lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Tue, 18 May 2010 08:31:08 -0700
From: "Thor (Hammer Of God)" <thor@...merofgod.com>
To: Christian Sciberras <uuf6429@...il.com>
Cc: "full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk>
Subject: Re: Windows' future (reprise)

All I saw was "sent from my HTC" from him.  Maybe I'm glad I missed  
it ;)



On May 18, 2010, at 8:15 AM, Christian Sciberras <uuf6429@...il.com>  
wrote:

> Thor,
>
> Sorry, I didn't make my points clear enough. I was replying  
> sarcastically to Cassidy's remarks and asking him to prove his claims.
>
> Regards.
>
>
> On Tue, May 18, 2010 at 4:40 PM, Thor (Hammer of God) <Thor@...merofgod.com 
> > wrote:
> What messages warning you from using Windows?  I certainly hope you  
> do not have me confused with the OP – I already used the term  
> “hysteria” to describe his ideas and subsequent recommendations.   
> The entire premise is fatally flawed, and the subsequent replies sho 
> w a level of ignorance that I have not seen in a “professional”  
> security person in some time.   It’s not surprising to see that the  
> background of his site “remains blackened in protest against the man 
> y illegal and unethical activities of the USA.”  Hysterical indeed.
>
>
>
> In fact, this thread has inspired me to add a new section to the  
> Hammer of God website (currently undergoing major renovation) called 
>  “Tard of the Month”  where I’ll take claims like the one  
> submitted by the OP and basically… well, you know what I’ll do.
>
>
>
> I just want to make sure you understand that *I* didn’t have anythin 
> g do with any ludicrous comments about abandoning the Windows platfo 
> rm because all the oxygen in my computer was being consumed by what  
> Symantec notes as “new threats.”
>
>
>
> t
>
>
>
> From: Christian Sciberras [mailto:uuf6429@...il.com]
> Sent: Tuesday, May 18, 2010 3:40 AM
> To: Cassidy MacFarlane
> Cc: Thor (Hammer of God); full-disclosure@...ts.grok.org.uk
>
>
> Subject: Re: [Full-disclosure] Windows' future (reprise)
>
>
> Happens they are completely unrelated stories. Also happens that I  
> won't fall for someone's hysteria from using windows.
>
> By the way, I don't know you, but I would depend on the _fact_ that  
> I've been using a product without a hitch rather then someone's  
> claims that the said product will fall in a year's time.
>
> By the way, I think it would do you a lot of good if you quote  
> Thor's messages warning us from using Windows etc.
>
> If you only have a troll's remarks to add, then leave the discussion.
>
> As of this time, there is only one huge security risk all  
> researchers agree on; human error aka people's stupidity....
>
>
>
>
>
> On Tue, May 18, 2010 at 11:01 AM, Cassidy MacFarlane <Cassidy.MacFarlane@...ntmanagement.co.uk 
> > wrote:
>
> Sent from my HTC
>
>
> -----Original Message-----
> From: Thor (Hammer of God) <Thor@...merofgod.com>
>
> Sent: 15 May 2010 21:59
> To: full-disclosure@...ts.grok.org.uk <full-disclosure@...ts.grok.org.uk 
> >
> Subject: Re: [Full-disclosure] Windows' future (reprise)
>
> No, It's Tim Mullen.  No "Bill" here.
>
> No, I don't misunderstand:  You said "You may recall that last year,  
> the average annual growth rate of new threats (as defined by  
> Symantec) was 243%.  This enabled me to predict that the number of  
> new threats in this year's Symantec Threat Report would be 243% of  
> last years."  IOW, you took what Symantec's numbers were for one  
> year, and guessed they would be the same for this year, and then  
> posted how you were almost right.  Congratulation, you can make  
> statements in the obvious.
>
> You people really need to get your stories straight.  Isn't there  
> some club or something you guys can join to at least sync up your  
> talking points?   First we hear about how AV is stupid, unneeded,  
> useless, a waste of money, and if you install it then you are  
> ignorant.  Then we hear about how some people can "bypass AV" using  
> kernel hooks on windows XP and call it an "8.0 Earthquake."  Now you  
> come out and say that you predict that AV will not be able to keep  
> up with these new "threats" and that people must stop using Windows  
> as a result since Windows "is not likely of producing any secure  
> version of anything anytime soon."
>
>
> Then you blithe on about how people should "avoid any software that  
> locks them into a Microsoft Platform like the plague" and  
> specifically note .NET for businesses but of course fail to provide  
> any examples of where they should go, or any real advice on your  
> "mitigation strategy."
>
> What it is about .NET that should be avoided like the plague?  Wait,  
> before you answer that, let's make sure you are qualified to  
> answer.  One must assume that you are an expert .NET developer and  
> that you have keen insight into the very foundation of the platform  
> in order to know unequivocally that it should not be used under any  
> circumstances.   Please give us some code examples of your .NET  
> projects where it failed so miserably, even given your expertise,  
> and then provide the "proper" secure solution in your magic TardWare  
> solution.  Certainly someone speaking with such authority on the  
> matter can come up with examples in no time.
>
> Additionally, you've clearly performed migration engagements for  
> these people you "advise."  Please let us know what the actual  
> migration plan was, and how you have so brilliantly created a one- 
> off cost migration path.  I'm really interested in the details about  
> that.  I would particularly like to know what authentication  
> infrastructure you would build to support secure enterprise-based  
> services, your solution for client access and administration, and  
> your overall network concepts.  Also, what is your preferred  
> replacement for .NET again?  Details on your SDL process would be  
> fantastic as well.
>
> You've got a great opportunity to really contribute to the industry  
> by providing us with your qualifications and subsequent solutions to  
> these problems, so I'm really looking forward to seeing what you  
> have to say on the matter beyond "Symantec said we'd have this  
> amount of growth, so I said that too, and I was almost right.  And  
> since I was almost right, it is imperative to drop all Windows  
> products and re-write all of your .NET code immediately because AV  
> won't be able to keep up with it."
>
> t
>
> -----Original Message-----
> From: full-disclosure-bounces@...ts.grok.org.uk [mailto:full- 
> disclosure-bounces@...ts.grok.org.uk] On Behalf Of lsi
>
> Sent: Saturday, May 15, 2010 1:07 PM
> To: full-disclosure@...ts.grok.org.uk
> Subject: Re: [Full-disclosure] Windows' future (reprise)
>
> Is that you, Bill?
>
> I think you misunderstand.  9 months ago, I measured the growth rate  
> at 243%, using Symantec's stats.  9 months ago I posted that number  
> here, together with a prediction of this year's stats.  Recently, I  
> got this year's stats and compared them with that prediction.  I  
> found that this prediction was 75.4% accurate.  I am now reporting  
> those results back to the group.  And this is trolling how?
>
> My point is that the prediction was not wildly wrong, and so that  
> leads me to wonder if anything else I said, 9 months ago, was also  
> not wildly wrong.
>
> My main reason for claiming that Windows is inherently insecure is  
> because it's closed source.  However it's also because of the  
> sloppy, monolithic spaghetti code that Windows is made of.  If  
> you're claiming Windows is in fact inherently secure, I assume this  
> means you don't use AV on any of your Windows machines, and advise  
> everyone you know to uninstall it?
>
> I never said migration would be free or easy.  That is why I am  
> posting this data here, because I see it as a vulnerability, a very  
> big vulnerability that many companies have not woken up to.  The  
> very fact that migration is hard, lengthy, and expensive, means that  
> the vulnerability is larger than ever.
>
> Stu
>
>
> On 15 May 2010 at 14:40, Thor (Hammer of God) wrote:
>
> From:                   "Thor (Hammer of God)" <Thor@...merofgod.com>
>
> To:                     "full-disclosure@...ts.grok.org.uk" <full-
>
> disclosure@...ts.grok.org.uk>
>
> Date sent:              Sat, 15 May 2010 14:40:29 +0000
>
> Subject:                Re: [Full-disclosure] Windows' future  
> (reprise)
>
> > I am constantly amazed at posts like this where you make yourself  
> sound like some sort of statistical genius because you were "able to  
> predict" that since last year was %243, that this year would be  
> %243.  Wow.  Really?
> >
> > And for the record, these claims of 'inherent insecurity' in  
> Windows are simply ignorant.  If you are still running Windows 95  
> that's your problem.  Do a little research before post assertions  
> based on 10 or 20 year old issues.
> >
> > This smacks of the classic troll, where you say things like  
> "nothing that Microsoft makes is secure and it never will be" and  
> then go on to say how easy it is to migrate, and how it's free, with  
> only a one off cost, and how to move off of .NET.
> >
> > Obvious "predictions," ignorant assumptions, and a total lack of  
> any true understanding of business computing.  Yep, "troll."
> >
> > t
> >
> > -----Original Message-----
> > From: full-disclosure-bounces@...ts.grok.org.uk [mailto:full- 
> disclosure-bounces@...ts.grok.org.uk] On Behalf Of lsi
> > Sent: Saturday, May 15, 2010 6:12 AM
> > To: full-disclosure@...ts.grok.org.uk
> > Subject: [Full-disclosure] Windows' future (reprise)
> >
> > Hi All!
> >
> > Just a followup from my posting of 9 months ago (which can be found
> > here):
> >
>
> > http://www.mail-archive.com/full-disclosure@lists.grok.org.uk/msg37173.html
>
> >
> > Symantec have released "Internet Security Threat Report: Volume XV:
> > April 2010".  My posting from last year was based on the previous  
> "Internet Security Threat Report: Volume XIV: April 2009".  So I  
> thought it would be interesting to check my numbers.  The new  
> edition of the Threat Report is here:
> >
> > http://www4.symantec.com/Vrt/wl?tu_id=SUKX1271711282503126202
> >
> > You may recall that last year, the average annual growth rate of  
> new threats (as defined by Symantec) was 243%.  This enabled me to  
> predict that the number of new threats in this year's Symantec  
> Threat Report would be 243% of last years; eg. I predicted 9 months  
> ago the number of new threats in this year's Symantec Threat Report  
> would be 243% * 1656227, or 3840485.87.
> >
> > The actual number of new threats in this year's Symantec Threat  
> Report is 2895802, an error on my part of 24.6%.
> >
> > This is quite a chunk, however it is not that far off.  My excuses:
> >
> > - my number was based on averages, so it will never be exact.   
> There will be a natural variance in the growth rate, caused by many  
> factors.
> >
> > - in the new edition, Symantec have altered the raw data a little  
> - the number of new threats for 2009, 2008, 2007 etc is slightly  
> different to those same years, as listed in the previous version of  
> the report.  I have not updated my projection to allow for this.
> >
> > - Symantec note that "The slight decline in the rate of growth  
> should not discount the significant number of new signatures created  
> in 2009. Signature-based detection is lagging behind the creation of  
> malicious threats..." (page 48).
> >
> > Am I retreating from my position?  Absolutely not.  I am now  
> expecting the number of new threats in next years' report to be  
> 7036798.86. This is 2895802 * 243%.  This includes the error  
> introduced by Symantec's changes to the raw data.  I don't think it  
> matters much.
> >
> > As this flood of new threats will soon overpower AV companies'
> > ability to catalogue them (by 2015, at 243% growth, there will be
> > 2.739 MILLION new threats PER DAY (over 1900 new threats per  
> minute)), and as Symantec admits above that "signature-based  
> detection is lagging", and as Microsoft are not likely to produce a  
> secure version of anything anytime soon, I am not at all hopeful of  
> a clean resolution to this problem.
> >
> > I continue to advise that users should, where possible, deploy  
> alternatives; that they should, if they have not already, create and  
> action a migration strategy; and that they should avoid like the  
> plague, any software which locks them into a Microsoft platform.
> > Business .NET applications, I'm lookin' at you.
> >
> > Those failing to migrate will discover their hardware runs slower  
> and slower, while doing the same job as it did previously.  They  
> will need to take this productivity hit, OR buy a new computer,  
> which will also eventually surcumb to the same increasing slowness.   
> They will need to buy new machines more and more frequently.   
> Eventually, they will run out of money - or, for the especially deep- 
> pocketed, they will find they cannot deploy the new machines fast  
> enough, before they are already too slow to use.  The only  
> alternative to this treadmill is to dump Windows.  The sooner it is  
> dumped, the less money is wasted buying new hardware, simply to keep  
> up with security- induced slowness.
> >
> > Why spend all that time and money on a series of new Windows  
> machines, without fixing the actual problem, which is the inherent  
> insecurity of Windows?  People can spend the same time and money  
> replacing Windows, and then they won't need to worry about the  
> problem any more.  The difference is that sticking with Windows  
> incurs ongoing and increasing costs, while a migration incurs a one-  
> off cost.
> >
> > I don't think it takes a genius to see which approach will cost  
> less.
> >
> > Notes:
> > - see page 10 of the Volume XIV (2009) edition, and page 48 of  
> Volume XV (2010) edition, for the relevant stats
> >
> > - since my post of last year, I have also noticed a similar  
> exponential curve in the number of threats detected by Spybot Search  
> and Destroy (a popular anti-spyware tool). This curve can be seen
> > here:
> >
> > http://www.safer-networking.org/en/updatehistory/index.html
> >
> >  - my projection of growth rates up to 2016 (written last year) is
> > here:
> >
> > http://www.cyberdelix.net/files/malware_mutation_projection.pdf
> >
> > Comments welcome..
> >
>
> > Stu
> >
> > ---
> > Stuart Udall
> > stuart at@...erdelix.dot net - http://www.cyberdelix.net/
> >
> > ---
> >  * Origin: lsi: revolution through evolution (192:168/0.2)
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
>
>
>
> ---
> Stuart Udall
> stuart at@...erdelix.dot net - http://www.cyberdelix.net/
>
> ---
>  * Origin: lsi: revolution through evolution (192:168/0.2)
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
> www.grantmanagement.co.uk
>
> www.gmhelp.co.uk
>
> Please consider the environment before printing this email and any  
> attachments.
> This message and any files transmitted with it are confidential and  
> intended solely for the use of the individual or entity to whom they  
> are addressed. If you are not the intended recipient please  
> disregard and delete this message. Please note that any views or  
> opinions presented in this email do not necessarily represent those  
> of the company. Whilst this email and any attachment(s) have been  
> scanned for the presence of viruses, the company accepts no  
> liability for any damage caused by any virus transmitted by this  
> email.
>
> Company Registration: SC187301
> 14 Coates Edinburgh EH3 7AF
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ