zero-day vuln in fully patched Win2K03 .. - Linux

This is a discussion on zero-day vuln in fully patched Win2K03 .. - Linux ; Erik Funkenbusch wrote: > On Thu, 25 Oct 2007 16:23:24 +0200, Peter Köhlmann wrote: > >> /quote >> Security is one of those funny things. You can talk about being "more" >> secure, but there's no such thing. A vulnerability ...

+ Reply to Thread
Page 2 of 3 FirstFirst 1 2 3 LastLast
Results 21 to 40 of 41

Thread: zero-day vuln in fully patched Win2K03 ..

  1. Re: zero-day vuln in fully patched Win2K03 ..

    Erik Funkenbusch wrote:

    > On Thu, 25 Oct 2007 16:23:24 +0200, Peter Köhlmann wrote:
    >
    >> /quote
    >> Security is one of those funny things. You can talk about being "more"
    >> secure, but there's no such thing. A vulnerability is a vulnerability,
    >> and
    >> even one makes you just as insecure as anyone else. Security is a binary
    >> condition, either you are or you aren't.
    >> /unquote

    >
    > Yes, that's precisely what I said. And it's true. All it takes is one
    > vulnerability to compromise you, therefore security is a binary condition.


    Yes. It takes a bug in linux which can only be exploited when being root
    connected locally.
    It is the very same, security wise, according to you, as a bug in windows
    which can be remotely exploited without the user doing anything
    Both weight the same. Security is "binary"

    Idiot

    > You could have the tallest fence, made of the strongest materials, but if
    > you have a faulty set of hinges on the gate, despite being otherwise
    > secure, you're going to be compromised if someone knows about it.


    Yes. If horses had claws, you could ride up trees, too

    >> Buit it naturally only applies to linux. Every small linux bug makes it
    >> at least as insecure as that "wet paper bag security" of windows.
    >> According to Erik Funkenbusch.
    >> To Vista that "being more secure" naturally applies. Also according to
    >> Erik Funkenbusch

    >
    > Bull****, Peter. I have said no such thing. Why do you feel the need to
    > lie about what i've said?


    Here, Erik, let me help you

    /quote
    Gee, guess what?

    "Windows Vista does not seem to be affected by the problem, Florio said."

    And yet people keep insisting that Vista is no less vulnerable than XP.
    /unquote

    Are you actually implying that "vulnerable" has nothing to do
    with "security", Erik? Really?
    So Vista is "less vulnerable" than XP, and that is not binary, right, Erik?

    Why do you have to be such a dishonest asshole?
    --
    Warning: You have moved the mouse.
    Windows will reboot now to make the change permanent


  2. Re: zero-day vuln in fully patched Win2K03 ..

    In comp.os.linux.advocacy, Erik Funkenbusch

    wrote
    on Thu, 25 Oct 2007 09:56:11 -0500
    <19ndjfdchdsyp$.dlg@funkenbusch.com>:
    > On Thu, 25 Oct 2007 16:23:24 +0200, Peter Khlmann wrote:
    >
    >> /quote
    >> Security is one of those funny things. You can talk about being "more"
    >> secure, but there's no such thing. A vulnerability is a vulnerability, and
    >> even one makes you just as insecure as anyone else. Security is a binary
    >> condition, either you are or you aren't.
    >> /unquote

    >
    > Yes, that's precisely what I said. And it's true. All it takes is one
    > vulnerability to compromise you, therefore security is a binary condition.


    Simplistic logic. There are a fair number of
    compromisational levels; I can readily identify
    3, and add [1] and [2] for completeness:

    [1] A plug is pulled, rendering the network inaccessible.
    Depending on the plug, the network might continue
    operation, or one is talking complete power failure; one
    can't tell from outside. This isn't normally considered
    a compromise as such, but it does render the network
    and its services inaccessible to the outside Internet.
    There's not much of a classical analog here, unless one
    contemplates a bunch of miners or soldiers in a cave,
    confronted with an unfortunate cave-in.

    [2] A network is bombarded with requests, rendering it
    inaccessible. While no data is lost, no one can get in
    or out, either; this is roughly equivalent to a siege in
    classical warfare.

    [3] A user's password is compromised. All of the data
    on that account is now vulnerable. In a perfect world,
    that user is now toast, but the system's integrity is safe.

    [4] A superuser's password on a peripheral/non-essential
    administration machine is compromised. The system is
    now toast, but the network is OK once it excises the
    compromised node.

    [5] A domain administrator's password (or a superuser's
    password on a domain administration machine) is
    compromised. Goodbye network, hello new zombie bot army!

    There are other issues in [3] that may be of peripheral
    interest -- for example, the information in [3] may
    be used to hijack banking accounts (identity theft),
    other computer accounts, or other networks. In [4], one
    might be contemplating a virtual machine, as opposed to
    a physical box; [1] might also relate to a virtual plug
    which is pulled -- a software configuration issue.

    >
    > You could have the tallest fence, made of the strongest materials, but if
    > you have a faulty set of hinges on the gate, despite being otherwise
    > secure, you're going to be compromised if someone knows about it.


    Until one runs into another fence.

    >
    >> Buit it naturally only applies to linux. Every small linux bug
    >> makes it at least as insecure as that "wet paper bag security"
    >> of windows. According to Erik Funkenbusch.
    >> To Vista that "being more secure" naturally applies. Also
    >> according to Erik Funkenbusch

    >
    > Bull****, Peter. I have said no such thing. Why do you feel the need to
    > lie about what i've said?


    Roughly speaking, the UAC appears to be the equivalent of
    placing a "Beware of Rabid Dog" sign beside the hole in
    the fence. (To be fair, users apparently tend to treat
    dialog boxes of the form "Are you *sure* you want to accept
    this certificate?" as so much tissue paper. However, I'm
    not sure if the dog is any more vicious than a tiny chihuahua,
    assuming the dog exists at all.)

    --
    #191, ewill3@earthlink.net
    Conventional memory has to be one of the most UNconventional
    architectures I've seen in a computer system.

    --
    Posted via a free Usenet account from http://www.teranews.com


  3. Re: zero-day vuln in fully patched Win2K03 ..

    Erik Funkenbusch wrote:

    >On Thu, 25 Oct 2007 16:23:24 +0200, Peter Khlmann wrote:
    >
    >> /quote
    >> Security is one of those funny things. You can talk about being "more"
    >> secure, but there's no such thing. A vulnerability is a vulnerability, and
    >> even one makes you just as insecure as anyone else. Security is a binary
    >> condition, either you are or you aren't.
    >> /unquote

    >
    >Yes, that's precisely what I said.


    Much to your eternal embarrassment.

    >And it's true.


    Not.

    >All it takes is one
    >vulnerability to compromise you, therefore security is a binary condition.


    Ahh.... The brain-damaged illogic that we have come to know and
    "love" about you, Fuddie.

    >You could have the tallest fence, made of the strongest materials, but if
    >you have a faulty set of hinges on the gate, despite being otherwise
    >secure, you're going to be compromised if someone knows about it.


    Fscking idiot. It's not a matter of "being compromised" or not. It's
    a matter of making it more difficult to be compromised. It's a matter
    of being compromised less often or of reducing the odds of being
    compromised. It's a matter of possibly not being compromised at all
    if it's just not worth anyone's effort to do so. It's like locking
    the doors on your house makes you MORE SECURE than not, even though it
    does not make you impervious to break-ins.

    It's NOT BINARY, you God-damned idiot!


  4. Re: zero-day vuln in fully patched Win2K03 ..

    In comp.os.linux.advocacy, chrisv

    wrote
    on Thu, 25 Oct 2007 13:16:10 -0500
    <22m1i3dgqdiav1iqlt3jttlo33q7obn9t3@4ax.com>:
    > Erik Funkenbusch wrote:
    >
    >>On Thu, 25 Oct 2007 16:23:24 +0200, Peter Khlmann wrote:
    >>
    >>> /quote
    >>> Security is one of those funny things. You can talk about being "more"
    >>> secure, but there's no such thing. A vulnerability is a vulnerability, and
    >>> even one makes you just as insecure as anyone else. Security is a binary
    >>> condition, either you are or you aren't.
    >>> /unquote

    >>
    >>Yes, that's precisely what I said.

    >
    > Much to your eternal embarrassment.
    >
    >>And it's true.

    >
    > Not.
    >
    >>All it takes is one
    >>vulnerability to compromise you, therefore security is a binary condition.

    >
    > Ahh.... The brain-damaged illogic that we have come to know and
    > "love" about you, Fuddie.
    >
    >>You could have the tallest fence, made of the strongest materials, but if
    >>you have a faulty set of hinges on the gate, despite being otherwise
    >>secure, you're going to be compromised if someone knows about it.

    >
    > Fscking idiot. It's not a matter of "being compromised" or not. It's
    > a matter of making it more difficult to be compromised.


    Not to mention the level of compromisation -- an issue
    that is more likely to come up in multiuser systems.

    > It's a matter
    > of being compromised less often or of reducing the odds of being
    > compromised. It's a matter of possibly not being compromised at all
    > if it's just not worth anyone's effort to do so. It's like locking
    > the doors on your house makes you MORE SECURE than not, even though it
    > does not make you impervious to break-ins.
    >
    > It's NOT BINARY, you God-damned idiot!
    >


    This logic is reminiscent of certain thinking along the
    lines of the following -- thinking that comes easily to
    me (I'm a mathematician by degree and a software engineer
    by training/employment, and always seem to be looking for
    corner cases), though I also know some of its pitfalls.

    Q: Which is the biggest, 1 millionth, 1, or 1 million?

    A: Doesn't matter. All are greater than zero therefore
    all are equal if one uses the comparison metric
    "greater than zero".

    Of course this thinking verges on the ridiculous, though
    within its (very narrow) scope it's correct.

    In an ideal setting, one could estimate the costs (lossage)
    of a break-in, versus the costs of one or more fixes
    that would mitigate the risk of a break-in, versus the
    costs of a fix that would completely eliminate the risk of
    a break-in. (Or, to put it more simply, "nothing, strings
    of beads hung over an archway, a largely symbolic door made
    of paper, a door made of Kevlar, a door made of glass, a
    door made of wood, a door made of aluminum, or a blast door
    weighing 25 tons, made from high-quality steel, and capable
    of withstanding a nearby multimegaton nuclear explosion".)

    Risk assessment, in other words. Are we protecting a bale
    of hay, one's TV set, electrical switches in a building,
    the Hope Diamond, or our strategic forces capability?

    Plan accordingly. Granted, Erik F. might consider risk
    assessment planning overkill for a personal computer --
    but if so, he might also consider that the value of the
    data thereon is more than a bale of hay nowadays; many
    people will put notes on the computer's hard drive with
    bank account, charge account, game account, or other user
    account information.

    --
    #191, ewill3@earthlink.net
    /dev/signature/pedantry: Resource temporarily unavailable

    --
    Posted via a free Usenet account from http://www.teranews.com


  5. Re: zero-day vuln in fully patched Win2K03 ..

    On Thu, 25 Oct 2007 13:16:10 -0500, chrisv wrote:

    >>You could have the tallest fence, made of the strongest materials, but if
    >>you have a faulty set of hinges on the gate, despite being otherwise
    >>secure, you're going to be compromised if someone knows about it.

    >
    > Fscking idiot. It's not a matter of "being compromised" or not. It's
    > a matter of making it more difficult to be compromised. It's a matter
    > of being compromised less often or of reducing the odds of being
    > compromised. It's a matter of possibly not being compromised at all
    > if it's just not worth anyone's effort to do so. It's like locking
    > the doors on your house makes you MORE SECURE than not, even though it
    > does not make you impervious to break-ins.
    >
    > It's NOT BINARY, you God-damned idiot!


    In your fuzzy logic, you ignore one critical piece of information. It's
    not up to you, or anyone on the "good" side as to what's easy or not.

    I can give one clear example. 15 years ago, it was unthinkable that buffer
    overflows could be exploited easily. There wasn't a lot of effort put into
    fixing them because everyone knew how difficult it was to make them work.

    Fast forward a few years and toolkits started to come out that made it
    ridiculously easy for this "extremely difficult" form of vulnerability to
    be exploited. Script kiddies could do it. They didn't have to know how it
    worked, just plug some values into a tool.

    That's what I mean by a binary condition. No matter how difficult it is to
    exploit a vulnerability today, tomorrow it may be ridiculously easy because
    someone discovered a new way to use the exploit, or someone else just
    decided to write a tool to automate it.

    By dismissing vulnerabilities based on the difficulty of their
    exploitation, you're just using security through obscurity. And, as the
    saying goes, that's no security at all. Thus, not secure. Thus, Binary.

  6. Re: zero-day vuln in fully patched Win2K03 ..

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    On Thu, 25 Oct 2007 09:25:41 -0500,
    Erik Funkenbusch wrote:
    > On Wed, 24 Oct 2007 16:51:25 -0700, Jim Richardson wrote:
    >
    >> -----BEGIN PGP SIGNED MESSAGE-----
    >> Hash: SHA1
    >>
    >> On Wed, 24 Oct 2007 11:23:29 -0500,
    >> Erik Funkenbusch wrote:
    >>> On Wed, 24 Oct 2007 15:59:37 +0100, Doug Mentohl wrote:
    >>>
    >>>> 'Symantec .. successfully tested the exploit against fully patched
    >>>> Windows XP-SP2 and Windows 2003-SP1 machines'
    >>>>
    >>>> http://blogs.zdnet.com/security/?p=603
    >>>
    >>> Gee, guess what?
    >>>
    >>> "Windows Vista does not seem to be affected by the problem, Florio said."
    >>>
    >>> And yet people keep insisting that Vista is no less vulnerable than XP.

    >>
    >> Coming from Erik "Security is a binary condition" Funkenbusch, that's
    >> funny.
    >>
    >> So Erik ,since you claim that "Security is a binary condition" and XP
    >> and Vista are not on the same side of that divide, which one is "secure"
    >> and which one is "not secure" ?
    >>
    >>

    >
    > You'll notice I didn't use the word "secure", now did I? So why are you
    > trying to put words in my mouth?



    so you're going to dance around the word vulnerable?

    that's even funnier, I am going to need more beer and popcorn if this
    keeps up.

    So tell me Erik, if "vulnerable" doesn't have anything to do with
    security in this context (which is a security vulnerability after all)
    What exactly are you talking about?

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.6 (GNU/Linux)

    iD4DBQFHIS9od90bcYOAWPYRAoqyAJdEn5KsgOPCXb8HylpVXm +EV2ILAKCb5Q5j
    wUJRvdTnpl8WReE8iYju1Q==
    =1yHG
    -----END PGP SIGNATURE-----

    --
    Jim Richardson http://www.eskimo.com/~warlock
    "Thank you for calling the UN. If this is a real emergency, please hang
    up and dial AMERICA"

  7. Re: zero-day vuln in fully patched Win2K03 ..

    Erik Funkenbusch wrote:

    >In your fuzzy logic, you ignore one critical piece of information. It's
    >not up to you, or anyone on the "good" side as to what's easy or not.


    It is too up to me to say it's less easy to enter my house if I lock
    the doors. Dumb****.

    Thre's any number of ways to secure a house, and any number of ways to
    secure a computer. Only a ridiculous jackass, a true looney tune,
    would claim that there's not different levels of security.

    You really are a sad man, Erik, embarrassing yourself so for the sake
    of your masters in Redmond.

    (rest of garbage snipped)


  8. Re: zero-day vuln in fully patched Win2K03 ..

    On Fri, 26 Oct 2007 07:42:40 -0500, chrisv wrote:

    > Erik Funkenbusch wrote:
    >
    >>In your fuzzy logic, you ignore one critical piece of information. It's
    >>not up to you, or anyone on the "good" side as to what's easy or not.

    >
    > It is too up to me to say it's less easy to enter my house if I lock
    > the doors. Dumb****.


    Nice of you to ignore my entire argument.

    Only in the sense that it keeps out people without the right tools. But
    when those tools are common, it makes it trivial.

    Do a google search on "Lock Bumping". It takes all of 3 seconds for
    someone with a set of bump keys to open 90+% of all locks. Bump keys are
    not hard to get, they can be bought on ebay, various websites, and all
    around most larger cities.

    Does locking your door prevent the nextdoor neighbor from just walking in
    on you? Probably. But then, so does even the minimal security measures of
    Windows 95. Those aren't the people you need to worry about.

    > Thre's any number of ways to secure a house, and any number of ways to
    > secure a computer. Only a ridiculous jackass, a true looney tune,
    > would claim that there's not different levels of security.


    And, once again, all it takes is someone that knows how to defeat any of
    those mechanisms to make you insecure.

    > You really are a sad man, Erik, embarrassing yourself so for the sake
    > of your masters in Redmond.
    >
    > (rest of garbage snipped)


    What's sad is that you actually believe you're safe.

  9. Re: zero-day vuln in fully patched Win2K03 ..

    Erik Funkenbusch wrote:

    >> It is too up to me to say it's less easy to enter my house if I lock
    >> the doors. Dumb****.

    >
    >Nice of you to ignore my entire argument.


    I ignored a stupid "example".

    >Only in the sense that it keeps out people without the right tools. But
    >when those tools are common, it makes it trivial.
    >
    >Do a google search on "Lock Bumping". It takes all of 3 seconds for
    >someone with a set of bump keys to open 90+% of all locks.


    It's still not as easy, dumb****. Do you lock your doors? If so,
    why?

    Dumb****.


  10. Re: zero-day vuln in fully patched Win2K03 ..

    Erik Funkenbusch wrote:

    >It takes all of 3 seconds for
    >someone with a set of bump keys to open 90+% of all locks.


    Oh, and I should have asked, "what about those other few % of locks"
    that are less vulnerable to "bump keys"? Are they MORE secure, or
    not?

    Dumb****.


  11. Re: zero-day vuln in fully patched Win2K03 ..

    chrisv wrote:

    >Erik Funkenbusch shuffled:
    >
    >>On Wed, 24 Oct 2007 16:51:25 -0700, Jim Richardson wrote:
    >>
    >>> -----BEGIN PGP SIGNED MESSAGE-----
    >>> Hash: SHA1
    >>>
    >>> On Wed, 24 Oct 2007 11:23:29 -0500,
    >>> Erik Funkenbusch wrote:
    >>>> On Wed, 24 Oct 2007 15:59:37 +0100, Doug Mentohl wrote:
    >>>>
    >>>>> 'Symantec .. successfully tested the exploit against fully patched
    >>>>> Windows XP-SP2 and Windows 2003-SP1 machines'
    >>>>>
    >>>>> http://blogs.zdnet.com/security/?p=603
    >>>>
    >>>> Gee, guess what?
    >>>>
    >>>> "Windows Vista does not seem to be affected by the problem, Florio said."
    >>>>
    >>>> And yet people keep insisting that Vista is no less vulnerable than XP.
    >>>
    >>> Coming from Erik "Security is a binary condition" Funkenbusch, that's
    >>> funny.
    >>>
    >>> So Erik ,since you claim that "Security is a binary condition" and XP
    >>> and Vista are not on the same side of that divide, which one is "secure"
    >>> and which one is "not secure" ?
    >>>
    >>>

    >>
    >>You'll notice I didn't use the word "secure", now did I? So why are you
    >>trying to put words in my mouth?

    >
    >Oh, so you can be more or less vulnerable, but not more or less
    >secure. Is that right, Fuddie?


    Response, Erik?

    >Idiot.



  12. Re: zero-day vuln in fully patched Win2K03 ..

    Jim Richardson wrote:

    >So tell me Erik, if "vulnerable" doesn't have anything to do with
    >security in this context (which is a security vulnerability after all)
    >What exactly are you talking about?


    Erik, will you please respond?


  13. Re: zero-day vuln in fully patched Win2K03 ..

    On Fri, 26 Oct 2007 12:12:30 -0500, chrisv wrote:

    > Erik Funkenbusch wrote:
    >
    >>> It is too up to me to say it's less easy to enter my house if I lock
    >>> the doors. Dumb****.

    >>
    >>Nice of you to ignore my entire argument.

    >
    > I ignored a stupid "example".


    Only because you have no argument against it.

    >>Only in the sense that it keeps out people without the right tools. But
    >>when those tools are common, it makes it trivial.
    >>
    >>Do a google search on "Lock Bumping". It takes all of 3 seconds for
    >>someone with a set of bump keys to open 90+% of all locks.

    >
    > It's still not as easy, dumb****. Do you lock your doors? If so,
    > why?
    >
    > Dumb****.


    It's ridiculously easy. A 10 year old can do it.

    And yes, I do lock my doors, to keep honest people honst. It's not going
    to stop anyone that has even marginal intent.

  14. Re: zero-day vuln in fully patched Win2K03 ..

    On Fri, 26 Oct 2007 12:15:06 -0500, chrisv wrote:

    > Erik Funkenbusch wrote:
    >
    >>It takes all of 3 seconds for
    >>someone with a set of bump keys to open 90+% of all locks.

    >
    > Oh, and I should have asked, "what about those other few % of locks"
    > that are less vulnerable to "bump keys"? Are they MORE secure, or
    > not?
    >
    > Dumb****.


    Medeco claims their locks are unpickable. There are a few other highly
    expensive locks that also have similar claims. That won't stop someone
    with a diamond drill from drilling it out, or someone throwing a rock
    through the window, or cutting the door to shreds with a chainsaw, or just
    setting fire to the house from outside.

  15. Re: zero-day vuln in fully patched Win2K03 ..

    On 2007-10-26, Erik Funkenbusch claimed:
    > On Fri, 26 Oct 2007 12:12:30 -0500, chrisv wrote:
    >
    >> Erik Funkenbusch wrote:
    >>
    >>>> It is too up to me to say it's less easy to enter my house if I lock
    >>>> the doors. Dumb****.
    >>>
    >>>Nice of you to ignore my entire argument.

    >>
    >> I ignored a stupid "example".

    >
    > Only because you have no argument against it.
    >
    >>>Only in the sense that it keeps out people without the right tools. But
    >>>when those tools are common, it makes it trivial.
    >>>
    >>>Do a google search on "Lock Bumping". It takes all of 3 seconds for
    >>>someone with a set of bump keys to open 90+% of all locks.

    >>
    >> It's still not as easy, dumb****. Do you lock your doors? If so,
    >> why?
    >>
    >> Dumb****.

    >
    > It's ridiculously easy. A 10 year old can do it.
    >
    > And yes, I do lock my doors, to keep honest people honst. It's not going
    > to stop anyone that has even marginal intent.


    But *honest* people aren't going to try getting in your door to begin
    with. Even with your door hanging wide open, they won't. Because
    they're /honest/.

    So, why lock your doors? Why close your windows when weather doesn't
    require it? Why make sure websites where you edit personal and/or
    credit information are secure? Why patch your system against bugs and
    malware?

    Security is binary, so none of that helps. Right?

    --
    Don't be pessimistic. It wouldn't work anyway.

  16. Re: zero-day vuln in fully patched Win2K03 ..

    Erik Funkenbusch wrote:

    >On Fri, 26 Oct 2007 12:15:06 -0500, chrisv wrote:
    >
    >> Erik Funkenbusch wrote:
    >>
    >>>It takes all of 3 seconds for
    >>>someone with a set of bump keys to open 90+% of all locks.

    >>
    >> Oh, and I should have asked, "what about those other few % of locks"
    >> that are less vulnerable to "bump keys"? Are they MORE secure, or
    >> not?
    >>
    >> Dumb****.

    >
    >Medeco claims their locks are unpickable. There are a few other highly
    >expensive locks that also have similar claims. That won't stop someone
    >with a diamond drill from drilling it out,


    They are still MORE SECURE, you dumb****.

    >or someone throwing a rock
    >through the window, or cutting the door to shreds with a chainsaw,


    They make tougher glass and doors, dumb****, which make the house MORE
    SECURE.

    >or just setting fire to the house from outside.


    Dumb****. What would be the motivation for that? What would be the
    computer analog for that?


  17. Re: zero-day vuln in fully patched Win2K03 ..

    Erik Funkenbusch wrote:

    >On Fri, 26 Oct 2007 12:12:30 -0500, chrisv wrote:
    >
    >> Erik Funkenbusch wrote:
    >>
    >>>> It is too up to me to say it's less easy to enter my house if I lock
    >>>> the doors. Dumb****.
    >>>
    >>>Nice of you to ignore my entire argument.

    >>
    >> I ignored a stupid "example".

    >
    >Only because you have no argument against it.


    Nope, because it was stupid and irrelevant.

    You're the one who finds himself in the unfortunate situation, where
    one example from me proves you wrong. I am not in that situation.

    >>>Only in the sense that it keeps out people without the right tools. But
    >>>when those tools are common, it makes it trivial.
    >>>
    >>>Do a google search on "Lock Bumping". It takes all of 3 seconds for
    >>>someone with a set of bump keys to open 90+% of all locks.

    >>
    >> It's still not as easy, dumb****. Do you lock your doors? If so,
    >> why?
    >>
    >> Dumb****.

    >
    >It's ridiculously easy. A 10 year old can do it.


    Irrelevant. It's less easy than an unlocked door, dumb****. Plus
    there's stronger locks available.

    >And yes, I do lock my doors, to keep honest people honst. It's not going
    >to stop anyone that has even marginal intent.


    Wrong, as usual.


  18. Re: zero-day vuln in fully patched Win2K03 ..

    chrisv wrote:

    > Jim Richardson wrote:
    >
    >>So tell me Erik, if "vulnerable" doesn't have anything to do with
    >>security in this context (which is a security vulnerability after all)
    >>What exactly are you talking about?

    >
    > Erik, will you please respond?


    Oh *this* should be good....though I wouldn't hold my breath waiting for a
    response. After all, he still has these outstanding claims to back up:-
    1] How did the Morris worm spread by email?
    2] What about using MS TT fonts on Linux?
    3] Can he provide evidence for plenty of examples of competing ISO
    standards?

    BTW did he *ever* say wtf the plan he was going to reveal wrt adding the
    nonsensical lines to the ends of Roy's posts? You remember? The plan he was
    going to tell us about before he spent a week away and fell behind? The
    time he fell behind by a week and had to take 3 or more months to get
    caught up with posts?
    Just what *was* that plan he was going to amaze us with?

    --
    Operating systems: FreeBSD 6.2, PC-BSD 1.4,
    Testing: FreeBSD 7.0-BETA1.5
    Linux systems: Debian 4.0, PCLinuxOS 2007,
    Kubuntu 7.10 "Gutsy"

  19. Re: zero-day vuln in fully patched Win2K03 ..

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    On Fri, 26 Oct 2007 23:26:59 +0100,
    William Poaster wrote:
    > chrisv wrote:
    >
    >> Jim Richardson wrote:
    >>
    >>>So tell me Erik, if "vulnerable" doesn't have anything to do with
    >>>security in this context (which is a security vulnerability after all)
    >>>What exactly are you talking about?

    >>
    >> Erik, will you please respond?

    >
    > Oh *this* should be good....though I wouldn't hold my breath waiting for a
    > response. After all, he still has these outstanding claims to back up:-
    > 1] How did the Morris worm spread by email?
    > 2] What about using MS TT fonts on Linux?
    > 3] Can he provide evidence for plenty of examples of competing ISO
    > standards?
    >
    > BTW did he *ever* say wtf the plan he was going to reveal wrt adding the
    > nonsensical lines to the ends of Roy's posts? You remember? The plan he was
    > going to tell us about before he spent a week away and fell behind? The
    > time he fell behind by a week and had to take 3 or more months to get
    > caught up with posts?
    > Just what *was* that plan he was going to amaze us with?
    >


    Sobering up?

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.6 (GNU/Linux)

    iD8DBQFHInwSd90bcYOAWPYRAle0AKDblLFH2JPG6JJYA1ER2q Z9kwJTNACg5eZJ
    FDiuVUcYaO1jwARym7wVCAs=
    =XHMB
    -----END PGP SIGNATURE-----

    --
    Jim Richardson http://www.eskimo.com/~warlock
    Silence is one of the most effective forms of communication.

  20. Re: zero-day vuln in fully patched Win2K03 ..

    ____/ Doug Mentohl on Wednesday 24 October 2007 15:59 : \____

    > 'Symantec .. successfully tested the exploit against fully patched
    > Windows XP-SP2 and Windows 2003-SP1 machines'
    >
    > http://blogs.zdnet.com/security/?p=603


    No big deal. Just add some more zombies to the pile. The Net is a mess anyway.

    Botnet 'pandemic' threatens to strangle the net

    ,----[ Quote ]
    | Cerf estimated that between 100 million and 150 million of the
    | ^^^^^^^^^^^^^^^^^^^^^^^^^^^
    | 600 million PCs on the internet are under the control of hackers,
    | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^
    | the BBC reports.
    `----

    http://www.theregister.co.uk/2007/01/26/botnet_threat/

    How did we end up this way?


    "Let's face it, the average computer user has the brain of a Spider Monkey."

    * * * * * * * * * * * * * * * * * * * * * * * * * * * * --Bill Gates

    Microsoft Makes Windows Users Lazy

    ,----[ Quote ]
    | In general, if there is someone using Windows 98 or Windows Me, it's going
    | to be in this crowd. And if you ask any repair tech if they ever helped an
    | AOL user with anything short of malware removal, chances are solid that they
    | will be telling you no. *
    |
    | Now burn this into your brains: you know all of those bot networks out there
    | serving all of that spam? Who do you think makes up a fair percentage of this
    | group - novice users like the people I just described. *
    `----

    http://www.osweekly.com/index.php?op...601&Itemid=449

    --
    ~~ Best of wishes

    Roy S. Schestowitz | Rid your machine from malware. Install GNU/Linux.
    http://Schestowitz.com | Free as in Free Beer | PGP-Key: 0x74572E8E
    Load average (/proc/loadavg): 1.83 1.94 2.12 2/149 7578
    http://iuron.com - semantic search engine project initiative

+ Reply to Thread
Page 2 of 3 FirstFirst 1 2 3 LastLast