Bugs and Suggestions

   

FirstPrevNext

Re: Cleanup... Mauricio Ritter28-Feb-02 3:28 Mauricio Ritter 28-Feb-02 3:28  Chris Maunder wrote: I'm assuming you're asking about bad/low rating/poorly edited articles Yup ! Mauricio Ritter - Brazil Sonorking now: 100.13560 Trank Re: Cleanup... Andrew Peace3-Mar-02 9:59 Andrew Peace 3-Mar-02 9:59  Chris Maunder wrote: I'm assuming you're asking about bad/low rating/poorly edited articles Hmphh ! BTW where did the laughing smiley go? -- Andrew. Re: Cleanup... Jon Sagara3-Mar-02 11:19 Jon Sagara 3-Mar-02 11:19  You mean that one? Jon Sagara What about ? Sonork ID: 100.9999 jonsagara Re: Cleanup... Andrew Peace3-Mar-02 11:40 Andrew Peace 3-Mar-02 11:40  yes - I could've sworn it used to be one the bar of them across the bottom. Thanks! -- Andrew. Re: Cleanup... Chris Maunder4-Mar-02 4:04 Chris Maunder 4-Mar-02 4:04  It's still there - between and cheers, Chris Maunder Name Usage problem. ColinDavies21-Feb-02 18:30 ColinDavies 21-Feb-02 18:30  It is by far way to easy to use other peoples names for Message Board / Forums posting. Someone used Dr Wluffs name today, although it was funny this could become confusing. I did it here http://www.codeproject.com/lounge.asp?forumid=1159&app=50&select=120020&fr=101#xx120001xx I would not have made this public but Nish advised me that all bugs should be publisized. Regardz Colin J Davies Sonork ID 100.9197:Colin Most people should stick to calculators, Isaac Sasson 28 th Law of Computing: Anything that can go wr# Segmentation violation -- Core dumped Re: Name Usage problem. Nish Nishant21-Feb-02 18:34 Nish Nishant 21-Feb-02 18:34  Colin Davies wrote: Someone used Dr Wluffs name today, although it was funny this could become confusing. If it was not David, it was not funny at all. Colin Davies wrote: I did it here http://www.codeproject.com/lounge.asp?forumid=1159&app=50&select=120020&fr=101#xx120001xx Yes. You sure did impersonate me and I think it's a big problem if anyone could do that to anyone else. Colin Davies wrote: I would not have made this public but Nish advised me that all bugs should be publisized. I believe in the bugtraq philosophy. If bugs are kept secret, people will exploit them endlessly. Once published, bugs are quickly corrected. David C, Chris M, Uwe K? Regards and cheers Nish My most recent CP article :- A newbie's elementary guide to spawning processes www.busterboy.org Re: Name Usage problem. ColinDavies21-Feb-02 18:40 ColinDavies 21-Feb-02 18:40  Nish [BusterBoy] wrote: If it was not David, it was not funny at all. Well compared to some of the stuff Dr Wluff has posted it was inoffensive and tame. Nish [BusterBoy] wrote: Yes. You sure did impersonate me and I think it's a big problem if anyone could do that to anyone else. Yes if I can do it, a 9 yr old girl can do it in a big pink font, I cleanly admit it wasn't much of a discovery. Nish [BusterBoy] wrote: I believe in the bugtraq philosophy. If bugs are kept secret, people will exploit them endlessly. Once published, bugs are quickly corrected. I always use a letter u after a letter q unless the word is a proper name like Qantas or Qatar. But I really don't undestand this philosophy. Is it documented somewhere ? Regardz Colin J Davies Sonork ID 100.9197:Colin Most people should stick to calculators, Isaac Sasson 28 th Law of Computing: Anything that can go wr# Segmentation violation -- Core dumped Re: Name Usage problem. Nish Nishant21-Feb-02 18:48 Nish Nishant 21-Feb-02 18:48  http://online.securityfocus.com/archive/1 Nish My most recent CP article :- A newbie's elementary guide to spawning processes www.busterboy.org Re: Name Usage problem. James T. Johnson21-Feb-02 18:42 James T. Johnson 21-Feb-02 18:42  Nish [BusterBoy] wrote: I believe in the bugtraq philosophy. If bugs are kept secret, people will exploit them endlessly. Once published, bugs are quickly corrected. I agree, let it be known that a bug exists, but I believe its stupid and inconsiderate to publish how to exploit a security bug before there is any reasonable chance to fix it. For example this AOL AIM Bug. My $.02, James Sonork ID: 100.11138 - Hasaki "My words but a whisper -- your deafness a SHOUT. I may make you feel but I can't make you think." - Thick as a Brick, Jethro Tull 1972 Re: Name Usage problem. Nish Nishant21-Feb-02 18:44 Nish Nishant 21-Feb-02 18:44  James T. Johnson wrote: I agree, let it be known that a bug exists, but I believe its stupid and inconsiderate to publish how to exploit a security bug before there is any reasonable chance to fix it. For example this AOL AIM Bug. My $.02, Well you are correct. Colin, as a matter of fact, only said that there was a bug that could be exploited, he didn't actually detail the exploit technique. Nish My most recent CP article :- A newbie's elementary guide to spawning processes www.busterboy.org Re: Name Usage problem. Chris Maunder21-Feb-02 18:45 Chris Maunder 21-Feb-02 18:45  Nish [BusterBoy] wrote: I believe in the bugtraq philosophy. If bugs are kept secret, people will exploit them endlessly. Once published, bugs are quickly corrected. That sounds more like the Cigital philosophy. Isn't it better to send an email directly to the vendor to give them a chance to fix it instead of making it public and placing undue stress on the vendor by not giving them any lead time to fix the problem while malicious users use the new found security hole to play havoc? cheers, Chris Maunder Re: Name Usage problem. Nish Nishant21-Feb-02 18:51 Nish Nishant 21-Feb-02 18:51  Chris Maunder wrote: That sounds more like the Cigital philosophy Chris, He didnt actually detail out the exploit. He just said it could be done. Anyway people must know that this bug exists because of the fake-post under David Wulff's name on the Lounge. Funny thing is, I was actually fooled. I thought it really was David. I guess Colin must have mailed you how he did it by now. I hope it's an easily corected error. Thanks Nish My most recent CP article :- A newbie's elementary guide to spawning processes www.busterboy.org Re: Name Usage problem. Chris Maunder21-Feb-02 19:02 Chris Maunder 21-Feb-02 19:02  Nish, I wasn't commenting on Colin, I was commenting on your philosophy. cheers, Chris Maunder Re: Name Usage problem. Nish Nishant21-Feb-02 19:11 Nish Nishant 21-Feb-02 19:11  Chris Maunder wrote: I wasn't commenting on Colin, I was commenting on your philosophy Okay. I understand now. But normally exploits are released so that people can download these exploits, try them against their own machines and make sure that they are safe. I was pasrt of my company's net security team last year. This was one of my functions. Look out for the latest bugs and exploits. Download them. Try them on our servers. There were 4 separate instances when I actually discovered root exploit holes on sour main server [running Linux]. So I have a different way of looking at these things. Also during my college level days, I played around quite a bit with vulnerability scanners and stuff like that. Nish My most recent CP article :- A newbie's elementary guide to spawning processes www.busterboy.org Re: Name Usage problem. James T. Johnson21-Feb-02 19:23 James T. Johnson 21-Feb-02 19:23  Nish [BusterBoy] wrote: But normally exploits are released so that people can download these exploits, try them against their own machines and make sure that they are safe. But how will you be safe if there was no time to fix the exploit itself? You'd then be a victim of your own philosophy. Citigal released the AIM exploit because they're nothing but a bunch of script kiddies looking for some fun. IMHO anyway James Sonork ID: 100.11138 - Hasaki "My words but a whisper -- your deafness a SHOUT. I may make you feel but I can't make you think." - Thick as a Brick, Jethro Tull 1972 Re: Name Usage problem. Nish Nishant21-Feb-02 19:29 Nish Nishant 21-Feb-02 19:29  James T. Johnson wrote: But how will you be safe if there was no time to fix the exploit itself? You'd then be a victim of your own philosophy. It's not that way at all. Say there is a new bug in my box's FTP server. I download the exploit. Test my server and if it is vulnerable I take it down. later on when the vendor releases a new version I downlaod it and try the exploit on it and if it is safe I can up my FTP again. Thus the end-users can be sure they are using a safe product and there is pressure on my FTP server vendor to fix the bug. But the nice security guys always give the vendor a one week head start. Cigital's behaviour sucked in that respect. Nish My most recent CP article :- A newbie's elementary guide to spawning processes www.busterboy.org Re: Name Usage problem. James T. Johnson21-Feb-02 20:17 James T. Johnson 21-Feb-02 20:17  Nish [BusterBoy] wrote: Say there is a new bug in my box's FTP server. I download the exploit. Test my server and if it is vulnerable I take it down. And what if the exploit is for something more serious than an FTP server? Or that you depend on the FTP server for day-to-day duties. You can't just "take it down" without serious problems occuring. Publishing bugs that don't affect security should be published, since publishing them does tend to get them fixed faster. Put publishing security bugs just hurts everyone who relies on the software for their business. James Sonork ID: 100.11138 - Hasaki "My words but a whisper -- your deafness a SHOUT. I may make you feel but I can't make you think." - Thick as a Brick, Jethro Tull 1972 Re: Name Usage problem. Nish Nishant21-Feb-02 20:29 Nish Nishant 21-Feb-02 20:29  James T. Johnson wrote: And what if the exploit is for something more serious than an FTP server? Or that you depend on the FTP server for day-to-day duties. You can't just "take it down" without serious problems occuring. Publishing bugs that don't affect security should be published, since publishing them does tend to get them fixed faster. Put publishing security bugs just hurts everyone who relies on the software for their business. James you seem to have no idea of how the cracking community works. If one of them discovers a hole, it'll spread like fire. Thus if a valid security agency keeps the bug a secret, the only people who miss out will be the end-users. The malicious ones will always be the first ones to get access to the exploits. Believe me James, I know what I am talking about. Hiding an exploit won't make it vanish. On the other hand revealing it might at the very least enable an end-user to be at least ready for it. And it is very very good to pressurize the vendors. I am not sure you'll be convinced. This kind of thing needs real experience before convincement. Anyway, I understand your thought process, but your data is all wrong. Often vendors have kept quiet about holes and this has lead to a lot of security breaches costing dear to many users of their products. Guess I'll stop now... Thanks Nish My most recent CP article :- A newbie's elementary guide to spawning processes www.busterboy.org Re: Name Usage problem. Chris Maunder25-Feb-02 9:24 Chris Maunder 25-Feb-02 9:24  Nish [BusterBoy] wrote: James you seem to have no idea of how the cracking community works. If one of them discovers a hole, it'll spread like fire. To the cracking community, yes, but not to the general community. Crackers will find holes no matter, but if someone posts information about a hole to the community t large (with detailed instructions on how to do it) then it encourages those who would otherwise not know or have the energy/wherewithall to find out. I would imagine those who would try a hole simply because it's been widely publicised would outway those who would find out through their cracker networks by a factor or a hundred to one or more. cheers, Chris Maunder Re: Name Usage problem. Nish Nishant25-Feb-02 14:50 Nish Nishant 25-Feb-02 14:50  Hi Chris I was surprised to get a reply on this thread, started a week or two ago I think. I bet this is the longest thread ever in the Suggestions Forum Nish My most recent CP article :- A newbie's elementary guide to spawning processes www.busterboy.org Re: Name Usage problem. Nish Nishant25-Feb-02 14:52 Nish Nishant 25-Feb-02 14:52  Nish [BusterBoy] wrote: started a week or two ago I think Sheesh! Sorry! Just 3 days old. Seems like so long ago though to me Nish My most recent CP article :- A newbie's elementary guide to spawning processes www.busterboy.org Re: Name Usage problem. James T. Johnson25-Feb-02 17:41 James T. Johnson 25-Feb-02 17:41  Nish [BusterBoy] wrote: Seems like so long ago though to me I thought its been more than a week too. Chris basically said what I had been trying to type in a reply too :-P James Sonork ID: 100.11138 - Hasaki "My words but a whisper -- your deafness a SHOUT. I may make you feel but I can't make you think." - Thick as a Brick, Jethro Tull 1972 Re: Name Usage problem. Nish Nishant25-Feb-02 17:44 Nish Nishant 25-Feb-02 17:44  James T. Johnson wrote: Chris basically said what I had been trying to type in a reply too Yeah, you guys are all one gang. As usual I am singled out But I don't mind too much James, I really don't Thanks, Nish My most recent CP article :- A newbie's elementary guide to spawning processes www.busterboy.org Re: Name Usage problem. James T. Johnson25-Feb-02 17:50 James T. Johnson 25-Feb-02 17:50  Nish [BusterBoy] wrote: As usual I am singled out We'll be coming for you soon! Are you ready? James Sonork ID: 100.11138 - Hasaki "My words but a whisper -- your deafness a SHOUT. I may make you feel but I can't make you think." - Thick as a Brick, Jethro Tull 1972

Last Visit: 31-Dec-99 18:00     Last Update: 10-Oct-24 4:25 Refresh ᐊ Prev1...3132313331343135313631373138313931403141 Next ᐅ

General    News    Suggestion    Question    Bug    Answer    Joke    Praise    Rant    Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.