Slashdot Mirror


User: Jeremiah+Cornelius

Jeremiah+Cornelius's activity in the archive.

Stories
0
Comments
6,917
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 6,917

  1. Re:Keep putting it off. Please ! on Longhorn in 2006 · · Score: 1
    Windows?

    "Longhorn"?

    Better never than LATE!

    Palladium? Well, rome wasn't sacked in a day!

  2. Re:It all started when on SCO Claims IBM/SGI Licenses are Revokable · · Score: 1
    Nixon: "I am not a crook"

    Reagan: "I don't recall"

    Kissinger is refeshingly blunt: "The illegal we do immediately. The unconstitutional takes a little longer."

  3. That giant sucking sound... on Kazaa Backs Plan To Bill P2P Music Transfers · · Score: 2, Funny

    of all the Kazaa users figuring out this "opennap" thing...

  4. Re:Global worker rights on Andy Grove Speaks out on Offshore Outsourcing · · Score: 1
    yes, i am a leftwing whiner

    Bless you, my son!

  5. RE: [Full-Disclosure] Re: Bad news on RPC DCOM vul on Ballmer Touts Focus on Security · · Score: 1
    From: "Dimitri Limanovski"
    To: "Brown, Bobby (US - Hermitage)"
    CC: bugtraq@securityfocus.com, full-disclosure@lists.netsys.com, full-disclosure-admin@lists.netsys.com, NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM, Secure@microsoft.com
    Date: Today 14:37:47

    Not much info on the page but here goes the juicy part.

    Exploit: http://www.securitylab.ru/_exploits/rpc2.c.txt
    Shellcode: http://www.securitylab.ru/_exploits/shell.asm.txt

    Based on user responses, this is, in fact, working exploit that will work on already patched systems. It's only a matter of time for compiled binary to surface.

    Dimitri

  6. Re:I'm sure he does wish they would be quiet on Ballmer Touts Focus on Security · · Score: 1

    Here it is: http://forum.securitylab.ru/forum_posts.asp?TID=56 42&PN=0&TPN=3 I'd repost the 'sploit source, but /. gots "junk" filters that block shellcodes.

  7. Re:Global worker rights on Andy Grove Speaks out on Offshore Outsourcing · · Score: 2, Insightful
    Yeah.

    Turn blue, holding your breath.

    The U.S. has re-modeled itself on an econoic and political model borrowed from Argentina in the '70's, and the rest of the world is charging along behind. E.U.? wants to be as big a Banana Republic as U.S. and China...

  8. Re:I'm sure he does wish they would be quiet on Ballmer Touts Focus on Security · · Score: 1

    ZARAZA is waiting for an ack from MS (or NAK timeout ;-) ).

  9. Re:port 135, not port 80 on Microsoft Apologist Apologizes for Microsoft · · Score: 3, Insightful
    This guy has S*hit for brains, and demonstrates this in every one of his hit piece M$ troll "articles".

    Restrict 135 - Yeah Baby!

    Except the major worm infestations haven't used the Internet as the primary exploit vector when demolishing the infrastructure at medium and large enterprises. Blaster and Slammer were "carted in" via laptops, poorly configured VPNs, permissive network sharing with business partners and improperly segmented test/development networks. Slammer just took a major grocery-chain's national WAN down for more than a day. This, 8.5 MONTHS after protecting the edge, and main production boxes for the exploit and blocking SQL discovery.

    There are tag vulnerabilities in the wild, outside the scope of the latest MS patch, 7 days ago. These are capable of planting trojans -- bypassing AV message filters in HTML-formatted mails with Outlook clients, and can be set in invisible-frames, etc.

    Enderle thinks that because he ran through pro-forma auditing that he has the expertise to second guess Schnierer and Geer? Gimme a break! I take Marc Ranum's criticism of these guy's work - not some paid-for-troll who scoffs at the bulk of the working code deployed over the past 40 years as "Open Source-ery".

  10. Re:I'm sure he does wish they would be quiet on Ballmer Touts Focus on Security · · Score: 1
    Like the NEW exploit for DCOM/RPC that is effective against ALL 32-Bit Windows variants, and renders vulnerable systems with best, current patch levels?

    Automated patching won't help, when your patches, including 03-039 are fabricated under the same losing circumstances as the fudamantally flawed OS platform.

    "Trust our crap patches! Brought to you by applying our time-proven methods!"

    Timliness is not improved by better automation of the distribution and application. Witness:

    [Full-Disclosure] Re: Bad news on RPC DCOM vulnerability
    From: "Alex"
    To: , ,
    CC:

    Date: Today 11:08:53

    Exploit code can be found here: http://www.securitylab.ru/40754.html

    This code work with all security fixes. It's very dangerous.

    ----- Original Message -----

    From: "3APA3A" To: ; ; Cc: Sent: Friday, October 10, 2003 6:48 PM Subject: Bad news on RPC DCOM vulnerability

    Dear bugtraq@securityfocus.com,

    There are few bad news on RPC DCOM vulnerability:

    1. Universal exploit for MS03-039 exists in-the-wild, PINK FLOYD is again actual.
    2. It was reported by exploit author (and confirmed), Windows XP SP1 with all security fixes installed still vulnerable to variant of the same bug.
    Windows 2000/2003 was not tested.
    For a while only DoS exploit exists, but code execution is probably possible.
    Technical details are sent to Microsoft, waiting for confirmation.

    Dear ISPs. Please instruct you customers to use personal fireWALL in Windows XP.

    -- http://www.security.nnov.ru

    You know my name - look up my number (The Beatles)

  11. Pig Esperanto on How Many Readers Speak Esperanto? · · Score: 1

    Gort, Klaatu Barada Nikto!

  12. Re:Basic LPR stuff? on Networked Printing on a DI-707P Router? · · Score: 2, Informative
    If the queue isn't named "0" then it is almost certainly named lp.

    If yer using KDE, switch to CUPS for your printing system, and use the enormously well - concieved and realized add printer wizard for an remote LPR queue. You might have to add a CUPS package for LPD compatibility, depending on your distro.

    If you are not using KDE, install and configure CUPS anyway - with all the foomatic and GIMP-print add-ons. The web-based administration tool that ships as part of CUPS will do the job nearly as well as the KDE wizard - with the benefit of links to full documentation on-line.

  13. Re:Hmmm, maybe... on Apple G4 Power Supply Woes? · · Score: -1, Offtopic
    I looked in the sky
    Where an elephant's eye
    Was looking at me
    From a bubblegum tree
    And all that I knew
    Was the hole in my shoe;
    Which was letting in water,

    letting in water,
    letting in water...

    I walked through a field
    That just wasn't real with
    One hundred tin soldiers
    Which stood at my shoulders
    And all that I knew was
    The hole in my shoe;
    Which was letting in water,

    letting in water,
    letting in water...

    I climbed on the back of a giant albatross
    Which flew through a crack in a cloud
    To a place where happiness reigned all year round,
    and music played, ever so loudly...

    I started to fall
    And suddenly woke
    And the dew on the grass
    Had soaked through my coat
    And all that I knew was
    The hole in my shoe;
    Which was letting in water,

    letting in water,
    letting in water...

  14. Re:I kind of like SiteFinder on McLaughlin Defends Site Finder As 'Innovation' · · Score: 1
    Yeah,

    That'd be great if the Internet were nothing but discreet individuals, manually driving browsers over port 80.

    But there is email, FTP, voip, etc...

    All have functionality based on having nxdomain returned.

    Plus VS is using this to collect data on browsers.

    I read the article. One word to describe Mark McLaughlin: "ASSHOLE".

  15. Re:That Explains It. on Closest Asteroid Yet Flies Past Earth · · Score: -1
    "That is no asteroid...

    It's a space station."

  16. Re:USB Massage balls on What Goofy USB Devices Have You Found? · · Score: 1
    Does this count?

    It might be USB, but I think the new ones are FireWire(tm).

  17. Re:RTFA on Replacing the Aging Init Procedure on Linux · · Score: 1

    Oh, good. One more flavor. :-)

  18. Re:Keep this away from my server! on Replacing the Aging Init Procedure on Linux · · Score: 1
    This is the kind of needless complexity in the plumbing that has led the gaggle of MS operating systems into hell.

    "Hey, but it makes for a clean Desktop!" Screw all of that. Message-passing framework in init? I hear that Redmond is hiring my friend!

    You want a system that the majority of systems administrators don't understand, then obscure it with additional services that have interdependancies, and pass messages to eachother, instead of stdin/stdout. Oh. Why don't you also include a non-standard, non-posix interpreter here too!

  19. Re:RTFA on Replacing the Aging Init Procedure on Linux · · Score: 1
    Yeah! All it needs is Python! Python in /bin ! No thanks.

    I remember how much I /HATED/ the inflexibility caused when Solaris made /bin a link to /usr/bin .

    The idea of Python being a part of essential system services is a real bother. It's much easier to break a full language interpreter and its extensions than it is to break a staticly-linked shell. I get a little uneasy about the "RedHat-centric" quality of this. RedHat needs Python to install and run its Ananconda - so they already have the dependancy. I didn't like this for hardened, edge devices, so I have gone back to reccomending Debian bases when doing this on Linux. If I were to include python on a firewall or proxy, I might as well let gcc live there too!

    This whole plan would fork the start-up styles of embedded appliances, floppy distros, desktops and servers. I understand the benefits that are being touted - I just don't think they are worth the drawbacks. You want something clean, with a set of library functions provided for distros to standardize their initscripts? The NetBSD rcNG is mucho cool in this regard.

    Question for the clueful? How does OS X handle this init? Is it just traditional BSD rc?

  20. Re:Aren't they obligated then... on VeriSign and Secure Internet Voting · · Score: 1, Insightful
    Whenever the word "sanctity" is used in political or commercial endevours, be very suspect of the speaker. It's almost a dead-givaway for someone with a separate agenda.

  21. HI! on Y: A Successor to the X Window System · · Score: 1
    It's Slashdot's anti-Unix FUD-troll day today!

    If you want to read the tired, old arguments abouy X and diversity in toolkits, ten proceed down the page!

    If you want to reinforce the idea that market-share==quality and viability, then we have a great story about Windows 2003, abit farther up the main page!

    Know-nothings with less than 7-years implementing complex server systems are advised to comment in excruciating prose.

  22. Re:Jump ship? on Windows 2003 takes 5% away from Linux · · Score: 1
    I am not going to take the same road as my previous district (of which I was an underling, and not in charge)

    Is that a School District? We've started doing alot of infosec in this area. These customers are heavy into Novell 5.x . EVERY one of them would suffer from a security/vulnerability stance if they were to make greater use of Windows servers.

  23. Re:IP Violation on TCP/IP over Bongo Drums · · Score: 1
    John Postel

    Vinton Cerf

    Richard Stevens

    Maynard G. Krebs!!!??!???

  24. Re:Can they do that? on Author of Paper Critical of Microsoft is Fired · · Score: 1
    So, Mooncaller.

    How recently did you work for Safeway?

  25. Re:Government doing the right thing for once... on New Nano-ITX 12cm Motherboards · · Score: 1
    Look!

    It's a laptop without a case, display and keypoard!