[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Re: MS not telling enough
- To: Jason Coombs <jasonc@xxxxxxxxxxx>
- Subject: Re: [Full-disclosure] Re: MS not telling enough
- From: J u a n <perfectirijillo@xxxxxxxxx>
- Date: Thu, 18 Aug 2005 15:12:57 -0300
On 8/18/05, Jason Coombs <jasonc@xxxxxxxxxxx> wrote:
> > So there ya go. I suppose you'll
> > find something new to complain
> > about, or to be rude about.
>
> Whenever possible, yes.
>
> It's amazing how much you support Microsoft. Don't you know that it is in the
> continued support that you give them that they derive their continued
> opportunities to harm others?
>
> Of course, the more you and others support Microsoft, the more your expertise
> grows in value.
>
> Compare your decision-making and ethics to the decisions made by me and
> others who, after hard work and sacrifice to gain over a decade worth of
> training, education, skill and work experience with Microsoft products, grew
> to understand that it causes harm to the entire world for us to apply that
> skill in any fashion that helps Microsoft.
>
> I swore an oath never again to apply my skills in a way that helps Microsoft.
>
> ... or to help any other organization that knowingly causes harm with
> reckless disregard for the well-being of others.
>
> Integrity, competency, and those who prove they are good people must be
> supported, and anyone who lacks integrity, competency, and has proven they
> are bad must be opposed.
>
> To do otherwise demonstrates the same self-serving and wrong thinking that
> enables Microsoft to con its victims in the first place.
>
> Glad to see Microsoft give an opinion that more clearly explains that their
> Windows 2000 product is inherently defective and shouldn't be used if you
> intend to connect it to a computer network.
>
> That was the conclusion that I arrived at after performing a forensic review
> of IIS 5.0 -- you'll find my analysis contained within my book about IIS
> security:
>
> http://www.science.org/jcoombs/
>
> http://www.forensics.org/IIS_Security_and_Programming_Countermeasures.pdf
>
> Best,
>
> Jason Coombs
> jasonc@xxxxxxxxxxx
>
>
> -----Original Message-----
> From: "Kurt Seifried" <listuser@xxxxxxxxxxxx>
> Date: Thu, 18 Aug 2005 11:00:04
> To:<jasonc@xxxxxxxxxxx>
> Subject: MS not telling enough
>
> They just updated MS05-039.
>
> Windows 2000 systems are primarily at risk from this vulnerability. Windows
> 2000 customers who have installed the MS05-039 security update are not
> affected by this vulnerability. If an administrator has disabled anonymous
> connections by changing the default setting of the RestrictAnonymous
> registry key to a value of 2, Windows 2000 systems would not be vulnerable
> remotely from anonymous users. However, because of a large application
> compatibility risk, we do not recommend customers enable this setting in
> production environments without first extensively testing the setting in
> their environment. For more information, search for RestrictAnonymous at the
> Microsoft Help and Support Web site.
>
> So there ya go. I suppose you'll find something new to complain about, or to
> be rude about.
>
> -Kurt
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
Ok, I think it's time to filter your email from my inbox.
Don't take it the wrong way, but I don't care about your fights with
some guy named Kurt,
or the stupid forensic dudes or the laws or politics of your country.
All I care about is securiy, if I ever want to discuss other stuff
I'll subscribe to another
list, forum, whatever.
Have a nice day.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/