Re: Crack Office XP

["Ryan Permeh" <ryan () eEye com>]

as someone who ported a raw packet library to winnt systems over a year ago,
i seriously doubt that raw sockets pose any threat to the internet that
wasn't already there.  the things you should watch out for are the new xp
centric features, like a built in pcanywhereish remote administration
feature, and potentially having iis on every desktop, home or corporate.

xp offers a lot more in the way of security than 9x/me ever did, it offers
much more functionality, and to say that adding better apis already
availible in a hackable functionality is a bad thing is ridiculous.  people
who want this functionality, for bad or good reasons, already have it.  this
just marginally makes it easier...

i'd trade a microkernel TCB based sacl/dacl system's benefits over any
potential risk that raw sockets could ever pose.

if you want to define the threat here, get on the isp's to enforce egress
spoofing filtering.  when i worked at an isp, we did it on all of our
borders, it's not hard, it doesn't realisticly reduce performance, and
acheives the effect that people want by dropping raw sockets, without
removing that functionilty.  Raw sockets offer a potentially much higher
degree of control over your network. yes, it allows spoofing, but it also
allows people to write their own better protocols without having to hack in
kmode, or write tdi filters.
Signed,
Ryan Permeh
eEye Digital Security Team
http://www.eEye.com/Retina -Network Security Scanner
http://www.eEye.com/Iris -Network Traffic Analyzer

----- Original Message -----
From: "ricardo_x" <ricardo_x () hotmail com>
To: <vuln-dev () securityfocus com>
Sent: Sunday, June 10, 2001 3:27 PM
Subject: Re: Crack Office XP


> ... just wanted to add my 2 cents:
>
> folks,
> regardless whether any progy/os is crackable or not (btw please add
> office-xp to the list)
> what I find incredible and a true issue to this newsgroup is micro$oft's
> intention to 100% implement
> the raw sockets specification. (see more info at Steve Gibson'
> http://grc.com/dos/winxp.htm)
>
> welcome to the jungle,
>
> ricardo
>
>
> ----- Original Message -----
> From: <bill_weiss () att net>
> To: <vuln-dev () securityfocus com>
> Sent: Sunday, June 10, 2001 2:21 AM
> Subject: Re: Crack Office XP
>
>
> > bill_weiss () att net(bill_weiss () att net)@Sat, Jun 09, 2001 at
> 01:25:07PM -0600:
> > > Blue Boar(BlueBoar () thievco com)@Fri, Jun 08, 2001 at 09:54:38PM -0700:
> > > > Nicolás Gómez wrote:
> > > > > I went to the launching of the Office XP... in the entering of the
> Ballroom
> > > > > they bring to you a bag with some products....One of them was a
> Office XP
> > > > > trial for 30 days
> > > > >
> > > > > if someone has that crack or has some place to search for it, i'd
> appreciate
> > > > > it
> > > >
> > > > Several people have already replied that "this is the wrong list",
> > > > or "go buy the software".  Including one guy who made that comment,
> > > > and then included a serial number.  Go figure.
> > > >
> > > > Anyway, I let it through because there have been news stories that
> > > > it has been cracked, and MS denies it.  I was hoping for an answer.
> > > > Second, I was hoping for a discussion of how the copy protection
> > > > in XP products works.  Yes, it's a bit off-topic for vuln-dev,
> > > > and I usually toss such queries.  However, this is going to affect a
> > > > lot more people, and I think it's also going to touch on privacy
> > > > issues.
> > >
> > > And here we thought you were losing your mind :)
> > >
> > > I, personally, have no intentions of ever touching this OS, if I can.
> > > But, some of my friends who are active in the warez scene have been
> running
> > > beta builds of it, sometimes since the day they come out.  For more
> info,
> > > I refer you to this site:
> > > http://winblowz.orcon.net.nz/whistler.html
> > > and, if that goes down, it's found at
> > > http://kickme.to/winblowz98
> > > And clicking on "Windows Whistler/XP"
> >
> > Arrgghh...  Office != Windows (thanks to the person who pointed this
out).
> > Same site (http://kickme.to/winblowz98), different link.  I imagine you
> can
> > find it.