Hello Steve Lamb,
On Wed, 1 Mar 2000 15:35:47 -0800 GMT your local time,
which was Thursday, March 02, 2000, 6:35:47 AM (GMT+0700) my local time,
Steve Lamb wrote:
> Joe-blow on Angelfire was reposting what someone else had said, cited a
> source I had never even heard of before and clearly hadn't done any
> investigation of his own. Further, when it was posted here it was with a
> reference to joe-blow on angelfire and, again, with no investigation on the
> part of the poster.
Not true, I referred to Anglefire as it had a nice visible website but
I got the info direct from the very first guy who posted it.
> So, let's compare:
> 1: Some schmuck who doesn't know how computer works and clearly can barely
> code in a markup language and citing someone else who, themselves, isn't worth
> mentioning in the field of security is cited to this list.
he happens to be QUITE well known... with his own website, domain etc
etc. And I am sure that if he says data is going out its going out.
maybe one time, maybe all the time and they are still checking whats
exactly happening.
As the info says: they arent sure whats being transmitted..
Something though IS getting out and it isnt just ads.
I have send him an email to see if I can get further details and a
request to wring those DLL's neck (his terminology) so that they stop
talking...
I would strongly suspect that with at least 3 topgrade cracking groups
being involved and annoyed about it that these dll's will find some
dumb replacements...
> 2: Bugtraq discussion basically blowing it off as part and parcel of what the
> program does. Bugtraq being one of the top security-related lists on the net.
The company making the dll's also denies it partly or says its just
the standard MS way of doing things...
But a security hole is a hole if owner doesnt realise its there.
Which means it needs plugging.
I have run a trojan via one of those dll's to a friend as an
experiment and with compression the antivirus doesnt see it and
neither does the firewall if the module is allowed to communicate.
(IE I had the server on my system....)
My cdrom dutifully opened and closed via remote control (g)
Anyway, lets stop the discussion, it wasnt meant as discussion
subject as a starter, just so that people can make up their own mind
and are at least aware of a potential problem.
And with argueing we just get dead horses (g).
I work in security myself so I know all about fake warnings.
But also the lack of certain warnings and the rigidity of some
armchair experts.
And no, that doesnt mean you (g)
Best regards,
tracer
--
Using theBAT 1.41 Beta/3 with Windows 98
mail to : [EMAIL PROTECTED]
I am using FireTalk: 321338
ICQ: on request
Website: www.phuketcomputers.com
Our special website hosting/mailservers are now operational
--
--------------------------------------------------------------
View the TBUDL archive at http://tbudl.thebat.dutaint.com
To send a message to the list moderation team double click here:
<mailto:[EMAIL PROTECTED]>
To Unsubscribe from TBUDL, double click here and send the message:
<mailto:[EMAIL PROTECTED]>
--------------------------------------------------------------
You are subscribed as : archive@jab.org
