Note: I'm pretty sure this'll spawn a lot of vicious hatemail and/or a subthread or two about how *horrible* I am for posting Chris's mail to me. Honestly, I don't care. It'll be nice to see how many people reading this list are "PaymeforCSandPorn" admins. I think our writing is far more readable (and less insulting to the eyes) than that of morningwood/etc, and if they can take the list in horrible, offtopic, flame-engulfed directions.. At least when I write "ware to omppile code plz!!!!!!" I'm *kidding.*
Read on, my children. Laugh, as I have laughed. If you take this too seriously, go read some Hopkins. That dapple-dawn-drawn falcon always makes me feel better. Everything quoted with ">" is Mr. GenericWinAdmin. (Chris) .Neek > > > I'm taking this off the list, since you're obviously after a flame-war. I'm not > about to start one on the list. I wasn't after a flame-war, you were flamebait. > > If the worm goes after SP3, it'll get 70-80% of the Windows hosts on the net, > while the others just fall over. Plenty enough to propagate, and a nice way to > kill the remainder. 99% of statistics are made up. 100% of the bullshit you cite is bullshit. Next? (Oh, and why aren't those 70-80% patched at SP4 with RPC firewalled?) > > What's the weather like on your planet? What about the compiled binaries that > people are now hosting? > I thought I'd kill two birds with one stone and point out how ignorant/lazy/etc you were being _and_ take a shot at the people asking the same questions you were probably asking in [EMAIL PROTECTED] a few weeks ago. (were do i downlod gcc !!! i have winxp) > > You've obviously never administered a network with 10,000 servers. > Typical. "Waahh, I can't be expected to firewall, patch, or otherwise protect my machines! When will I have time to play Counter-Strike and leech porn?" You aren't /actually/ paid to play CS and download pornography, sir. That's why you have to take classes in buzzwordology, remember? > > How about blaming people who give guns away for free? > What would you do for a profession if it weren't for people giving away 'guns' for free? Dear Mr. Pentester, you're staring the gifthorse in the mouth and asking for trouble. > > Actually, NAT is the correct word. Network Address Translation covers a range > of IP-layer translation technologies - check your facts. You should be more specific in the future; this is, infact, a technical forum. It's not just the place where you can collect warez, charge Joe Corp to run it, and whine that other people can do the same thing. > > As for looking like I'm exploiting these sites - have you sat on a raw internet > pipe and looked at the amount of TCP/135 traffic flying around at the moment? > You really think any more is gonna be noticed? A raw.. internet pipe.. Someone flipped over his buzzword of the day calender! PHB, is that you? I think it's nice that you've backed off and you're trying to justify your suggested attack on those servers. (ObGodwin: I bet you're the kind if *Nazi* that burns books you don't agree with, too. Information is for you, and you alone!) > > The point? There is none. That's why I was thinking of doing it instead of > actually doing it. You essentially threatened those websites. Have I told you to grow up yet? I'm telling you now. Grow up. Nobody is to blame when your machines get compromised by your clubie brethren *except you* -- astounding. > > Mental giant? Probably not. Smart enough to write my own exploit code for > this? Yes. Smart enough to work for NGS Software, pen-testing some of the > worlds largest companies? Definitely. Don't believe me? Phone up any of the > top guys at Oracle and ask them about me - they all know me by name, and will > vouch for my intelligence and skill. You, on the other hand, are a nobody. I'm Neek. Nice meeting you. I'd never heard of you before your inane, ignorant post on this list; great way to meet someone, eh? Sir, you don't matter. I hate to burst your bubble, but I came home to a nice load of messages saying I did the right thing, smacking you in the head. "I'm Nobody! Who are you?/Are you - Nobody - Too?/Then there's a pair of us!" > > > Sure. Despite the fact that I was penetration testing for a living long before > Slammer hit. And if you think it's dumb to still be patching when Slammer hit, > I say again - you've never administered a network of 10,000 servers. Even MS > got hit - patching servers was evidently not as easy as you made out. What are you paid to do? Oh, that's right. Counter-Strike and porn. Welcome to the real world. Perhaps Microsoft got hit by Slammer, but remember: They're the same knuckleheads that wrote the software being exploited. How long did you girls have to patch before Slammer came around? Do you play *that much* CS? Do you view *that much* pornography? Get on the fucking ball and stop ruining things for the rest of us. > > Next time you want to start an argument to try and make yourself look smart, > make sure you know what you're talking about first. Next time you post a whiney message to a mailing list.. make sure you're justified. Or keep it simple: "I DON'T WANT TO PROTECT MY MACHINES! STOP RELEASING CODE! I PREFER TO BURY MY HEAD IN THE SAND AND PRETEND ITS NOT EXPLOITABLE!" Many long discussions with people far less.. well, you're /that/ type of "security" guy. Then there's the other, productive type. After long discussions with the /productive/ type, it's pretty easy to say that you guys would never patch (until compromised) without having an exploit thrown in your face. It's the sad, sad truth. > > Chris > More notes: * Refer to the "A question for the list..." thread (back in May?) before crying about forwarding a "private" conversation between two people. * Notice that I didn't say anything regarding whether our friend Chris actually has the credentials he brags about: The horrible truth is, he very well may. These guys get paid an awful lot to play CS/view porn/echo buzzwords, and they make good impressions on (clueless) managers. He could very well be some kind of PHB security messiah. Another hint as to why Slammer was such a 'success' as far as propagation. This leads us to... * Neekie's Law: Those who can, do. Those who can't, get promoted. If you've read this far, I think you'll read anything. Read this. [Bratty Little Bacon Boy] Bratty little bacon boy- Oh, what a bratty little bacon boy, he was. Bratty little bacon boy ate bacon, nothing more; Nothing more, nothing less... bacon, he said, Was the very best! Bacon in the morning, bacon in the noon, Bacon on a moonlit night, bacon in the bedroom. That was, of course, until the faithful day, When bratty little bacon boy... turned to bacon- And tragicly, sadly, sizzled away. Yum. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
