================================================ Subject: Re: The Fortress From: "]\\[][G}{T§TÖ®]v[" To: Date: Mon 27 Aug 2001 23:40:48 -0400 ================================================ Message*Grr @ L-Soft Listserver... god damn line limits... 266 lines.... what BS.* No, doesn't overly surprise me at all... especially since I personally know of 2 people that were working on it... in fact, there's a good chance that they were among the group that discovered this exploit. They are also some of the people that are spreading the word about the ability to use raw sockets, which allows for Spoofed TCP packets, which is something that is made available via WinXP... not necessarily a problem with WinXP or it's source code directly, but definitely still a problem, as now 98% of those who enjoy the intellectual challenge of creatively overcoming or circumventing limitations (aka hackers... but I love that definition... LOL) are not only aware of this, but are also reading up and learning via osmosis (isn't that when you pass out on your keyboard and the monitor radiates everything directly into your brain?) how they can make this work for them. http://grc.com/dos/sockettome.htm covers this briefly (yeah Debbi, I know... you and Steve don't get along... but you do have to admit that he understands what he's talking about). Of course, he has a link on that page which allows you to send feedback direct to Microsoft, which probably isn't the best thing he could have done, but overall he does raise some true issues on the page, and his site in general. And who more to be worried about raw socket and spoofed TCP packet attacks than someone who's site would most likely be targeted first? All this means is that even with WinXP being out for a short while, people are already working on finding flaws, exploits, holes, and anything else they can get their hands on... and apparently having some luck with it as well. I am sure that since the version they are working on is only a beta release, that at least some of these problems would be fixed before the final shipping date. As with any OS, there is going to be bugs, and holes, and exploits... but with the release of XP as a beta version, I would think that some of the more public problems would be caught before a final release... since it had that "test period" that most other OS don't have. But I guess we will wait and see. I don't know... perhaps I'll upgrade to XP to check it out... and if I don't like what I see... well... I have Win2K Pro, Win2K Server, Win98, several versions of Linux... I'm sure I can find something to replace it. ¤]\[][G}{T§TÖ®]v[¤ (who is shuffling through Operating Systems on his computer on a weekly basis right now) http://NightStorm.isyourgod.com/ NightStorm_Draco_@hotmail.com NightStorm_Draco@creedlist.com NightStorm@isyourgod.com I've seen the wicked fruit of your vine, Destroy the man who lacks a strong mind Human pride sings a vengeful song Inspired by the times you've been walked on My stage is shared by many millions, Who lift their hands up high because they feel this We are one We are strong, The more you hold us down the more we press on What if you did? What if you lied? What if I avenge? What if eye for an eye? ----- Original Message ----- From: Debbi R To: CREED-DISCUSS@WINDUPLIST.COM Sent: Monday, August 27, 2001 7:29 PM Subject: Re: The Fortress people working hard to not activate the product so they can gray-market it. This doesn't surprise me a bit. Did it surprise you? -----Original Message----- From: Creed Discussion List [mailto:CREED-DISCUSS@WINDUPLIST.COM] On Behalf Of ]\[][G}{T§TÖ®]v[ Sent: Monday, August 27, 2001 4:26 PM To: CREED-DISCUSS@WINDUPLIST.COM Subject: Fw: Re: The Fortress Looks like people are hard at work already to find loopholes and flaws (exploits) in the XP package... another (long) page actually breaks down and explains how to get around the msoobe.exe file. To unsubscribe or change your preferences for the Creed-Discuss list, visit: http://www.winduplist.com/ls/discuss/form.asp