Now imagine when they create a version of this with a twenty-foot long circumference and they test it on your neighborhood! That would be shocking to see.:P
Nice response and very informative. Oh wait it was very bland, generic, and served no purpose.:( Aww poor baby. Maybe you'd like to add some substance to such a reply. You would like to but you cannot. Thanks for the blurb though.
It's good to see the U.N. has just outright came out and see it doesn't see a need for them to run this. I think Security is a bigger issue, although I do not exactly have any idea on what they are working or doing to secure anything. A large number of countries seem to look at anything associated with the U.S. as a talking point for change. There's not a whole long wrong with ICANN doing what it does right now as far as I can see. People just like to complain and try and get a change just so they can oppose someone they aren't fond of. Well so much for all the calls for the U.N. to run it. Let's see what all these whining complaining bastards try and do next.
The question isn't getting much discussion because it's right there in the article and is referenced above:
What has not changed about the contract is the registration fee for dot-xxx domains: It will remain at $60 annually, with $10 of each registration going to IFFOR.
In case anyone is still wondering, it will cost 60 USD.
I don't know buddy. Think you've got a few winners with the others but I am not so sure about penhouse.xxx. Some how I don't see a house of Pen's being very erotic.
I am baffled that someone even came across this article let alone posted it to Slashdot. This is probably one of the most juvenile reviews I have ever read. On top of that it's quite obvious it was written by a script kiddie. Who would actually do a [limited] review of security tools and talk about how they "can be tested for free, either through an evaluation or trial, or warez"?? This is by far one of the saddest reviews I have ever seen.
I pray that no one out there even considers using this person for a "scanning contract". This person is much more likely to do harm than any good. As mentioned it also seems the person is missing quite a few obvious vulnerability scanners from their top 11 list. Perhaps this is because our reviewer wasn't 31337 enough to get a cracked or evaluation version for these products. Core Impact or Foundstone Foundscan would easily rank about most or all(?) of these on the list. I mean Nikto is #8 on the list. Sure it's a neat tool, but it's simply a limited web application scanner. Our reviewer here does not have a clue.
What a clever posting and crystal ball! I am just amazed anyone even came across the website. Heise Security? It's good to see they repost stuff that can be found on other sites people do read. What a waste of time. This crystal ball posting is a [humorless] joke.
Sounds like a great idea, given the danger of putting an unpatched PC on the Internet to download security updates.
Right. That's of course if you don't have of one the following:
1) 3rd party firewall on the box
2) the OS's firewall (who says you're installing without an SP?)
3) a hardware firewall
4) a home router/switch that does NAT for you (and of course a home network that's not 0wn3d)
5) IPsec policy on the box preveting connections to the ports
6) File & Print sharing + naughty services turned off.. (anyone out there??)
Yea so those are all pretty good... #6 not being full proof but definitely highly recommended regardless. These CDs might be a good [neat] idea. Then again why not just setup your own WUS box and get your patches from your local LAN while not routing out. That way you can save time, touches, and bandwidth!! wowzers.
What I really don't understand is why they announced this now. They found this information out many months ago and waiting until now to reveal it. WHen asked they said evidence leads them to "believe" it is water. They aren't positively sure, although they've made a strong case it is in fact water (or atleast a liquid of some sort). They could send the Orbiter (and they are going) to the sites and do analysis of the area to help determine if the substance is water or not. Why did they not do this prior to making this announcement is beyond me. I guess they can make two announcements now. Hopefully the second is that they've verified that it is water.
There is something you have to understand about how these numbers are calculated. If one system is compromised (and remember there were hundreds), it can take hours of investigation by multiple people. Then there may be computer imaging, other forensics work, and ultimately reinstallation of the machine. This may go across multiple departments, contractors, and divisions within a single organization. So if we have 6 people involved in one incident and they each spent 6 hours on it. That's 36 hours worth of effort/work. Well, how much time is that worth (not calculating any loss caused by other unproductivity from downtime)?
Varying rates:
$50 x 36 = $1800
$100 x 36 = $3600
$150 x 36 = $5400
Yes these are arbitrary numbes and hours but think about systems that caused e-mail loss and other problems. This is tons of downtime, tons of problems, and tons of work for various individuals. That costs money.
If you ever went to the websites that this "Victor" character hosted their "hacks" on you could see what kind of geniuses they were. The "White Hat Team" as they called themselves were/are a bunch of clueless script kiddies. They would host their website (www.whitehat.ro) on hacked servers, so it would frequently go down and be reuploaded elsewhere. They flat out told you this on their ugly poorly designed webpage. On top of that they had tons of screen shots of various systems they compromised accounts on (and sometimes gained root). It was fully of typos, bad commands, and just other terribly embarassing things.
Honestly, I feel bad for this guy (and probably the rest of the team when they're indicted), not because he's been arrested, but because he is such a moron! Hackers... not at all. White hats.. nope (about as smart as the Ironic on). Morons..yes.
Well it's obvious why it had to be cancelled guys. When you have a week that's 7 days long and you can only come up with 6 bugs, you've got to cancel the things. Imagine the embarassment of starting on Sunday.. getting to Saturday and being one short.
Yes we have deployed a great alternative to password based authentication at work. We have done this by deploying RSA SecurID for Windows. This is completely free so long as you already have an RSA Authentication Manager (ACE/Server) infrastructure. This allows us to use our passcode (your PIN) + tokencode (your changing code). We also require them to use their Windows password in addition to this. You can enable "Windows Password Integration" which will remember for you, so the users never have to remember their password. However, due to certain levels of sensitivity we opt not to do this. In theory someone on that admins the Unix ACE/Server we run could set a temporary or emegency passcode/password in place of a token and bypass the whole process. Requiring both is a bit more secure.
In any event using RSA works well. Getting tokens and all that is not free obviously, but if your environment already uses them.. this is easy to deploy. Sure it can be a PITA if your tokencode changes while you're typing or if you lock your workstation/unlock it frequently (meaning you have to wait for a tokencode change) but it does a great job and provides a nice two-factor solution.
This could quite possibly be the biggest running list of whining pussies I have seen in a while on Slashdot. Cry me a fucking river that it's a few days before midterm elections and there's a good chance he's going to die for his terrible war crimes in the near future. Why don't you go protest outside about and try and break him free if you love him so much and feel the whole election was a big sham that's going to bring death, mayhem, and a loss of credibility to our soldiers and Iraq. What are you basing your thoughts on? What leads you to believe there's going to be a huge surge in violence (I'm guessing you watched CNN)?
I think all the terrorists reading your sympathetic bullshit will cause a rise in terrorist activity. You losers make me sick. Go ahead and mod this down, sounds like something a bunch of wusses would do. I am sure two of my Kurdish friends from high school who lost family members to Saddam and fled to the U.S. to escape him would also like to send you a big fuck you. Thanks for the same set of weak ass arguments that have been posted for the last 10 years though, it's good to see recycled ideas and comments.
Great idea? Well, until some bonehead with access to it posts parts of it on his blog or argues on Slashdot and references sections they looked up on their Intellipedia!
One thing that has always baffled me when it comes to certain types of SPAM is the audacity and lack of fear of the spammers. We need m?re cases like the recent spammer that got a jail sentence for spamming AOL. One issue that I've always found laughable was that "the spammer cannot be found." Sure they are using bogus return addresses, relays, hacked machines, or legit foreign providers that are hard to communicate or track down. However, the one thing they generally have in common is a porn, mortage, medicinal, or some other website with ads/signs ups that has a unique referrer on it that ties directly (maybe indirectly sometimes) to the spammer. I watched Dateline NBC track down a spammer of porn to Canada via the referrer, ISP, and other means and they sat down with him face to face. If someone would grow a pair or was serious about stopping SPAM they would do more to go after the spammers. Look -- there's not millions of spammers out there causing all of this. The large bulk amount of it is coming from a few thousand if not less.
Great so everything I just said has nothing to do with this spam -- the pump and dump. Well, that's not exactly true either. If someone is doing a pump and dump, chances are that they have (or someone they're working with) has bought a large amount of this bogus stock prior to the SPAM starting. Hell -- since there's multiple stocks being SPAM'd -- we might even find a pattern here if we look at who has bought what. If people want to get serious about stopping not just SPAM but scams, they could consider investigating this stuff to figure out where the money is at. Don't tell me no one cares, they cannot be found, or it's too hard. It's not.
Most definitely agreed! Deep Freeze works great. They used this in one of the computer labs at my college and I thought it was a great tool. Once it's on "Frozen" users can do all they want, but the second the box reboots it's 100% back the way the machine was before. Oh yeah it takes up virtually no memory and hardly any hdd space. I now use it at work to assist in Malware analysis. They've also got a program called AntiExecutable that is worth checking out.
Wow, Spell Checker!!! Awesome what an innovative feature. Sure wish IE7 had that in it. Oh wait it does!! OH my god......Firefox is copying features. Let me write an article about it and post it on Slashdot so all the users with some odd inferiority complex can respond to me!! Wait, but first they must feverishly use Google to find what other browsers [that they have never used] have had built in spell checkers in them so they can post a response. Then we will find out that it doesn't really matter where a feature came from or who uses what browser!
Sort of related sort of not... it would be nice if they had full integration for RSA SecurID for Windows. This was the original plan for Vista but they ended up pulling the integrated support, at least for there original release(s). You can read all about it here if you please. Full support built in would be a nice security feature instead of having to install a third party add-on product. This would be a nice up front addition. Since RSA and M$ apparently already have a close relationship of some sort, it seems that this would be a no brainer to get in place. Oh well.
It's not my website so I can't argue with what gets posted to the front page but this has to goes in my who gives a shit news pile. I'll have to agree with the OP in that W=WHO would apply also. I am sure we'll get dozens of posts from people who know everything about the project down to the MD5 hash of each file, but I bet you could fill a ton of backend MySQL databases with the number of people who haven't heard of them.
Yes, this will not prevent people from using a service like NetTeller that allows you to put money in an account and then jump from there. What it will do, however, is actually spell out to people that this activity is illegal and will inherently reduce the number of people willing to participate. Additionally, many people (myself included) will transfer money via EFT or credit card. This method will have to be reconsidered or terminated if one wants to avoid being [pro/per]-secuted. This will drive business up for middle man services but will decrease the bottom line as it will reduce the number of people that will use EFT/CC (if they still work) and will also redecue the overall number because people will not want to give a cut to the middle man. Unlike EFT and CC -- the middleman services generally charge a percentage of each transaction and it's generally (relatively) steep.
>> - There is no possible way for ISP's to block access to gambling sites, not with the current development of technology.
I am not sure what technology you have been looking at but this has been possible since DNS began. Now with web content filters, smart reverse proxies, and still DNS controls...this is very easy to do. Now can they actually stop the person from using proxies that go out of the country or something of that sort, of course not? But they can certainly block the sites and easily and rapidly keep that list updated. This again would dramatically decrease the number of people that would participate in online gambling as it would take a level of technical sophistication and will to circumvent the rules to play.
I 100% disagree that they should be able to block online gambling. I play occassionally and have not done so in a good 6 months, but it shouldn't be wrong or illegal for me to do so. Who are they to decide what I can do in such a blue collar activity that is legal in certain locations -in my country- ?
It sounds like you have a rather large bias. You call the it a "totally pointless comparison" when you don't know the answers to your own questions. That does not make much sense does it?
>>Second, what about the importance of these vulns ? Was it 47 minor DoS for Firefox and 38 critical arbitrary code execution vulns for IE ?
You could spend about 5 minutes looking through the vulnerabilities to figure this one out. Try being ambitious and doing a Google search or just going to M$ and Mozilla's websites. I bet you will find out the answer. As for vulnerabilities being silently I don't think M$ does it all the time and I don't believe it never happens with Firefox. You seem to quickly jump to the conclusion this comparison is useless without doing some basic fact finding of your own.
First I am not sure how my post got classified as flamebait exactly, considering I am not flamming anyone or anything. Other than that -- I wasn't specifically calling out HostGator in anyway. However, they have a number of problems as I have seen alerts from various CERT reports that show HostGator shared hosting boxes as being used in a number of various attacks. My comment regarding FTP and others was more aimed at shared hosting providers that do use it. DreamHost for example, has boxes with 100's of users, thousands of websites, and it uses FTP.
However, in a quick search I can see gator16.hostgator.com accepts FTP connections (currently 4 connected users) so it would not surprise me if this is found all over on their boxes.
Point about the IE portion is that if you run your machine securely you significantly reduce the effects some 0day exploit can have on you.
As always it should be pretty well known that a number of large shared hosting providers have little or no security to prevent this kind of stuff. Using a cPanel local exploit to start putting the IE exploit code in other users' www folders is an interesting use for the 0-day find. A number of larger hosting providers house dozens, hundreds, and sometimes more websites on a boxes that allow FTP and in some cases telnet. These boxes generally aren't patched very well either and can easily be rooted to allow someone to drop their bad code into * the hosted sites webpages.
It's been said 1000 times before, but even if you choose to run IE -- if you're not running as an Administrator (or you even use something like DropMyRights to run IE) there's probably a 99% chance the IE exploit won't do anything. The same goes for Mozilla/Firefox and any other program on Windows.
Slashdot Mirror
Now imagine when they create a version of this with a twenty-foot long circumference and they test it on your neighborhood! That would be shocking to see. :P
Nice response and very informative. Oh wait it was very bland, generic, and served no purpose. :( Aww poor baby. Maybe you'd like to add some substance to such a reply. You would like to but you cannot. Thanks for the blurb though.
It's good to see the U.N. has just outright came out and see it doesn't see a need for them to run this. I think Security is a bigger issue, although I do not exactly have any idea on what they are working or doing to secure anything. A large number of countries seem to look at anything associated with the U.S. as a talking point for change. There's not a whole long wrong with ICANN doing what it does right now as far as I can see. People just like to complain and try and get a change just so they can oppose someone they aren't fond of. Well so much for all the calls for the U.N. to run it. Let's see what all these whining complaining bastards try and do next.
What has not changed about the contract is the registration fee for dot-xxx domains: It will remain at $60 annually, with $10 of each registration going to IFFOR.
In case anyone is still wondering, it will cost 60 USD.
penhouse.xxx??
I don't know buddy. Think you've got a few winners with the others but I am not so sure about penhouse.xxx. Some how I don't see a house of Pen's being very erotic.
I am baffled that someone even came across this article let alone posted it to Slashdot. This is probably one of the most juvenile reviews I have ever read. On top of that it's quite obvious it was written by a script kiddie. Who would actually do a [limited] review of security tools and talk about how they "can be tested for free, either through an evaluation or trial, or warez"?? This is by far one of the saddest reviews I have ever seen.
:(
I pray that no one out there even considers using this person for a "scanning contract". This person is much more likely to do harm than any good. As mentioned it also seems the person is missing quite a few obvious vulnerability scanners from their top 11 list. Perhaps this is because our reviewer wasn't 31337 enough to get a cracked or evaluation version for these products. Core Impact or Foundstone Foundscan would easily rank about most or all(?) of these on the list. I mean Nikto is #8 on the list. Sure it's a neat tool, but it's simply a limited web application scanner. Our reviewer here does not have a clue.
Looks like 2007 is not off to a strong start!
What a clever posting and crystal ball! I am just amazed anyone even came across the website. Heise Security? It's good to see they repost stuff that can be found on other sites people do read. What a waste of time. This crystal ball posting is a [humorless] joke.
Right. That's of course if you don't have of one the following:
1) 3rd party firewall on the box
2) the OS's firewall (who says you're installing without an SP?)
3) a hardware firewall
4) a home router/switch that does NAT for you (and of course a home network that's not 0wn3d)
5) IPsec policy on the box preveting connections to the ports
6) File & Print sharing + naughty services turned off.. (anyone out there??)
Yea so those are all pretty good... #6 not being full proof but definitely highly recommended regardless. These CDs might be a good [neat] idea. Then again why not just setup your own WUS box and get your patches from your local LAN while not routing out. That way you can save time, touches, and bandwidth!! wowzers.
What I really don't understand is why they announced this now. They found this information out many months ago and waiting until now to reveal it. WHen asked they said evidence leads them to "believe" it is water. They aren't positively sure, although they've made a strong case it is in fact water (or atleast a liquid of some sort). They could send the Orbiter (and they are going) to the sites and do analysis of the area to help determine if the substance is water or not. Why did they not do this prior to making this announcement is beyond me. I guess they can make two announcements now. Hopefully the second is that they've verified that it is water.
There is something you have to understand about how these numbers are calculated. If one system is compromised (and remember there were hundreds), it can take hours of investigation by multiple people. Then there may be computer imaging, other forensics work, and ultimately reinstallation of the machine. This may go across multiple departments, contractors, and divisions within a single organization. So if we have 6 people involved in one incident and they each spent 6 hours on it. That's 36 hours worth of effort/work. Well, how much time is that worth (not calculating any loss caused by other unproductivity from downtime)?
Varying rates:
$50 x 36 = $1800
$100 x 36 = $3600
$150 x 36 = $5400
Yes these are arbitrary numbes and hours but think about systems that caused e-mail loss and other problems. This is tons of downtime, tons of problems, and tons of work for various individuals. That costs money.
If you ever went to the websites that this "Victor" character hosted their "hacks" on you could see what kind of geniuses they were. The "White Hat Team" as they called themselves were/are a bunch of clueless script kiddies. They would host their website (www.whitehat.ro) on hacked servers, so it would frequently go down and be reuploaded elsewhere. They flat out told you this on their ugly poorly designed webpage. On top of that they had tons of screen shots of various systems they compromised accounts on (and sometimes gained root). It was fully of typos, bad commands, and just other terribly embarassing things.
Honestly, I feel bad for this guy (and probably the rest of the team when they're indicted), not because he's been arrested, but because he is such a moron! Hackers... not at all. White hats.. nope (about as smart as the Ironic on). Morons..yes.
Well it's obvious why it had to be cancelled guys. When you have a week that's 7 days long and you can only come up with 6 bugs, you've got to cancel the things. Imagine the embarassment of starting on Sunday.. getting to Saturday and being one short.
Yes we have deployed a great alternative to password based authentication at work. We have done this by deploying RSA SecurID for Windows. This is completely free so long as you already have an RSA Authentication Manager (ACE/Server) infrastructure. This allows us to use our passcode (your PIN) + tokencode (your changing code). We also require them to use their Windows password in addition to this. You can enable "Windows Password Integration" which will remember for you, so the users never have to remember their password. However, due to certain levels of sensitivity we opt not to do this. In theory someone on that admins the Unix ACE/Server we run could set a temporary or emegency passcode/password in place of a token and bypass the whole process. Requiring both is a bit more secure.
In any event using RSA works well. Getting tokens and all that is not free obviously, but if your environment already uses them.. this is easy to deploy. Sure it can be a PITA if your tokencode changes while you're typing or if you lock your workstation/unlock it frequently (meaning you have to wait for a tokencode change) but it does a great job and provides a nice two-factor solution.
This could quite possibly be the biggest running list of whining pussies I have seen in a while on Slashdot. Cry me a fucking river that it's a few days before midterm elections and there's a good chance he's going to die for his terrible war crimes in the near future. Why don't you go protest outside about and try and break him free if you love him so much and feel the whole election was a big sham that's going to bring death, mayhem, and a loss of credibility to our soldiers and Iraq. What are you basing your thoughts on? What leads you to believe there's going to be a huge surge in violence (I'm guessing you watched CNN)?
I think all the terrorists reading your sympathetic bullshit will cause a rise in terrorist activity. You losers make me sick. Go ahead and mod this down, sounds like something a bunch of wusses would do. I am sure two of my Kurdish friends from high school who lost family members to Saddam and fled to the U.S. to escape him would also like to send you a big fuck you. Thanks for the same set of weak ass arguments that have been posted for the last 10 years though, it's good to see recycled ideas and comments.
Great idea? Well, until some bonehead with access to it posts parts of it on his blog or argues on Slashdot and references sections they looked up on their Intellipedia!
One thing that has always baffled me when it comes to certain types of SPAM is the audacity and lack of fear of the spammers. We need m?re cases like the recent spammer that got a jail sentence for spamming AOL. One issue that I've always found laughable was that "the spammer cannot be found." Sure they are using bogus return addresses, relays, hacked machines, or legit foreign providers that are hard to communicate or track down. However, the one thing they generally have in common is a porn, mortage, medicinal, or some other website with ads/signs ups that has a unique referrer on it that ties directly (maybe indirectly sometimes) to the spammer. I watched Dateline NBC track down a spammer of porn to Canada via the referrer, ISP, and other means and they sat down with him face to face. If someone would grow a pair or was serious about stopping SPAM they would do more to go after the spammers. Look -- there's not millions of spammers out there causing all of this. The large bulk amount of it is coming from a few thousand if not less.
Great so everything I just said has nothing to do with this spam -- the pump and dump. Well, that's not exactly true either. If someone is doing a pump and dump, chances are that they have (or someone they're working with) has bought a large amount of this bogus stock prior to the SPAM starting. Hell -- since there's multiple stocks being SPAM'd -- we might even find a pattern here if we look at who has bought what. If people want to get serious about stopping not just SPAM but scams, they could consider investigating this stuff to figure out where the money is at. Don't tell me no one cares, they cannot be found, or it's too hard. It's not.
Most definitely agreed! Deep Freeze works great. They used this in one of the computer labs at my college and I thought it was a great tool. Once it's on "Frozen" users can do all they want, but the second the box reboots it's 100% back the way the machine was before. Oh yeah it takes up virtually no memory and hardly any hdd space. I now use it at work to assist in Malware analysis. They've also got a program called AntiExecutable that is worth checking out.
Wow, Spell Checker!!! Awesome what an innovative feature. Sure wish IE7 had that in it. Oh wait it does!! OH my god......Firefox is copying features. Let me write an article about it and post it on Slashdot so all the users with some odd inferiority complex can respond to me!! Wait, but first they must feverishly use Google to find what other browsers [that they have never used] have had built in spell checkers in them so they can post a response. Then we will find out that it doesn't really matter where a feature came from or who uses what browser!
Sort of related sort of not... it would be nice if they had full integration for RSA SecurID for Windows. This was the original plan for Vista but they ended up pulling the integrated support, at least for there original release(s). You can read all about it here if you please. Full support built in would be a nice security feature instead of having to install a third party add-on product. This would be a nice up front addition. Since RSA and M$ apparently already have a close relationship of some sort, it seems that this would be a no brainer to get in place. Oh well.
After these results were reported..
Microsoft's Stock tumbles 50%, panic in Redmond, protests in the street, millions of users alarmed
Oh wait.. nevermind that's all untrue.
In related news...
Who cares? Do I need to see an update everytime someone uses IE, Firefox, or Opera? Maybe we can get this tally added to census.gov!!
It's not my website so I can't argue with what gets posted to the front page but this has to goes in my who gives a shit news pile. I'll have to agree with the OP in that W=WHO would apply also. I am sure we'll get dozens of posts from people who know everything about the project down to the MD5 hash of each file, but I bet you could fill a ton of backend MySQL databases with the number of people who haven't heard of them.
Yes, this will not prevent people from using a service like NetTeller that allows you to put money in an account and then jump from there. What it will do, however, is actually spell out to people that this activity is illegal and will inherently reduce the number of people willing to participate. Additionally, many people (myself included) will transfer money via EFT or credit card. This method will have to be reconsidered or terminated if one wants to avoid being [pro/per]-secuted. This will drive business up for middle man services but will decrease the bottom line as it will reduce the number of people that will use EFT/CC (if they still work) and will also redecue the overall number because people will not want to give a cut to the middle man. Unlike EFT and CC -- the middleman services generally charge a percentage of each transaction and it's generally (relatively) steep.
>> - There is no possible way for ISP's to block access to gambling sites, not with the current development of technology.
I am not sure what technology you have been looking at but this has been possible since DNS began. Now with web content filters, smart reverse proxies, and still DNS controls...this is very easy to do. Now can they actually stop the person from using proxies that go out of the country or something of that sort, of course not? But they can certainly block the sites and easily and rapidly keep that list updated. This again would dramatically decrease the number of people that would participate in online gambling as it would take a level of technical sophistication and will to circumvent the rules to play.
I 100% disagree that they should be able to block online gambling. I play occassionally and have not done so in a good 6 months, but it shouldn't be wrong or illegal for me to do so. Who are they to decide what I can do in such a blue collar activity that is legal in certain locations -in my country- ?
It sounds like you have a rather large bias. You call the it a "totally pointless comparison" when you don't know the answers to your own questions. That does not make much sense does it?
>>Second, what about the importance of these vulns ? Was it 47 minor DoS for Firefox and 38 critical arbitrary code execution vulns for IE ?
You could spend about 5 minutes looking through the vulnerabilities to figure this one out. Try being ambitious and doing a Google search or just going to M$ and Mozilla's websites. I bet you will find out the answer. As for vulnerabilities being silently I don't think M$ does it all the time and I don't believe it never happens with Firefox. You seem to quickly jump to the conclusion this comparison is useless without doing some basic fact finding of your own.
First I am not sure how my post got classified as flamebait exactly, considering I am not flamming anyone or anything. Other than that -- I wasn't specifically calling out HostGator in anyway. However, they have a number of problems as I have seen alerts from various CERT reports that show HostGator shared hosting boxes as being used in a number of various attacks. My comment regarding FTP and others was more aimed at shared hosting providers that do use it. DreamHost for example, has boxes with 100's of users, thousands of websites, and it uses FTP. However, in a quick search I can see gator16.hostgator.com accepts FTP connections (currently 4 connected users) so it would not surprise me if this is found all over on their boxes. Point about the IE portion is that if you run your machine securely you significantly reduce the effects some 0day exploit can have on you.
As always it should be pretty well known that a number of large shared hosting providers have little or no security to prevent this kind of stuff. Using a cPanel local exploit to start putting the IE exploit code in other users' www folders is an interesting use for the 0-day find. A number of larger hosting providers house dozens, hundreds, and sometimes more websites on a boxes that allow FTP and in some cases telnet. These boxes generally aren't patched very well either and can easily be rooted to allow someone to drop their bad code into * the hosted sites webpages. It's been said 1000 times before, but even if you choose to run IE -- if you're not running as an Administrator (or you even use something like DropMyRights to run IE) there's probably a 99% chance the IE exploit won't do anything. The same goes for Mozilla/Firefox and any other program on Windows.