AsranielJoin Date: 2002-06-03Member: 724Members, Playtest Lead, Forum Moderators, NS2 Playtester, Squad Five Blue, Reinforced - Shadow, WC 2013 - Shadow, Subnautica Playtester, Retired Community Developer
edited February 2004
Yea, i read it, but 5 mins after i read it ive seen the bitmap exploit... i dont REALY beliefe in this paragraph, but i hope hes right.. but after the things ive seen (theres a notepad worm/virus or whatever floating around ive heard)
we will see
edit: and now they just found a way to give a binarie the MS signature.... i hope you also know what you can do with that
<!--QuoteBegin-SkulkBait+Feb 16 2004, 09:30 PM--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> (SkulkBait @ Feb 16 2004, 09:30 PM)</td></tr><tr><td id='QUOTE'><!--QuoteEBegin--> Why should he do that? MS might take a long time to fix, meanwhile people should know about it so they don't get screwed. <!--QuoteEnd--> </td></tr></table><div class='postcolor'> <!--QuoteEEnd--> So what? Its MS's choice about what exploits are top priority and what are not. That still does not give any person the right or even the moral high ground to post any information about how to take advantage of the exploit.
So they don't get screwed? What exactly could they do exactly? Oh yeah... Nothing.
AsranielJoin Date: 2002-06-03Member: 724Members, Playtest Lead, Forum Moderators, NS2 Playtester, Squad Five Blue, Reinforced - Shadow, WC 2013 - Shadow, Subnautica Playtester, Retired Community Developer
<!--QuoteBegin--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> </td></tr><tr><td id='QUOTE'><!--QuoteEBegin-->Is it just me or are people making a big fuss over 2% of a 4 year old source code?<!--QuoteEnd--></td></tr></table><div class='postcolor'><!--QuoteEEnd-->
Its more like60% of the win2k and nt4 source. The 40GB they have are not only windows but also office. AND the 40GB is the CVS, wich means, all versions of all files. 2% is much too low, 60% perhaps to high, must be something between, but enogh to make big damage (iexplorer, winsocks etc)
<!--QuoteBegin--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> </td></tr><tr><td id='QUOTE'><!--QuoteEBegin-->So what? Its MS's choice about what exploits are top priority and what are not. That still does not give any person the right or even the moral high ground to post any information about how to take advantage of the exploit. <!--QuoteEnd--></td></tr></table><div class='postcolor'><!--QuoteEEnd-->
Sorry, but if I paid that much for a system I damned well want to know about it when a previously undocumented exploit is discovered (by a non-cracker). Microsoft may own the code, but it's my system and I need to protect it.
<!--QuoteBegin--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> </td></tr><tr><td id='QUOTE'><!--QuoteEBegin--> So they don't get screwed? What exactly could they do exactly? Oh yeah... Nothing.<!--QuoteEnd--></td></tr></table><div class='postcolor'><!--QuoteEEnd-->
Yes I see your point, people using undiscovered (by a non-cracker) exploits to compromise your system is nothing to worry about, absolutely nothing bad could possably come from that. Yes othell, your insight has assured me. </sarcasm>
moultanoCreator of ns_shiva.Join Date: 2002-12-14Member: 10806Members, NS1 Playtester, Contributor, Constellation, NS2 Playtester, Squad Five Blue, Reinforced - Shadow, WC 2013 - Gold, NS2 Community Developer, Pistachionauts
<!--QuoteBegin-othell+Feb 17 2004, 03:19 AM--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> (othell @ Feb 17 2004, 03:19 AM)</td></tr><tr><td id='QUOTE'><!--QuoteEBegin--> So they don't get screwed? What exactly could they do exactly? Oh yeah... Nothing. <!--QuoteEnd--> </td></tr></table><div class='postcolor'> <!--QuoteEEnd--> They could disable images in their browser. . .
<!--QuoteBegin--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> </td></tr><tr><td id='QUOTE'><!--QuoteEBegin-->Yes I see your point, people using undiscovered (by a non-cracker) exploits to compromise your system is nothing to worry about, absolutely nothing bad could possably come from that. Yes othell, your insight has assured me. </sarcasm> <!--QuoteEnd--></td></tr></table><div class='postcolor'><!--QuoteEEnd--> And this is different from the open source movement doing the same thing, how exactly?
PS: stop with the personal attacks, or you will be suspended. I'm seeing a lot of this today from lots of people, and as I just had to hand over a check to a mortgager for $60,000, I'm in a suspending mood. Get it under control folks, or I will do it for you.
<!--QuoteBegin--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> </td></tr><tr><td id='QUOTE'><!--QuoteEBegin-->Sorry, but if I paid that much for a system I damned well want to know about it when a previously undocumented exploit is discovered (by a non-cracker). Microsoft may own the code, but it's my system and I need to protect it.<!--QuoteEnd--></td></tr></table><div class='postcolor'><!--QuoteEEnd--> It's time I make a distinction here. My problem is not exactly when a bug is posted to let people know about it. My problem is when a bug is posted, how to exploit that bug, and now that the source is released, anything relating to the source in relation to the exploit.
<!--QuoteBegin--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> </td></tr><tr><td id='QUOTE'><!--QuoteEBegin-->Yes I see your point, people using undiscovered (by a non-cracker) exploits to compromise your system is nothing to worry about, absolutely nothing bad could possably come from that. Yes othell, your insight has assured me. </sarcasm><!--QuoteEnd--></td></tr></table><div class='postcolor'><!--QuoteEEnd--> Lets try fewer assumptions next time. I never said it is nothing to worry about. All I stated was that knowing about an exploit when there is no patch does very little for an individual. What steps could an individual actually take to prevent their system from being exploited... Other than best practices that should already be standard? Oh... Next to nothing in most circumstances.
You don't need to know about every exploit that is discovered in Windows. No one except MS needs to know about every exploit found for Windows. Making an exploit known, when there is no patch yet, just increases the likelihood of others taking advantage of the said exploit. There's next to nothing you could really do that you should not already be doing.
So once again... You have no need to know of every exploit found for Windows. You don't deserve to know. You have no rights to know. All you have is a want, not a need.
<!--QuoteBegin--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> </td></tr><tr><td id='QUOTE'><!--QuoteEBegin-->They could disable images in their browser. . . <!--QuoteEnd--></td></tr></table><div class='postcolor'><!--QuoteEEnd--> Did I have to add the word "viable" to that? How about "practical"? Here's an example... Upgrade IE.
moultanoCreator of ns_shiva.Join Date: 2002-12-14Member: 10806Members, NS1 Playtester, Contributor, Constellation, NS2 Playtester, Squad Five Blue, Reinforced - Shadow, WC 2013 - Gold, NS2 Community Developer, Pistachionauts
<!--QuoteBegin-othell+Feb 17 2004, 01:40 PM--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> (othell @ Feb 17 2004, 01:40 PM)</td></tr><tr><td id='QUOTE'><!--QuoteEBegin--> You don't need to know about every exploit that is discovered in Windows. No one except MS needs to know about every exploit found for Windows. Making an exploit known, when there is no patch yet, just increases the likelihood of others taking advantage of the said exploit. There's next to nothing you could really do that you should not already be doing. <!--QuoteEnd--> </td></tr></table><div class='postcolor'> <!--QuoteEEnd--> There is always something you can do, whether it be disabling a service, not using a particular feature, or even keeping the machine off until a patch is released.
AsranielJoin Date: 2002-06-03Member: 724Members, Playtest Lead, Forum Moderators, NS2 Playtester, Squad Five Blue, Reinforced - Shadow, WC 2013 - Shadow, Subnautica Playtester, Retired Community Developer
<!--QuoteBegin--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> </td></tr><tr><td id='QUOTE'><!--QuoteEBegin-->Did I have to add the word "viable" to that? How about "practical"? Here's an example... Upgrade IE.<!--QuoteEnd--></td></tr></table><div class='postcolor'><!--QuoteEEnd-->
Or even better, dont use IE.. im shure it wont be the last exploit... same for OE...
<!--QuoteBegin-moultano+Feb 17 2004, 01:51 PM--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> (moultano @ Feb 17 2004, 01:51 PM)</td></tr><tr><td id='QUOTE'><!--QuoteEBegin--> or even keeping the machine off until a patch is released. <!--QuoteEnd--> </td></tr></table><div class='postcolor'> <!--QuoteEEnd--> You missed the whole "viable" and "practical" parts didn't you?
moultanoCreator of ns_shiva.Join Date: 2002-12-14Member: 10806Members, NS1 Playtester, Contributor, Constellation, NS2 Playtester, Squad Five Blue, Reinforced - Shadow, WC 2013 - Gold, NS2 Community Developer, Pistachionauts
edited February 2004
<!--QuoteBegin-othell+Feb 17 2004, 03:17 PM--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> (othell @ Feb 17 2004, 03:17 PM)</td></tr><tr><td id='QUOTE'><!--QuoteEBegin--> You missed the whole "viable" and "practical" parts didn't you? <!--QuoteEnd--></td></tr></table><div class='postcolor'><!--QuoteEEnd--> It's a last resort, but its certainly preferable to getting your box rooted and losing data or worse.
Comments
we will see
edit: and now they just found a way to give a binarie the MS signature.... i hope you also know what you can do with that
So what? Its MS's choice about what exploits are top priority and what are not. That still does not give any person the right or even the moral high ground to post any information about how to take advantage of the exploit.
So they don't get screwed? What exactly could they do exactly? Oh yeah... Nothing.
Its more like60% of the win2k and nt4 source. The 40GB they have are not only windows but also office. AND the 40GB is the CVS, wich means, all versions of all files. 2% is much too low, 60% perhaps to high, must be something between, but enogh to make big damage (iexplorer, winsocks etc)
<!--QuoteEnd--></td></tr></table><div class='postcolor'><!--QuoteEEnd-->
Sorry, but if I paid that much for a system I damned well want to know about it when a previously undocumented exploit is discovered (by a non-cracker). Microsoft may own the code, but it's my system and I need to protect it.
<!--QuoteBegin--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> </td></tr><tr><td id='QUOTE'><!--QuoteEBegin-->
So they don't get screwed? What exactly could they do exactly? Oh yeah... Nothing.<!--QuoteEnd--></td></tr></table><div class='postcolor'><!--QuoteEEnd-->
Yes I see your point, people using undiscovered (by a non-cracker) exploits to compromise your system is nothing to worry about, absolutely nothing bad could possably come from that. Yes othell, your insight has assured me. </sarcasm>
They could disable images in their browser. . .
<!--QuoteEnd--></td></tr></table><div class='postcolor'><!--QuoteEEnd-->
And this is different from the open source movement doing the same thing, how exactly?
PS: stop with the personal attacks, or you will be suspended. I'm seeing a lot of this today from lots of people, and as I just had to hand over a check to a mortgager for $60,000, I'm in a suspending mood. Get it under control folks, or I will do it for you.
It's time I make a distinction here. My problem is not exactly when a bug is posted to let people know about it. My problem is when a bug is posted, how to exploit that bug, and now that the source is released, anything relating to the source in relation to the exploit.
<!--QuoteBegin--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> </td></tr><tr><td id='QUOTE'><!--QuoteEBegin-->Yes I see your point, people using undiscovered (by a non-cracker) exploits to compromise your system is nothing to worry about, absolutely nothing bad could possably come from that. Yes othell, your insight has assured me. </sarcasm><!--QuoteEnd--></td></tr></table><div class='postcolor'><!--QuoteEEnd-->
Lets try fewer assumptions next time. I never said it is nothing to worry about. All I stated was that knowing about an exploit when there is no patch does very little for an individual. What steps could an individual actually take to prevent their system from being exploited... Other than best practices that should already be standard? Oh... Next to nothing in most circumstances.
You don't need to know about every exploit that is discovered in Windows. No one except MS needs to know about every exploit found for Windows. Making an exploit known, when there is no patch yet, just increases the likelihood of others taking advantage of the said exploit. There's next to nothing you could really do that you should not already be doing.
So once again... You have no need to know of every exploit found for Windows. You don't deserve to know. You have no rights to know. All you have is a want, not a need.
<!--QuoteBegin--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td><b>QUOTE</b> </td></tr><tr><td id='QUOTE'><!--QuoteEBegin-->They could disable images in their browser. . . <!--QuoteEnd--></td></tr></table><div class='postcolor'><!--QuoteEEnd-->
Did I have to add the word "viable" to that? How about "practical"? Here's an example... Upgrade IE.
There is always something you can do, whether it be disabling a service, not using a particular feature, or even keeping the machine off until a patch is released.
Or even better, dont use IE.. im shure it wont be the last exploit... same for OE...
You missed the whole "viable" and "practical" parts didn't you?
It's a last resort, but its certainly preferable to getting your box rooted and losing data or worse.