[lbo-talk] Re:

snit snat snitilicious at tampabay.rr.com
Fri Jul 23 08:26:02 PDT 2004


At 10:44 AM 7/23/2004, budge wrote:


>i'm getting tired of this one. this has nothing to do with
>outhouse and,in fact, for the last few years outhouse has
>come out of the box pretty well locked down. it is much
>more likely to be a browser exploit (ie, but nutscrape has
>some too) or one of the myriad smb/file sharing exploits.

yah. but doesn't it get back to 'doze? the recent attacks on mozilla and opera were about a shell: request sent to an external handler. the handlers security takes over in NT, 2K and XP with their jazzy default settings. 'coz the problem didn't hit linux, sol, or BSD, so it was 'doze. that was the problem.

We've been recommending that users never use both a Microsoft e-mail client AND a Microsoft browser, to avoid some of the problems. But, well, I just got of a phone call with a VP who wants me to not write malware any more because some people don't know what that is. Even if I write:

"Malware attacks-viruses, worms, Trojans, and other forms of malicious code --<blah blah blah>...."

They are still klewless as to what malware means. (This is why I saw that those of you who think it's easy to write for the masses are klewless.....)

IOW, I explained in the only way I knew how what malware means--that it encompasses the range of malicious code. I used it ('malware') precisely because people have to stop thinking that it's only e-mail attachments that are the problem.

the VP says, you know, I think it's 'cause they don't read. (Duh.) We got a chuckle out of that one.

He was a pretty cool guy, btw. Worked for Larry Ellison for five years. He said that Ellison's motto was: "The customer is king, but we can treat our vendors like shit."

Cute, huh?


>there's also good old fashioned layer-8 exploits (short
>between the keyboard and the floor) when something wanders
>across the screen and the user says "oohh shiny!"
>drool, click, blam. time to reload windoze...

heh.

k

[1](she says, as a lame ass 'doze user who just hasn't had time to do BSD. Look, I started up a BSD box two years ago... but here I am, still trying to get my work work done and no time to play. But, I listened about BSD!!!
:) (ya BOHF!)

"We're in a fucking stagmire."

--Little Carmine, 'The Sopranos'



More information about the lbo-talk mailing list