Full Disclosure mailing list archives
Re: Microsoft laxed security is threat to internet
From: "Sleem" <sleem () ihcteam org>
Date: Fri, 9 Jul 2004 23:44:07 -0000 (WET)
Well, you said too many things at the same time about Full Disclosure as list and as concept, about Microsoft and about script kiddies that I finally did not understand what you meant. Are you trying to say that full disclosure is only useful for script kiddies ? If it's what you meant, it would be nice from you to tell us what we have to do... In my views, full disclosure may cause problems, but it is still the best solution for preventing mass attacks and for reporting bugs and holes. If you got something better for alerting other administrators and being well informed, feel free to tell me! The other thing is about Microsoft... Well, if you think that the Microsoft's politic is a danger for the user's security and for your own, all you have to do is to change your environment and choose a free Unix like Linux or *BSD. Where's the matter ? In fact, we can not force users to leave Windows and Microsoft (or simply proprietary) products, but you, and everyone of us, can stronly recommand theses ones. And I'm sure that it is a good solution for every open-minded administrator or user that likes freedom.
We spend our times discussing the flaws in developers coding and saying "a s cript kiddie can do this" how can we stop script kiddies from doing X. Let's look at script kiddies. Where do you think they get information from to be script kiddies? I'll tell you where. From lists like this. Yes, this list is pro-active in the discussion of preventing attacks on various network, systems, and softwares by script kiddies. How much of a percentage of discussion and disclosure on this list is actually counter acting script kiddie hood and how much is actually aiding them to carry out further malicious activities across the internet on a global scale? Yes, you can use this list to make vendors aware of a security situation. Although how many users are updating straight away and how many users are unaware of a flaw. I think security lists are geared up more at the vendor patching X, than making the consumer aware of a security flaw and asking them to update. Microsoft Windows. How many consumers know of flaws and the need to update as-it-happens. How many consumers read online articles from, for example Cnet News? Hardly any. Leaving the script kiddies to a hackfest of compromising home and small business network's and computer's for months, going undetected. Corporate network's and computer's obviously don't apply, because they are watching list's like FD like a hawk. Though for the average consumer. It is likely your computer will be taken over and zombified by scripts run by script kiddies. FD is only informing corporations and not the average user. Even corporations and developers cannot alert the -majority- of average users to a security flaw, which need's an urgent patch implemented. Most average users will still be vulnerable to flaws FD was disclosing more than a year ago. F**k Microsoft. They (Microsoft) need to start using "Auto Updating" home and small business network's, and it doesn't matter about the critics who say it's a breach of privacy and you have no right modifying a users computer. At the end of the day, we are talking about the spawning of very large bot net's owned by script kiddies, who can easily take down internet back bones and take out key infrastructure, which the very existence of the internet depends on. FD or BUGTRAQ can't save us now. Only Microsoft can. Implement Auto updating software for security patches without delay. I don't have much faith in Service Pack 2 (The overhaul of Mircosoft code). All of these Microsoft exploits will be the death of the internet one day, when script kiddies decide to execute the mother of all denial of service attacks against the internet. Trust me, bot net's big enough are paused and waiting for such a day. Microsoft will have big legal costs if it can be proven a Microsoft flaw was the main vulnerability used. Cheerio _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _____________________________________________________________________ Envie de discuter en "live" avec vos amis ? Télécharger MSN Messenger http://www.ifrance.com/_reloc/m la 1ère messagerie instantanée de France
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Microsoft laxed security is threat to internet System Outage (Jul 09)
- Re: Microsoft laxed security is threat to internet Sleem (Jul 09)
- Re: Microsoft laxed security is threat to internet Roman Drahtmueller (Jul 09)