[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20080508175230.GA90625@infiltrated.net>
Date: Thu, 8 May 2008 12:52:30 -0500
From: "J. Oquendo" <sil@...iltrated.net>
To: Paul Schmehl <pauls@...allas.edu>
Cc: full-disclosure@...ts.grok.org.uk, butraq@...urityfocus.com
Subject: Re: Microsot DID DISCLOSE potential Backdoor
> Of course, with the weasel words "may have", "inadvertently" and
> "potential", you can always claim you never really said that, but you know
> exactly what the reader will take away from that headline - "What???
> Microsoft installed a backdoor on my computer????"
> Microsoft installed a backdoor on my computer????"
> Then you make this amazing leap of "logic".
This is your interpretation my CORRELATION. If it did not obtain info
from MSRT how would have MS created the Botnet tool. I'm not making
any amazing leaps of anything other then correlation. If they didn't
they shouldn't have mentioned it in the article. You don't see any
Ferrari mechanics start talking about Ferrari engines in a mechanics
article, and next paragraph talk about speed and not correlate it with
a Ferraris that would be insanely stupid. "Gee Wilbur I don't mean
Ferrari I meant a Yugo."
> So, in one "sentence" you tie the MSRT to the botnet buster and go from "it
> sends data" to "it spies on you". Nice try, but you're not fooling anyone
> except fools.
How did I tie anything. Microsoft implies this in their article in
MY interpretation. Again, I don't know about you but I've never had
the exposure you have to see someone do so.
> BTW, a backdoor program is something that allows me to access your computer
> without your knowledge any time I want to, not a program that sends me
> information whenever you choose to run it *if* you choose to send it.
> Again, nice try, but you're not fooling anyone except fools and conspiracy
> theorists.
And you're the architect of this definition? I used the Wiki entry:
/ READ
A backdoor in a computer system (or cryptosystem or algorithm) is a method
of bypassing normal authentication, securing remote access to a computer,
obtaining access to plaintext, and so on, while attempting to remain
undetected. The backdoor may take the form of an installed program (e.g.,
Back Orifice), or could be a modification to an existing program or
hardware device.
/ END READ
I don't know about you but one, I never agreed to share the information
with MS in the first place. THEY IMPOSED IT. And your argument about
removing it is MOOT. This is my MAIN RANT. ASK ME BEFOREHAND DON'T
ASSUME I AM YOUR GUINEA PIG. Does this register logically to anyone
else. The argument here isn't about what MS is actually doing with the
information, if they told me beforehand I would have the OPTION to
provide information. I wouldn't have had it shoved down my throat
because Microsoft is trying to assist LEA. You're missing the entire
GIST of it.
If you understood more about me, you would have known better to label
this as theorist or alarmist. Facts are facts. Is MS obtaining info
from my machine YES Is MS passing information obtained from my machine
to LEA YES. Is it identifiable. YES IP IS USED AS AN IDENTIFIER either
way you cut it. I could care less whether or not if they are or aren't
using the information. FACT LEA WILL ATTEMPT TO IDENTIFY YOU VIA IP.
FACT YOU ARE IDENTIFIED IN THE FORM OF AN IP THE MOMENT YOU CONNECT.
You CONNECTED did the packets get there via RFC2549. FACT. Did MS
ever notify me they would be sharing information NO. FACT.
We could copy and paste until the cows come home. I stand by what I
state and at this point its a matter of interpretation. You can infer
what you'd like by my FACTS but they are what they are according to
what was disclosed by Microsoft NOT ME.
--
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
J. Oquendo
SGFA #579 (FW+VPN v4.1)
SGFE #574 (FW+VPN v4.1)
"Experience hath shewn, that even under the best
forms (of government) those entrusted with power
have, in time, and by slow operations, perverted
it into tyranny." Thomas Jefferson
wget -qO - www.infiltrated.net/sig|perl
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x3AC173DB
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists