As I've said before having lot of people using code in NOT real QA testing.
Yes yes YES! This is why I refuse to use Linux for anything important. Too many Linux developers have an 'if it compiles, it's finished' mentality that scares me.
Wrong. Any operating system with a concept of 'root' has problems. Any operating system with things like passwords has problems.
VMS, for example, has it's 'root' accounts split across four separate people. But guess what? The one with 'physical disk' access can alter the security database and add himself to whatever he'd like.
I said 'useing' when I should have said 'admining.' For the purposes of this conversation, I.e. with people using Linux, *BSD and NT/2K at home, they're one in the same.
Trusted Solaris my ass, by the way. Go work on a B1 or higher rated system.:-)
The post referenced above is merely an attempt to point out the fact that any operating system is only as secure as the person using it. Period. Obviously too difficult a concept for you to grasp; L1NuX r00lz d00D! is probably more on your level.
I'll also point out the fact that your definition of quality is not everybody's definition of quality; if your opinion was the only that mattered, you'd be the only one with mod points.
And my original topic is neither offtopic nor flamebait. I notice that you make no attempt to refute my explanation, merely attack me personally. Well, I'm not going to waste any more time with what looks like a troll account, making such insightful statements as 'what if every security professional was paid 1 dollar per patch?' I will point out one more time that the patch caused Code Red, not vice versa. You cannot blame Microsoft for admins not installing patches.
Why the fuck is it that everybody assumes I have multiple accounts? Guess what! Post as often as I do, and you're going to get modded up. Don't like it? Get mod points and mod me down. Christ.
All I'm trying to point out is that Taco's been NOT towing the party line lately; pointing out the Slashdot that worms aren't unique to IIS, an editorial about rabid linux fans giving them a bad rep, and so on, and I think it's great.
And you know what? I'm not a M$ zealot. I'm a truth zealot.
No Linux email programs or word-processing programs have the authority to take over the entire operating system.
Really? Great! I'm going to email you a new version of vim. Make sure you run it as root. Don't worry, it won't have the authority to take over the entire operating system.
The word 'nigger' is a.. what's the term I'm looking for... I don't know. It's a alteration of 'negro,' in any event.
I'll never forget the time, when I was working for the Department of Indian Affairs, that I listened for a good ten minutes to a First Nations representative go on about how 'the white man' did this and 'the white man' did that. I stood up and said, quite purposefully, something about 'the red man's reaction' and got the expected 'do not refer to us as that, I am an Ojibwe' or some such. To which I replied 'then don't use the term 'white man.' Do you mean British, Scottish, Irish, French, Spanish, Italian, Dutch, Belgin, Slavic, Czech, Slovak, Romanian, or what?'
The look on his face was priceless.
Seems to me like Cmdr Taco is getting fed right up with Slashdot filling up with OSS and Linux anklebyters.
Good to see. Slashdot's slowly turning into 'propaganda for nerds. Two Minutes Hate that matter.'
If you have a Geforce3, go find the Zoltar demo. It's on the web if you look hard enough.
Something like 220 megabytes worth of crap, and all it does is model and animate a human head. But HOLY SHIT does it look incredible!
Also, find the Chameleon demo. Again, Google is your friend.
Criminals subsequently come up with a version of bullets coated with a Teflon derivitive.
Manufacturer sends out information that they've an add-on spray that will prevent these new bullets from penetrating their windows. Unsprayed windows will NOT stop these new bullets.
You don't get this spray and apply it. MAYBE YOU DON'T EVEN REALIZE THAT YOU'VE GOT BULLET PROOF WINDOWS.
Criminals start shooting random windows. They don't actually do much, just shoot the windows.
Is it the manufacturer's fault?
And at that point, you program the worm to be self modifying.
Target some 'known' servers. Infect them with targeted worms. On some condition (probably date) each worm (lets say N is the total number of preinfected systems) will start scanning a group of addresses. If V represents the total number of IPV6 addresses. Each host will have a group of exclusive addresses, E, E being V/N number of addresses. Whenever a host finds a new victim, it will give that victim a range of addresses in E to go through, after which the 'subhosts' will attack random. The host will then start scanning the next address past the block it just doled out.
Are you stupid? The first rule of system hardening is 'turn off services you don't need.' Pretty much every network operating system (except, I believe, certain variants of *BSD) tends to run daemons which generally aren't necessary.
And I'll note that Bastille Linux turns off unneeded daemons as part of it's hardening routine.
Excuse me, but out of curiosity, what does the concept of 'iis exploits' have to do with code red? Code red does not exploit IIS. Code red exploits index server. You could configure apache to use index server, I'm sure, and then code red would *gasp* AFFECT APACHE! By your logic, at least.
The patch was available a full month before Code Red 1 popped up. Off hand, I'd say that it's not Microsoft's fault.
Or look at it this way. Red Hat 6.x is filled with known holes. If I install it on the public internet, is it Red Hat's fault, or my fault, for using it?
Bullshit. Every time slashdot does some story, all you ever hear is 'oh, I don't have time to install a patch a week on all my servers.'
And bullshit. Kernal upgrades are NOT a one step process. Read the fucking comments. People complaining about interfaces changing, vmware breaking, XFree breaking, drivers changing, and so on.
Linux has released YET ANOTHER KERNAL! So fast that people have barely finished upgrading to the last one! That's the power of OPEN SOURCE! RELEASE EARLY! RELEASE OFTEN!
What's that you say? Service packs, hot fixes, and rollups? BAH! BOO! BAD MICROSOFT! It should have worked THE FIRST TIME! RELEASE ONCE!
Umm....yeah.
That's the amusing thing about a democracy; instead of one sick, insane monster of a dictator doing evil things, you can have an entire populace doing evil things.
I'll point out that originally, only white male land owners (possibly of a strict age range; can't remember) were supposed to be able to vote in the states.
Yeah, and if I really wanted to, I could extend that line of reasoning into: contraception being bad, masturbation being bad, and menstruation being bad (each egg is a potential life! You are, in effect, MURDERING that life if you don't inseminate it!)
In other words, who cares?
5) acknowledge the fact that yes, they're trying to take somebody else's creation, and exploit the franchise for their own uses. They're not getting money for it, perhaps, but the point is that they're using somebody else's work without asking.
In 2001,worm was happening.
Customer1: What happen?
Customer2: Somebody set up us the port filter.
Computer: We get mail.
Customer1: What?
Customer2: Email client turn on.
Customer1: It's you !!!
Cable Provider: How are you, gentlemen ???
Cable Provider: All your TOS are belong to us !!!
Customer1: What you say???
Cable Provider: You have no chance to host, make your time.
Cable Provider: Ha ha ha !!!
Customer1: Move boxen.
Customer2: You know what you are doing?
Customer1: For great serving,
Custoemr1: Move every boxen.
There is an incredible difference between there being an exploit, and there being an exploitable bug.
Can I name a recent hole? No. Does that mean anything at all? No.
I'll also point out, as I have been for weeks, that the patch available for a month before code red 1, leading me to believe that the patch spawned the exploit. Can't blame MS for people not installing patches like they should.
Yes yes YES! This is why I refuse to use Linux for anything important. Too many Linux developers have an 'if it compiles, it's finished' mentality that scares me.
Wrong. Any operating system with a concept of 'root' has problems. Any operating system with things like passwords has problems. VMS, for example, has it's 'root' accounts split across four separate people. But guess what? The one with 'physical disk' access can alter the security database and add himself to whatever he'd like. I said 'useing' when I should have said 'admining.' For the purposes of this conversation, I.e. with people using Linux, *BSD and NT/2K at home, they're one in the same. Trusted Solaris my ass, by the way. Go work on a B1 or higher rated system. :-)
The post referenced above is merely an attempt to point out the fact that any operating system is only as secure as the person using it. Period. Obviously too difficult a concept for you to grasp; L1NuX r00lz d00D! is probably more on your level. I'll also point out the fact that your definition of quality is not everybody's definition of quality; if your opinion was the only that mattered, you'd be the only one with mod points. And my original topic is neither offtopic nor flamebait. I notice that you make no attempt to refute my explanation, merely attack me personally. Well, I'm not going to waste any more time with what looks like a troll account, making such insightful statements as 'what if every security professional was paid 1 dollar per patch?' I will point out one more time that the patch caused Code Red, not vice versa. You cannot blame Microsoft for admins not installing patches.
Why the fuck is it that everybody assumes I have multiple accounts? Guess what! Post as often as I do, and you're going to get modded up. Don't like it? Get mod points and mod me down. Christ. All I'm trying to point out is that Taco's been NOT towing the party line lately; pointing out the Slashdot that worms aren't unique to IIS, an editorial about rabid linux fans giving them a bad rep, and so on, and I think it's great. And you know what? I'm not a M$ zealot. I'm a truth zealot.
The word 'nigger' is a.. what's the term I'm looking for... I don't know. It's a alteration of 'negro,' in any event. I'll never forget the time, when I was working for the Department of Indian Affairs, that I listened for a good ten minutes to a First Nations representative go on about how 'the white man' did this and 'the white man' did that. I stood up and said, quite purposefully, something about 'the red man's reaction' and got the expected 'do not refer to us as that, I am an Ojibwe' or some such. To which I replied 'then don't use the term 'white man.' Do you mean British, Scottish, Irish, French, Spanish, Italian, Dutch, Belgin, Slavic, Czech, Slovak, Romanian, or what?' The look on his face was priceless.
Seems to me like Cmdr Taco is getting fed right up with Slashdot filling up with OSS and Linux anklebyters. Good to see. Slashdot's slowly turning into 'propaganda for nerds. Two Minutes Hate that matter.'
If you have a Geforce3, go find the Zoltar demo. It's on the web if you look hard enough. Something like 220 megabytes worth of crap, and all it does is model and animate a human head. But HOLY SHIT does it look incredible! Also, find the Chameleon demo. Again, Google is your friend.
Windows 2000 can be installed off of a network as well.
*Sigh* No shit, eh? What say we go start a Slash-based site for NT called 'backslashdot.org?'
Criminals subsequently come up with a version of bullets coated with a Teflon derivitive. Manufacturer sends out information that they've an add-on spray that will prevent these new bullets from penetrating their windows. Unsprayed windows will NOT stop these new bullets. You don't get this spray and apply it. MAYBE YOU DON'T EVEN REALIZE THAT YOU'VE GOT BULLET PROOF WINDOWS. Criminals start shooting random windows. They don't actually do much, just shoot the windows. Is it the manufacturer's fault?
And at that point, you program the worm to be self modifying. Target some 'known' servers. Infect them with targeted worms. On some condition (probably date) each worm (lets say N is the total number of preinfected systems) will start scanning a group of addresses. If V represents the total number of IPV6 addresses. Each host will have a group of exclusive addresses, E, E being V/N number of addresses. Whenever a host finds a new victim, it will give that victim a range of addresses in E to go through, after which the 'subhosts' will attack random. The host will then start scanning the next address past the block it just doled out.
Are you stupid? The first rule of system hardening is 'turn off services you don't need.' Pretty much every network operating system (except, I believe, certain variants of *BSD) tends to run daemons which generally aren't necessary. And I'll note that Bastille Linux turns off unneeded daemons as part of it's hardening routine.
Excuse me, but out of curiosity, what does the concept of 'iis exploits' have to do with code red? Code red does not exploit IIS. Code red exploits index server. You could configure apache to use index server, I'm sure, and then code red would *gasp* AFFECT APACHE! By your logic, at least.
The patch was available a full month before Code Red 1 popped up. Off hand, I'd say that it's not Microsoft's fault. Or look at it this way. Red Hat 6.x is filled with known holes. If I install it on the public internet, is it Red Hat's fault, or my fault, for using it?
Bullshit. Every time slashdot does some story, all you ever hear is 'oh, I don't have time to install a patch a week on all my servers.' And bullshit. Kernal upgrades are NOT a one step process. Read the fucking comments. People complaining about interfaces changing, vmware breaking, XFree breaking, drivers changing, and so on.
Linux has released YET ANOTHER KERNAL! So fast that people have barely finished upgrading to the last one! That's the power of OPEN SOURCE! RELEASE EARLY! RELEASE OFTEN! What's that you say? Service packs, hot fixes, and rollups? BAH! BOO! BAD MICROSOFT! It should have worked THE FIRST TIME! RELEASE ONCE! Umm....yeah.
That's the amusing thing about a democracy; instead of one sick, insane monster of a dictator doing evil things, you can have an entire populace doing evil things. I'll point out that originally, only white male land owners (possibly of a strict age range; can't remember) were supposed to be able to vote in the states.
That would be bad, because then you'd have *gasp* a democracy!
Yeah, and if I really wanted to, I could extend that line of reasoning into: contraception being bad, masturbation being bad, and menstruation being bad (each egg is a potential life! You are, in effect, MURDERING that life if you don't inseminate it!) In other words, who cares?
That's 'cuz Sierra forced them to release early, so it would show on Q2 as profit, much like this mass layoff will show a nice cost-cut on Q3 books.
5) acknowledge the fact that yes, they're trying to take somebody else's creation, and exploit the franchise for their own uses. They're not getting money for it, perhaps, but the point is that they're using somebody else's work without asking.
In 2001,worm was happening.
Customer1: What happen?
Customer2: Somebody set up us the port filter.
Computer: We get mail. Customer1: What?
Customer2: Email client turn on.
Customer1: It's you !!!
Cable Provider: How are you, gentlemen ???
Cable Provider: All your TOS are belong to us !!!
Customer1: What you say???
Cable Provider: You have no chance to host, make your time.
Cable Provider: Ha ha ha !!!
Customer1: Move boxen.
Customer2: You know what you are doing?
Customer1: For great serving,
Custoemr1: Move every boxen.
There is an incredible difference between there being an exploit, and there being an exploitable bug. Can I name a recent hole? No. Does that mean anything at all? No. I'll also point out, as I have been for weeks, that the patch available for a month before code red 1, leading me to believe that the patch spawned the exploit. Can't blame MS for people not installing patches like they should.