[iwar] Re: More on Microsoft...
From: Dan Ellis
From: ellisd@cs.ucsb.edu
To: iwar@egroups.com
Wed, 1 Nov 2000 10:36:44 -0800 (PST)
fc Wed Nov 1 10:39:15 2000
Received: from 207.222.214.225
by localhost with POP3 (fetchmail-5.1.0)
for fc@localhost (single-drop); Wed, 01 Nov 2000 10:39:15 -0800 (PST)
Received: by multi33.netcomi.com for fc
(with Netcom Interactive pop3d (v1.21.1 1998/05/07) Wed Nov 1 18:39:08 2000)
X-From_: ellisd@cs.ucsb.edu Wed Nov 1 12:38:49 2000
Received: from fh.egroups.com (fh.egroups.com [208.50.144.71]) by multi33.netcomi.com (8.8.5/8.7.4) with SMTP id MAA05883 for ; Wed, 1 Nov 2000 12:38:46 -0600
X-eGroups-Return: sentto-279987-725-973103929-fc=all.net@returns.onelist.com
Received: from [10.1.10.38] by fh.egroups.com with NNFMP; 01 Nov 2000 18:38:50 -0000
X-Sender: ellisd@cs.ucsb.edu
X-Apparently-To: iwar@egroups.com
Received: (EGP: mail-6_2_1); 1 Nov 2000 18:38:48 -0000
Received: (qmail 2508 invoked from network); 1 Nov 2000 18:36:45 -0000
Received: from unknown (10.1.10.27) by m4.onelist.org with QMQP; 1 Nov 2000 18:36:45 -0000
Received: from unknown (HELO letters.cs.ucsb.edu) (128.111.41.13) by mta2 with SMTP; 1 Nov 2000 18:36:44 -0000
Received: from plover (plover [128.111.48.34]) by letters.cs.ucsb.edu (8.9.3+Sun/8.9.3) with ESMTP id KAA25270 for ; Wed, 1 Nov 2000 10:36:44 -0800 (PST)
X-Sender: ellisd@plover
To: iwar@egroups.com
In-Reply-To: <973075176.14830@egroups.com>
Message-ID:
From: Dan Ellis
MIME-Version: 1.0
Mailing-List: list iwar@egroups.com; contact iwar-owner@egroups.com
Delivered-To: mailing list iwar@egroups.com
Precedence: bulk
List-Unsubscribe:
Date: Wed, 1 Nov 2000 10:36:44 -0800 (PST)
Reply-To: iwar@egroups.com
Subject: [iwar] Re: More on Microsoft...
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
I am surprised MS even noticed. The problem with MS is that they
use their own products.
How many previous, successful attempts have been made? They will
never know. I certainly agree that many/most companies will not release
details about a successful penetration unless they *really* need
help. That still doesn't address the unknown answer: how badly can a
company get beaten before it realizes it?
On 1 Nov 2000 iwar@egroups.com wrote:
>
> Anonymized for your protection...
>
> I certainly would not second guess how long a company might allow an intruder
> to muck about on its network before going public or to law enforcement. After
> all, the DOE knew about the Cuckoo's Egg cracker for quite some time before
> going to law enforcement or going public. However, it *would* take some
> chutzpah to allow an attack to continue which could quickly change course (vs
> at the relatively leisurely pace that the modem connections hacked at Lawrence
> Berkeley labs in the 80's).
>
> I am also quite confident that this kind of crack would have likely taken place
> long before now (and certainly with greater frequency) were it not for the
> aggressive security initiatives Howard instituted at microsoft after he joined
> them.
------------------
Dan Ellis
PhD student, UCSB
ellisd@cs.ucsb.edu
H: (805) 971-6183
W: (805) 893-4394
-------------------------- eGroups Sponsor -------------------------~-~>
eLerts
It's Easy. It's Fun. Best of All, it's Free!
http://click.egroups.com/1/9699/14/_/595019/_/973103929/
---------------------------------------------------------------------_->
------------------
http://all.net/