Name Usage problem.
-
It is by far way to easy to use other peoples names for Message Board / Forums posting. Someone used Dr Wluffs name today, although it was funny this could become confusing. I did it here http://www.codeproject.com/lounge.asp?forumid=1159&app=50&select=120020&fr=101#xx120001xx I would not have made this public but Nish advised me that all bugs should be publisized. Regardz Colin J Davies
Sonork ID 100.9197:Colin
Most people should stick to calculators, Isaac Sasson 28 th Law of Computing: Anything that can go wr# Segmentation violation -- Core dumped
-
It is by far way to easy to use other peoples names for Message Board / Forums posting. Someone used Dr Wluffs name today, although it was funny this could become confusing. I did it here http://www.codeproject.com/lounge.asp?forumid=1159&app=50&select=120020&fr=101#xx120001xx I would not have made this public but Nish advised me that all bugs should be publisized. Regardz Colin J Davies
Sonork ID 100.9197:Colin
Most people should stick to calculators, Isaac Sasson 28 th Law of Computing: Anything that can go wr# Segmentation violation -- Core dumped
Colin Davies wrote: Someone used Dr Wluffs name today, although it was funny this could become confusing. If it was not David, it was not funny at all. Colin Davies wrote: _I did it here http://www.codeproject.com/lounge.asp?forumid=1159&app=50&select=120020&fr=101#xx120001xx_ Yes. You sure did impersonate me and I think it's a big problem if anyone could do that to anyone else. Colin Davies wrote: I would not have made this public but Nish advised me that all bugs should be publisized. I believe in the bugtraq philosophy. If bugs are kept secret, people will exploit them endlessly. Once published, bugs are quickly corrected. David C, Chris M, Uwe K? Regards and cheers Nish My most recent CP article :- A newbie's elementary guide to spawning processes www.busterboy.org
-
Colin Davies wrote: Someone used Dr Wluffs name today, although it was funny this could become confusing. If it was not David, it was not funny at all. Colin Davies wrote: _I did it here http://www.codeproject.com/lounge.asp?forumid=1159&app=50&select=120020&fr=101#xx120001xx_ Yes. You sure did impersonate me and I think it's a big problem if anyone could do that to anyone else. Colin Davies wrote: I would not have made this public but Nish advised me that all bugs should be publisized. I believe in the bugtraq philosophy. If bugs are kept secret, people will exploit them endlessly. Once published, bugs are quickly corrected. David C, Chris M, Uwe K? Regards and cheers Nish My most recent CP article :- A newbie's elementary guide to spawning processes www.busterboy.org
Nish [BusterBoy] wrote: If it was not David, it was not funny at all. Well compared to some of the stuff Dr Wluff has posted it was inoffensive and tame. :-) Nish [BusterBoy] wrote: Yes. You sure did impersonate me and I think it's a big problem if anyone could do that to anyone else. Yes if I can do it, a 9 yr old girl can do it in a big pink font, I cleanly admit it wasn't much of a discovery. Nish [BusterBoy] wrote: I believe in the bugtraq philosophy. If bugs are kept secret, people will exploit them endlessly. Once published, bugs are quickly corrected. I always use a letter u after a letter q unless the word is a proper name like Qantas or Qatar. But I really don't undestand this philosophy. Is it documented somewhere ? Regardz Colin J Davies
Sonork ID 100.9197:Colin
Most people should stick to calculators, Isaac Sasson 28 th Law of Computing: Anything that can go wr# Segmentation violation -- Core dumped
-
Colin Davies wrote: Someone used Dr Wluffs name today, although it was funny this could become confusing. If it was not David, it was not funny at all. Colin Davies wrote: _I did it here http://www.codeproject.com/lounge.asp?forumid=1159&app=50&select=120020&fr=101#xx120001xx_ Yes. You sure did impersonate me and I think it's a big problem if anyone could do that to anyone else. Colin Davies wrote: I would not have made this public but Nish advised me that all bugs should be publisized. I believe in the bugtraq philosophy. If bugs are kept secret, people will exploit them endlessly. Once published, bugs are quickly corrected. David C, Chris M, Uwe K? Regards and cheers Nish My most recent CP article :- A newbie's elementary guide to spawning processes www.busterboy.org
Nish [BusterBoy] wrote: I believe in the bugtraq philosophy. If bugs are kept secret, people will exploit them endlessly. Once published, bugs are quickly corrected. I agree, let it be known that a bug exists, but I believe its stupid and inconsiderate to publish how to exploit a security bug before there is any reasonable chance to fix it. For example this AOL AIM Bug. My $.02, James Sonork ID: 100.11138 - Hasaki "My words but a whisper -- your deafness a SHOUT. I may make you feel but I can't make you think." - Thick as a Brick, Jethro Tull 1972
-
Nish [BusterBoy] wrote: I believe in the bugtraq philosophy. If bugs are kept secret, people will exploit them endlessly. Once published, bugs are quickly corrected. I agree, let it be known that a bug exists, but I believe its stupid and inconsiderate to publish how to exploit a security bug before there is any reasonable chance to fix it. For example this AOL AIM Bug. My $.02, James Sonork ID: 100.11138 - Hasaki "My words but a whisper -- your deafness a SHOUT. I may make you feel but I can't make you think." - Thick as a Brick, Jethro Tull 1972
James T. Johnson wrote: I agree, let it be known that a bug exists, but I believe its stupid and inconsiderate to publish how to exploit a security bug before there is any reasonable chance to fix it. For example this AOL AIM Bug. My $.02, Well you are correct. Colin, as a matter of fact, only said that there was a bug that could be exploited, he didn't actually detail the exploit technique. Nish My most recent CP article :- A newbie's elementary guide to spawning processes www.busterboy.org
-
Colin Davies wrote: Someone used Dr Wluffs name today, although it was funny this could become confusing. If it was not David, it was not funny at all. Colin Davies wrote: _I did it here http://www.codeproject.com/lounge.asp?forumid=1159&app=50&select=120020&fr=101#xx120001xx_ Yes. You sure did impersonate me and I think it's a big problem if anyone could do that to anyone else. Colin Davies wrote: I would not have made this public but Nish advised me that all bugs should be publisized. I believe in the bugtraq philosophy. If bugs are kept secret, people will exploit them endlessly. Once published, bugs are quickly corrected. David C, Chris M, Uwe K? Regards and cheers Nish My most recent CP article :- A newbie's elementary guide to spawning processes www.busterboy.org
Nish [BusterBoy] wrote: I believe in the bugtraq philosophy. If bugs are kept secret, people will exploit them endlessly. Once published, bugs are quickly corrected. That sounds more like the Cigital philosophy. Isn't it better to send an email directly to the vendor to give them a chance to fix it instead of making it public and placing undue stress on the vendor by not giving them any lead time to fix the problem while malicious users use the new found security hole to play havoc? cheers, Chris Maunder
-
Nish [BusterBoy] wrote: If it was not David, it was not funny at all. Well compared to some of the stuff Dr Wluff has posted it was inoffensive and tame. :-) Nish [BusterBoy] wrote: Yes. You sure did impersonate me and I think it's a big problem if anyone could do that to anyone else. Yes if I can do it, a 9 yr old girl can do it in a big pink font, I cleanly admit it wasn't much of a discovery. Nish [BusterBoy] wrote: I believe in the bugtraq philosophy. If bugs are kept secret, people will exploit them endlessly. Once published, bugs are quickly corrected. I always use a letter u after a letter q unless the word is a proper name like Qantas or Qatar. But I really don't undestand this philosophy. Is it documented somewhere ? Regardz Colin J Davies
Sonork ID 100.9197:Colin
Most people should stick to calculators, Isaac Sasson 28 th Law of Computing: Anything that can go wr# Segmentation violation -- Core dumped
http://online.securityfocus.com/archive/1 Nish My most recent CP article :- A newbie's elementary guide to spawning processes www.busterboy.org
-
Nish [BusterBoy] wrote: I believe in the bugtraq philosophy. If bugs are kept secret, people will exploit them endlessly. Once published, bugs are quickly corrected. That sounds more like the Cigital philosophy. Isn't it better to send an email directly to the vendor to give them a chance to fix it instead of making it public and placing undue stress on the vendor by not giving them any lead time to fix the problem while malicious users use the new found security hole to play havoc? cheers, Chris Maunder
Chris Maunder wrote: That sounds more like the Cigital philosophy Chris, He didnt actually detail out the exploit. He just said it could be done. Anyway people must know that this bug exists because of the fake-post under David Wulff's name on the Lounge. Funny thing is, I was actually fooled. I thought it really was David. I guess Colin must have mailed you how he did it by now. I hope it's an easily corected error. Thanks Nish My most recent CP article :- A newbie's elementary guide to spawning processes www.busterboy.org
-
Chris Maunder wrote: That sounds more like the Cigital philosophy Chris, He didnt actually detail out the exploit. He just said it could be done. Anyway people must know that this bug exists because of the fake-post under David Wulff's name on the Lounge. Funny thing is, I was actually fooled. I thought it really was David. I guess Colin must have mailed you how he did it by now. I hope it's an easily corected error. Thanks Nish My most recent CP article :- A newbie's elementary guide to spawning processes www.busterboy.org
Nish, I wasn't commenting on Colin, I was commenting on your philosophy. cheers, Chris Maunder
-
Chris Maunder wrote: That sounds more like the Cigital philosophy Chris, He didnt actually detail out the exploit. He just said it could be done. Anyway people must know that this bug exists because of the fake-post under David Wulff's name on the Lounge. Funny thing is, I was actually fooled. I thought it really was David. I guess Colin must have mailed you how he did it by now. I hope it's an easily corected error. Thanks Nish My most recent CP article :- A newbie's elementary guide to spawning processes www.busterboy.org
Nish [BusterBoy] wrote: I guess Colin must have mailed you how he did it by now. Of course not, Telling Chris about an ASP exploit would be like telling my granny how to suck eggs. Remember Chris is our ASP guru chap. He probably already plugged the hole when he saw the Dr Wluff post. Regardz Colin J Davies
Sonork ID 100.9197:Colin
Most people should stick to calculators, Isaac Sasson 28 th Law of Computing: Anything that can go wr# Segmentation violation -- Core dumped
-
Nish, I wasn't commenting on Colin, I was commenting on your philosophy. cheers, Chris Maunder
Chris Maunder wrote: I wasn't commenting on Colin, I was commenting on your philosophy Okay. I understand now. But normally exploits are released so that people can download these exploits, try them against their own machines and make sure that they are safe. I was pasrt of my company's net security team last year. This was one of my functions. Look out for the latest bugs and exploits. Download them. Try them on our servers. There were 4 separate instances when I actually discovered root exploit holes on sour main server [running Linux]. So I have a different way of looking at these things. Also during my college level days, I played around quite a bit with vulnerability scanners and stuff like that. Nish :-) My most recent CP article :- A newbie's elementary guide to spawning processes www.busterboy.org
-
Nish [BusterBoy] wrote: I guess Colin must have mailed you how he did it by now. Of course not, Telling Chris about an ASP exploit would be like telling my granny how to suck eggs. Remember Chris is our ASP guru chap. He probably already plugged the hole when he saw the Dr Wluff post. Regardz Colin J Davies
Sonork ID 100.9197:Colin
Most people should stick to calculators, Isaac Sasson 28 th Law of Computing: Anything that can go wr# Segmentation violation -- Core dumped
Colin Davies wrote: Telling Chris about an ASP exploit would be like telling my granny how to suck eggs. Remember Chris is our ASP guru chap Dunno whether Chris M will take the comparison of his ASP skills to your grand-ma's egg related skills :-) I guess he's plugged it by now. Nish :-) My most recent CP article :- A newbie's elementary guide to spawning processes www.busterboy.org
-
Colin Davies wrote: Telling Chris about an ASP exploit would be like telling my granny how to suck eggs. Remember Chris is our ASP guru chap Dunno whether Chris M will take the comparison of his ASP skills to your grand-ma's egg related skills :-) I guess he's plugged it by now. Nish :-) My most recent CP article :- A newbie's elementary guide to spawning processes www.busterboy.org
Nish the comparisson was not meant to be derrogatory at all. It is a usage of an English expession "to suck eggs" it signifys that you really know your stuff. Nish [BusterBoy] wrote: I guess he's plugged it by now. I'd say so, I'll test it tomorrow, just to be on the safe side. Regardz Colin J Davies
Sonork ID 100.9197:Colin
Most people should stick to calculators, Isaac Sasson 28 th Law of Computing: Anything that can go wr# Segmentation violation -- Core dumped
-
Chris Maunder wrote: I wasn't commenting on Colin, I was commenting on your philosophy Okay. I understand now. But normally exploits are released so that people can download these exploits, try them against their own machines and make sure that they are safe. I was pasrt of my company's net security team last year. This was one of my functions. Look out for the latest bugs and exploits. Download them. Try them on our servers. There were 4 separate instances when I actually discovered root exploit holes on sour main server [running Linux]. So I have a different way of looking at these things. Also during my college level days, I played around quite a bit with vulnerability scanners and stuff like that. Nish :-) My most recent CP article :- A newbie's elementary guide to spawning processes www.busterboy.org
Nish [BusterBoy] wrote: But normally exploits are released so that people can download these exploits, try them against their own machines and make sure that they are safe. But how will you be safe if there was no time to fix the exploit itself? You'd then be a victim of your own philosophy. Citigal released the AIM exploit because they're nothing but a bunch of script kiddies looking for some fun. IMHO anyway :) James Sonork ID: 100.11138 - Hasaki "My words but a whisper -- your deafness a SHOUT. I may make you feel but I can't make you think." - Thick as a Brick, Jethro Tull 1972
-
Nish the comparisson was not meant to be derrogatory at all. It is a usage of an English expession "to suck eggs" it signifys that you really know your stuff. Nish [BusterBoy] wrote: I guess he's plugged it by now. I'd say so, I'll test it tomorrow, just to be on the safe side. Regardz Colin J Davies
Sonork ID 100.9197:Colin
Most people should stick to calculators, Isaac Sasson 28 th Law of Computing: Anything that can go wr# Segmentation violation -- Core dumped
Colin Davies wrote: Nish the comparisson was not meant to be derrogatory at all. I know :-) It was my idea of a subtle joke. Like if someone tells me, 'Nish you are as cool as Peter Norton', I'd say, "uh huh" in a manner as if to suggest I was actually cooler. Nish My most recent CP article :- A newbie's elementary guide to spawning processes www.busterboy.org
-
Colin Davies wrote: Nish the comparisson was not meant to be derrogatory at all. I know :-) It was my idea of a subtle joke. Like if someone tells me, 'Nish you are as cool as Peter Norton', I'd say, "uh huh" in a manner as if to suggest I was actually cooler. Nish My most recent CP article :- A newbie's elementary guide to spawning processes www.busterboy.org
Nish [BusterBoy] wrote: 'Nish you are as cool as Peter Norton' I haven't heard of him in years ! Where is he now ? Regardz Colin J Davies
Sonork ID 100.9197:Colin
Most people should stick to calculators, Isaac Sasson 28 th Law of Computing: Anything that can go wr# Segmentation violation -- Core dumped
-
Nish [BusterBoy] wrote: But normally exploits are released so that people can download these exploits, try them against their own machines and make sure that they are safe. But how will you be safe if there was no time to fix the exploit itself? You'd then be a victim of your own philosophy. Citigal released the AIM exploit because they're nothing but a bunch of script kiddies looking for some fun. IMHO anyway :) James Sonork ID: 100.11138 - Hasaki "My words but a whisper -- your deafness a SHOUT. I may make you feel but I can't make you think." - Thick as a Brick, Jethro Tull 1972
James T. Johnson wrote: But how will you be safe if there was no time to fix the exploit itself? You'd then be a victim of your own philosophy. It's not that way at all. Say there is a new bug in my box's FTP server. I download the exploit. Test my server and if it is vulnerable I take it down. later on when the vendor releases a new version I downlaod it and try the exploit on it and if it is safe I can up my FTP again. Thus the end-users can be sure they are using a safe product and there is pressure on my FTP server vendor to fix the bug. But the nice security guys always give the vendor a one week head start. Cigital's behaviour sucked in that respect. Nish My most recent CP article :- A newbie's elementary guide to spawning processes www.busterboy.org
-
Nish [BusterBoy] wrote: 'Nish you are as cool as Peter Norton' I haven't heard of him in years ! Where is he now ? Regardz Colin J Davies
Sonork ID 100.9197:Colin
Most people should stick to calculators, Isaac Sasson 28 th Law of Computing: Anything that can go wr# Segmentation violation -- Core dumped
Colin Davies wrote: I haven't heard of him in years ! Where is he now ? CEO and CIO of Symantec Corporation! Nish My most recent CP article :- A newbie's elementary guide to spawning processes www.busterboy.org
-
Colin Davies wrote: I haven't heard of him in years ! Where is he now ? CEO and CIO of Symantec Corporation! Nish My most recent CP article :- A newbie's elementary guide to spawning processes www.busterboy.org
Nish [BusterBoy] wrote: CEO and CIO of Symantec Corporation! Gosh, I do lead a sheltered life. Regardz Colin J Davies
Sonork ID 100.9197:Colin
Most people should stick to calculators, Isaac Sasson 28 th Law of Computing: Anything that can go wr# Segmentation violation -- Core dumped
-
Nish the comparisson was not meant to be derrogatory at all. It is a usage of an English expession "to suck eggs" it signifys that you really know your stuff. Nish [BusterBoy] wrote: I guess he's plugged it by now. I'd say so, I'll test it tomorrow, just to be on the safe side. Regardz Colin J Davies
Sonork ID 100.9197:Colin
Most people should stick to calculators, Isaac Sasson 28 th Law of Computing: Anything that can go wr# Segmentation violation -- Core dumped
Hey Colin, I'll be on the road (well, in the air) all day tomorrow and will try to work a fix but no promises that I'll get a chance. cheers, Chris Maunder