Full Disclosure mailing list archives
Re: GUNINSKI THE SELF-PROMOTER
From: <dhtml () hush com>
Date: Tue, 15 Jul 2003 17:45:41 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
You may remember that Guninski completely failed to notify the VIM development team of security vulnerabilities in its product, and these
were
brought up by a third party on VIM-DEV for the first time. I would
have
understood CC'ing the major security lists with the post *in addition
to*
vim-dev, as it *is* a public channel.
I certainly don't remember that. Seems Georgi said: " Vendor status: vim.org and some vendors were notified on Mon, 25 Nov 2002" After releasing it on Thu, 12 Dec 2002. I think I will believe Georgi's version. Not yours.
After all, Guninski has not produced an advisory detailing a security vulnerability of any kind in a Microsoft product since July 31, 2002,
so
what right does he have to say that trustworthy computing is a flop?
Clearly, Georgi Guninski couldn't get a job, and relying on the Apache
1.3
descriptor leak (shudders), or perhaps a local command execution bug
in
vim, or worse, a format string in the Etheral socks dissector, wouldn't
get
him anywhere. So, he has slanted every story he could get a hold of,
turning a non-issue of one-month delays into ridiculous, childish,
kiddies'
rhetoric about MS' irresponsibility. Even funnier is that while he
was
making a major deal out of MS security being unresponsive, he wasn't
even
notifying open-source vendors of security vulnerabilities!
Your transparent and sudden "love affair" with Microsoft and "responsible disclosure" doesn't fool us Matthew. It is you that is desperately seeking employment and the louder you shout, the better chances you think you may have. Oh Matthew. You turncoat you.
Also, Bruce Schneier has little or no room to talk, as his "Password
Safe"
tool was unable to keep local passwords safe, let alone a large product base of network applications:
Please. You're embarrassing yourself. Matthew Murphy, wannabe virus writer. Why not skip on back to alt.comp.virus.source.code to try and figure it all out before taking on Schneier. Matthew, Matthew, Matthew you'd spin around like a little girl in the vortex of his knowledge should he even fart in your direction. HAHAHAHA sig of the year: "Bruce Schneier has little or no room to talk" - - MATTHEW MURPHY - CODE RIPPER, JULY 15 2003
I also ask you to take into account the fact that altering a mindset
takes
time. Security vulnerabilities were all but ignored in the early days
of
single-user non-networked Win16. Those early days are the source of
some
of the Win32 message routines implicated in the recent "Shatter" attacks. Microsoft has had to work against buggy base code, and teams of developers who were never taught a bit about security. Essentially, Microsoft
is
working against its own history. For a company of Microsoft's size,
this
is not easy. For all of the work that requires, I'd say that Microsoft
is
doing a damn good job.
Keep it up Matthew, they'll come a recruiting soon enough. For shits and giggles here are two of Matthew "Bruce Schneier has little or no room to talk" Murphy's code rips: 1. DoS in Multiple IE Versions (Self-Referenced Directives) Date: 2002- 04-20 "The Exploit To date, I have discovered 4 points of exploitation to crash the browser. My favorite example is this one: - ---- [ CRASH.HTM ] ---- <OBJECT DATA="CRASH.HTM" TYPE="text/html"></OBJECT> - ---- [ CRASH.HTM ] ---- IE dies inside shdocvw.dll with a call stack overflow. " Gosh, this was discovered in March 1998 by Abe L. Getchell. Even the named html is almost the same LoL! <!-- <html> <head> <title></title> <object data=3D"crashmehtml.html"></object> </head> <body> </body> </html> - --> "What I am doing here, is using the "data" attribute of the"object" tag to reference itself. This misuse of the object tag causesthe broswer to go into a loop" "EXPLORER causes a stack fault in module SHDOCVW.DLL at 016f:7078d692. EXPLORER causes a page fault in module SHDOCVW.DLL at 016f:7078d692" 2. Microsoft Outlook Express Spoofable File Extensions Vulnerability http://www.securityfocus.com/bid/5277 published Jul 20, 2002 You "pinched" ;-) that one from virus writer, Simon Vallor, Outlook GenKit: "malware.JPG .EXE .JPG" Problem there is, Simon pinched it from bugtraq already in the archives back in August, 2001 which is what is generator was created for. http://www.securityfocus.com/archive/1/157279/2003-07-13/2003-07-19/2 Content-Type: image/gif; charset=us-ascii Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="nicepic.gif .vbs.gif" set WshShell = WScript.CreateObject ("WScript.Shell") WshShell.Run("telnet.exe") Lord alone knows what else you have been helping yourself to Matthew. No worries there mate, you'll fit in well with Microsoft once they come a calling Are you still 14? Seems like ages. But you'll hopefully grow up one day. Cheers Big Ears! :D Oh. and p.s. - feel free to help yourself to anything else you might fancy. "Pad" the resume for Microsoft you see ;-) ! -----BEGIN PGP SIGNATURE----- Note: This signature can be verified at https://www.hushtools.com/verify Version: Hush 2.3 wkYEARECAAYFAj8UnzAACgkQTAj0ZSCgbx5aAgCfTxVa5fKzBRwMliaKrWvWRg5sfY0A oLtuDFGTg8jpcESfykFCLw3jYXDL =wByl -----END PGP SIGNATURE----- Concerned about your privacy? Follow this link to get FREE encrypted email: https://www.hushmail.com/?l=2 Free, ultra-private instant messaging with Hush Messenger https://www.hushmail.com/services.php?subloc=messenger&l=434 Promote security and make money with the Hushmail Affiliate Program: https://www.hushmail.com/about.php?subloc=affiliate&l=427 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Re: GUNINSKI THE SELF-PROMOTER, (continued)
- Re: Re: GUNINSKI THE SELF-PROMOTER Valdis . Kletnieks (Jul 15)
- Re: Re: GUNINSKI THE SELF-PROMOTER madsaxon (Jul 15)
- Re: Re: GUNINSKI THE SELF-PROMOTER David R. Piegdon (Jul 15)
- Re: Re: GUNINSKI THE SELF-PROMOTER Valdis . Kletnieks (Jul 15)
- Re: Re: GUNINSKI THE SELF-PROMOTER Dan Stromberg (Jul 16)
- RE: Re: GUNINSKI THE SELF-PROMOTER Andrew Thomas (Jul 16)
- RE: Re: GUNINSKI THE SELF-PROMOTER Melvyn Sopacua (Jul 15)
- Re: GUNINSKI THE SELF-PROMOTER Georgi Guninski (Jul 19)
- Re: GUNINSKI THE SELF-PROMOTER pandora (Jul 19)
- Re: GUNINSKI THE SELF-PROMOTER w g (Jul 19)
- Re: GUNINSKI THE SELF-PROMOTER Troy Solo (Jul 19)
- Re: GUNINSKI THE SELF-PROMOTER Valdis . Kletnieks (Jul 19)
- Re: Vendor v. Open-Source Response (was GUNINSKI THE SELF-PROMOTER) Karl DeBisschop (Jul 20)
- Re: GUNINSKI THE SELF-PROMOTER Georgi Guninski (Jul 20)
- Re: GUNINSKI THE SELF-PROMOTER northern snowfall (Jul 20)