Re: Re: MS not telling enough

[J u a n <perfectirijillo () gmail com>]

On 8/18/05, Jason Coombs <jasonc () science org> wrote:
> > So there ya go. I suppose you'll
> > find something new to complain
> > about, or to be rude about.
>
> Whenever possible, yes.
>
> It's amazing how much you support Microsoft. Don't you know that it is in the continued support that you give them 
> that they derive their continued opportunities to harm others?
>
> Of course, the more you and others support Microsoft, the more your expertise grows in value.
>
> Compare your decision-making and ethics to the decisions made by me and others who, after hard work and sacrifice to 
> gain over a decade worth of training, education, skill and work experience with Microsoft products, grew to 
> understand that it causes harm to the entire world for us to apply that skill in any fashion that helps Microsoft.
>
> I swore an oath never again to apply my skills in a way that helps Microsoft.
>
> ... or to help any other organization that knowingly causes harm with reckless disregard for the well-being of others.
>
> Integrity, competency, and those who prove they are good people must be supported, and anyone who lacks integrity, 
> competency, and has proven they are bad must be opposed.
>
> To do otherwise demonstrates the same self-serving and wrong thinking that enables Microsoft to con its victims in 
> the first place.
>
> Glad to see Microsoft give an opinion that more clearly explains that their Windows 2000 product is inherently 
> defective and shouldn't be used if you intend to connect it to a computer network.
>
> That was the conclusion that I arrived at after performing a forensic review of IIS 5.0 -- you'll find my analysis 
> contained within my book about IIS security:
>
> http://www.science.org/jcoombs/
>
> http://www.forensics.org/IIS_Security_and_Programming_Countermeasures.pdf
>
> Best,
>
> Jason Coombs
> jasonc () science org
>
>
> -----Original Message-----
> From: "Kurt Seifried" <listuser () seifried org>
> Date: Thu, 18 Aug 2005 11:00:04
> To:<jasonc () science org>
> Subject: MS not telling enough
>
> They just updated MS05-039.
>
>  Windows 2000 systems are primarily at risk from this vulnerability. Windows
> 2000 customers who have installed the MS05-039 security update are not
> affected by this vulnerability. If an administrator has disabled anonymous
> connections by changing the default setting of the RestrictAnonymous
> registry key to a value of 2, Windows 2000 systems would not be vulnerable
> remotely from anonymous users. However, because of a large application
> compatibility risk, we do not recommend customers enable this setting in
> production environments without first extensively testing the setting in
> their environment. For more information, search for RestrictAnonymous at the
> Microsoft Help and Support Web site.
>
> So there ya go. I suppose you'll find something new to complain about, or to
> be rude about.
>
> -Kurt
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/


Ok, I think it's time to filter your email from my inbox.
Don't take it the wrong way, but I don't care about your fights with
some guy named Kurt,
or the stupid forensic dudes or the laws or politics of your country.
All I care about is securiy, if I ever want to discuss other stuff
I'll subscribe to another
list, forum, whatever.
Have a nice day.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/