From: booger at unixclan.net (security snot)
Subject: Computer Sabotage by Microsoft

People also overlook that Mr. Esser initially complained about Microsoft
not taking the vulnerability seriously, and now he's crying about them
taking it seriously.

How unfortunate, that his disclosure of the problem lead to the problem
being fixed.

Perhaps the lesson learned here is to not brag about 0day and provide the
public with details concerning the 0day, if you want to be able to
continue using said 0day.

Just my two cents or whatever.

-----------------------------------------------------------
"Whitehat by day, booger at night - I'm the security snot."
- CISSP / CCNA / A+ Certified - www.unixclan.net/~booger/ -
-----------------------------------------------------------

On Fri, 12 Sep 2003, Chris Wanstrath wrote:

> For some reason, it seems the fact that Stefan subscribes to Xbox Live
> and connected to their server is being overlooked by all but a few.
> This is a service offered by Microsoft that one pays to subscribe for.
> Every persistent online game I can think of auto-patches you.  Earth &
> Beyond, Planetside, Star Wars: Galaxies, etc.  That's the way it is
> because that is what you agree to in order to get everyone constantly on
> the same playing field.  You paid for a subscription to Xbox Live, you
> gave them permission to modify your dashboard to connect, and you
> connected.  It's not like you plugged in your Xbox fresh out of the
> wrapping and it started downloading like crazy... People cheat on Xbox
> Live, and if the font overflow is in any possibility way to cheat, then
> that's why it was taken out.  Granted, I don't know that for sure.  I
> don't know if any of the font/MA/AUF overflows specifically allow
> cheating on Live, but I'm sure Microsoft would say so if you asked them.
>
>
> It just seems unlikely under any jurisdiction that the argument, "I
> bought Xbox Live, connected to their servers, signed up for an account,
> and was auto-patched" would hold much weight.  Microsoft is offering you
> the Live service and you are agreeing that, in order to connect, you
> will allow them to consistently update your software.
>
> I'm not saying any of this is right, but I doubt that this formula will
> change because we're talking about console games.  The console game
> business is very different from the computer game business.  As I'm sure
> most everyone knows, console makers actually lose money on every
> physical console they sell because they aren't selling simply a box;
> they are selling a channel in which you can be marketed a wider array of
> goods than you could have before you bought it.  In a literal sense,
> that's how things like DVD players are, too, but when Microsoft is paid
> a licensing fee for every Xbox title and gets royalties on every game
> sold, they get tons of profit where DVD manufacturers and other
> electronics companies don't.  When you get an Xbox, you are then
> presented with the opportunity to play and, more importantly, BUY all
> kinds of games.  Same with the Playstation 2.  Microsoft doesn't like
> people like Stefan because they use their Xboxes in ways that could
> potentially end their buying.  Microsoft takes a loss on this because
> they lost money when they sold the console and now they're not going to
> recover it through the games, or lack thereof, the hacker buys.  This is
> the reason Microsoft will do whatever it wants to your Xbox, and the way
> Sony will do the same thing when they are in the position to.
>
> Modding will always be the enemy of console makers because it is seen as
> a way to not just pirate games but end your dependence on the console
> company.
>
> --
> Chris Wanstrath : chrisw@...ci.rr.com
> LW Consulting   : www.lw-consulting.com
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>

Powered by blists - more mailing lists