Look. MS Win\2003 and future versions contain public-keys for encryption, for which the licensed user (not owner) holds no corresponding private-key. Who holds the private keys? Microsoft, for sure - and whoever they escrow to at Three Letter Agency.
Sony Pictures may well hold private-keys, distributing the pub-key to you by use of MS's APIs in a software installer. The implications of this is that your computer cannot be trusted by its user.
Oh, and the worm comments seem like flamebait? The DCom-RPC vulnerability is YEARS old in the code - 1997. Never caught by the people who had access and ownership of the source. Not after bringing in special tools for reviewing code last year, not after a 5-month security related delay for review of 2003 Server. This is an OBVIOUS place to look for flaws, being RPC, and automated tools for checking buffer code is not rocket science.
The newest (of many) problems in the IE use of the OBJECT tag was so downplayed in the MS announcement yesterday, that I have hardly heard a mention. This is not a joke to leave unpatched, and it is related to IE ignoring RFC compliance on 7-bit MIME-type headers, and weakness in the mechanism for defining "zones". See if you can tell that this announcement:
http://www.microsoft.com/technet/security/bulletin/MS03-032.asp relates to this disclosure by eEye:
http://www.eeye.com/html/Research/Advisories/AD200 30820.html
You think that Linux or Solaris or whatnot suffers equally? A regular user of an account on the box cannot establish the trust policy for code executed outside of his own shell.
We can go on for pages and pages in this vein - instead just manage to look through the relevant list-archives for Full-Disclosure and Incidents, etc...
capitalist mutterfickers such as this should just keep their mouths shut. They exploit the innocent with their actions and words and bow down to the murderous capitalists and facists. Perhapse you should spend a weekend on the street and get to know what life is really like for 90% of the world. Babies without food. Hard working people displaced into nothingness in the eyes of society. Ederly people without family freezing to death at night. If this is your idea of America, beware for the Revolution will break the piggy bank. The fountain of life pours like a waterfall from the rubble of empires.
Don't you think that if we had known who the penniless homeless were, we could have prevented the massive attack on 09/11/01? They are begging for spare change, and using it to buy AIRLINE TICKETS!
SCO code is SHIT, if there web applications are any indication.
I just thought I'd peek at their site right now, to see what phantasm they were conjuring now.
They had a promising looking link at http://www.sco.com/licensing. The link says REGISTER, which in good fun, I clicked... Getting pages of badly escaped error in SQL connection. A Caldera URL, domain and coding are evident... Enough info in the error to guess that their CGI fields map to names in the table space.
A decent SQL injection could probably drop the DB, who knows? Maybe more. Real amateur job they've done.
I work with this stuff, and just plain ol' Knoppix is tool #1 or 2 for incident/post-mortem. You are way off base in your assumptions. Especially if you think small banks and insurance companies are budgeting copies of Encase for the InfoSec staff.
Poetry!
If it ain't broke...
'Running' winders is like running a dirty toilet.
What the hell else is it there for?
Yeah... ipf, not pf. Same smell.
This crap, and any access to MS nets is something I would block on principle.
Just WHO is this publisher?
Look. MS Win\2003 and future versions contain public-keys for encryption, for which the licensed user (not owner) holds no corresponding private-key. Who holds the private keys? Microsoft, for sure - and whoever they escrow to at Three Letter Agency.
Sony Pictures may well hold private-keys, distributing the pub-key to you by use of MS's APIs in a software installer. The implications of this is that your computer cannot be trusted by its user.
Oh, and the worm comments seem like flamebait? The DCom-RPC vulnerability is YEARS old in the code - 1997. Never caught by the people who had access and ownership of the source. Not after bringing in special tools for reviewing code last year, not after a 5-month security related delay for review of 2003 Server. This is an OBVIOUS place to look for flaws, being RPC, and automated tools for checking buffer code is not rocket science.
The newest (of many) problems in the IE use of the OBJECT tag was so downplayed in the MS announcement yesterday, that I have hardly heard a mention. This is not a joke to leave unpatched, and it is related to IE ignoring RFC compliance on 7-bit MIME-type headers, and weakness in the mechanism for defining "zones".n /MS03-032.asp 0 30820.html
See if you can tell that this announcement:
http://www.microsoft.com/technet/security/bulleti
relates to this disclosure by eEye:
http://www.eeye.com/html/Research/Advisories/AD20
You think that Linux or Solaris or whatnot suffers equally? A regular user of an account on the box cannot establish the trust policy for code executed outside of his own shell.
We can go on for pages and pages in this vein - instead just manage to look through the relevant list-archives for Full-Disclosure and Incidents, etc...
Windows is a little, dirty-toilet OS.
Ahhh.. I think the Uncle is still VMS :-)
The Server version is WORMWOOD.
Honestly, after a week like this last one - with smoking hulks of business LANs built on Win2K - who really gives a damn for this crap?
Unmitigated GARBAGE, with built in spyware and governance mechanisms.
MS is bulding the Winston Smith Victory computer. Look the other way.
Good call guys.
'nuff said.
Calm down. Breathe deep...
Are we O.K. now? Good!
Please compose yourself, and read the link ...
Don't you think that if we had known who the penniless homeless were, we could have prevented the massive attack on 09/11/01? They are begging for spare change, and using it to buy AIRLINE TICKETS!
O.K., so You're a PhD. Just don't touch anything.
Yeah! And I miscounted, too!
We at SCO have atomized our search further, and continue to be more suprised as we further this process.
I beleive these two fragments will be readily apparent to anyone, even slightly familiar with the "Linux" code:
I think you'l agree that there are a
- Million
of these things!the majority. That crowd of farseeing Wizards, who landed on Microsoft.
Inquiring minds want to know...
That is to say, a French window!
Windows admins always think they have a large-scale installation, when there are 20-30 servers. Just goes to demonstrate my point.
Who sold you that one, Bob? Did a bridge come with it?
The crappy server I hit was "Oracle Web Server", whatever that means.
I just thought I'd peek at their site right now, to see what phantasm they were conjuring now.
They had a promising looking link at http://www.sco.com/licensing. The link says REGISTER , which in good fun, I clicked... Getting pages of badly escaped error in SQL connection. A Caldera URL, domain and coding are evident... Enough info in the error to guess that their CGI fields map to names in the table space.
A decent SQL injection could probably drop the DB, who knows? Maybe more. Real amateur job they've done.
I work with this stuff, and just plain ol' Knoppix is tool #1 or 2 for incident/post-mortem. You are way off base in your assumptions. Especially if you think small banks and insurance companies are budgeting copies of Encase for the InfoSec staff.
Same as Knoppix.
No big deal, losing these between boots. The 2200+ vulns on the CD are fine to begin with AFAIC.