On Tue, May 18, 2004 at 12:39:46PM +1200, Nick FitzGerald wrote:
Shane C. Hage to Bill Royds:
I agree with most of your statements below.
Well, actually, he was wrong if you consider the NT family of OSes
starting in about 1993-4 (true, OOTB they were configured to be fully
Win 3.x
Alexander Schreiber [EMAIL PROTECTED] to me:
Sorry, in a networked world, C2 ist just a bad joke. ...
Well, at least weak...
... Keep in mind, that
you do not get a blank certificate for 'this OS', but the certification
always is for the full OS/hardware combo. No, you can't purchase the
[EMAIL PROTECTED] to me:
Actually reading what C2 *required* is quite enlightening.
More worrying given that MS' focus on getting C2 certified was to be
able to bid for the more lucrative DoD and related contracts that
required C2-level systems (no matter how arbitrarily -- incredibly few
of
On Tue, May 18, 2004 at 11:01:32PM +1200, Nick FitzGerald wrote:
Alexander Schreiber [EMAIL PROTECTED] to me:
Sorry, in a networked world, C2 ist just a bad joke. ...
Well, at least weak...
... Keep in mind, that
you do not get a blank certificate for 'this OS', but the
On Fri, 2004-05-14 at 06:22, Yan Doldonov wrote:
After all, nobody forces anyone to purchase and use MS Products. MS has been
selling imperfect products for years and people still continue to use them.
Intresting, I seem to recall a minor anti-trust case in the US that
kinda decided that M$
Georgi Guninski wrote:
On Sun, May 16, 2004 at 12:19:21PM -0700, [EMAIL PROTECTED] wrote:
The MS operating systems are the main source of problems for really only
2 reasons:
1) their popularity makes them the most valuable targets
i suggest you stop smoking bad stuff, it is illegal in bulgaria.
I run anti-virus software on my servers... to sluff away the moronic
Windows viruses that clog up my email account. Anti-virus monitors are
a built-in performance drag on the OS. Microsoft says, hey, when we
benchmark against samba, we're almost as fast, and this special case,
we're faster.
Virus prevention solutions are useless when you have careless or
undereducated users. I've seen a secretary who were told not to open
attachments in e-mails in Outlook. When she got another tremendous
birthday card from god-knows-who she obeyed, saved the attachment
to the desktop and then opened
On Mon, 17 May 2004 13:33:44 +0200, Ondrej Krajicek [EMAIL PROTECTED] said:
we're faster. Add on an the required anti-virus program monitoring
packets in and out and watch your performance drop as that eliminates
the whole concept behind DMA as now you have to route all data through
the
IMHO the data are routed through host CPU anyway, DMA is not as clever
to locate the proper file in the proper filesystem on the proper
volume and pass them to the proper network card. You're right that the=20
CPU does not have to process every single bit of each (?) file.
But this could
On Mon, 17 May 2004 15:58:35 BST, Jos Osborne [EMAIL PROTECTED] said:
Well, it's a start. Now you just have to teach them to Right-Click-Scan-for-viruses
in the middle of that...
Of course, the problem here is that if it got to our user's desktop via e-mail,
it didn't get detected by the mail
On Mon, 17 May 2004 17:29:04 +0200, Ondrej Krajicek [EMAIL PROTECTED] said:
We are talking about on-line anti-virus scanning performance, which
is decided mainly by the troughput of the I/O bus and CPU
speed.
SELinux is about mandatory access control.
Exactly.
(from another list about 2
filling the gap
in their own products now.
-Shane
- Original Message -
From: Bill Royds [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Sunday, May 16, 2004 10:51 PM
Subject: RE: [Full-Disclosure] Support the Sasser-author fund started
The real problem is the MS Operating Systems
Shane C. Hage [EMAIL PROTECTED] writes:
When the Internet revolution started, there was no way to predict the
magnitude that a malicious program could have across the world.
We had proof of the effects that a malicious program could have in,
what, 1988 ? Now it's 2004.
--
James Riden /
Hi Shane,
A little correction in history:
On Mon, 17 May 2004, Shane C. Hage wrote:
I agree with most of your statements below. However, with competing
operating systems such as those you mentioned below plus OS/2 and Apple
Macintosh in the 1980's, the business leaders and consumers chose
On Mon, 17 May 2004 16:27:28 EDT, Shane C. Hage [EMAIL PROTECTED] said:
I think people forget that Microsoft must have filled a gap that these other
operating systems didn't. How can we blame Microsoft for capitalizing on
the need at the time?
Yes, there was a market niche for monopolistic
Shane C. Hage to Bill Royds:
I agree with most of your statements below.
Well, actually, he was wrong if you consider the NT family of OSes
starting in about 1993-4 (true, OOTB they were configured to be fully
Win 3.x compatible -- that is, with all security disabled/dumbed down
-- but the
On Tue, 18 May 2004 12:39:46 +1200, Nick FitzGerald [EMAIL PROTECTED] said:
Shane C. Hage to Bill Royds:
I agree with most of your statements below.
Well, actually, he was wrong if you consider the NT family of OSes
starting in about 1993-4 (true, OOTB they were configured to be fully
] On Behalf Of Shane C. Hage
Sent: May 17, 2004 4:27 PM
To: Bill Royds; [EMAIL PROTECTED]
Subject: Re: [Full-Disclosure] Support the Sasser-author fund started
Bill,
I agree with most of your statements below. However, with competing
operating systems such as those you mentioned below plus OS/2
[SNIP]
Therefore we should license computer users and require tests before they
are allowed to buy and/or use a computer? Something along the lines of a
drivers license? Also, have you seen some of the absurd warning in the
operating manuals - 'Do not touch the chain saw blade
Sunday, May 16, 2004, 6:16:25 AM, you wrote:
SCH Why should Microsoft have more blame?
Things are getting worse. and the patch even more worst.
SCH In my opinion, I believe that software companies, especially Microsoft, have
SCH taken all of the appropriate steps to provide security within
--On Friday, May 14, 2004 11:06 PM +0530 Aditya, ALD [Aditya Lalit
Deshmukh] [EMAIL PROTECTED] wrote:
the problem is many times when the patch is released it tends to break
many applications and other random stuff! ms is patching a hole but
manages to break other things in the process quite
Paul Schmel wrote:
Let's seethis would seem to indicate that they depend on the holes to
run the applications.
:-)
Well, that is pretty accurate. Pick any part of the architechture, the
window event system, the pervasive visual basic access to system
controls, lack of privilege
On Sun, May 16, 2004 at 12:19:21PM -0700, [EMAIL PROTECTED] wrote:
The MS operating systems are the main source of problems for really only
2 reasons:
1) their popularity makes them the most valuable targets
i suggest you stop smoking bad stuff, it is illegal in bulgaria.
are you aware of
Seth Alan Woolley wrote:
On Sat, May 15, 2004 at 08:31:25PM -0400, Shane C. Hage wrote:
Why should Microsoft have more blame?
In my opinion, I believe that software companies, especially Microsoft, have
taken all of the appropriate steps to provide security within their
products.
Keep your head
I also know enough not to rely on what the media trys to shove down
everyone's throat. Something that you appear to rely on. You keep on
thinking the way you're thinking...
Oh, and I'll guarantee that you'd never EVER challenge my Patriotism to my
face. I'll say nothing more on this subject,
To: Seth Alan Woolley
Cc: Shane C. Hage; Georgi Guninski; Tobias Weisserth;
[EMAIL PROTECTED]
Subject: Re: [Full-Disclosure] Support the Sasser-author fund started
Seth Alan Woolley wrote:
On Sat, May 15, 2004 at 08:31:25PM -0400, Shane C. Hage wrote:
Why should Microsoft have more blame?
In my
All the features required of mature operating systems were
added as an afterthought and not designed in. Such things as
memory management and file access control
They've been designed into the Windows NT based OS from the start.
on a single user/single process/non-network OS. To
Guys,
I am not trying to defend the worm author.
Thierry ([EMAIL PROTECTED]) made a point earlier on that the guy
admitted to writing the source, not spreading (maybe it is an outdated
info, I do not know)
My point is, that the guy innocent until proven otherwise in the court
of law. I am just
On Fri, May 14, 2004 at 07:12:08PM +0200, Tobias Weisserth wrote:
My personal opinion is that more blame should be put on M$.
The company is called Microsoft or MS in short. Why don't you use its
proper name?
are you sure it is MS and not M$
i was always taught it was M$.
--
When
Sim Brown [EMAIL PROTECTED] wrote:
You're a nazi...
A patriot would respect other countries and their laws...
I hereby invoke Godwin's Law and declare this thread dead.
Harhar, this is not going to work i bet...anyway a wise idea.
Best wishes,
Christian
--
Christian Fromme
chris at
the time to listen to my thoughts.
Sincerely,
-Shane
- Original Message -
From: Georgi Guninski [EMAIL PROTECTED]
To: Tobias Weisserth [EMAIL PROTECTED]
Sent: Friday, May 14, 2004 6:00 PM
Subject: Re: [Full-Disclosure] Support the Sasser-author fund started
On Fri, May 14, 2004 at 07
At least in the States if you don't like a law you can try and do
something about it, in a lot of other countries you could get thrown in jail
for speaking out against the government.
Ha! HA! HAHAHAHAHAHAHA
phew
That was funny. Thanks for the laugh... clearly you are only pretending
to be an
My point is, then, that as we diversify, users are going to go into more
unfamiliar territory, cause more problems and have less people available for
a low fee to fix them. What then, for the computer industry? Are we ALL
going to have to know every brand of OS that runs on a PC and products that
[EMAIL PROTECTED]; Tobias Weisserth
[EMAIL PROTECTED]; [EMAIL PROTECTED]
Sent: Saturday, May 15, 2004 7:31 PM
Subject: Re: [Full-Disclosure] Support the Sasser-author fund started
Why should Microsoft have more blame?
In my opinion, I believe that software companies, especially Microsoft,
have
-Disclosure] Support the Sasser-author fund
started
At least in the States if you don't like a law you can try and do
something about it, in a lot of other countries you could get
thrown in jail
for speaking out against the government.
Ha! HA! HAHAHAHAHAHAHA
phew
That was funny
Imagine you own a home and installed a security system on all the doors
and windows. You set the alarm and leave for a weekend.
OK
A thief comes up to your house, breaks a window, and slides through the
opening. The alarm does not go off because the thief found a
vulnerability in the
After all, nobody forces anyone to purchase and use MS Products. MS has been
selling imperfect products for years and people still continue to use them.
___
Full-Disclosure - We believe in it.
Charter:
] Support the Sasser-author fund started
To: [EMAIL PROTECTED]
On Thu, 13 May 2004 11:21:10 -0400
Exibar [EMAIL PROTECTED] wrote:
support the sasser writer? Yup, I'll support a big kick in the pants for
him give him a year or so in jail, 5 years probation and 1000 hours of
community
Tobias, following your logic, the people who found and disclosed the
vulnerability that Sasser was abusing should be prosecuted together with
the author of the viral code.
What is the next stage? Jalining people who write proof of concept
exploit code? Punish Fyodor for writing nmap or maybe
[SNIP}
--- Yes, but the context that he used implied that German laws are sane
and US laws are not. Not just one or two laws, but ALL laws. I took
offense to that. I see it time and time again where people are just into US
bashing for the sake of it. Just like saying that
Nobody asked the burglar to do this. He broke law. He caused damages.
And he certainly didn't improve your security by doing so when the door
vendor already offered a patch for your door two weeks ago.
if the burglar was a really a good guy he would have come over knocked your door, ring
your
Umm,
I'm confused. Fairly new to the security scene, but, didn't
the worm come out AFTER the patch? I guess Microsoft could have
patched it sooner so that the worm could have come out sooner.
The biggest question I have is why all the hostility at Microsoft
for patching their
On Fri, 2004-05-14 at 17:23, Konstantin Gavrilenko wrote:
Tobias, following your logic, the people who found and disclosed the
vulnerability that Sasser was abusing should be prosecuted together with
the author of the viral code.
Why is that? Did they break German law? Are they responsible
Guys, I request you all to please stop
this thread. There is no need to fill up mailboxes with some non-sense
topic.
Let's maintain the quality of the list
by posting something useful to all.
thnx,
Manu Garg
http://manugarg.freezope.org
[EMAIL PROTECTED] wrote on 05/14/2004
11:06:57 PM:
--- Konstantin V. Gavrilenko wrote:
snip snip
My personal opinion is that more blame should be put on M$. But where
would the security industry be if not for Microsoft's products :)
But Microsoft released a patch for the security hole that was found, I
don't care if it was 5 days or 5
..
he is correct when he says that Microsoft will say it's
completely the
worm writer's fault. BUT i think Microsoft should be punished too for
having so many security holes. they had to patch it faster.
Why not punish all the admins/users who failed to patch their systems in
time as
On Thursday, May 13, 2004 8:33 AM, harry [EMAIL PROTECTED] wrote:
Tobias Weisserth wrote:
snip
I find your explanation why this author of a virus should be treated
any different than other authors somehow illogical. The Sasser author
has done nothing to foster security. So there is really no
Hi harry,
On Thu, 2004-05-13 at 14:33, harry wrote:
Tobias Weisserth wrote:
snip
I find your explanation why this author of a virus should be treated
any different than other authors somehow illogical. The Sasser author
has done nothing to foster security. So there is really no need for
I am no more likely to support a German committing terroristic
acts on electronic infrastructure than I am a pick_a_nationality
committing terroristic acts to real world infrastructure.
Availablity?
Patches for the previous Slammer, Blaster and Sasser worms have
all been available for 14 days
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
At the moment the Author of SASSER, Sven Jaschan is free again. Don't
let him be a victim of the mistakes microsoft makes. Microsoft is still
working on a new process, we want to give Mr. Jaschan some money to at
least hire a lawyer to stand against
Or are you phishing? :-)
Alexander Maclennan [EMAIL PROTECTED] 13/05/2004 10:37:27
Are you on crack? or are you trolling?
Free burglars because they exposed the open back door of a house
___
Full-Disclosure - We believe in it.
Charter:
Tobias Weisserth wrote:
snip
I find your explanation why this author of a virus should be treated
any different than other authors somehow illogical. The Sasser author
has done nothing to foster security. So there is really no need for the
security scene to support him.
there is one other thing...
: harry [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, May 13, 2004 8:33 AM
Subject: Re: [Full-Disclosure] Support the Sasser-author fund started
Tobias Weisserth wrote:
snip
I find your explanation why this author of a virus should be treated
any different than other authors somehow
On Thu, 13 May 2004 14:33:25 +0200, harry [EMAIL PROTECTED] said:
he is correct when he says that Microsoft will say it's completely the
worm writer's fault. BUT i think Microsoft should be punished too for
having so many security holes. they had to patch it faster.
There *are*
So we donate money and you use it to buy a new video card?
I'll pass.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: Wednesday, May 12, 2004 2:55 PM
To: [EMAIL PROTECTED]
Subject: [Full-Disclosure] Support the Sasser
Hello Tobias,
Sorry that I have to add my blub to that, however I feel like
most us on here are no laywers and as such should simply
calm down a bit and relativate a few statements. Here we go:
TW It IS completely the author's fault.
It is his fault _the code exists_; he admits that.
TW HE
On Thu, 13 May 2004 10:16:50 EDT, Duquette, John [EMAIL PROTECTED] said:
Why not punish all the admins/users who failed to patch their systems in
time as well.
You *WILL* install this patch within 24 hours, or go to jail. The fact that
it might crash your payroll system is no excuse.
On Thu, 13 May 2004 16:43:23 +0200, Tobias Weisserth [EMAIL PROTECTED] said:
I say this idiot has to be punished and punished to the full extend law
allows. Maybe this deters other idiots to do the same.
I can guarantee that there will be sufficient idiots left that the vendors
won't be able
: Re: [Full-Disclosure] Support the Sasser-author fund started
Duquette, John wrote:
Why not punish all the admins/users who failed to patch their systems in
time as well.
Because they didn't break the law. It's really that simple. If you're
saying that you think there should be a law
On Thu, 13 May 2004 [EMAIL PROTECTED] wrote:
On Thu, 13 May 2004 14:33:25 +0200 said:
You don't HAVE to use Microsoft, you know..
This assertion is not true. There are many instances requiring the use
of MS products. It is only recently that Open Office has started to change
this. For
thrown in jail
for speaking out against the government.
- Original Message -
From: [EMAIL PROTECTED]
To: Exibar [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Thursday, May 13, 2004 3:25 PM
Subject: Re: [Full-Disclosure] Support the Sasser-author fund started
On Thu, May 13, 2004 at 02:33:25PM +0200, harry wrote:
Tobias Weisserth wrote:
snip
who's fault is it really when you buy a door, you lock it, but a burglar
finds a way to easily open it, comes in and tells you...
I don't really see any question of ethics, morals, or legality here. The
Ron == Ron Jackson [EMAIL PROTECTED] writes:
RonThe biggest question I have is why all the hostility at
RonMicrosoft for patching their system? There are plenty of
Ronholes still in the system that warrant your wrath. When I see
Rona worm that comes out before Microsoft
On Thu, 13 May 2004 15:32:06 EDT, Exibar said:
give me a break, there are laws that are misguided in all the other
countries in the world as well. People just like to pick on the biggest
kid
on the block
But your original statement was:
As for the twerp that said that US laws aren't
Oliver Raymond [EMAIL PROTECTED] writes:
I am no more likely to support a German committing terroristic
acts on electronic infrastructure than I am a pick_a_nationality
committing terroristic acts to real world infrastructure.
Availablity?
Patches for the previous Slammer, Blaster and
On Thu, May 13, 2004 at 04:43:23PM +0200, Tobias Weisserth wrote:
As much as MS products suck, MS has done
nothing illegal.
this is completely false, haven't you read news in the past years?
--
In Germany they first came for the Communists,
and I didn't speak up because I wasn't a Communist.
[EMAIL PROTECTED] (Randal L. Schwartz) writes:
So why is it, with Microsoft and all of their billeeeunnss of dollars,
that they wouldn't spend at least SOME MORE of that BEFORE they
release their code? OpenBSD manages a decent security review and a
right mindset towards security on the
On Fri, May 14, 2004 at 12:38:05AM +0300, Georgi Guninski wrote:
On Thu, May 13, 2004 at 04:43:23PM +0200, Tobias Weisserth wrote:
As much as MS products suck, MS has done
nothing illegal.
this is completely false, haven't you read news in the past years?
Overall, you're right.
On Thu, 13 May 2004 11:21:10 -0400
Exibar [EMAIL PROTECTED] wrote:
support the sasser writer? Yup, I'll support a big kick in the pants for
him give him a year or so in jail, 5 years probation and 1000 hours of
community service, that's what I'll support.
As for the twerp that said
Le jeu 13/05/2004 à 18:17, Aaron Gee-Clough a écrit :
Duquette, John wrote:
Why not punish all the admins/users who failed to patch their systems in
time as well.
Because they didn't break the law. It's really that simple.
In France, there's a law that says you have to furnish available
- Original Message -
From: Stormwalker [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, May 14, 2004 2:57 AM
Subject: Re: [Full-Disclosure] Support the Sasser-author fund started
On Thu, 13 May 2004 [EMAIL PROTECTED] wrote:
On Thu, 13 May 2004 14:33:25 +0200 said:
You
On Thu, 13 May 2004, harry wrote:
who's fault is it really when you buy a door, you lock it, but a burglar
finds a way to easily open it, comes in and tells you...
how about when he comes in and pees on your carpet, pushes your furniture
into the street and blocks traffic, and throws rocks at
: [EMAIL PROTECTED] [mailto:full-disclosure-
[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: Thursday, May 13, 2004 12:11 PM
To: Duquette, John
Cc: Full Disclosure List
Subject: Re: [Full-Disclosure] Support the Sasser-author fund started
On Thu, 13 May 2004 10:16:50 EDT, Duquette
On Thu, 13 May 2004 11:32:17 PDT, Micah McNelly [EMAIL PROTECTED] said:
I wonder if people forget the liability that any organization inherits if
they do NOT maintain a above standard protection scheme for their
network/hosts.
One of the problems there is the lack of a widely accepted
On Thu, 13 May 2004 [EMAIL PROTECTED] wrote:
On Thu, 13 May 2004 10:16:50 EDT, Duquette, John [EMAIL PROTECTED] said:
Why not punish all the admins/users who failed to patch their systems in
time as well.
You *WILL* install this patch within 24 hours, or go to jail. The fact that
it
[EMAIL PROTECTED] (Randal L. Schwartz) wrote:
snippage
So why is it, with Microsoft and all of their billeeeunnss of dollars,
that they wouldn't spend at least SOME MORE of that BEFORE they
release their code? OpenBSD manages a decent security review and a
right mindset towards security on
On Thu, 13 May 2004 10:20:40 PDT, Randal L. Schwartz said:
This is what irks me about Microsoft. It's irresponsible.
No. It's being *very* responsible.
Doing security right is very complicated and expensive. Blowing it off and
patching holes as they're found is a lot cheaper. And they don't
On Thu, 13 May 2004 14:28:10 EDT, Poof said:
By not patching your system you're leaving yourself open to exploit and the
danger of having your machine attacking another machine.
Now- If a person doesn't get something fixed that they know exists and can
avoid an 'accident' then they are
PROTECTED]
Sent: Thursday, May 13, 2004 8:33 PM
Subject: Re: [Full-Disclosure] Support the Sasser-author fund started
Tobias Weisserth wrote:
snip
I find your explanation why this author of a virus should be treated
any different than other authors somehow illogical. The Sasser author
has done
On Thu, 13 May 2004, van Helsing wrote:
You're a nazi...
Godwin.
End of thread - you lose.
___
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
On Thu, 2004-05-13 at 23:38, Georgi Guninski wrote:
On Thu, May 13, 2004 at 04:43:23PM +0200, Tobias Weisserth wrote:
As much as MS products suck, MS has done
nothing illegal.
this is completely false, haven't you read news in the past years?
Then please explain to me what illegal
On Thu, 13 May 2004 15:55:34 PDT, Mister Coffee [EMAIL PROTECTED] said:
It doesn't excuse their business practices, or the original code flaws, but
writing bad code isn't illegal. Lame perhaps. But not illegal.
And be careful of unintended consequences of any attempts to make bad code
83 matches
Mail list logo