GMT)
[EMAIL PROTECTED] (*Hobbit*) wrote:
> I gott
essage-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Georgi
Guninski
Sent: Tuesday, September 30, 2003 6:31 AM
To: [EMAIL PROTECTED]
Subject: [inbox] Re: [Full-Disclosure] CyberInsecurity: The cost of
Monopoly
[resending because of FD filter]
Knowing m$, i am not surprised by thi
[resending because of FD filter]
Knowing m$, i am not surprised by this accident.
This is just more FUD - you bash m$, you lose your job.
Question to the Microsoft Certified Solitaire Experts and simlar crowd:
Is your freedom so cheap?
georgi
On Sat, 27 Sep 2003 00:43:36 + (GMT)
[EMAIL PROT
> No, I meant proper security training. Is that so hard to understand?
> Regardless of the OS, every user should know how and why to patch. Every
> user should understand what social engineering is, how to detect it and
> what to do about it. Every user should understand physical security,
> l
On Mon, Sep 29, 2003 at 11:51:03PM -0500, Paul Schmehl wrote:
> >As some may recall, my original statement was an answer to someone that
> >was points that Unix is more secure then Windows (I agree up to this
> >point), and gave and example telling that there are still several codered
> >vulnerable
--On Monday, September 29, 2003 19:30:24 -0600 Bruce Ediger
<[EMAIL PROTECTED]> wrote:
I realize you're from Texas and everything, but are you nuts?
An 8-year old with a handgun should cause vast feelings of insecurity
in you, with or without proper training on her part.
Hmmm...I am from Texas, an
--On Monday, September 29, 2003 21:49:26 -0300 Rodrigo Barbosa
<[EMAIL PROTECTED]> wrote:
As some may recall, my original statement was an answer to someone that
was points that Unix is more secure then Windows (I agree up to this
point), and gave and example telling that there are still several c
Rodrigo Barbosa wrote:
> > As I said, I also think that Micro$oft is as insecure as my 8
> > y/o daughter playing with a handgun.
And then, On Mon, 29 Sep 2003, Schmehl, Paul L replied:
> Your daughter wouldn't be insecure playing with a handgun if she had had
> proper handgun safety training. W
On Mon, Sep 29, 2003 at 07:27:51PM -0500, Frank Knobbe wrote:
> Don't shift blame to the admins. There are good admins on Windows, and
"Shift blame" ? I'm not doing such a thing. Also, I'm not here
shift blaming from admin. I'm just saying the OS A_L_O_N_E should not
be blammed. There are bugs on
On Mon, 2003-09-29 at 17:24, Rodrigo Barbosa wrote:
> My whole point is: I do think Windows is insecure, but one cannot blame
> Windows alone. There are many, many server still vulnerable to CodeRed,
> and that, these days, is mostly a fault of the server admin.
Don't shift blame to the admins. T
On Mon, Sep 29, 2003 at 12:39:14PM -0500, Schmehl, Paul L wrote:
> > As I said, I also think that Micro$oft is as insecure as my 8
> > y/o daughter playing with a handgun.
> >
> Your daughter wouldn't be insecure playing with a handgun if she had had
> proper handgun safety training. Wouldn't th
Hate to say it but Roberta Bragg actually wrote something worth reading
on this subject.
Came out here:
September 29, 2003
Security Watch
http://mcpmag.com/security/
http://ENTmag.com
Handled it pretty well for someone who only does MS security.
I myself could care less about the platfrom debat
> -Original Message-
> From: Rodrigo Barbosa [mailto:[EMAIL PROTECTED]
> Sent: Monday, September 29, 2003 10:49 AM
> To: Curt Purdy
> Cc: [EMAIL PROTECTED]
> Subject: Re: [inbox] Re: [Full-Disclosure] CyberInsecurity:
> The cost of Monopoly
>
>
> As I sai
As I said, I also think that Micro$oft is as insecure as my 8 y/o daughter
playing with a handgun.
But you do have to agree with me when I say that a great part of the
security problems we find in the wild, expecially regarding bug for which
fixed have been issued for several months, come from bad
It's late and I am going to bed. However before I do I have to address
this fallacious logic:
On or about 2003.09.29 00:36:42 +, Kristian Hermansen ([EMAIL PROTECTED]) said:
> The reason that MOST people look to exploit software/OS's is so that they
> can gain priviledges [sic] on the system.
ansen
- Original Message -
From: "Curt Purdy" <[EMAIL PROTECTED]>
To: "'Rodrigo Barbosa'" <[EMAIL PROTECTED]>;
<[EMAIL PROTECTED]>
Sent: Sunday, September 28, 2003 6:11 PM
Subject: RE: [inbox] Re: [Full-Disclosure] CyberInsecurity: The cost o
Peter Busser escreveu:
Hi!
Destroying the monopoly also lets the World get rid of (Anti)Virus
companies, since they are protected by Microsoft Virus Support(TM).
The fact that writing virusses and worms is easier and more rewarding on
MS-Windows systems, that doesn't mean that they are impossi
--On Sunday, September 28, 2003 8:04 PM +0200 Michal Zalewski
<[EMAIL PROTECTED]> wrote:
I'd argue... many vendors (Okena aka Cisco, BlackICE aka ISS, etc)
provide integrated corporation-wide mechanisms for enforcing group
firewalling, access and logging/IDS policies on workstations or groups of
w
EMAIL PROTECTED]
Subject: [inbox] Re: [Full-Disclosure] CyberInsecurity: The cost of
Monopoly
On Fri, Sep 26, 2003 at 11:59:04PM -0600, Bruce Ediger wrote:
> On Fri, 26 Sep 2003, Rick Kingslan wrote:
> Oh, wait. Apache has about 2 times the market share of IIS, and I'm
> still getting
an'; '*Hobbit*'; [EMAIL PROTECTED]
Subject: [inbox] Re: [Full-Disclosure] CyberInsecurity: The cost of
Monopoly
On Sat, Sep 27, 2003 at 01:12:01PM -0500, Curt Purdy wrote:
> I think we have lost the point of the thread CyberInsecurity: The Cost of
> Monopoly which states yo
On Sun, 2003-09-28 at 15:38, Michal Zalewski wrote:
> So it's probably pointless to call for a revolution in this regard. My
> interpretation of what Paul said was that he referred to the problem of
> "blob networks" that cannot be held accountable and are often very
> difficult to control.
Nah, I
On Sun, 28 Sep 2003, Frank Knobbe wrote:
> I think Paul's sentiment was that current efforts are focused on
> networks, IP addresses, firewalls, protocols, etc, basically focusing on
> the _transport_ of data. I think what we need are better mechanism to
> protect the _data_ itself, not just the t
On Sun, Sep 28, 2003 at 08:04:58PM +0200, Michal Zalewski wrote:
> I'd argue... many vendors (Okena aka Cisco, BlackICE aka ISS, etc)
> provide integrated corporation-wide mechanisms for enforcing group
> firewalling, access and logging/IDS policies on workstations or groups of
> workstations (and
On Sun, Sep 28, 2003 at 12:20:28PM -0500, Paul Schmehl wrote:
> I don't think "we" as a "security community" have even begun to tackle this
> problem. We talk about it, but who is *really* doing it? For example, if
> you want to network machines you *have* to use SMB/NetBIOS for Windows, NFS
On Sun, 2003-09-28 at 13:04, Michal Zalewski wrote:
> I'd argue... many vendors [...]
> provide integrated corporation-wide mechanisms for enforcing group
> firewalling, access and logging/IDS policies on workstations or groups of
> workstations (and, why not, also servers).
> [...]
> The technolog
On Sun, 28 Sep 2003, Paul Schmehl wrote:
> Oh, you might have a firewall that cordons off accounting from the rest
> of the enterprise, but *inside* accounting, you still have the "soft,
> chewy" problem. I haven't really seen anything that addresses this
> problem, and I'm not aware of anyone wh
--On Sunday, September 28, 2003 8:14 AM -0400 Karl DeBisschop
<[EMAIL PROTECTED]> wrote:
Crunchy shell, soft-chewy insides?
I don't think "we" as a "security community" have even begun to tackle this
problem. We talk about it, but who is *really* doing it? For example, if
you want to network
On Sun, 2003-09-28 at 04:20, Florian Weimer wrote:
> On Sat, Sep 27, 2003 at 01:12:01PM -0500, Curt Purdy wrote:
>
> > I think we have lost the point of the thread CyberInsecurity: The Cost of
> > Monopoly which states your exact point that diversity is the most important
> > aspect of network pro
On Sat, Sep 27, 2003 at 01:12:01PM -0500, Curt Purdy wrote:
> I think we have lost the point of the thread CyberInsecurity: The Cost of
> Monopoly which states your exact point that diversity is the most important
> aspect of network protection.
I often hear such claims, but I'd rather see compan
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Saturday 27 September 2003 13:51, Jonathan A. Zdziarski wrote:
> I couldn't help but interject my 2 cents. Visiting your website I see:
>
> Main Entry: joe·ware
> Pronunciation: 'jO-"war
> Function: noun
> Date: 2000
>
> : generally useful idea pul
Well since neither you, myself, or anyone else on this list is
interested in this thread continuing, I'll make a few minor comments,
and you can go back to all that finger licking good turkey. I've toned
my comments down a bit to be more conversational rather than
confrontational. If you want to
> You're _assuming_ I am Anti-MS. I may be Anti-MS-Politics but am not
> bent against the operating system. I
Note I said anti-MS, not anti-Windows. You are certainly anti-MS, your
anti-Windows or not is still a little shakey but I would say yes, you should
come out of the closet on it. It app
Le sam 27/09/2003 à 22:49, Jonathan A. Zdziarski a écrit :
> There were just s many features from 95 to 98 to ME.
> None of these constituted a new product.
Nor any security enhancement, by the way...
--
http://www.netexit.com/~sid/
PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA24000
> Cool thanks! I decided to add a link to the site just before I posted so it
> would give the anti-MS folks something to attack. I am glad I could be of
> assistance to you.
You're _assuming_ I am Anti-MS. I may be Anti-MS-Politics but am not
bent against the operating system. I certainly unde
> I can't recall ever speaking to someone who actually bought a new
> application from a vendor simply because their old version of the
> application from the vendor was insecure or buggy. In fact, that would tend
> to push them to look elsewhere.
Well Microsoft expects you to buy it for those r
> > I can't recall ever speaking to someone who actually bought a new
> > application from a vendor simply because their old version of the
> > application from the vendor was insecure or buggy. In fact, that
> > would tend to push them to look elsewhere.
>
> Well Microsoft expects you to buy it
You did a great job of assuming what was being said here. You have an
incredible career in assumption waiting for you.
> I couldn't help but interject my 2 cents. Visiting your
> website I see:
Cool thanks! I decided to add a link to the site just before I posted so it
would give the anti-MS f
I couldn't help but interject my 2 cents. Visiting your website I see:
Main Entry: joe·ware
Pronunciation: 'jO-"war
Function: noun
Date: 2000
: generally useful idea pulled out of the ether by joe: as a: script
and/or tool that makes the difficult easy; specifically: system
administration tools
> I can't recall ever speaking to someone who actually bought a new
> application from a vendor simply because their old version of the
> application from the vendor was insecure or buggy. In fact, that would tend
> to push them to look elsewhere.
Well Microsoft expects you to buy it for those re
Isn't this a great country? We defend to death the rights for anyone to
speak their opinion. Even if the opinion is uninformed, shortsighted, or
silly.
I can't recall ever speaking to someone who actually bought a new
application from a vendor simply because their old version of the
application fr
I couldn't help but interject my 2 cents. Visiting your website I see:
Main Entry: joe·ware
Pronunciation: 'jO-"war
Function: noun
Date: 2000
: generally useful idea pulled out of the ether by joe: as a: script
and/or tool that makes the difficult easy; specifically: system
administration tools
Hmmm, I have thought about it.
Yes I take pride in my work.
Not an MC* anything. Don't believe I need a piece of paper to say I am
capable of anything. I either do it or I don't do it. It's up to me. In
general I feel that if your opinion of me if based on me holding a piece of
paper or not is y
Hmmm, I have thought about it.
Yes I take pride in my work.
Not an MC* anything. Don't believe I need a piece of paper to say I am
capable of anything. I either do it or I don't do it. It's up to me. In
general I feel that if your opinion of me if based on me holding a piece of
paper or not is y
CTED] On Behalf Of *Hobbit*
Sent: Friday, September 26, 2003 7:44 PM
To: [EMAIL PROTECTED]
Subject: RE: [Full-Disclosure] CyberInsecurity: The cost of Monopoly
I gotta love how all the Microsoft victims get all defensive when someone
implies that they've spent the last decade+ ruining their
4 PM
To: [EMAIL PROTECTED]
Subject: RE: [Full-Disclosure] CyberInsecurity: The cost of Monopoly
I gotta love how all the Microsoft victims get all defensive when someone
implies that they've spent the last decade+ ruining their own careers and
wasting time running in tiny circles getting pre
aturday, September 27, 2003 1:09 AM
To: [EMAIL PROTECTED]
Subject: Re: [Full-Disclosure] CyberInsecurity: The cost of Monopoly
I suspect we are starting a game of telephone ...
It appears to me (and I'm going to be nice and *not* include the entire
thread in the message ;-) that this started
tion Assurance Analyst
DSN: 315-449-4317, Comm: 808-449-4317
-Original Message-
From: Peter Busser [mailto:[EMAIL PROTECTED]
Sent: Saturday, September 27, 2003 3:53 AM
To: [EMAIL PROTECTED]
Subject: Re: [Full-Disclosure] CyberInsecurity: The cost of Monopoly
Hi!
> Destroying the monopoly also lets the World get rid of (Anti)Virus
> companies, since they are protected by Microsoft Virus Support(TM).
The fact that writing virusses and worms is easier and more rewarding on
MS-Windows systems, that doesn't mean that they are impossible on free software
On Fri, Sep 26, 2003 at 11:59:04PM -0600, Bruce Ediger wrote:
> On Fri, 26 Sep 2003, Rick Kingslan wrote:
> Oh, wait. Apache has about 2 times the market share of IIS, and I'm
> still getting Code Red and Nimda hits TWO YEARS after they were released.
>
> By contrast, I only got about 2 days wort
I gotta love how all the Microsoft victims get all defensive when someone
implies that they've spent the last decade+ ruining their own careers
and wasting time running in tiny circles getting pretty much nowhere.
Do you guys honestly take PRIDE in your WORK?? What, and tacking MCS*
after your na
"Bruce Ediger" <[EMAIL PROTECTED]> wrote:
> On Fri, 26 Sep 2003, Rick Kingslan wrote:
>
> > I'll not argue that the Windows operating systems are the target of the
> > majority of virus', but that's typically what happens when a system is
used
> > by a known large group of people that might not be
On Fri, 26 Sep 2003, Rick Kingslan wrote:
> I'll not argue that the Windows operating systems are the target of the
> majority of virus', but that's typically what happens when a system is used
> by a known large group of people that might not be qualified to run a
> computer, much less secure it.
I suspect we are starting a game of telephone ...
It appears to me (and I'm going to be nice and *not* include the
entire thread in the message ;-) that this started out with the
citation of the CCIA paper regarding Dan Geer getting shown the door.
The response (which was posted by Jon on behalf o
de
Souza
Sent: Friday, September 26, 2003 8:07 PM
To: Jonathan A. Zdziarski
Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: [Full-Disclosure] CyberInsecurity: The cost of Monopoly
Destroying the monopoly also lets the World get rid of (Anti)Virus
companies, since they are protected by Microso
--On Friday, September 26, 2003 10:06 PM -0300 Fabio Gomes de Souza
<[EMAIL PROTECTED]> wrote:
Virues have never been a threat for Open Source systems, since they
(viruses) use vulnerabilities that get fixed by users *regardless* of
some company liking or not.
Nick??? This is your cue. :-)
Paul
Destroying the monopoly also lets the World get rid of (Anti)Virus
companies, since they are protected by Microsoft Virus Support(TM).
Viruses are a threat which has been intentionally neglected by Microsoft
since the AntiVirus thing became a business. A BIG business. Imagine if
Microsoft remov
On Thu, 25 Sep 2003, Marc Maiffret wrote:
> They are going to need to update Dan Geers title in the report...
> Microsoft critic loses job over report
> http://www.msnbc.com/news/971914.asp?0si=-
thankfully, some of us will see Dan as a hero and @stake as another
wannabe monopoly. i have noticed
| Cc: Jonathan A. Zdziarski; [EMAIL PROTECTED];
| [EMAIL PROTECTED]
| Subject: RE: [Full-Disclosure] CyberInsecurity: The cost of Monopoly
|
|
| On Thu, 25 Sep 2003, Marc Maiffret wrote:
| > They are going to need to update Dan Geers title in the report...
| > Microsoft critic loses job over repo
http://images.google.com/imgres?imgurl=www.acsac.org/2002/geer.gif&imgrefurl=http://www.acsac.org/2002/essay.html&h=208&w=160&prev=/images%3Fq%3Ddaniel%2B%2Bgeer%2B%2B%26svnum%3D10%26hl%3Den%26lr%3D%26ie%3DUTF-8%26oe%3DUTF-8%26safe%3Doff%26sa%3DG
Found him in images.google.com
There are a lot of
At 10:08 PM 9/25/2003 -0400, Jonathan A. Zdziarski wrote:
Oddly his leaving the company was effective on the 23rd, but the article
wasn't released to the general public until the 24th (at least that's
how it's dated). I wonder if he may have resigned.
Nah - I hear @stake is trying to make the firi
Two points:
One - Geer's name is only one of many on this report. There are seven
peoples' names, and all command considerable respected in the community.
Therefore I assert that the report will stand any scrutiny, and that
it has merit on its own.
Two - if Geer was fired as a result of the repo
RE: [Full-Disclosure] CyberInsecurity: The cost of Monopoly
They are going to need to update Dan Geers title in the report...
Microsoft critic loses job over report
http://www.msnbc.com/news/971914.asp?0si=-
Signed,
Marc Maiffret
Chief Hacking Officer
eEye Digital Security
T.949.349.9062
F.949.349.
Oddly his leaving the company was effective on the 23rd, but the article
wasn't released to the general public until the 24th (at least that's
how it's dated). I wonder if he may have resigned.
On Thu, 2003-09-25 at 21:45, Richard M. Smith wrote:
> Yep, confirmed by Internet Explorer/Google:
>
PROTECTED]; [EMAIL PROTECTED]
| Subject: [Full-Disclosure] CyberInsecurity: The cost of Monopoly
|
|
| This was released yesterday just incase nobody noticed.
| http://www.ccianet.org/papers/cyberinsecurity.pdf
|
| Among the authors are Bruce Schnier, Dan Geer, and Charles Pfleeger.
| Interesting
This was released yesterday just incase nobody noticed.
http://www.ccianet.org/papers/cyberinsecurity.pdf
Among the authors are Bruce Schnier, Dan Geer, and Charles Pfleeger.
Interesting read.
___
Full-Disclosure - We believe in it.
Charter: http:/
77 matches
Mail list logo
