TIP: Click on subject to list as thread!

ANSI

echo:	nthelp
to:	Geo.
from:	Rich
date:	2003-01-23 18:59:38
subject:	Re: More fiction, more nonsense
From: "Rich" This is a multi-part message in MIME format. ------=_NextPart_000_00D8_01C2C311.93D008A0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable By your mention of the "about window" you are again demonstrating = your inability to keep straight your lies and the claims you are = posting. You have again switched to the older IE issue from a year = earlier. Opening a IE window, or more accurately a window in your default = browser which could be Mozilla, Netscape, Opera, or any other you = choose, is not the problem. Any web page you visit can do the same. In = this case the issue is either with the data binding or how IE handles = the result of the data binding. Rich "Geo." wrote in message = news:3e3098b6$1{at}w3.nls.net... So you consider saying an IE patch stops the process from completing = as unambiguous information? In a process that uses 3 exploits where = breaking any one of the three will stop the process from completing? Media player still fires off an IE about window which reads the file = media player wrote to disk, that exploit has not been patched. What IE does = with the file has been patched. What this means is that it's still possible = to create a media player file that starts up IE and tells it what to do, = all that's been limited is what you can tell IE to do (the header trick). But like I said before, you probably consider that a feature not an = exploit. Geo. "Rich" wrote in message news:3e302eae{at}w3.nls.net... They may just be wrong and not lying. They haven't had the clear = and unambiguous information you have had before you continued repeating = your lies many times. Rich "Geo." wrote in message = news:3e2fcea0$2{at}w3.nls.net... I guess all the websites I posted links to are lying too since they = all call it a media player exploit, huh? Geo. "Rich" wrote in message news:3e2f7336{at}w3.nls.net... Just keep lying George. It's very obvious when you look at the = other messages you are posting at the same time as these where you lie = about WMP executing script. You look like a fool. Rich "Geo." wrote in message = news:3e2f5ea5$1{at}w3.nls.net... I meant what I wrote, you can redefine "code" to anything you like = in an attempt to end run the actual realities of the situation. Geo. "Rich" wrote in message news:3e2f5456{at}w3.nls.net... No, you wrote execute code this time. You clearly don't mean = that in the literal sense since with x86 code running the machine sits there = doing nothing. As you had made many false claims regarding WMP running = script in the last I assumed, maybe incorrectly, that you were repeated your = old false claims. Do you have new false claims or do you want to broaden = your silly claim to everything making use of the instruction execution = mechanism of the CPU while this is going on is a vulnerable component? Rich "Geo." wrote in message = news:3e2f3a88{at}w3.nls.net... did I say script in my post? Geo. "Rich" wrote in message news:3e2eca1f{at}w3.nls.net... Their you go with lies again. There is no script being run = by WMP. All the script in these examples is in web pages that are opened in = IE. Rich "Geo." wrote in message news:3e2e7cbc{at}w3.nls.net... I beg to differ, since WMP is being used to execute code that = the hacker wrote, by definition there is an exploit in WMP. You of course = are free to call it a feature if you like. Geo. "Rich" wrote in message news:3e2e16e9{at}w3.nls.net... Obviously you do not understand. There is no exploit in = WMP in either case. Maybe you want to argue that the HTTP protocol is still unpatched because all exploits in all browsers involving a web site = require HTTP and when HTTP is disabled none of these exploits work. Rich "Geo." wrote in message news:3e2df83a$1{at}w3.nls.net... I understand what you are saying but the wimpy exploit is = not patched is it? What was patched was stage 2 of the hack (and maybe stage = 3). The media player exploit that's used to kick it off is still = functional even after you patch IE. Geo. "Rich" wrote in message news:3e2ccb3f$1{at}w3.nls.net... I know exactly which report it was to which you referred. = You included a copy earlier. Note that this one references the earlier = whimpy report. The two are distinct reports. Look at the dates. They are a = year apart. Also, the report to which you refer starts out with a clear = statement that it is just another scenario trying to exploit problems reported = earlier. While both try to implicate WMP the only connection to WMP is that = it is used as one step in a complex sequence. Also true of both cases is = that IE is the significant component. It's not just that IE was patched, = but the the root of the vulnerability is with IE which is what it was = changed. It's not with everything that is used in the complex scenario. If you = follow that logic, all these are vulnerabilities in the HTTP protocol because = the HTTP protocol is used in all of these and if you disable the HTTP protocol system wide then the vulnerabilities disappear. That is the logic you = tried earlier, albeit incorrectly, with scripting. It simply does not = satisfy the rules of logic. Rich "Geo." wrote in message news:3e2c9cbd$1{at}w3.nls.net... Rich, I value your knowledge about IE, but I don't see us = agreeing on this. Here is a link to the original writeup http://lists.insecure.org/lists/bugtraq/2002/Aug/0316.html In that link just before step one he says it's a = combination of several exploits the one that's used to kick it off is the wimpy = exploit of media player, he even links to it in his post http://www.malware.com/wimpy.html so we have the exploit author, the guy who discovered wimpy = and me saying it's a media player exploit and you and MS saying it's an IE = exploit. What makes his hack unique is the way in which he uses wimpy to = control IE components. I think the difference in our viewpoints is because you = are coming at it from the patch side and I'm coming at it from the hack = side. You see it as being patched from IE, I see it as being exploited from = Media player. Geo. "Rich" wrote in message news:3e2c354a$1{at}w3.nls.net... Actually, it's an IE issue. There was one IE issue = which these folks reported several distinct paths to the same issue as if = they are different issues. In any case, if you go back and read this thread = you posted a different issue. Try to read your own posts. In any = event, both are IE issues. Rich ------=_NextPart_000_00D8_01C2C311.93D008A0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable By your mention of the = "about window"=20 you are again demonstrating your inability to keep straight your lies = and the=20 claims you are posting. You have again switched to the older IE = issue from=20 a year earlier. Opening a IE window, or = more=20 accurately a window in your default browser which could be Mozilla, = Netscape,=20 Opera, or any other you choose, is not the problem. Any web page = you visit=20 can do the same. In this case the issue is either with the data = binding or=20 how IE handles the result of the data binding. Rich "Geo." <georger{at}nls.net>">mailto:georger{at}nls.net">georger{at}nls.net> wrote=20 in message news:3e3098b6$1{at}w3.nls.net...So=20 you consider saying an IE patch stops the process from completing=20 asunambiguous information? In a process that uses 3 exploits where = breakingany one of the three will stop the process from=20 completing?Media player still fires off an IE about window = which reads=20 the file mediaplayer wrote to disk, that exploit has not been = patched.=20 What IE does withthe file has been patched. What this means is = that it's=20 still possible tocreate a media player file that starts up IE and = tells it=20 what to do, allthat's been limited is what you can tell IE to do = (the=20 header trick).But like I said before, you probably consider = that a=20 feature not an exploit.Geo."Rich" <{at}> wrote in = message=20 news:3e302eae{at}w3.nls.net...&nbs= p; =20 They may just be wrong and not lying. They haven't had the clear = andunambiguous information you have had before you continued = repeating=20 yourlies many times.Rich "Geo." <georger{at}nls.net>">mailto:georger{at}nls.net">georger{at}nls.net> wrote in = message news:3e2fcea0$2{at}w3.nls.net...= =20 I guess all the websites I posted links to are lying too since they=20 allcall it a media player exploit, huh? =20 Geo. "Rich" <{at}> wrote in message news:3e2f7336{at}w3.nls.net...&nbs= p; =20 Just keep lying George. It's very obvious when you look at the=20 other messages you are posting at the same time as these = where you=20 lie about WMP executing script. You look like a=20 fool. Rich "Geo." <georger{at}nls.net>">mailto:georger{at}nls.net">georger{at}nls.net> wrote in = message news:3e2f5ea5$1{at}w3.nls.net...= =20 I meant what I wrote, you can redefine "code" to anything you like in=20 an attempt to end run the actual realities of = the=20 situation. Geo. = "Rich"=20 <{at}> wrote in message news:3e2f5456{at}w3.nls.net...&nbs= p; =20 No, you wrote execute code this time. You clearly don't mean = that=20 in the literal sense since with x86 = code=20 running the machine sits there doing = nothing. As=20 you had made many false claims regarding WMP running script =20 in the last I assumed, maybe incorrectly, that = you were=20 repeated your old false claims. = Do you=20 have new false claims or do you want to broaden=20 yoursilly claim to everything making use of = the=20 instruction execution mechanism of the = CPU=20 while this is going on is a vulnerable = component? =20 Rich "Geo." <georger{at}nls.net>">mailto:georger{at}nls.net">georger{at}nls.net> wrote in = message news:3e2f3a88{at}w3.nls.net...&nbs= p; =20 did I say script in my post? =20 Geo. "Rich" <{at}> wrote in = message=20 news:3e2eca1f{at}w3.nls.net...&nbs= p; =20 Their you go with lies again. There is no script being run by=20 WMP. All the = script in=20 these examples is in web pages that are opened in=20 IE. =20 Rich "Geo." <georger{at}nls.net>">mailto:georger{at}nls.net">georger{at}nls.net> wrote in = messagenews:3e2e7cbc{at}w3.nls.net...&nbs= p; =20 I beg to differ, since WMP is being used to execute code that = the =20 hacker wrote, by = definition=20 there is an exploit in WMP. You of course are =20 free = to =20 call it a feature if you=20 like. =20 Geo. "Rich" = <{at}> wrote=20 in message news:3e2e16e9{at}w3.nls.net...&nbs= p; =20 Obviously you do not understand. There is no exploit in WMP=20 in = either =20 case. Maybe you want to argue that the HTTP protocol is = still =20 unpatched because all = exploits=20 in all browsers involving a web site = requireHTTP =20 and when HTTP is = disabled none=20 of these exploits = work. =20 Rich = "Geo."=20 <georger{at}nls.net>">mailto:georger{at}nls.net">georger{at}nls.net> wrote = in=20 message news:3e2df83a$1{at}w3.nls.net...= =20 I understand what you are saying but the wimpy exploit is = not =20 patched = is =20 it? What was = patched=20 was stage 2 of the hack (and maybe stage 3). The = media player = exploit=20 that's used to kick it off is still functional = even =20 after =20 you patch=20 IE. =20 Geo. = "Rich"=20 <{at}> wrote in message news:3e2ccb3f$1{at}w3.nls.net...= = I know exactly which report it was to which you referred. =20 You =20 included =20 a copy=20 earlier. Note that this one references the earlier=20 whimpy =20 report. =20 The two are = distinct=20 reports. Look at the dates. They are a year =20 apart. =20 Also, the = report to=20 which you refer starts out with a clear=20 statementthat = it =20 is just = another=20 scenario trying to exploit problems reported=20 earlier. =20 While both = try to=20 implicate WMP the only connection to WMP is that it = is =20 used =20 as one step = in a=20 complex sequence. Also true of both cases is = thatIE =20 is =20 the = significant=20 component. It's not just that IE was patched, but the =20 the =20 root of the=20 vulnerability is with IE which is what it was=20 changed.It's =20 not =20 with = everything that=20 is used in the complex scenario. If you=20 followthat =20 logic, all = these are=20 vulnerabilities in the HTTP protocol because=20 theHTTP =20 protocol is = used in=20 all of these and if you disable the HTTP=20 protocolsystem =20 wide then = the=20 vulnerabilities disappear. That is the logic you=20 tried =20 earlier, = albeit=20 incorrectly, with scripting. It simply does not=20 satisfythe =20 rules =20 of =20 logic. =20 = Rich &= nbsp;=20 "Geo." <georger{at}nls.net>">mailto:georger{at}nls.net">georger{at}nls.net> = wrote in=20 message news:3e2c9cbd$1{at}w3.nls.net...= =20 = Rich, = =20 I value your knowledge about IE, but I don't see us agreeing=20 on = this. =20 = Here = ; is=20 a link to the original=20 = writeup &nbs= p; =20 http:=">http://lists.insecure.org/lists/bugtraq/2002/Aug/0316.html">http:= //lists.insecure.org/lists/bugtraq/2002/Aug/0316.html &n= bsp; =20 In that link just before step one he says it's a combination=20 of =20 = several &n= bsp;=20 exploits the one that's used to kick it off is the wimpy = exploit =20 of =20 = media &nbs= p;=20 player, he even links to it in his=20 post http://www.malware.com/wimpy.h" target="new">http://www.malware.com/wimpy.h=">http://www.malware.com/wimpy.html">http://www.malware.com/wimpy.h= tml =20 = so = we=20 have the exploit author, the guy who discovered wimpy and=20 me =20 saying =20 = it's = ; a=20 media player exploit and you and MS saying it's an IE=20 exploit. =20 What =20 = makes &nbs= p;=20 his hack unique is the way in which he uses wimpy to control=20 IE =20 = components. = =20 I think the difference in our viewpoints is because you=20 arecoming = at =20 = it = from=20 the patch side and I'm coming at it from the hack side. You =20 see =20 it =20 = as = being=20 patched from IE, I see it as being exploited from = Media =20 = player. &nbs= p; =20 = Geo. &= nbsp;=20 "Rich" <{at}> wrote in message news:3e2c354a$1{at}w3.nls.net...= &= nbsp; =20 Actually, it's an IE issue. There was one IE issue=20 whichthese =20 = folks &nbs= p;=20 reported several distinct paths to the same issue as if they=20 are =20 = different = =20 issues. In any case, if you go back and read this thread = you =20 posted =20 = a =20 different issue. Try to read your own posts. In any=20 event,both = are =20 = IE = = issues. &nbs= p; =20 Rich ------=_NextPart_000_00D8_01C2C311.93D008A0-- --- BBBS/NT v4.01 Flag-4 * Origin: Barktopia BBS Site http://HarborWebs.com:8081 (1:379/1.45) SEEN-BY: 633/267 270 @PATH: 379/1 633/267
SOURCE: echomail via fidonet.ozzmosis.com

Email questions or comments to sysop@ipingthereforeiam.com
All parts of this website painstakingly hand-crafted in the U.S.A.!
IPTIA BBS/MUD/Terminal/Game Server List, © 2025 IPTIA Consulting™.