lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <BF76007EDD30A74795F2CCA49FA01C8C4C2FC1@001sv30021.corp.info1team.com>
From: jnoble at info1team.com (Noble, Jim)
Subject: The MSBlast Conspiracy Theory

Lawsuits?

Read your shrink wrap agreement, you own the liability of the software
and any data that you create with it...

Nice theory, but it doesn't hold water.

That would be the same as saying that since the car you purchased wasn't
made to filter sugar out of the gas tank, that an attack on the entire
fuel storage in the world be the fault of the car manufacturer.

-
Arcturus...
Network & Security Director
CISSP, CCSE+, CNX

===================================
CONFIDENTIALITY===================================
This E-mail is confidential. It should not be read, copied, disclosed or
used 
by any person other than the intended recipient. Unauthorized use,
disclosure or 
copying by whatever medium is strictly prohibited and may be unlawful.
If you have 
received this E-mail in error please contact the sender immediately and
delete 
the E-mail from your system.
===================================
CONFIDENTIALITY===================================


-----Original Message-----
From: full-disclosure-admin@...ts.netsys.com
[mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of Brad Pryce
Sent: Friday, August 15, 2003 6:32 AM
To: Weezer Hutchins
Cc: full-disclosure@...ts.netsys.com
Subject: Re: [Full-Disclosure] The MSBlast Conspiracy Theory


Possible, but not likely.

Brad Pryce

Weezer Hutchins wrote:

>This was such a benign implementation of the serious DCOM security 
>risk, that my conspiracy theory is ... Microsoft had this worm released

>on purpose in an attempt to get everyone to patch their machines before

>a really threatening version was released.
>
>Imagine, what if ...
>
>   ... this vulnerability was used to remove all the .doc, .xls, .ppt, 
>etc. files off the drives, including network attached drives? (you know
how everyone keeps backups of all their files :)
>   ... this vulnerability intentionally stole everybody's address books

>and transferred them to some anonymous ftp server for later pickup (a
spammer's dream)?
>   ... this vulnerability stole financial and personal data in the same

>manner as above, and gets bank account numbers, credit card numbers, 
>passwords, etc., from Quicken, Microsoft Money and other files (of
course, everybody password protects these files)?
>   ... (insert your own extremely disastrous scenario here)
>
>Any of these would cause so much harm to Microsoft from the lawsuits 
>and lost business, that they couldn't afford to let it remain out 
>there, thus the conspiracy theory arises.
>
>__________________________________
>Do you Yahoo!?
>Yahoo! SiteBuilder - Free, easy-to-use web site design software 
>http://sitebuilder.yahoo.com 
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.netsys.com/full-disclosure-charter.html
>
>  
>


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ