lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 8 May 2008 12:52:30 -0500 From: "J. Oquendo" <sil@...iltrated.net> To: Paul Schmehl <pauls@...allas.edu> Cc: full-disclosure@...ts.grok.org.uk, butraq@...urityfocus.com Subject: Re: Microsot DID DISCLOSE potential Backdoor > Of course, with the weasel words "may have", "inadvertently" and > "potential", you can always claim you never really said that, but you know > exactly what the reader will take away from that headline - "What??? > Microsoft installed a backdoor on my computer????" > Microsoft installed a backdoor on my computer????" > Then you make this amazing leap of "logic". This is your interpretation my CORRELATION. If it did not obtain info from MSRT how would have MS created the Botnet tool. I'm not making any amazing leaps of anything other then correlation. If they didn't they shouldn't have mentioned it in the article. You don't see any Ferrari mechanics start talking about Ferrari engines in a mechanics article, and next paragraph talk about speed and not correlate it with a Ferraris that would be insanely stupid. "Gee Wilbur I don't mean Ferrari I meant a Yugo." > So, in one "sentence" you tie the MSRT to the botnet buster and go from "it > sends data" to "it spies on you". Nice try, but you're not fooling anyone > except fools. How did I tie anything. Microsoft implies this in their article in MY interpretation. Again, I don't know about you but I've never had the exposure you have to see someone do so. > BTW, a backdoor program is something that allows me to access your computer > without your knowledge any time I want to, not a program that sends me > information whenever you choose to run it *if* you choose to send it. > Again, nice try, but you're not fooling anyone except fools and conspiracy > theorists. And you're the architect of this definition? I used the Wiki entry: / READ A backdoor in a computer system (or cryptosystem or algorithm) is a method of bypassing normal authentication, securing remote access to a computer, obtaining access to plaintext, and so on, while attempting to remain undetected. The backdoor may take the form of an installed program (e.g., Back Orifice), or could be a modification to an existing program or hardware device. / END READ I don't know about you but one, I never agreed to share the information with MS in the first place. THEY IMPOSED IT. And your argument about removing it is MOOT. This is my MAIN RANT. ASK ME BEFOREHAND DON'T ASSUME I AM YOUR GUINEA PIG. Does this register logically to anyone else. The argument here isn't about what MS is actually doing with the information, if they told me beforehand I would have the OPTION to provide information. I wouldn't have had it shoved down my throat because Microsoft is trying to assist LEA. You're missing the entire GIST of it. If you understood more about me, you would have known better to label this as theorist or alarmist. Facts are facts. Is MS obtaining info from my machine YES Is MS passing information obtained from my machine to LEA YES. Is it identifiable. YES IP IS USED AS AN IDENTIFIER either way you cut it. I could care less whether or not if they are or aren't using the information. FACT LEA WILL ATTEMPT TO IDENTIFY YOU VIA IP. FACT YOU ARE IDENTIFIED IN THE FORM OF AN IP THE MOMENT YOU CONNECT. You CONNECTED did the packets get there via RFC2549. FACT. Did MS ever notify me they would be sharing information NO. FACT. We could copy and paste until the cows come home. I stand by what I state and at this point its a matter of interpretation. You can infer what you'd like by my FACTS but they are what they are according to what was disclosed by Microsoft NOT ME. -- =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ J. Oquendo SGFA #579 (FW+VPN v4.1) SGFE #574 (FW+VPN v4.1) "Experience hath shewn, that even under the best forms (of government) those entrusted with power have, in time, and by slow operations, perverted it into tyranny." Thomas Jefferson wget -qO - www.infiltrated.net/sig|perl http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x3AC173DB _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists