[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] Re: MS not telling enough

To: "Kurt Seifried" <listuser@xxxxxxxxxxxx>
Subject: [Full-disclosure] Re: MS not telling enough
From: "Jason Coombs" <jasonc@xxxxxxxxxxx>
Date: Thu, 18 Aug 2005 17:31:24 +0000 GMT

> So there ya go. I suppose you'll
> find something new to complain
> about, or to be rude about.

Whenever possible, yes.

It's amazing how much you support Microsoft. Don't you know that it is in the 
continued support that you give them that they derive their continued 
opportunities to harm others?

Of course, the more you and others support Microsoft, the more your expertise 
grows in value.

Compare your decision-making and ethics to the decisions made by me and others 
who, after hard work and sacrifice to gain over a decade worth of training, 
education, skill and work experience with Microsoft products, grew to 
understand that it causes harm to the entire world for us to apply that skill 
in any fashion that helps Microsoft.

I swore an oath never again to apply my skills in a way that helps Microsoft.

... or to help any other organization that knowingly causes harm with reckless 
disregard for the well-being of others.

Integrity, competency, and those who prove they are good people must be 
supported, and anyone who lacks integrity, competency, and has proven they are 
bad must be opposed.

To do otherwise demonstrates the same self-serving and wrong thinking that 
enables Microsoft to con its victims in the first place.

Glad to see Microsoft give an opinion that more clearly explains that their 
Windows 2000 product is inherently defective and shouldn't be used if you 
intend to connect it to a computer network.

That was the conclusion that I arrived at after performing a forensic review of 
IIS 5.0 -- you'll find my analysis contained within my book about IIS security:

http://www.science.org/jcoombs/

http://www.forensics.org/IIS_Security_and_Programming_Countermeasures.pdf

Best,

Jason Coombs
jasonc@xxxxxxxxxxx


-----Original Message-----
From: "Kurt Seifried" <listuser@xxxxxxxxxxxx>
Date: Thu, 18 Aug 2005 11:00:04 
To:<jasonc@xxxxxxxxxxx>
Subject: MS not telling enough

They just updated MS05-039.

 Windows 2000 systems are primarily at risk from this vulnerability. Windows 
2000 customers who have installed the MS05-039 security update are not 
affected by this vulnerability. If an administrator has disabled anonymous 
connections by changing the default setting of the RestrictAnonymous 
registry key to a value of 2, Windows 2000 systems would not be vulnerable 
remotely from anonymous users. However, because of a large application 
compatibility risk, we do not recommend customers enable this setting in 
production environments without first extensively testing the setting in 
their environment. For more information, search for RestrictAnonymous at the 
Microsoft Help and Support Web site.

So there ya go. I suppose you'll find something new to complain about, or to 
be rude about.

-Kurt 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] Re: MS not telling enough
  - From: TheGesus
- Re: [Full-disclosure] Re: MS not telling enough
  - From: J u a n
- Re: [Full-disclosure] Re: MS not telling enough
  - From: Paul Schmehl
- RE: [Full-disclosure] Re: MS not telling enough
  - From: Geo.

Prev by Date: Re: [Full-disclosure] Sensitive Information Disclosure Vulnerability in Kinetics Kiosk Product
Next by Date: Re: [Full-disclosure] Sensitive Information Disclosure Vulnerability in Kinetics Kiosk Product
Previous by thread: [Full-disclosure] Re: Sensitive Information Disclosure Vulnerability in Kinetics Kiosk Product
Next by thread: Re: [Full-disclosure] Re: MS not telling enough
Index(es):
- Date
- Thread