Re: Firewall Software Recommendations?

[Bear Bottoms]

On Sat, 16 Feb 2008 04:54:48 -0600, Sebastian G. <seppi@seppig.de> wrote:

> shatter attacks

It is as easy as: Wikipedia:In computing, a shatter attack is a
programming technique employed by hackers on Microsoft Windows operating
systems that can be used to bypass security restrictions between processes
in a session. A shatter attack takes advantage of a design flaw in
Windows's message-passing system whereby arbitrary code could be injected
into any other running application or service in the same session, that
makes use of a message loop. This could result in a privilege escalation
exploit.

--
Bear Bottoms
Freeware Website http://bearware.info

[Gerald Vogt]

On Feb 16, 8:48 pm, "Bear Bottoms" <bearbotto...@gmai.com> wrote:
> On Sat, 16 Feb 2008 04:54:48 -0600, Sebastian G. <se...@seppig.de> wrote:
> > shatter attacks
>
> It is as easy as: Wikipedia:In computing, a shatter attack is a
> programming technique employed by hackers on Microsoft Windows operating
> systems that can be used to bypass security restrictions between processes
> in a session. A shatter attack takes advantage of a design flaw in
> Windows's message-passing system whereby arbitrary code could be injected
> into any other running application or service in the same session, that
> makes use of a message loop. This could result in a privilege escalation
> exploit.

If you stood in a library and someone came to you (assuming you are
not a librarian) and asked you for the name of the capital of
Timbuktu, you would run and go and pick the next encyclopedia, look it
up, copy it, and give it to the person in question? You would not just
wonder whether that person was a little bit crazy or wonder whether
that person thought you were a librarian and paid for that job? You
would not tell that person that it should check a encyclopedia??
Astonishing... ;-)

Gerald

[rodney.usenet@gmail.com]

On 16 feb, 13:06, Gerald Vogt <v...@spamcop.net> wrote:
> On Feb 16, 8:48 pm, "Bear Bottoms" <bearbotto...@gmai.com> wrote:
>
> > On Sat, 16 Feb 2008 04:54:48 -0600, Sebastian G. <se...@seppig.de> wrote:
> > > shatter attacks
>
> > It is as easy as: Wikipedia:In computing, a shatter attack is a
> > programming technique employed by hackers on Microsoft Windows operating
> > systems that can be used to bypass security restrictions between processes
> > in a session. A shatter attack takes advantage of a design flaw in
> > Windows's message-passing system whereby arbitrary code could be injected
> > into any other running application or service in the same session, that
> > makes use of a message loop. This could result in a privilege escalation
> > exploit.
>
> If you stood in a library and someone came to you (assuming you are
> not a librarian) and asked you for the name of the capital of
> Timbuktu, you would run and go and pick the next encyclopedia, look it
> up, copy it, and give it to the person in question? You would not just
> wonder whether that person was a little bit crazy or wonder whether
> that person thought you were a librarian and paid for that job? You
> would not tell that person that it should check a encyclopedia??
> Astonishing... ;-)

This is not a library, this is usenet.
FYI: Timbuktu is the captial of the region Timbuktu in Mali.

[Gerald Vogt]

On Feb 16, 9:53 pm, rodney.use...@gmail.com wrote:
> On 16 feb, 13:06, Gerald Vogt <v...@spamcop.net> wrote:
>
>
>
> > On Feb 16, 8:48 pm, "Bear Bottoms" <bearbotto...@gmai.com> wrote:
>
> > > On Sat, 16 Feb 2008 04:54:48 -0600, Sebastian G. <se...@seppig.de> wrote:
> > > > shatter attacks
>
> > > It is as easy as: Wikipedia:In computing, a shatter attack is a
> > > programming technique employed by hackers on Microsoft Windows operating
> > > systems that can be used to bypass security restrictions between processes
> > > in a session. A shatter attack takes advantage of a design flaw in
> > > Windows's message-passing system whereby arbitrary code could be injected
> > > into any other running application or service in the same session, that
> > > makes use of a message loop. This could result in a privilege escalation
> > > exploit.
>
> > If you stood in a library and someone came to you (assuming you are
> > not a librarian) and asked you for the name of the capital of
> > Timbuktu, you would run and go and pick the next encyclopedia, look it
> > up, copy it, and give it to the person in question? You would not just
> > wonder whether that person was a little bit crazy or wonder whether
> > that person thought you were a librarian and paid for that job? You
> > would not tell that person that it should check a encyclopedia??
> > Astonishing... ;-)
>
> This is not a library, this is usenet.

Correct. Google and Wikipedia are still just a click away.

> FYI: Timbuktu is the captial of the region Timbuktu in Mali.

I know. It is not extremely difficult to find out if you know how to
use Google. The wikipedia article is the first hit on google. Just
like it is the first hit for "shatter attack"...

Gerald

[Bear Bottoms]

On Sat, 16 Feb 2008 07:00:58 -0600, Gerald Vogt <vogt@spamcop.net> wrote:


>> This is not a library, this is usenet.
>
> Correct. Google and Wikipedia are still just a click away.
>
>> FYI: Timbuktu is the captial of the region Timbuktu in Mali.
>
> I know. It is not extremely difficult to find out if you know how to
> use Google. The wikipedia article is the first hit on google. Just
> like it is the first hit for "shatter attack"...
>
> Gerald

LOL...we are not in a Library, and if someone asked a question to a group
even in a Library...you would expect everyone in the group to go look it
up for themselves, rather than have one person easily present
it...astonishing.


--
Bear Bottoms
Freeware Website http://bearware.info

[Gerald Vogt]

On Feb 16, 10:09 pm, "Bear Bottoms" <bearbotto...@gmai.com> wrote:
> LOL...we are not in a Library, and if someone asked a question to a group
> even in a Library...you would expect everyone in the group to go look it
> up for themselves, rather than have one person easily present
> it...astonishing.

??? I never said that everyone nor anyone in the group should go and
look something up which is easily available. What you want is: If
someone asked a question in a library to a group you would expect
everyone in the group to go look it up for themselves rather than have
the person who asked easily look it up...

It is the expectation of many people in forums and the usenet that if
they have a question which could be easily answered by looking up in
the manual, google, wikipedia or similar they expect all people in the
group to look it up and at least a few of them present the answer.
Some even complain if you write them "see page 10 of the manual".

Gerald

[Bear Bottoms]

On Sat, 16 Feb 2008 17:40:09 -0600, Gerald Vogt <vogt@spamcop.net> wrote:

> On Feb 16, 10:09 pm, "Bear Bottoms" <bearbotto...@gmai.com> wrote:
>> LOL...we are not in a Library, and if someone asked a question to a
>> group
>> even in a Library...you would expect everyone in the group to go look it
>> up for themselves, rather than have one person easily present
>> it...astonishing.
>
> ??? I never said that everyone nor anyone in the group should go and
> look something up which is easily available. What you want is: If
> someone asked a question in a library to a group you would expect
> everyone in the group to go look it up for themselves rather than have
> the person who asked easily look it up...
>
> It is the expectation of many people in forums and the usenet that if
> they have a question which could be easily answered by looking up in
> the manual, google, wikipedia or similar they expect all people in the
> group to look it up and at least a few of them present the answer.
> Some even complain if you write them "see page 10 of the manual".
>
> Gerald

While that is a good point...it is not just about the person who asked.
Once the question is asked, a lot of people want to know...and if someone
does what (I'll grant you that) the op should have provided, IMO...is a
good thing. To just ***** at the op who should have provided it, still
leaves a gap and accomplishes very little beyond a *****.

--
Bear Bottoms
Freeware Website http://bearware.info

[rodney.usenet@gmail.com]

On 16 feb, 14:00, Gerald Vogt <v...@spamcop.net> wrote:
> On Feb 16, 9:53 pm, rodney.use...@gmail.com wrote:
>
> > On 16 feb, 13:06, Gerald Vogt <v...@spamcop.net> wrote:
>
> > > On Feb 16, 8:48 pm, "Bear Bottoms" <bearbotto...@gmai.com> wrote:
>
> > > > On Sat, 16 Feb 2008 04:54:48 -0600, Sebastian G. <se...@seppig.de> wrote:
> > > > > shatter attacks
>
> > > > It is as easy as: Wikipedia:In computing, a shatter attack is a
> > > > programming technique employed by hackers on Microsoft Windows operating
> > > > systems that can be used to bypass security restrictions between processes
> > > > in a session. A shatter attack takes advantage of a design flaw in
> > > > Windows's message-passing system whereby arbitrary code could be injected
> > > > into any other running application or service in the same session, that
> > > > makes use of a message loop. This could result in a privilege escalation
> > > > exploit.
>
> > > If you stood in a library and someone came to you (assuming you are
> > > not a librarian) and asked you for the name of the capital of
> > > Timbuktu, you would run and go and pick the next encyclopedia, look it
> > > up, copy it, and give it to the person in question? You would not just
> > > wonder whether that person was a little bit crazy or wonder whether
> > > that person thought you were a librarian and paid for that job? You
> > > would not tell that person that it should check a encyclopedia??
> > > Astonishing... ;-)
>
> > This is not a library, this is usenet.
>
> Correct. Google and Wikipedia are still just a click away.

I don't get the point. The wikipedia+google hint had been given before
in this thread by Sebastian G. What's wrong with another person giving
the answer ?

> > FYI: Timbuktu is the captial of the region Timbuktu in Mali.
>
> I know. It is not extremely difficult to find out if you know how to
> use Google.

Actually the info was still stored in my brain. High school.

> The wikipedia article is the first hit on google. Just
> like it is the first hit for "shatter attack"...

Yes, that's how I found out what it actually meant.
Speaking of attacks: Microsoft is trying to make something positive
out of worms.
I'm already looking forward to the MS-worm-SDK

http://technology.newscientist.com/a...are-fixes.html

[Bear Bottoms]

On Sat, 16 Feb 2008 06:06:37 -0600, Gerald Vogt <vogt@spamcop.net> wrote:

> On Feb 16, 8:48 pm, "Bear Bottoms" <bearbotto...@gmai.com> wrote:
>> On Sat, 16 Feb 2008 04:54:48 -0600, Sebastian G. <se...@seppig.de>
>> wrote:
>> > shatter attacks
>>
>> It is as easy as: Wikipedia:In computing, a shatter attack is a
>> programming technique employed by hackers on Microsoft Windows operating
>> systems that can be used to bypass security restrictions between
>> processes
>> in a session. A shatter attack takes advantage of a design flaw in
>> Windows's message-passing system whereby arbitrary code could be
>> injected
>> into any other running application or service in the same session, that
>> makes use of a message loop. This could result in a privilege escalation
>> exploit.
>
> If you stood in a library and someone came to you (assuming you are
> not a librarian) and asked you for the name of the capital of
> Timbuktu, you would run and go and pick the next encyclopedia, look it
> up, copy it, and give it to the person in question? You would not just
> wonder whether that person was a little bit crazy or wonder whether
> that person thought you were a librarian and paid for that job? You
> would not tell that person that it should check a encyclopedia??
> Astonishing... ;-)
>
> Gerald

LOL...we are not in a Library, and if someone asked a question to a group
even in a Library...you would expect everyone in the group to go look it
up for themselves, rather than have one person easily present
it...astonishing.

--
Bear Bottoms
Freeware Website http://bearware.info

[Edward S Ferrara]

On Sat, 16 Feb 2008 04:06:37 -0800, Gerald Vogt wrote:

> On Feb 16, 8:48 pm, "Bear Bottoms" <bearbotto...@gmai.com> wrote:
>> On Sat, 16 Feb 2008 04:54:48 -0600, Sebastian G. <se...@seppig.de>
>> wrote:
>> > shatter attacks
>>
>> It is as easy as: Wikipedia:In computing, a shatter attack is a
>> programming technique employed by hackers on Microsoft Windows
>> operating systems that can be used to bypass security restrictions
>> between processes in a session. A shatter attack takes advantage of a
>> design flaw in Windows's message-passing system whereby arbitrary code
>> could be injected into any other running application or service in the
>> same session, that makes use of a message loop. This could result in a
>> privilege escalation exploit.
>
> If you stood in a library and someone came to you (assuming you are not
> a librarian) and asked you for the name of the capital of Timbuktu, you
> would run and go and pick the next encyclopedia, look it up, copy it,
> and give it to the person in question? You would not just wonder whether
> that person was a little bit crazy or wonder whether that person thought
> you were a librarian and paid for that job? You would not tell that
> person that it should check a encyclopedia?? Astonishing... ;-)
>
> Gerald

Actually I might. I also think the purpose of read news is the exchange
of information... It seems this topic touches a nerve. I do agree that
Wickipedia is a good place to have questions like "What is a shatter
attack answered..." I still think it always pays to be helpful.

Ed

Ed