First MSIE Security Alert of the new year ...

Empath

Flashaholic
Joined
Nov 11, 2001
Messages
8,508
Location
Oregon
Turning to The Inquirer in order to find negative things to taunt those you view as inapt is scraping the bottom of the bowl. It's neither helpful for people, nor useful. The article is nothing more than a gripe, and offers no information useful for anyone.

That wasn't an effort to help. That was nothing more than a taunt toward the ones choosing a system other than what you've chosen. I think it's about time you knock off your campaign against operating systems and platforms that don't fit your taste.
 

Charles Bradshaw

Flashlight Enthusiast
Joined
Sep 14, 2002
Messages
2,495
Location
Mansfield, OH
Thank you Tomas. Empath, I call it useful information. I use both Win98SE and Mandrake Linux 9.1 Powerpack Edition. However, I do all of my internet, including email in linux. At least I am free of all those Windows worms, viruses, trojans, and other vulnerabilities that are the scourge of Windows.
 

Empath

Flashaholic
Joined
Nov 11, 2001
Messages
8,508
Location
Oregon
Since you call it useful, Charles, tell me exactly where it was useful. The article he referenced was simply a cynical verbose comment "gleefully" claiming there is a security flaw discovered in IE even this early in the year.

There are several ways with trojans, viruses, worms, and other malicious activity, to create the havoc with the most effective methods. Among those doing so, they often brag, or discuss among themselves the ingenious way that they distribute their maliciousness. One way is to find a security hole. Of course since it's a computing system, and programable, there will always be a security hole. So, now that you've found the security hole, what do you do with it.

One way is by writing a malicious exploit of it through trojans, worms, viruses or whatever. Of course it's risky and can land you in jail or financially liable in civil cases.

Another way is by exploiting it through websites through ActiveX or something that can be automated, or tempting to download on a site. This too is risky, also landing you in jail or financially liable in civil cases.

An alternate, and so far totally safe and effective method is this. Make use of the security hole created by Microsoft's schedule of security patches. Immediately following the release, while there's still time enough to be effective, announce the "security alert" to the world. That way, anyone wanting to utilize the flaw knows they've got a whole month of unabashed exploitation. This one isn't risky. You just sit back and let the word spread and the dupes take the risk, while you just run over to IRC and laugh and brag about your totally legal malicious accomplishments. Why do you think they announce these to the world instead of directly to Microsoft. /ubbthreads/images/graemlins/rolleyes.gif

The dangers of this "assistance" that's been "useful information" as you call it, is demonstrated in this posting that was posted to warn of the dangers created by the advice of the non-Microsoft users trying to give "useful advice" to Microsoft using members.
 

Tomas

Banned
Joined
Jun 19, 2002
Messages
2,128
Location
Seattle, WA area
Empath, if you view this as an intended slam against users of MSIE that is your priviledge, but a sadly warped view of others. Your comments directed toward me, quoted here, are inapropriate, moderator or not.
[ QUOTE ]
Turning to The Inquirer in order to find negative things to taunt those you view as inapt is scraping the bottom of the bowl. It's neither helpful for people, nor useful. The article is nothing more than a gripe, and offers no information useful for anyone.

That wasn't an effort to help. That was nothing more than a taunt toward the ones choosing a system other than what you've chosen. I think it's about time you knock off your campaign against operating systems and platforms that don't fit your taste.

[/ QUOTE ]

Here is the entire content of the article referenced:

[ QUOTE ]
THERE'S A MODERATELY critical alert for Windows Explorer 5.01 et seq from security firm Secunia to usher in our new and brave computing year.

The English normally wait for a ****oo to sound before they proclaim spring is on the way, we are given to understand.

According to the Secunia bulletin, the latest, or first problem with Internet Explorer in 2004 is a showHelp() restriction bypass vulnerability.

This is a variant of an older showHelp() problem, discovered by Arman Nayyeri.

The problem appears to be related to "trusted" sites, and Secunia claims the vulnerability is confirmed in "fully patched" Explorer 6 with WinAmp 5 installed.

Yes, the solution is to disable active scripting support, and to get rid of HTML that as references to showHelp() using an HTTP proxy or firewall with content filtering capabilities.

Or, in yet another rare flash of wit from Secunia, you can avoid the problem by "using another product".

The bulletin is here. Now that Microsoft has stopped issuing regular security bulletins – except monthly, and even then not last month – we don't know what we'd do without outfits like Secunia. µ


[/ QUOTE ]

Note the link at the end of the article to the actual alert, which notes the existance of a published exploit and gives reccomendations for use until the hole is closed.

I would also post the content of the actual alert and it's recommendations but this post is already getting too long, and anyone who needs to see it can click the link. That should be unnecessary since the recommendations on the use of ActiveX or filtering are in the above quoted short article.

Now, back to your personal attack, Empath: I'm curious as to why you haven't gotten all upset over my recent posts about security problems and updates on Macintosh OS X (my OS), but only focus on those dealing with Microsoft, and consider one a taunt but not the other? Secondly I'm curious why you've decided to publicly attack and berate another user, contrary to CPF rules.

I'm normally polite here, Empath, and yours is a rare post indeed to make me want to say "**** ***!!!"

<font color="red">(OTHER moderators, do what you will with this thread.)</font> (Rules 4 and 6.)

T_sig6.gif
 

treek13

Flashlight Enthusiast
Joined
May 11, 2002
Messages
1,325
Location
West Coast of Michigan
I tend to visit CPF much more frequently than I post. When I browse CPF, not only do I look for topics that will interest me, I also check to see who the topic starters are. There are certain members whose posts I tend to find interesting and/or informative and some whose posts I tend to avoid because I know they will just upset me. Often these posters start topics which others here enjoy, I just don't like their posts due to my differing opinions/perspective, not due to any inherently inflammatory content. For this reason I don't complain or try to stop them from posting on subjects that I find upsetting.

The reason why I post this is simply this, personally, I tend to find Tomas' posts interesting/informative. This includes his posts about problems with Microsoft products which I use. In fact, right now, I am exclusively using Microsoft operating systems.

Empath, I truly believe that you are finding his posts upsetting due to your own baggage and not due to their actual content. You infer a taunt instead of simply taking his post at face value. Given this, I think you would be better served by simply avoiding his threads rather than trying to deny them to those of us who do enjoy them.

Respectfully,
Pat
 

Empath

Flashaholic
Joined
Nov 11, 2001
Messages
8,508
Location
Oregon
[ QUOTE ]
Tomas said:
Now, back to your personal attack, Empath: I'm curious as to why you haven't gotten all upset over my recent posts about security problems and updates on Macintosh OS X (my OS), but only focus on those dealing with Microsoft, and consider one a taunt but not the other? Secondly I'm curious why you've decided to publicly attack and berate another user, contrary to CPF rules.


[/ QUOTE ]

If you've assumed the responsibility to notify the members of all the vulnerabilities, you're missing a few for Mac and Linux:

Vulnerability 1
Vulnerability 2
Vulnerability 3
Vulnerability 4
Vulnerability 5
Vulnerability 6
Vulnerability 7
Vulnerability 8
Vulnerability 9
Vulnerability 10
Vulnerability 11

While I can't point at a particular thread of yours and say "that one is a taunt", I can point at the cumulative content and say it is. If it pleases you, I'll add "IMHO". However, I know you've been around the net enough to know the friction created by what you're doing, and the impasse that alway results from this. To not be aware of it would require much less intelligence and knowledge than you have. I've already given my reasons for my actions a couple of postings up.
 

Sigman

* The Arctic Moderator *
Joined
Sep 25, 2002
Messages
10,124
Location
"The 49th State"
Sidenote...I have my Window's Update service turned off for a reason...IT BUGS ME! OK...I keep in touch with "industry" and am aware of the "bugs" that exist. Yes, I do connect and retrieve/install security patches...but just hate the automated notices. They serve their timely purpose though.

I've just always wondered why anyone felt the need to post a notice that there were new "bugs" and applicable patches available. Anyone has the capability to logon to MS and get those notices/patches.

Guess I'm just confused...perhaps these posts/notices are for those who don't know how to use their tools/systems? I typically just ignore any posts on this subject.
 

Kiessling

Flashaholic
Joined
Nov 26, 2002
Messages
16,140
Location
Old World
Sigman, I am one of those who "don't know how to use their system" /ubbthreads/images/graemlins/grin.gif

This is a computer and as long as it does what I want I will not bother looking any further. This machine does not have any kind of self-purpose, it is just a tool. I am not willing to invest a huge amount of my time tweaking a tool that is doing fine right now. the downside to this problem is that I will not notice some serious drawbacks. If they should be serious enough that I might be threatened, I appreciate someone's effort to warn me that it is time to move my sorry *** and upgrade my tool now.

It is bad enough that those damned things require so much of my time just to work properly ... I am really not inclined to actively browse websites for updates on a regular basis ... would have to do that for every major software I have running ... too much effort.
I appreciate automated update-reminders for important software, they save my time. and time is life.

bernhard
 

binky

Flashlight Enthusiast
Joined
Dec 1, 2002
Messages
1,036
Location
Taxachusetts, USA
Well, I had to log in to support Tomas, though if I were a moderator I may have made a similar remark as Empath.

As a member, my vote's is to let the notifications continue, perhaps especially because of the Gestalt result of the numerous posts.

Here are some reasons by which I promote my vote...

1. Yes, the other OS's have their own problems (eg: If the default behavior pattern of a buffer overflow is to dump the offender into an all-access mode, how secure can a *nix OS be?) We can all chuckle at that too, presuming our company hasn't just lost any money because of it.

2. Microsoft evangelized their OS as being extremely secure, and made many many sales based largely on that very claim. I believe the mantra started with "NT is C4-secure!" Well, however unobtainable that supposed lofty goal was, NT was a complete charlatain. I'd go so far as to say that Microsoft blatantly lied, and I'm not holding a grudge; I've never been burned by that rediculous claim.

3. Microsoft continues to use software design models that are inherently insecure, claims their software to be secure, then when it is made clear that it is by no means secure, retreats to press releases stating "users want that feature". Fair enough to build it if people want it, but don't also try to say the software is secure. But they do! They're kinda calling in the dogs on themselves dontcha think?

4. I'm usually able to take some preventive action based on Tomas' notification, but I'm not so paranoid that I bother to check other security web sites specifically looking for the whether there is a new OS security hole discovered/expoited.

5. The nature of CPF members is to discuss or debate. I really don't think these posts sound anything like the "Microsoft sucks! / Linux rules! / Macs are for weenies!" level of flame-fanning that you'd be right to disuade. At its very worst (and it hasn't been Tomas) my personal view is more along the lines of "every OS falls short, and look where this one falls short (again) in the very area it was proclaimed to excel!"

6. As I sit here in front of my Win2K/Linux dual-boot box, I do enjoy a chuckle that goes along with the sigh of needing to head over to windowsupdate to go through the at-least-15-minutes of check-update-reboot-checkagain that usually proceeds after my reading latest the Tomas->MS post.

So I suppose the greatest reason I vote in favor of letting Tomas continue the trend is number 6; I came to the Cafe for maybe a chuckle and maybe some useful information. His posts almost always provide plenty of both. Please let it roll on. /ubbthreads/images/graemlins/smile.gif
 

Greta

Flashaholic
Joined
Apr 8, 2002
Messages
15,999
Location
Arizona
Binky... excellent post! And I agree with every single one of your points. But (and you knew that was coming... /ubbthreads/images/graemlins/wink.gif )... as with everything in this world, there is more to the story and I would like to take this opportunity to address each of your points and fill in perhaps some blanks.
[ QUOTE ]
Well, I had to log in to support Tomas, though if I were a moderator I may have made a similar remark as Empath.

As a member, my vote's is to let the notifications continue, perhaps especially because of the Gestalt result of the numerous posts.

[/ QUOTE ]
*Agreed. I appreciate the notifications too. And would appreciate them more if they were posted with genuine concern for Windows users instead of as a taunt. Read on.

[ QUOTE ]
Here are some reasons by which I promote my vote...

1. Yes, the other OS's have their own problems (eg: If the default behavior pattern of a buffer overflow is to dump the offender into an all-access mode, how secure can a *nix OS be?) We can all chuckle at that too.

[/ QUOTE ]
*And yet we don't hear about those to the same extent, do we? No one wants to go into such detail about those things. I believe Empath posted a few links above that were never reported by Tomas.

[ QUOTE ]
2. Microsoft evangelized their OS as being extremely secure, and made many many sales based largely on that very claim. I believe the mantra started with "NT is C4-secure!" Well, however unobtainable that supposed lofty goal was, NT was a complete charlatain. I'd go so far as to say that Microsoft blatantly lied, and I'm not holding a grudge; I've never been burned by that rediculous claim.

[/ QUOTE ]
*Neither have I. And neither has Tomas. So one must wonder at his crusade.

[ QUOTE ]
3. Microsoft continues to use software design models that are inherently insecure, claims their software to be secure, then when it is made clear that it is by no means secure, retreats to press releases stating "users want that feature". Fair enough to build it if people want it, but don't also try to say the software is secure. But they do! They're kinda calling in the dogs on themselves dontcha think?

[/ QUOTE ]
*Again... agreed. But again, I have to ask why Tomas feels it's his personal crusade to head up the pack? He isn't affected by any of this.

[ QUOTE ]
4. I'm usually able to take some preventive action based on Tomas' notification, but I'm not so paranoid that I bother to check other security web sites specifically looking for the whether there is a new OS security hole discovered/expoited.

[/ QUOTE ]
*Ah... now we're getting into the meat of this matter. So why does Tomas feel that he needs to check them? Public service to the rest of us? If only that were his only motivation. Read on.

[ QUOTE ]
5. The nature of CPF members is to discuss or debate. I really don't think these posts sound anything like the "Microsoft sucks! / Linux rules! / Macs are for weenies!" level of flame-fanning that you'd be right to disuade. At its very worst (and it hasn't been Tomas) my personal view is more along the lines of "every OS falls short, and look where this one falls short (again) in the very area it was proclaimed to excel!"

[/ QUOTE ]
*Funny thing that... Tomas never posted any updates or "warnings" to us until after he was told to knock off the "Microsoft sucks! / Linux rules! / Macs are for weenies!" crap in another thread. That type of "flame-fanning" was taking place in more threads than I care to count and after trying tactfully to disuade it, I finally had to tell him (and a couple others) to knock it off. It was so completely out of hand that many threads ended up closed because of the bickering that ensued... headed up most of the time by Tomas.

[ QUOTE ]
6. As I sit here in front of my Win2K/Linux dual-boot box, I do enjoy a chuckle that goes along with the sigh of needing to head over to windowsupdate to go through the at-least-15-minutes of check-update-reboot-checkagain that usually proceeds after my reading latest the Tomas->MS post.

[/ QUOTE ]
*Well I'm glad you got something out of them. BTW... did you go and apply that "fix" that he pointed people in the direction of that ended up being tantamount to emailing someone a virus who you know has no virus protection? That was irresponsible and not amusing at all.

[ QUOTE ]
So I suppose the greatest reason I vote in favor of letting Tomas continue the trend is number 6; I came to the Cafe for maybe a chuckle and maybe some useful information. His posts almost always provide plenty of both. Please let it roll on.

[/ QUOTE ]
*Binky... here's the thing... like I said, if Tomas's motivation was to actually help us all, then we wouldn't have a problem. And yes, I am fully aware that I am not a mindreader and I don't really know what Tomas's motivation is but from how things have gone, it's not that difficult to guess. As I pointed out earlier, Tomas never posted these updates until he was told to knock off with the constant flaming and baiting of Windows users.

Quote from DavidW... "I feel that Tomas has had nothing but contempt for CPF rules and the Staff. There may be no single incident where he crossed the line but he has stepped right up to and skirted it enough times to be branded a violator of rules."

This latest incident is simply the final straw.

Now if someone else... preferably an actual Windows user... wants to take up the banner and keep us all up on the latest "stuff", that would be very cool! All we ask is that whoever does it is responsible enough not to point people in the direction of potentially harmful "fixes" and is also responsible enough to post official information and not just biased articles that truly are designed to do nothing but bait or inflame.

Thanks again for your post Binky! /ubbthreads/images/graemlins/smile.gif
 

Saaby

Flashaholic
Joined
Jun 17, 2002
Messages
7,447
Location
Utah
Perhaps whoever picks up the banner can try doing it as 1 continuous thread. That might not work but it's worth a try.
 

tkl

Flashlight Enthusiast
Joined
Aug 24, 2002
Messages
2,332
Location
Tx
I have to agree with Empath. The majority of people use MS cause it came with their computer and/or is most common. The majority of folks including myself could care less that computer geeks ***** and whine about MS.
 

geepondy

Flashlight Enthusiast
Joined
Apr 15, 2001
Messages
4,896
Location
Massachusetts
If I was concerned about keeping up with the windows problems and updates, there are many computer forums I would visit first before checking the CPF cafe section.
 

Sigman

* The Arctic Moderator *
Joined
Sep 25, 2002
Messages
10,124
Location
"The 49th State"
[ QUOTE ]
geepondy said:
If I was concerned about keeping up with the windows problems and updates, there are many computer forums I would visit first before checking the CPF cafe section.

[/ QUOTE ]
--------------------
Absolutely! /ubbthreads/images/graemlins/thumbsup.gif
 

raggie33

*the raggedier*
Joined
Aug 11, 2003
Messages
13,453
well i bash mac sometimes but i assure ya im just jokieng i own a mac product thaT i love ii also like linux but im usaly just jokeing when i make coments about a os. i hope everyone relaizes that
 

Charles Bradshaw

Flashlight Enthusiast
Joined
Sep 14, 2002
Messages
2,495
Location
Mansfield, OH
I find the specific information to be useful, Empath, and I ignore the implied inuendoes in the Enquirer article.

The specifics are Explorer 6 with Winamp 5 installed. (the implication is that without winamp 5 installed, there is no problem.)

I don't use either one, but when I eventually go to w2k pro or xp pro, I will keep that in mind.
 

binky

Flashlight Enthusiast
Joined
Dec 1, 2002
Messages
1,036
Location
Taxachusetts, USA
Wow, Sasha -- that's obviously a very considered response and I thank you for the attention. I must have read it about a dozen times by now, just kinda chewing my cud, so to speak. I wasn't aware of the bogus "fix" that you're referring to, and that would obviously have been a bad thing if malicious intent were there. Maybe I missed that post or I'm not affected because I don't use Outlook.

I guess I'm close to Raggie's point of just joking around about the OS prob's. No malicious intent. I have all 3 major home-oriented OS's in my house (no Solaris, etc), I used to make my living keeping both Mac's and Windows boxes humming smoothly. Now I use Linux quite a lot. I like each for their strengths and I also get furious with each at one time or another.

Neither the OS's nor their company/crew that create them are all equal to me, however, and I hope the Cafe can remain a place that one can at least vent from time to time about any one of them in particular.

And on the lighter side -- tkl's right to hold that mirror up; I am a computer geek and I do ***** and whine about MS and their products. Haha! You're so right! /ubbthreads/images/graemlins/wink.gif
 

Greta

Flashaholic
Joined
Apr 8, 2002
Messages
15,999
Location
Arizona
[ QUOTE ]
binky said:
Neither the OS's nor their company/crew that create them are all equal to me, however, and I hope the Cafe can remain a place that one can at least vent from time to time about any one of them in particular.

[/ QUOTE ]

CPF has never /ubbthreads/images/graemlins/twakfl.gif'd anyone for venting. See my own thread that I started the other day titled, "I need to vent". The problem comes in when the venting goes one step further and turns into taunts towards those who use the products in question. For the longest time, when someone vented about a Microsoft product, the standard reply was, "Get a Mac"... yeah... that's real helpful... /ubbthreads/images/graemlins/rolleyes.gif If I come here looking for assistance with a computer problem (and I have), it's usually because I have reached the end of my expertise and/or patience and it can be assumed (usually from the various /ubbthreads/images/graemlins/mad.gif and /ubbthreads/images/graemlins/help.gif and /ubbthreads/images/graemlins/banghead.gif and /ubbthreads/images/graemlins/rant.gif liberally spread throughout my post) that I'm not a happy camper. To have someone reply to my "vent" or request for help with some smartass remark about changing OS's, is not helpful and is not appreciated... at all.

So the point here is that discussions of the different OS's is NOT the point. Taunting, baiting and making smartassed remarks is. So feel free to vent anytime you want! But make sure that you don't cross the line... and I really do have faith in the general membership that they know very well where that line is... /ubbthreads/images/graemlins/wink.gif

Thanks again binky... /ubbthreads/images/graemlins/grinser2.gif
 
Top