A Windows XP help forum. PCbanter

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

Go Back   Home » PCbanter forum » Microsoft Windows XP » New Users to Windows XP
Site Map Home Register Authors List Search Today's Posts Mark Forums Read Web Partners

MicroMonopoly aids Terrorism?



 
 
Thread Tools Display Modes
  #1  
Old January 24th 04, 07:21 PM
kurttrail
external usenet poster
 
Posts: n/a
Default MicroMonopoly aids Terrorism?

"[T]he link is formatted to take advantage of an Internet Explorer flaw
that allows an attacker to hide the true destination of the link; in this
case, the address bar in Internet Explorer displays "www.fdic.gov," while
the actual Web site is at a different address in Pakistan." -
http://zdnet.com.com/2100-1105_2-514...=zdfd.newsfeed

And I wonder who in Pakistan would want to know about the financial details
about American citizens? Who in Pakistan would want to exploit the fears of
the American populace for their own nefarious purposes? Who, indeed?!

Is MS glacial response to fixing the address bar flaw also helping
terrorists fund future attacks on the innocents?

Stop dragging your feet MS, people are now possibly being terrorized in
their homes because of your Swiss cheese software! Get a temp fix out that
informs people of the misdirection at the very least, if it's really that
effin' hard to fix fully.

PROTECT YOUR CUSTOMERS FROM YOUR MISTAKE, *NOW*!

This should be a lesson to everyone why you can't put all of computer
security eggs in one monopolistic basket!

Demonstrations of the Address bar vulnerability:

http://www.microscum.com/misc/devil/

http://www.microscum.com/misc/intran...ransigence.htm

Download & setup up Mozilla as your default browser, that way when you click
on a link in email, you'll know what website you're really being taken to.

http://mozilla.org/download.html

Protect yourself, because MS's desktop monopoly gives them absolutely no
incentive to fix their own mistakes for their monopoly locked-in customers!

There should be an investigation into how MS's desktop monopoly has weakened
the safety of the general public!

--
Peace!
Kurt
Self-anointed Moderator
microscum.pubic.windowsexp.gonorrhea
http://microscum.com
"Trustworthy Computing" is only another example of an Oxymoron!
"Produkt-Aktivierung macht frei!"


Ads
  #2  
Old January 24th 04, 08:01 PM
Chris Lanier
external usenet poster
 
Posts: n/a
Default MicroMonopoly aids Terrorism?

Just quit with scare tactics, Kurt. Do you really think terrorists are in their bunkers on a lap-top trying to obtain your bank account number? This is a pathetic attempt to promote your ridiculous website (yes, RIDICULOUS). You are a JOKE. Get a life you
former band-geek turned computer-geek.

  #3  
Old January 24th 04, 08:21 PM
Mike Brannigan [MSFT]
external usenet poster
 
Posts: n/a
Default MicroMonopoly aids Terrorism?

see
http://support.microsoft.com/?id=833786
For advice and guidance on protecting yourself from these sites.

User who are still concerned about this issue may also wish to look at a
third party tool/plug-ins at
(Note :- not Microsoft recommended or supported by us. This is one of a
number of such third party tools)
http://xforce.iss.net/xforce/alerts/id/159

--
--
Regards,

Mike
--
Mike Brannigan [Microsoft]

This posting is provided "AS IS" with no warranties, and confers no
rights

Please note I cannot respond to e-mailed questions, please use these
newsgroups

"kurttrail" wrote in message
...
"[T]he link is formatted to take advantage of an Internet Explorer flaw
that allows an attacker to hide the true destination of the link; in this
case, the address bar in Internet Explorer displays "www.fdic.gov," while
the actual Web site is at a different address in Pakistan." -
http://zdnet.com.com/2100-1105_2-514...=zdfd.newsfeed

And I wonder who in Pakistan would want to know about the financial

details
about American citizens? Who in Pakistan would want to exploit the fears

of
the American populace for their own nefarious purposes? Who, indeed?!

Is MS glacial response to fixing the address bar flaw also helping
terrorists fund future attacks on the innocents?

Stop dragging your feet MS, people are now possibly being terrorized in
their homes because of your Swiss cheese software! Get a temp fix out

that
informs people of the misdirection at the very least, if it's really that
effin' hard to fix fully.

PROTECT YOUR CUSTOMERS FROM YOUR MISTAKE, *NOW*!

This should be a lesson to everyone why you can't put all of computer
security eggs in one monopolistic basket!

Demonstrations of the Address bar vulnerability:

http://www.microscum.com/misc/devil/

http://www.microscum.com/misc/intran...ransigence.htm

Download & setup up Mozilla as your default browser, that way when you

click
on a link in email, you'll know what website you're really being taken to.

http://mozilla.org/download.html

Protect yourself, because MS's desktop monopoly gives them absolutely no
incentive to fix their own mistakes for their monopoly locked-in

customers!

There should be an investigation into how MS's desktop monopoly has

weakened
the safety of the general public!

--
Peace!
Kurt
Self-anointed Moderator
microscum.pubic.windowsexp.gonorrhea
http://microscum.com
"Trustworthy Computing" is only another example of an Oxymoron!
"Produkt-Aktivierung macht frei!"




  #4  
Old January 24th 04, 09:01 PM
kurttrail
external usenet poster
 
Posts: n/a
Default MicroMonopoly aids Terrorism?

Mike Brannigan [MSFT] wrote:

see
http://support.microsoft.com/?id=833786
For advice and guidance on protecting yourself from these sites.


Oh yeah! The average computer illiterate is lucky if he find his way to
Windows Update, let alone some obscure support document hidden among tens of
thousands of other ones.

Fix the problem! Stop the brush off! People are getting screwed even as we
speak.


User who are still concerned about this issue may also wish to look
at a third party tool/plug-ins at
(Note :- not Microsoft recommended or supported by us. This is one
of a number of such third party tools)
http://xforce.iss.net/xforce/alerts/id/159


It's just plain safer to use another browser, till you guys get your asses
in gear, and even then it's just a matter of time, before your next security
vulnerability is found and exploited en masse. Smaller targets are just a
hell of a lot easier to miss, than the monopoly-bundled browser in MS's OSs.

--
Peace!
Kurt
Self-anointed Moderator
microscum.pubic.windowsexp.gonorrhea
http://microscum.com
"Trustworthy Computing" is only another example of an Oxymoron!
"Produkt-Aktivierung macht frei!"


  #5  
Old January 24th 04, 09:21 PM
kurttrail
external usenet poster
 
Posts: n/a
Default MicroMonopoly aids Terrorism?

Chris Lanier wrote:

Just quit with scare tactics, Kurt.


No scare tactics, I just asked some relevant questions, you filled in the
fear in your own mind. My intention wasn't to scare but to inform.
Ignorance isn't really bliss, Chris.

Sure, I was trying to goad MS to get off it's big fat monopoly-bloated ass
and actually do something, even if it's only a temporary fix. But I was
also very serious about my call to investigate into how MS's desktop
monopoly puts the general publics security at risk.

Do you really think terrorists
are in their bunkers on a lap-top trying to obtain your bank account
number?


Do you really think they are living in bunkers in Pakistan? !

Are you so naive to think that they wouldn't try to get Americans to pay for
terrorist attacks against Americans? Didn't they use our planes against us
last time? Did they not try to disrupt our financial system with their
previous attack on the financial capital of our country? Didn't you read in
the article that this was a very sophisticated scam?

This isn't fear mongering, these are just very apropos questions to ask, in
light of the details presented by the article I quoted from.

This is a pathetic attempt to promote your ridiculous website
(yes, RIDICULOUS). You are a JOKE.


I'm not joking. People need to learn to do for themselves when it comes to
their computer security. MS has proven time and again to be either
incapable, or unwilling to protect their monopoly locked-in customers from
MS's security-challenged software.

Get a life you former band-geek
turned computer-geek.


Actually, I quit band to play football. 4th-string fullback. But that was
more than a 1/4 of a century ago.

"Those were the days, my friend . . . ."

--
Peace!
Kurt
Self-anointed Moderator
microscum.pubic.windowsexp.gonorrhea
http://microscum.com
"Trustworthy Computing" is only another example of an Oxymoron!
"Produkt-Aktivierung macht frei!"


begin 666 rofl.gif
M1TE&.#EA)P`/`)$"`````/__`````````"'_"TY%5%-#05!%,BXP`P$````A
M^00)! `"`"P`````)P`/```"1I0-F?M_U*8\&+!:"\YL]L@52)``ANYEB-
M:"9V\OE"LS1M7/CWL[S=73 @ZE'(A81)45R&6R27-!&+U-()79D+/;* ``
M(?D$"00``@`L`````"`#P```D4#YG'[?]2F'/!BP6HFP:0A4Q'D94HFI_W
MH9EJ +P5XWTP[.5J^X_1*P.!',P5$1R%I+5LR)S$J'3XLTI5%FW$Z644
M```A^00)! `"`"P`````)P`/```"1I0OH(KM#XT*E+*((["[!I"%2%1EBB:
+!%!'(F'E_R0%HPD\1CUH=J2Y9G;1[
M* ^:/=)4(@*!H
M54%I8ANJKJW&Q8HW/^]MR[FSXXU\OQ!G$2,6#T&AID8+3HLJ#&)LS:JZH6
M./T:"@`A^00)! `"`"P`````)P`/```"191_H(KM#XT*E+*((ZB3YX]LE34"
M("B6Y9F)ZBQD L'G2D_[LO9N6[IJ'"_4%"X*C9V2)]RR5DDG\::A:KC7;#9
M!5=0```A^00)! `"`"P`````)P`/```"192/H(KM#XT*E+*((ZAAV@PF7+5]
M(5B6%GEFJ3IVK6;!(S!#+^?)N?.RI7[ FM!$%'5ZK&1#Q40Z#U 8;@H47K&/
MQ65:```A^00)! `"`"P`````)P`/```"1)2/`KOI#]T*E+(ZCYH]LEAB(
M``B:I%6BF;J6G@O!''G2C]W-L)C^7Z'H#!'#(TZ&V2R6)DGY)E+J+7;!9
M!K8``"'Y! D$``(`+ `````G``\```)%E(\&N^D/W0J4MH@CJ-SFCVS6Q $@
M*#)=8)Y82I:LJXVBW-+2V)&Y'N*M/, $;$@L!EF]I/)P:\ZQEZ*^HB-L!K&
M#U@``"'Y! D$``(`+ `````G``\```)$E(\'N^D/W0J4MH@CJ-SFCVP6PP$@
M*#)B99Y82I9!ZS[PRLXU=)?I;AMU2D"),,J&G&SI#+!G#B?H&4&HK2L!+5
.:O5,PF@B#)
M= %@9NBDKJUFD=W&SL\;X_IN4%RO] J5BHF;"(.47E@!I-0XXKYK$:E%^UN
MI"P``"'Y! D$``(`+ `````G``\```)'E(\)N^D/W0J4MH@CJ-SFCVP6(P8`
M"(ID=Z*8.G6"VV,IT;:LOI/T9+%6,#2LE&9'Y$_9%"J7P*@39[2&J!?M
M@Y1U%0``(?D$"00``@`L`````"`#P```D*4CRG K ^C8:%6)_,#ME\-3E9#
M?6'&!61CGE#*JV;P'('T-L]SKK(4_E^*9RJF/O5/,6A$MET/H-)Y2:*L496
MN@(`(?D$"00``@`L`````"`#P```D4CVG K _C`J%6)_.CM@@A8O5,*2H
M65SH9*ZLI\+4?$ZTPI\MWK"\0A!/T10V"$6#[;+QZECCY!4T[*1/JPQB.5
M6RO1"@`A^00)! `"`"P`````)P`/```"1Y2/"L#Z-AH58G\P.V7PU.5D-]
M88%9&.4#JNK9MP\,6J]*9Z:@G8*5*EV$PHN/F(R%I'J6LB;M"@=/J$6:]3
M)88[)+D*`"'Y! D$``(`+ `````G``\```)%E(^)P*P/HV&A5B?S`[9?#4Y6
M0WUAQHVD4*IMP9 Z\KEZTPKTPNSOD?+!@@G@#&@4^I&XI[#BA1^GK2142
M,5DZ50``"'Y! D$``(`+ `````G``\```)&E(^9P*P/HV&A5B?S`[9?#4Y6
W@7J]*;:N. KN# .J4?$)$J$6='P7#(;#Y[S2 19JPN
MH!CMAA0J```A^00)! `"`"P`````)P`/```"1Y2/J"L#Z-AH58G\P.W\0!H
MXM1Y7SAF7]F J;1H^"VBQM+WA.=BJ\0ZGF,U1,1^P61B9=PYE;+:?J4
M&;&+)8;;;8@*`"'Y! D$``(`+ `````G``\```)'E(^I`MT+(VRAUB?S`M=9
MH(4&]WF7J)$E%8!HQ*D=Z[Y*;*VQO76YL^,E9#]/33CZK4Y(A.I).389Q19)
M.B7^IALBAMMU: H`(?D$"00``@`L`````"`#P```D64CZD&W0LC;*'6)_,"
MME\-,E?'?6'&E:1Y3J-'!4#KOE8\TXKJR66N0ZAX/E90).OACHF4TL@4_%;0
M*)$4W1 Q6:TC4P``(?D$"00``@`L`````"`#P```D4CZD'W0LC;*'6) _,"
ME]L`:*+A=\U:N59II)Y@JV[Q18%TK7\.:BX, Z,R #Q/+EC(BAH\@D]93+
MZ%&&JUH9SM!V\Y04```A^00)! `"`"P`````)P`/```"292/J0C="R-LH=8G
M\P*6=@T:W&650*B-@;IR)QJQ97O!T\4ZM:VXSMZ\1BKF2,X3,B 'F%29#KN
MG@?5T4I5XG2K;$^&\7X=D0(`(?D$"00``@`L`````"`#P``` D4CZD)W0LC
M;*'6)_,"-M"KA09GD1T@:J;7@6FTMJSW3E\H[7"X1ZIVR%Z,H=+/ Y@$A&
M:WELCD[&J%3@LUZQ,R6MX04```A^00)! `"`"P`````)P`/```"1Y2/J0K=
M"R-LH=8G\P(VT*N%!F1'2!JIM!:41^+8^&]MM'VO)57C(7P_H#!!]#A
MQ\/*\0DV1T69="I(,K%.'X;+@"X*`"'Y! D$``(`+ `````G``\```)%E(^I
M"]T+(VRAUBSLQ=#1H-Y:A5HY`)Q2N:ZMN[&QS=+U[1ZHI+U9K]#T.(P
M%1&II')I1":14.#M4P4,5F%4U$``"'Y! D(``(`+ `````G``\```)'E(^I
M*^#.HDPN6 NGIK?C#0*8.'[@))(I%@"G1'JR^RZQW-$UAWOZ?D@]AH\6D$
MFH[!$7')-,2T&BC9[12;JV?%D%,% ``(?D$"00``@`L`````"`#P```D64
MCZD+W0LC;*'6)S.S%UP-&AXWEJ%6CEP`G%*YKJV[L;'-TO7MY'JBDO5FOT/0
MXC 5$:FDFE$)I%0X.U3!1XQ685340``(?D$"00``@`L`````"`# P```D4
MCZD*W0LC;*'6)_,"-M"KA09GD1T@:J;7@6E$?BV'OAO;7K1]KR55XR%\/Z P
M0?0X7,?#RO$)-D=%F70J2#*Q3A^&RX N"@`A^00)! `"`"P`````)P`/```"
M1Y2/J0G="R-LH=8G\P(VT*N%!F1'2!JIM!:;2VK/=.5SRCM+A'JG;(7HR
MATMX\#F 2$9K6R.3L:H5."S7K$QS):WA!0``"'Y! D$``(`+ `````G``\`
M``))E(^I"-T+(VRAUB?S`I9V#1K995 J(V!NG(G&K%E\'3Q3JUK;AS.WKQ
M&*N9(SA,R( 85)D.NZ!]712E7B=*ML3X;Q?AV1`@`A^00)! `"`"P`````
M)P`/```"1Y2/J0?="R-LH=8G\P*7VP!HHN%YWS5JY5FFDGF"K;O%%@72M?PY
MJ)[@P#HS( /$\N6,B*&CR"3UE,OH48:K6AG.T';SE!0``"'Y! D$``(`+ ``
M```G``\```)%E(^I!MT+(VRAUB?S`K9?#3)7QWUAQI6D4ZC1 P5 Z[Y6/-.*
MZLEEKD.H#Y64"3KX8Z)E-+(%/Q6T"B1%-T0,5FM(U,``"'Y! D$``(`+ ``
M```G``\```)'E(^I`MT+(VRAUB?S`M=9H(4&]WF7J)$E%8!HQ*D=Z[Y*;*VQ
MO76YL^,E9#]/33CZK4Y(A.I).389Q19).B7^IALBAMMU: H`(?D$"00``@`L
M`````"`#P```D4CZG K ^C8:%6)_,#M_$`:.+45\X9E_9@*FT6B:'O@MH
ML;2]X3G8JO$.IYC'-43$?L%D8F7.96RW&GZE!FQBR6&VVV("@`A^00)! `"
M`"P`````)P`/```"1I2/F"L#Z-AH58G\P.V7PU.5D-]88%9&.4#JNK;MX
M%ZO2FVKC@*[@P#JE'Q"1*A%G1\%PR&P^\T@$6:L+J 8[884*@``(?D$"00`
M`@`L`````"`#P```D64CXG K ^C8:%6)_,#ME\-3E9#?6'&C:1Y0JFW!D#K
MRMZ5SK3"O3"[.^1\L&"" ,:!3ZD;BGL.*%'ZM)%1(Q61[I5 ``(?D$"00`
M`@`L`````"`#P```D4CWG K ^C8:%6)_,#ME\-3E9#?6'&!61CGE ZKJV;
M/#%JO2FFH)V"E2I=A,*+CYB,A:1ZEK(F[0H'3ZA%FO4R6&.R2Y"@`A^00)
M! `"`"P`````)P`/```"1Y2/:"L#^,"H58G\Z.V!Z"%B]4PI*AQ97.ADKJR
MGPM1\3K3"GRWL+Q"$$_1%#8(18/MLO'J5R./D%33LI$^K#&(Y5;*]$*`"'Y
M! D$``(`+ `````G``\```)"E(\IP*P/HV&A5B?S`[9?#4Y60WUAQ@5D8YY0
MRGJMF\!R!]#;/ZZR%/Y?BFJIC[U3S%H1+9=#Z#24FBK%&5KH"`"'Y! D$
M``(`+
M"VV,IT;:LOI/T9+%6,#2LE&9'Y$_9%"J7P*@39[2&J!?M@Y1U%0``(?D$
.:O5,PF@B#)= %@9NBD
MKJUFD=W&SL\;X_IN4%RO] J5BHF;"(.47E@!I-0XXKYK$:E%^UNI"P``"'Y
M! D$``(`+ `````G``\```)$E(\'N^D/W0J4MH@CJ-SFCVP6PP$@*#)B99Y8
M2I9!ZS[PRLXU=)?I;AMU2D"),,J&G&SI#+!G#B?H&4&HK2L!+5LP``( ?D$
.:/;-;$`2 H,EU@GEA*
MEJRKC:+TM+8D;DXJT\P 1L2"P&6;VD\G!KSI[&7HKZB(VP&L8/6 ``(?D$
.:/88B `(FJ15HIFZ
MEIX+P1QYTH_=S7K"8_E^AZ P1PR-.AMDLEB9')^27I2ZBUVP60:V```A^00)
M! `"`"P`````)P`/```"192/H(KM#XT*E+*((ZAAV@PF7+5](5B6%GEFJ3IV
MK6;!(S!#+^?)N?.RI7[ FM!$%'5ZK&1#Q40Z#U 8;@H47K&/Q65:```A^00)
M! `"`"P`````)P`/```"191_H(KM#XT*E+*((ZB3YX]LE34"("B6Y9F)ZBQ
MD L'G2D_[LO9N6[IJ'"_4%"X*C9V2)]RR5DDG\::A:KC7;#9!5=0```A^00)
M! `"`"P`````)P`/```"1Y1OH(KM#Q,(E+*(X[3;YH]TE0B H&A506EB&ZJN
,8FS-IRKJA8X_1H*`"'Y
M! D$``(`+ `````G``\```)&E"^@BNT/C0J4LH@CL+L&D(5(5Y&6*)J?]Z&9
MRI:N%I=.#]WO)YX/U?HZ@L$4$B87_) 6C"1SQ&/6AVI+EF=M'LH```A
M^00)! `"`"P`````)P`/```"1Y0/F?M_U*8\&+!:B;!I"%3$1E2B:G_A
MF5J2H O!7C?3#LY6I[[C]$K X$QS!41'(6DM6S(G,2H=/BS2E46;3I910`
M`"'Y! 4$``(`+ `````G``\```)&E V9Q^W_4IASP8L%H+SFSVR!5(D`"&[F
M6(UH)G;R^4*QS-&U^/SO-U=,"#J4B%A$E17(9)T$8O5XT@E=F0L]LH
=```A^00%" `"`"P"``@`"P`"```"!82/$(E1`#L`
`
end

  #6  
Old January 24th 04, 10:01 PM
kurttrail
external usenet poster
 
Posts: n/a
Default MicroMonopoly aids Terrorism?

Or maybe I'm just a self-absorbed idiot. Sorry, guys, I was wrong.

--
Peace!
Kurt
Self-anointed Moderator
microscum.pubic.windowsexp.gonorrhea
http://microscum.com
"Trustworthy Computing" is only another example of an Oxymoron!
"Produkt-Aktivierung macht frei!"



  #7  
Old January 24th 04, 10:41 PM
kurttrail
external usenet poster
 
Posts: n/a
Default MicroMonopoly aids Terrorism?

the imposter kurttrail wrote:

Or maybe I'm just a self-absorbed idiot. Sorry, guys, I was wrong.


I make fun of my "self-absorbed" nature in the sig of every post I send.
Show me a person that isn't self-absorbed to a degree, and I show you a
total effin' moron, Mr. CDO-faker.

Thread-Topic: MicroMonopoly aids Terrorism?
thread-index: AcPivHuYuW2N1T0QTLiCtH42gGv4SQ==
X-Tomcat-NG: microsoft.public.windowsxp.newusers
From: =?Utf-8?B?a3VydHRyYWls?=
References:


Subject: MicroMonopoly aids Terrorism?
Date: Sat, 24 Jan 2004 12:56:05 -0800
Lines: 13
Message-ID:
MIME-Version: 1.0
Content-Type: text/plain;
charset="Utf-8"
Content-Transfer-Encoding: 7bit
X-Newsreader: Microsoft CDO for Windows 2000
Content-Class: urn:content-classes:message
Importance: normal
Priority: normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
Newsgroups: microsoft.public.windowsxp.newusers
NNTP-Posting-Host: tk2msftcmty1.phx.gbl 10.40.1.180
Path: TK2MSFTNGP08.phx.gbl!cpmsftngxa07.phx.gbl
Xref: TK2MSFTNGP08.phx.gbl microsoft.public.windowsxp.newusers:105997

--
Peace!
Kurt
Self-anointed Moderator
microscum.pubic.windowsexp.gonorrhea
http://microscum.com
"Trustworthy Computing" is only another example of an Oxymoron!
"Produkt-Aktivierung macht frei!"


  #8  
Old January 25th 04, 06:01 PM
Karl Levinson [x y] mvp
external usenet poster
 
Posts: n/a
Default MicroMonopoly aids Terrorism?


"kurttrail" wrote in message
...
Mike Brannigan [MSFT] wrote:

see
http://support.microsoft.com/?id=833786
For advice and guidance on protecting yourself from these sites.


Oh yeah! The average computer illiterate is lucky if he find his way to
Windows Update, let alone some obscure support document hidden among tens

of
thousands of other ones.


That's exactly why this IE URL spoofing issue is a whole lot of nothing.
The average computer illiterate is going to fall for phishing whether or not
the URL is spoofed using this issue or another issue or isn't spoofed at
all. I can think of a lot of ways to spoof a URL for which there is no
patch and for which multiple browsers are vulnerable. The average person
would trust a popup window that doesn't even have a URL field in the window,
or that uses the http://user@domain URL spoof, and then there's ARP
spoofing, man in the middle attacks, DNS spoofing and cache poisoning,
sniffing, Dsniff, and all sorts of vulnerabilities in web browsing and
TCP/IP that aren't Microsoft's fault and for which there are no patches.

It's true that Microsoft has been waiting to deploy their fix for an
unusually long time [I would guess they've already coded the fix a while
ago], but I have to imagine there's a reason for their decision to do this,
given the flack they've already received over this.

If the average user can't find his way to Windows Update, despite having the
windows update agent installed and an icon right on his start menu, then
that average user is going to be vulnerable to all sorts of things no matter
what OS and browser he's running and what patches the vendor does or doesn't
release. [It also sounds like you're demanding that Microsoft release a
patch to protect its customers, but then state that most customers probably
wouldn't be able to install the patch if one was available.]

Anyways, security isn't just patches. A user that can't read articles on
how to be secure is going to fall for phishing. It's not really the best
idea to verify the identity of web sites by using the Address: field in the
browser, period.



  #9  
Old January 25th 04, 06:41 PM
kurttrail
external usenet poster
 
Posts: n/a
Default MicroMonopoly aids Terrorism?

Karl Levinson [x y] mvp wrote:

"kurttrail" wrote in
message ...
Mike Brannigan [MSFT] wrote:

see
http://support.microsoft.com/?id=833786
For advice and guidance on protecting yourself from these sites.


Oh yeah! The average computer illiterate is lucky if he find his
way to Windows Update, let alone some obscure support document
hidden among tens of thousands of other ones.


That's exactly why this IE URL spoofing issue is a whole lot of
nothing. The average computer illiterate is going to fall for
phishing whether or not the URL is spoofed using this issue or
another issue or isn't spoofed at all. I can think of a lot of ways
to spoof a URL for which there is no patch and for which multiple
browsers are vulnerable. The average person would trust a popup
window that doesn't even have a URL field in the window, or that uses
the http://user@domain URL spoof, and then there's ARP spoofing, man
in the middle attacks, DNS spoofing and cache poisoning, sniffing,
Dsniff, and all sorts of vulnerabilities in web browsing and TCP/IP
that aren't Microsoft's fault and for which there are no patches.

It's true that Microsoft has been waiting to deploy their fix for an
unusually long time [I would guess they've already coded the fix a
while ago], but I have to imagine there's a reason for their decision
to do this, given the flack they've already received over this.

If the average user can't find his way to Windows Update, despite
having the windows update agent installed and an icon right on his
start menu, then that average user is going to be vulnerable to all
sorts of things no matter what OS and browser he's running and what
patches the vendor does or doesn't release. [It also sounds like
you're demanding that Microsoft release a patch to protect its
customers, but then state that most customers probably wouldn't be
able to install the patch if one was available.]

Anyways, security isn't just patches. A user that can't read
articles on how to be secure is going to fall for phishing. It's not
really the best idea to verify the identity of web sites by using the
Address: field in the browser, period.


You have every right to your opinion, unfortunately not everybody is as
computer literate as you, and just wouldn't expect that the address bar
would display anything other than the site of the web page that they
navigated to. Hell, I bet there are a lot of people that have only heard of
the term "phishing" in passing and think it's some reference to the band
Phish, and aren't aware that it's talking about scamming them.

It's MS's flaw that's being used to help validate a scam, or potentially
much worse considering the source of the scam.

This needs to addressed immediately, and not wait to be part of some IE
rollup patch. MS needs to stop dragging it's heels. And there should be an
official investigation in MS glacial pace of supplying a fix, and into how
their Monopoly OS is actually a menace to the general public's computer
security.

--
Peace!
Kurt
Self-anointed Moderator
microscum.pubic.windowsexp.gonorrhea
http://microscum.com
"Trustworthy Computing" is only another example of an Oxymoron!
"Produkt-Aktivierung macht frei!"


  #10  
Old January 25th 04, 09:01 PM
Robert Moir
external usenet poster
 
Posts: n/a
Default MicroMonopoly aids Terrorism?

kurttrail wrote:

You have every right to your opinion, unfortunately not everybody is
as computer literate as you, and just wouldn't expect that the
address bar would display anything other than the site of the web
page that they navigated to.


I think the point is that too many people don't look at URLs anyway.

It's MS's flaw that's being used to help validate a scam, or
potentially much worse considering the source of the scam.


IIRC there was some talk at the time that mozilla also had a (much less
severe) problem with these kinds of URLs.

This needs to addressed immediately, and not wait to be part of some
IE rollup patch. MS needs to stop dragging it's heels.


If I thought they were waiting to include it in a roll-up fix then I
would/will agree with you. I've not seen anything pointing to that myself,
I'm assuming that fixing this is more trouble than it appeared at first and
they've had to go back to it a couple of times.

And there
should be an official investigation in MS glacial pace of supplying a
fix,


Official on the part of whom? Who has jurisdiction here? I can't help think
you are over-reacting a little Kurt. Of course, I am not going to tell you
that you are not entitled to your opinion, I'm just advancing the reasons
why I don't feel the same.

and into how their Monopoly OS is actually a menace to the
general public's computer security.


How about an investigation into how the general public is a menace to their
own computer security?

There are plenty of scams and worms out there which do _not_ rely on an OS
exploit to spread and they are among the most "popular".


--
--
Rob Moir, Microsoft MVP for servers & security
Website - http://www.robertmoir.co.uk
Virtual PC 2004 FAQ - http://www.robertmoir.co.uk/win/VirtualPC2004FAQ.html

Kazaa - Software update services for your Viruses and Spyware.


  #11  
Old January 26th 04, 01:21 AM
kurttrail
external usenet poster
 
Posts: n/a
Default MicroMonopoly aids Terrorism?

Robert Moir wrote:

kurttrail wrote:

You have every right to your opinion, unfortunately not everybody is
as computer literate as you, and just wouldn't expect that the
address bar would display anything other than the site of the web
page that they navigated to.


I think the point is that too many people don't look at URLs anyway.


Says you. And if it really is true, is that a good enough reason for
accepting MS's slacking?

It's MS's flaw that's being used to help validate a scam, or
potentially much worse considering the source of the scam.


IIRC there was some talk at the time that mozilla also had a (much
less severe) problem with these kinds of URLs.


Pray tell, like what? I overheard these two people talking once, and you
know what, they were saying that GW Bush is really Gay!

This needs to addressed immediately, and not wait to be part of some
IE rollup patch. MS needs to stop dragging it's heels.


If I thought they were waiting to include it in a roll-up fix then I
would/will agree with you. I've not seen anything pointing to that
myself, I'm assuming that fixing this is more trouble than it
appeared at first and they've had to go back to it a couple of times.


http://www.iss.net/support/product_utilities/

Didn't seem so hard for these guys! MS could license it from them. What's
more important MS's customers security, or MS releasing their own in-house
developed patch?

And there
should be an official investigation in MS glacial pace of supplying a
fix,


Official on the part of whom? Who has jurisdiction here?


US Gov't. MS is still an American company. The Justice Dept. or even
Homeland Security, since it's MS's OS that has been the one that has been
exploited, time & again, at the expense of the security of the general
public.

Melissa, Code Red, Slammer, Blaster, Sobig, Swen, Bagle. It's MS's
fat-assed monopoly target that's putting the general public at risk. And
now MS is dragging of their feet on this address bar exploit! How many
times does a target have to get hit before ya'll wake up and smell the
coffee?!

I can't help
think you are over-reacting a little Kurt. Of course, I am not going
to tell you that you are not entitled to your opinion, I'm just
advancing the reasons why I don't feel the same.


Had this been the first or second time, you might be right. The
over-reaction is now is hiding your head in the sand and hoping that it will
all blow over, after time and again MS's Holey Software gets exploited at
the expense of the general public.

and into how their Monopoly OS is actually a menace to the
general public's computer security.


How about an investigation into how the general public is a menace to
their own computer security?


I ain't there fault that MS OS is the target of every computer literate
loonie on the effin' planet.

Are you telling me no one has ever pulled the wool over your eyes?
Everybody is a potential sucker, even the members of MENSA, but so many
people wouldn't be suckered with any one computer nasty, if MS wasn't the
only real OS choice for the Desktop.

There are plenty of scams and worms out there which do _not_ rely on
an OS exploit to spread and they are among the most "popular".


That's total BS, almost all of them rely on running on one company's OS.
And that's the biggest security hole in this nation's computer security.
Yes, there are some pests made for some other server OSs, but they've had a
totally negligible impact on the overall general public computer security,
and only helps to prove that having multiple OSs in the server market, helps
to diminish the effect of viruses and the like, on the public. A desktop OS
market with 5 or 10 players would be intrinsically much more secure for the
country, and the world as a whole, than having one big, fat target that
can't help from getting hit over & over & over & over & over again.

Wake up and smell the coffee, coppertops, because soon it will be just some
burned black crud at the bottom of the pot.

--
Peace!
Kurt
Self-anointed Moderator
microscum.pubic.windowsexp.gonorrhea
http://microscum.com
"Trustworthy Computing" is only another example of an Oxymoron!
"Produkt-Aktivierung macht frei!"


  #12  
Old January 26th 04, 01:41 AM
Jupiter Jones [MVP]
external usenet poster
 
Posts: n/a
Default MicroMonopoly aids Terrorism?

Take a closer look at your list.
Many of those such as Blaster would have been a non issue if users had
simply used the patch that was available for weeks before Blaster came
on the scene.

It largely comes back to the users.
If the user will not properly protect their computer especially when
given a few weeks notice, their is little that can be done.
In your narrow minded way, you choose to focus all the blame on
Microsoft.
Your infantile website is a testament to you and your misguided ideas.

--
Jupiter Jones [MVP]
An easier way to read newsgroup messages:
http://www.microsoft.com/windowsxp/p...oups/setup.asp
http://www3.telus.net/dandemar/


"kurttrail" wrote in
message
Garbage snipped

Melissa, Code Red, Slammer, Blaster, Sobig, Swen, Bagle. It's MS's
fat-assed monopoly target that's putting the general public at risk.

And
now MS is dragging of their feet on this address bar exploit! How

many
times does a target have to get hit before ya'll wake up and smell

the
coffee?!

More of your garbage snipped
--
Peace!
Kurt
Self-anointed Moderator
microscum.pubic.windowsexp.gonorrhea
****************
"Trustworthy Computing" is only another example of an Oxymoron!



  #13  
Old January 26th 04, 02:01 AM
kurttrail
external usenet poster
 
Posts: n/a
Default MicroMonopoly aids Terrorism?

Jupiter Jones [MVP] wrote:

Take a closer look at your list.
Many of those such as Blaster would have been a non issue if users had
simply used the patch that was available for weeks before Blaster came
on the scene.


They are total non-issues for Linux or UNIX users.

It largely comes back to the users.


No, it comes down to having only one Desktop OS target.

If the user will not properly protect their computer especially when
given a few weeks notice, their is little that can be done.


If there were multiple Desktop OS in the PC market, less people at any given
time would be affected by any one computer nasty.

In your narrow minded way, you choose to focus all the blame on
Microsoft.


They are the one's who have been proven to use predatory monopolistc tactics
to maintain their Desktop OS monopoly. And it's their big fat target that
keeps getting hit.

Multiple targets are just plain safer than one big target.

Please try to explain to everyone how having only one big target of an OS is
safer for society as a whole, if you disagree with my previous sentence.

Your infantile website is a testament to you and your misguided ideas.


Thanks you! You just don't know how much it pleases me to know, that my web
site upsets you so, that you have to express your opinion of it with no
prompting on my part whatsoever.

Melissa, Code Red, Slammer, Blaster, Sobig, Swen, Bagle. It's MS's
fat-assed monopoly target that's putting the general public at risk.
And now MS is dragging of their feet on this address bar exploit!
How many times does a target have to get hit before ya'll wake up
and smell the coffee?!

More of your garbage snipped


Have a nice day!

--
Peace!
Kurt
Self-anointed Moderator
microscum.pubic.windowsexp.gonorrhea
http://microscum.com
"Trustworthy Computing" is only another example of an Oxymoron!
"Produkt-Aktivierung macht frei!"


  #14  
Old January 26th 04, 04:21 AM
Karl Levinson [x y] mvp
external usenet poster
 
Posts: n/a
Default MicroMonopoly aids Terrorism?


"kurttrail" wrote in message
...

Take a closer look at your list.
Many of those such as Blaster would have been a non issue if users had
simply used the patch that was available for weeks before Blaster came
on the scene.


They are total non-issues for Linux or UNIX users.


Riiiight, Linux, Unix and OpenBSD have zero vulnerabilities.

Right, Linux has fewer vulnerabilities than Windows.

Right, users that can't configure and patch Windows would magically be able
to keep Linux secure.

Right, Linux web servers are hacked less frequently than Windows web servers
according to www.zone-h.org

No, it comes down to having only one Desktop OS target.


Right, switching to Linux or more than one desktop OS makes companies more
secure / easier to secure.

If there were multiple Desktop OS in the PC market, less people at any

given
time would be affected by any one computer nasty.


Multiple targets are just plain safer than one big target.


Riiiiiight. Maybe if www.debian.org was running some Windows servers, they
wouldn't have been hacked a few months ago.

In the past 12 months, Microsoft, Linux, Cisco and others all had highly
critical remote vulnerabilities discovered that required patches. And *nix
already owns the lions share of web servers. So how would switching to
heterogeneous OS environments do anything to increase security or reduce
support costs? Or would it actually increase support costs, double or
triple the amount of work and patches required, and increase the likelihood
that a company would make critical security mistakes that lead to a
compromise?

Sure, like you, I find it puzzling that Microsoft hasn't released a patch
for the IE URL issue yet. But that doesn't make your pro-*nix statements
above true.



  #15  
Old January 26th 04, 05:41 AM
Jupiter Jones [MVP]
external usenet poster
 
Posts: n/a
Default MicroMonopoly aids Terrorism?

I never said I was upset.
Why do you continually feel the need to project your own feelings on
others?
I simply consider the source Kurt!

--
Jupiter Jones [MVP]
An easier way to read newsgroup messages:
http://www.microsoft.com/windowsxp/p...oups/setup.asp
http://www3.telus.net/dandemar/


"kurttrail" wrote in
message news:%23L$%
Your gasrbage snipped
Thanks you! You just don't know how much it pleases me to know,

that my web
site upsets you so, that you have to express your opinion of it with

no
prompting on my part whatsoever.

More garbage snipped
Peace!
Kurt
Self-anointed Moderator
microscum.pubic.windowsexp.gonorrhea
**************
"Trustworthy Computing" is only another example of an Oxymoron!
"Produkt-Aktivierung macht frei!"




 




Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is Off
HTML code is Off






All times are GMT +1. The time now is 04:38 AM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright ©2004-2024 PCbanter.
The comments are property of their posters.