Tim Mullen, 2001-12-31
Everyone from the FBI to the L.A. Times has something scary to say about the new XP vulnerability. Here's why they all have it wrong.
Colapse all |
Post comment
Fear, Uncertainty and Doubt, Inc.
2001-12-31
Anonymous (1 replies)
Anonymous (1 replies)
Fear, Uncertainty and Doubt, Inc.
2002-01-03
Patrik Birgersson (3 replies)
Patrik Birgersson (3 replies)
There's no "Automatic Update" for Windows (as far as I know - haven't checked out XP though). You have the "Windows Update" site if that's what's you're referring to.
However, using Windows Update require that users activle visits the site and performs the updates. And that ain't happening (as we...
[ more ] [ reply ]
However, using Windows Update require that users activle visits the site and performs the updates. And that ain't happening (as we...
[ more ] [ reply ]
Autoupdate in XP
2002-01-04
jpostel
jpostel
XP has the ability to install critical updates from windowsupdate in the background automagically. I've often thought this would be great for the home user. Since most home users have no clue about security updates, I think this would be a pretty cool feature.
It is, however, a waste for many cor...
[ more ] [ reply ]
It is, however, a waste for many cor...
[ more ] [ reply ]
RE: Fear, Uncertainty and Doubt, Inc.
2001-12-31
J Horner <jjhorner@bellsouth.net> (2 replies)
J Horner <jjhorner@bellsouth.net> (2 replies)
Yuck! Sounds like someone got a bitter taste from the Microsoft slop trough.
We all know that Microsoft would NEVER put marketing above security. They've never done that. They've never pushed something to market with known issues or with the expectation that the general public would do what ...
[ more ] [ reply ]
We all know that Microsoft would NEVER put marketing above security. They've never done that. They've never pushed something to market with known issues or with the expectation that the general public would do what ...
[ more ] [ reply ]
RE: Fear, Uncertainty and Doubt, Inc.
2001-12-31
Anonymous (1 replies)
Anonymous (1 replies)
Sure he got a bitter taste from the MS slop trough, he's
CIO of a company that makes security-oriented accounting
software that only runs on MS platforms. He's probably
looking at significant financial losses over MS's awful
security record.
I find the claim that there are no exploits for th...
[ more ] [ reply ]
CIO of a company that makes security-oriented accounting
software that only runs on MS platforms. He's probably
looking at significant financial losses over MS's awful
security record.
I find the claim that there are no exploits for th...
[ more ] [ reply ]
RE: Fear, Uncertainty and Doubt, Inc.
2002-01-03
Anonymous (1 replies)
Anonymous (1 replies)
Ah, there is the problem. You are a CISSP, not an MCSE. We all know that MCSE's are the most trained, most security conscious group of professionals around. Who are you, a mere CISSP, to tell us what security is all about? Go back to your Information Secruity Management job where you get respect...
[ more ] [ reply ]
[ more ] [ reply ]
Fear, Uncertainty and Doubt, Inc.
2001-12-31
Anonymous (2 replies)
Anonymous (2 replies)
Great Article! Couldn't agree with you more...
I can not tell you the number of times I have read articles about MS vunerabilities with inaccurate information and when somebody questions why publish such an article, the usual follow-up comments complaining Microsoft said this or Microsoft said t...
[ more ] [ reply ]
I can not tell you the number of times I have read articles about MS vunerabilities with inaccurate information and when somebody questions why publish such an article, the usual follow-up comments complaining Microsoft said this or Microsoft said t...
[ more ] [ reply ]
Fear, Uncertainty and Doubt, Inc.
2001-12-31
Anonymous (1 replies)
Anonymous (1 replies)
It happends all the time. We never how about how linux blows goats in the media with all little fixes that trickel out all yaer. I get tired of hearing one-sided reporting. It's seems that that is all that comes out from the mouths of yearnlists these days. If I had to count the amount of OpenSSH...
[ more ] [ reply ]
[ more ] [ reply ]
Fear, Uncertainty and Doubt, Inc.
2001-12-31
Anonymous
Anonymous
Although I do not like Microsoft and their marketing techniques, I agree 100% with your analysis of the situation. The people that follow and analyze this industry are no better and probably worse than Microsoft themselves. They are in such need of making statements to be on the band wagon, the tr...
[ more ] [ reply ]
[ more ] [ reply ]
No worm? Tim, lay off the meds
2001-12-31
Anonymous (9 replies)
No worm? So you claim to have read the advisory and now stand from your soapbox calling everyone else idiots? You chastise others to go read the Eeye advisory when it's painfully obvious that you read it and COMPLETELY failed to understand it's contents?
What part of "remote SYSTEM level exploi...
[ more ] [ reply ]
Anonymous (9 replies)
No worm? So you claim to have read the advisory and now stand from your soapbox calling everyone else idiots? You chastise others to go read the Eeye advisory when it's painfully obvious that you read it and COMPLETELY failed to understand it's contents?
What part of "remote SYSTEM level exploi...
[ more ] [ reply ]
A lesson in comprehension...
2002-01-02
Anonymous (1 replies)
Anonymous (1 replies)
Don't get me wrong, I realize that Tim can (and does) come across rather strong and in some cases arrogant and disrespectful, but it sounds like the bulk of your problem with him lies in the fact that he *appears* to favor Microsoft and nothing else. Am I wrong?
This begs the question, were you ...
[ more ] [ reply ]
This begs the question, were you ...
[ more ] [ reply ]
A lesson in... Comprehend this: MS has 36+Billion in Liquidity (4x next on list)
2002-01-06
gained by monopoly + inferior product = superior pricing (does this compute?) (1 replies)
gained by monopoly + inferior product = superior pricing (does this compute?) (1 replies)
Wall St. Journal, Wed, Jan 2, 2002
"Then there is Microsoft, sitting atop $36 billion in cash and short term securities"... "the company is generating about $1 billion in free cash flow a month, meaning it could have $48 billion in cash in a year"..."Microsoft is an enviable cash machine - and that...
[ more ] [ reply ]
"Then there is Microsoft, sitting atop $36 billion in cash and short term securities"... "the company is generating about $1 billion in free cash flow a month, meaning it could have $48 billion in cash in a year"..."Microsoft is an enviable cash machine - and that...
[ more ] [ reply ]
A lesson in... Comprehend this: MS has 36+Billion in Liquidity (4x next on list)
2002-01-16
Anonymous
Anonymous
I'll certainly be willing to listen to your opinion after you've graduated school and spent some time in the professional world writing code and having to pay a mortgage. Until then, your opinion is worthless, and I'll be able to tell the difference because your viewpoint will display some real unde...
[ more ] [ reply ]
[ more ] [ reply ]
No worm? Tim, lay off the meds, or maybe you should take more ...
2002-01-02
Anonymous
Anonymous
Great another person that instead of discussing the issues at hand thinks that slamming and being insulting will make everyone think they have a clue. Congrats. Try actually contributing instead of just slobbering on yourself because you see a "remote SYSTEM level exploit".
Now if you want to rea...
[ more ] [ reply ]
Now if you want to rea...
[ more ] [ reply ]
Anon posting, was => No worm? Tim, lay off the meds
2002-01-03
keydet89@yahoo.com (1 replies)
keydet89@yahoo.com (1 replies)
It's interesting that Tim can post an article w/ his full name, and then someone can come by an criticize it, w/o providing their name.
Takes some real guts to do that, doesn't it? I guess that's the best that can be expected from you......
[ more ] [ reply ]
Takes some real guts to do that, doesn't it? I guess that's the best that can be expected from you......
[ more ] [ reply ]
A great article, but ...
2002-01-13
Der HexXer (@gmx.net)
Der HexXer (@gmx.net)
It it really is a critical vulnerability and not too many users are informed about security issues and apparently they aren't willing to spend some time on getting up-to-date.
And yes, media and authorities wrote some reports and/or advisories and/or really useful tools - written in pure assembly...
[ more ] [ reply ]
And yes, media and authorities wrote some reports and/or advisories and/or really useful tools - written in pure assembly...
[ more ] [ reply ]
In your bias opinion.
2002-01-01
Carnivore Knows
Carnivore Knows
Tim, Now everyone in the world is wrong except you and Microsoft. Bet you hurt your arm patting yourself on the back over this one. Why didn't your creatively edit your letter to Larry and send it to Bill! This message is the same crap without the hardened passion of it being to someone who is co...
[ more ] [ reply ]
[ more ] [ reply ]
Actually, it's 3 vulnerabilities associated with the hole
2002-01-01
Anonymous
Anonymous
I read Mr. Mullens article via a link on the Register. It seemed to be a valid article until I reached the end of the article and saw "related links". One was entitled "MS warns of severe universal plug & play security hole". ( link ).
It turns out that there's three security vulnerabilities as...
[ more ] [ reply ]
It turns out that there's three security vulnerabilities as...
[ more ] [ reply ]
Fear, Uncertainty and Doubt, Inc.
2002-01-01
Mike Bunyard
Mike Bunyard
Tim
After careful reading of your article and the links you've provided. And after visitng Steve Gibson's site to read his thoughts on the mattter of UPnP security I think you've either misunderstood or you have your own axe to grind with Microsoft haters (or whatever you chose to call them) Noth...
[ more ] [ reply ]
After careful reading of your article and the links you've provided. And after visitng Steve Gibson's site to read his thoughts on the mattter of UPnP security I think you've either misunderstood or you have your own axe to grind with Microsoft haters (or whatever you chose to call them) Noth...
[ more ] [ reply ]
Fear, Uncertainty and Doubt, Inc.
2002-01-01
Anonymous
Anonymous
"and there is not even an exploit yet"
how do you know that?
so you know what is going on in the entire world? thank you for telling us that no one has created a exploit yet... I'm not even worried with security anymore, since all we should do is come to you and you'll tell us if an exploit ha...
[ more ] [ reply ]
how do you know that?
so you know what is going on in the entire world? thank you for telling us that no one has created a exploit yet... I'm not even worried with security anymore, since all we should do is come to you and you'll tell us if an exploit ha...
[ more ] [ reply ]
Fear, Uncertainty and Doubt, Inc.
2002-01-02
Nai Rolf
Nai Rolf
Well, me thinks you hit one or two of the hydra's heads that keep popping like groundhogs.
Coming from the "media" side, "Microsoft" is a name that can be placed on anything and make a sale. Whether it is code, newsprint, TV-land teases, certificates, etc., It is like blood, it leads. Everyone ma...
[ more ] [ reply ]
Coming from the "media" side, "Microsoft" is a name that can be placed on anything and make a sale. Whether it is code, newsprint, TV-land teases, certificates, etc., It is like blood, it leads. Everyone ma...
[ more ] [ reply ]
Fear, Uncertainty and Doubt, Inc.
2002-01-02
Anonymous
Anonymous
Tim,
Did MS ships a known bug in its software so that it could get better sales? ROLF like that would be the first time? Did the media overreact? probably. Did MS stop sending software out with known bugs? If not then some one needs to take MS to task. Maybe security consultants? You? Mayb...
[ more ] [ reply ]
Did MS ships a known bug in its software so that it could get better sales? ROLF like that would be the first time? Did the media overreact? probably. Did MS stop sending software out with known bugs? If not then some one needs to take MS to task. Maybe security consultants? You? Mayb...
[ more ] [ reply ]
Fear, Uncertainty and Doubt, Inc.
2002-01-02
Anonymous
Anonymous
Seems like a little biased journalism going on here. Maybe you're too closely tied to Microsoft to see clearly.
In the fine print at the bottom of the article you state:
>Microsoft's security issues are bad. And though my call on
>this one is that we won't see any massive worm taking
>adv...
[ more ] [ reply ]
In the fine print at the bottom of the article you state:
>Microsoft's security issues are bad. And though my call on
>this one is that we won't see any massive worm taking
>adv...
[ more ] [ reply ]
Fear, Uncertainty and Doubt, Inc.
2002-01-02
Anonymous
Anonymous
This article contains useful information. Whatever editorialism that exists is justified as much as any author sees fit. Whoever posted the eEye response obviously feels eEye is an important player in the security industry. How wrong that person is. eEye is a nothing shop that calls attention to...
[ more ] [ reply ]
[ more ] [ reply ]
Huh?
2002-01-03
guest@netpixies.net
guest@netpixies.net
> Steve Gibson jumped on the bandwagon with a page
> dedicated to saturating the issue with his own special
> blend of FUD that is almost elevated to an art form. In a
> complete exit from anything security related, Gibson goes
> as far as to charge Microsoft with purposefully
> withholdin...
[ more ] [ reply ]
> dedicated to saturating the issue with his own special
> blend of FUD that is almost elevated to an art form. In a
> complete exit from anything security related, Gibson goes
> as far as to charge Microsoft with purposefully
> withholdin...
[ more ] [ reply ]
Interesting article
2002-01-03
keydet89@yahoo.com
keydet89@yahoo.com
First off, let me just post this...someone I know has been receiving quite a lot of the following on their BID:
"9,2002-01-02 04:25:16,2004303,UPNP NOTIFY
overflow,10.100.3.107,,239.255.255.250,,length=96&location=h
ttp://10.
100.3.107:2869/upnphost/udhisapi.dll?content%3Duuid:38a5581b
-432a-
49...
[ more ] [ reply ]
"9,2002-01-02 04:25:16,2004303,UPNP NOTIFY
overflow,10.100.3.107,,239.255.255.250,,length=96&location=h
ttp://10.
100.3.107:2869/upnphost/udhisapi.dll?content%3Duuid:38a5581b
-432a-
49...
[ more ] [ reply ]
Fear, Uncertainty and Doubt, Inc.
2002-01-03
Nighthawk
Nighthawk
So I guess in Tim's sick and perverted world, a hole is nothing to be concerned about until someone writes an exploit or worm to take advantage of it? Let's not think of any dangers until we get hurt by it!! LOL
Dude, you're hurting...
So how do I get a job BS'ing people? :)
If your though...
[ more ] [ reply ]
Dude, you're hurting...
So how do I get a job BS'ing people? :)
If your though...
[ more ] [ reply ]
Fear, Uncertainty and Doubt, Inc.
2002-01-04
Anonymous (2 replies)
Anonymous (2 replies)
Another long winded, under whelmed intellect wannabe defending Micro$oft...So what else is new?
Please, keep the MS ass kissing to your self, you're taking up valuable Internet space.
...
[ more ] [ reply ]
Please, keep the MS ass kissing to your self, you're taking up valuable Internet space.
...
[ more ] [ reply ]
Fear, Uncertainty and Doubt, Inc.
2002-01-04
Anonymous
Anonymous
Although I normally take issue with Tim's articles due to what I perceive to be a strong pro-Microsoft bias in them, I thought this one was fairly balanced and accurate on the whole.
It comes as no surprise that the press (and even government agencies) would make a circus out of a story like this...
[ more ] [ reply ]
It comes as no surprise that the press (and even government agencies) would make a circus out of a story like this...
[ more ] [ reply ]
Fear, Uncertainty and Doubt, Inc.
2002-01-04
Anonymous
Anonymous
Coincidently this whole issue illustrates one of my biggest beefs with Microsoft. Not the fact that it doesn't properly QA its products, but the fact that it makes too many assumptions about what features I want to run on my computer.
Frankly, I would prefer to do without UPnP altogether. If I wa...
[ more ] [ reply ]
Frankly, I would prefer to do without UPnP altogether. If I wa...
[ more ] [ reply ]
Reduced to perpetual apologist
2002-01-04
Paul Lembo
Paul Lembo
Rather than have some interesting things to say Tim's column is regularly a long apology / defense of whatever other people have said about MS.
Its nothing personal against him but its also not especially useful.
If Tim knows something useful I'd rather have him writing a column to help othe...
[ more ] [ reply ]
Its nothing personal against him but its also not especially useful.
If Tim knows something useful I'd rather have him writing a column to help othe...
[ more ] [ reply ]
UPnP, an old vulnerability
2002-01-04
Alberto Cozer
Alberto Cozer
I do agree with Tim's article. People got scared with "SYSTEM COMPRIMISE", "root level" and other stuff written down in an advisorie. But, in fact, this vulnerability won't cause too much problem.
I don't really belive that a massive worm will be released for this vulnerability. First of all, thi...
[ more ] [ reply ]
I don't really belive that a massive worm will be released for this vulnerability. First of all, thi...
[ more ] [ reply ]
Here you go Tim, the exploit is out !
2002-01-04
Chad Cyrisse (1 replies)
Chad Cyrisse (1 replies)
Exploit for another vuln!
2002-01-15
Der HexXer (1 replies)
Der HexXer (1 replies)
This is an exploit for another vulnerability! (see any ssdp-notify messages sent?)
http://www.securityfocus.com/archive/82/247060
and:
http://www.securityfocus.com/archive/82/247175...
[ more ] [ reply ]
http://www.securityfocus.com/archive/82/247060
and:
http://www.securityfocus.com/archive/82/247175...
[ more ] [ reply ]
Exploit for another vuln!
2002-01-17
JHendo
JHendo
I both of your postings and it is indeed nice to see someone with the ability to disagree and voice it in a constructive, nonoffensive manner. Kudos.
I have to say that the over all tone of Tim's article seems passionately driven and perhaps even directed towards a greater offense in defending a...
[ more ] [ reply ]
I have to say that the over all tone of Tim's article seems passionately driven and perhaps even directed towards a greater offense in defending a...
[ more ] [ reply ]
How about Stupidity, Suckers, and Loathing in Cyberspace?
2002-01-05
dave.williams@gte.net
dave.williams@gte.net
Are you serious...
The IFRAME cross scripting vunerability in and of
itself is a nightmare. There are essenttially two
options with repsect to information security when
programmatic interfaces are steam components.
1) NONE
2) NO INFORMATION
The reason for such a strong statement is that...
[ more ] [ reply ]
The IFRAME cross scripting vunerability in and of
itself is a nightmare. There are essenttially two
options with repsect to information security when
programmatic interfaces are steam components.
1) NONE
2) NO INFORMATION
The reason for such a strong statement is that...
[ more ] [ reply ]
Give me a break
2002-01-08
Burleyman (1 replies)
Burleyman (1 replies)
Give me a break..... I do not know of any OS that does not have something wrong when it is released. You can never test for every situation. Let throw some things out there... Why does Microsoft have so many viruses and exploits aimed at them? Because they would affect so many more people than one w...
[ more ] [ reply ]
[ more ] [ reply ]
Give me a break
2002-01-08
aSteve (1 replies)
aSteve (1 replies)
You'd think Steve Ballmer could come up with a better handle than burleyman to post his tripe under....
[ more ] [ reply ]
[ more ] [ reply ]
Give me a break
2002-01-09
Burleyman
Burleyman
Hey don't get me wrong I am not a MS fan by any means. Just this Bitching and moaning is enough to drive you nuts. All I am saying is stop and come up with something better that the average user can work with. I am looking a Linux for our Organization but for the desktop I need something that the us...
[ more ] [ reply ]
[ more ] [ reply ]
Fear, Uncertainty and Doubt, Inc.
2002-01-11
Anonymous
Anonymous
Pronunciation: m&-'nä-p(&-)lE
Function: noun
Inflected Form(s): plural -lies
Etymology: Latin monopolium, from Greek monopOlion, from mon- + pOlein to sell
Date: 1534
1 : exclusive ownership through legal privilege, command of supply, or concerted action
2 : exclusive possession or control
3 ...
[ more ] [ reply ]
Function: noun
Inflected Form(s): plural -lies
Etymology: Latin monopolium, from Greek monopOlion, from mon- + pOlein to sell
Date: 1534
1 : exclusive ownership through legal privilege, command of supply, or concerted action
2 : exclusive possession or control
3 ...
[ more ] [ reply ]
Does anyone take Tim seriously anymore?
2002-01-17
Anonymous (3 replies)
Anonymous (3 replies)
My impression from reading Tim's articles is that he is quite happy distorting the truth and misrepresenting facts wrt anything relating to Microsoft's products and their security flaws. Or perhaps he is just clueless; I just don't know. As another poster mentioned, he seems to have become an apol...
[ more ] [ reply ]
[ more ] [ reply ]
Does anyone take Tim seriously anymore?
2002-01-19
Anonymous
Anonymous
The most clear, professional, deep and conscious article about the issue. It?s really pathetic and ridiculous for Gartner and other to spread misinformation. It proves how REALLY incompetent and how they care about REAL end user protection and privacy. All they want is 5 minutes of fame.
If the...
[ more ] [ reply ]
If the...
[ more ] [ reply ]
The bottom line...
2002-01-19
Carnivore knows (1 replies)
Carnivore knows (1 replies)
Microsoft products suck, they are a monopoly, and Tim is an idiot! Now what is the DOJ going to do about it...Sure they are there to uphold the law and protect us, the taxpayer. But done believe for a minute they are going to rule in the consumers favor. Hopefulle the EU will do something because...
[ more ] [ reply ]
[ more ] [ reply ]
Or, I'm missing something ?...
[ more ] [ reply ]