RE: The MSBlast Conspiracy Theory

[Dark-Avenger () comcast net]

We shall crown you "Prince Know-It-All, Jim the Noble".

Don't you realize that contracts, treaties, agreements, hand-shakes, blood
pacts, or whatever else you use to come to an agreement on are all susceptible
to arbitration or legal challenges (a.k.a. lawsuits)? There is always the
implied acceptable performance of anything you purchase. You may not win any
more than your money back, but this does not prevent any lawsuit from being filed.

Your comparison to sugar in the gas tank "doesn't hold water", as you would say.

(remember, don't drink coffee while driving)
----------------------  Forwarded Message:  ---------------------
From:    "Noble, Jim" <jnoble () info1team com>
To:      <full-disclosure () lists netsys com>
Subject: RE: [Full-disclosure] The MSBlast Conspiracy Theory
Date:    Fri, 15 Aug 2003 10:23:06 -0400

Lawsuits?

Read your shrink wrap agreement, you own the liability of the software
and any data that you create with it...

Nice theory, but it doesn't hold water.

That would be the same as saying that since the car you purchased wasn't
made to filter sugar out of the gas tank, that an attack on the entire
fuel storage in the world be the fault of the car manufacturer.

-
Arcturus...
Network & Security Director
CISSP, CCSE+, CNX

===================================
CONFIDENTIALITY===================================
This E-mail is confidential. It should not be read, copied, disclosed or
used 
by any person other than the intended recipient. Unauthorized use,
disclosure or 
copying by whatever medium is strictly prohibited and may be unlawful.
If you have 
received this E-mail in error please contact the sender immediately and
delete 
the E-mail from your system.
===================================
CONFIDENTIALITY===================================


-----Original Message-----

From: full-disclosure-admin () lists netsys com
[mailto:full-disclosure-admin () lists netsys com] On Behalf Of Brad Pryce
Sent: Friday, August 15, 2003 6:32 AM
To: Weezer Hutchins
Cc: full-disclosure () lists netsys com
Subject: Re: [Full-disclosure] The MSBlast Conspiracy Theory


Possible, but not likely.

Brad Pryce

Weezer Hutchins wrote:

> This was such a benign implementation of the serious DCOM security 
> risk, that my conspiracy theory is ... Microsoft had this worm released

> on purpose in an attempt to get everyone to patch their machines before

> a really threatening version was released.
>
> Imagine, what if ...
>
>   ... this vulnerability was used to remove all the .doc, .xls, .ppt, 
> etc. files off the drives, including network attached drives? (you know
how everyone keeps backups of all their files :)
>   ... this vulnerability intentionally stole everybody's address books

> and transferred them to some anonymous ftp server for later pickup (a
spammer's dream)?

>   ... this vulnerability stole financial and personal data in the same

> manner as above, and gets bank account numbers, credit card numbers, 
> passwords, etc., from Quicken, Microsoft Money and other files (of
course, everybody password protects these files)?
>   ... (insert your own extremely disastrous scenario here)
>
> Any of these would cause so much harm to Microsoft from the lawsuits 
> and lost business, that they couldn't afford to let it remain out 
> there, thus the conspiracy theory arises.
>
> __________________________________
> Do you Yahoo!?
> Yahoo! SiteBuilder - Free, easy-to-use web site design software 
> http://sitebuilder.yahoo.com 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
>  


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html