Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Security > New Microsoft Security scare?

Reply
Thread Tools

New Microsoft Security scare?

 
 
Rowdy Yates
Guest
Posts: n/a
 
      02-12-2004
Rowdy Yates <(E-Mail Removed)> wrote in
news:Xns948CE4A0C8387rowdyyatesnospamlyco@66.185.9 5.104:

> bunch of other certs as well. usually whatever
> platfrom they work on.


lastly. if you really have met incompetent paper mcse's who screwed up a
network. someone had to have made the decision to hire this guy, right?
perhaps your HR department is full of "paper" HR's?


--
Rowdy Yates
"Command prompt's make me horny!"
I am Against-TCPA
http://www.againsttcpa.com
 
Reply With Quote
 
 
 
 
Jon Leirdal
Guest
Posts: n/a
 
      02-12-2004
On Wed, 11 Feb 2004 16:14:24 +0000, Peter James
<(E-Mail Removed)> wrote:

> There was mention on the BBC lunchtime news today of a "hole" in the
> Microsoft OS that has recently been discovered, and the patch for this
> available today.
> Can anyone throw any light on just what this security hole actually
> is. Keep it simple for a non-anorak. Thanks


According eEye there was to errors in the ASN.1 library.

I'll try to explain it a little easy, but try reading the URL's below.
Anyway: Roughly speaking it is the code that MS uses to verify security
permissions on your computer.
That is access to your computer from the net. (among other things)
The error exists in all MS OS (98, NT, 2K, XP, 2K3 osv).

http://www.eeye.com/html/Press/PR20040210.html
http://www.eeye.com/html/Research/Ad...D20040210.html
http://www.eeye.com/html/Research/Ad...0040210-2.html

Jon

(Hey guys don't shoot me for over-simplifying it)
(And english is not my native language so please excuse any typos and
grammatical errors)

 
Reply With Quote
 
 
 
 
Dazz
Guest
Posts: n/a
 
      02-12-2004
On Wed, 11 Feb 2004 23:20:32 GMT, Leythos <(E-Mail Removed)> wrote:

<snipped>

>No MCSE or tech support person would connect a unprotected system to the
>internet without first ensuring that it was protected. Heck, even a
>first year MCSE knows enough to turn off the services that can get
>compromised before connecting to the net to get the updates when there
>is no protection on the system.


Bwahahahahaha. I think you just gave yourself away.

I have come across many MCSE's that don't have a clue about how to
*secure* a system, let alone fix a problem when it occurs.

This isn't to say that I haven't met some very good MCSE's, but the
majority that I have come across think they know it all, simply
because they've read some books and sat some exams.

When it comes to real life situations, an MCSE cert doesn't mean ****.

I hope this doesn't burst your little bubble.

>What the heck kind of MCSE goes to a friends house to help with a
>computer and doesn't take his CD's choked full of goodies (like the Free
>Zonealarm, the free Spybot, etc...).


I think you should re-write that first sentence to read "What the heck
kind of a person with any common-sense ..."

Dazz

 
Reply With Quote
 
Leythos
Guest
Posts: n/a
 
      02-12-2004
In article <(E-Mail Removed)>,
http://www.velocityreviews.com/forums/(E-Mail Removed) says...
> I have come across many MCSE's that don't have a clue about how to
> *secure* a system, let alone fix a problem when it occurs.
>
> This isn't to say that I haven't met some very good MCSE's, but the
> majority that I have come across think they know it all, simply
> because they've read some books and sat some exams.


That's mostly my experience with them too. The ones that are good are
the ones that have experience and just happen to have got he MCP or MCSE
for the added benefit it can have.

When I hire someone, if all they have is an MCSE, in general, I don't
give them any brownie points for it, in fact, most times it counts
against them. I would take a person with 10 years experience and no
certs over someone that has a MCSE and other MS certs that does not have
the experience level of the 10 year candidate.

--
--
(E-Mail Removed)
(Remove 999 to reply to me)
 
Reply With Quote
 
Peter James
Guest
Posts: n/a
 
      02-12-2004
On Wed, 11 Feb 2004 16:14:24 +0000, Peter James
<(E-Mail Removed)> wrote:

>There was mention on the BBC lunchtime news today of a "hole" in the
>Microsoft OS that has recently been discovered, and the patch for this
>available today.
>Can anyone throw any light on just what this security hole actually
>is. Keep it simple for a non-anorak. Thanks

Many thanks for all of the replies. I'm no techie, so my knowledge is
basic and picked up as I go along. But I don't use IE or Outlook, and
I do scan for virus and malware, and so far I've been lucky. Thanks
again.
--

Peter James
Change AT to @ to reply
 
Reply With Quote
 
Dazz
Guest
Posts: n/a
 
      02-12-2004
On Thu, 12 Feb 2004 08:54:07 GMT, Leythos <(E-Mail Removed)> wrote:

>In article <(E-Mail Removed)>,
>(E-Mail Removed) says...
>> I have come across many MCSE's that don't have a clue about how to
>> *secure* a system, let alone fix a problem when it occurs.
>>
>> This isn't to say that I haven't met some very good MCSE's, but the
>> majority that I have come across think they know it all, simply
>> because they've read some books and sat some exams.

>
>That's mostly my experience with them too. The ones that are good are
>the ones that have experience and just happen to have got he MCP or MCSE
>for the added benefit it can have.


So very true.

>When I hire someone, if all they have is an MCSE, in general, I don't
>give them any brownie points for it, in fact, most times it counts
>against them. I would take a person with 10 years experience and no
>certs over someone that has a MCSE and other MS certs that does not have
>the experience level of the 10 year candidate.


Excellent.

I think the IT industry needs more people like you to weed out "paper"
MCSE's, and then maybe certification will begin to mean something.

Maybe then, I'll *actually* get off my butt and get a certification
that I can be *proud* to hold.

Dazz

>--


 
Reply With Quote
 
sam1967@hetnet.nl
Guest
Posts: n/a
 
      02-12-2004
On Wed, 11 Feb 2004 23:20:32 GMT, Leythos <(E-Mail Removed)> wrote:

>In article <(E-Mail Removed)>, sam1967
>@hetnet.nl says...
>> I connected a WinXP (cursed sw) box to the internet for a friend and
>> within 5 minutes it was BLASTERed. i wiped it and put on Windows 98.

>
>You just gave yourself away with this line - you almost had us thinking
>you were just an upset, out of work, MCSE, but it's completely apparent
>to anyone that you can't be an MCSE or any other type of support person.
>
>No MCSE or tech support person would connect a unprotected system to the
>internet without first ensuring that it was protected. Heck, even a
>first year MCSE knows enough to turn off the services that can get
>compromised before connecting to the net to get the updates when there
>is no protection on the system.
>
>What the heck kind of MCSE goes to a friends house to help with a
>computer and doesn't take his CD's choked full of goodies (like the Free
>Zonealarm, the free Spybot, etc...).
>


I only connect windows 98 boxes to the internet as a rule as I know
how insecure the other platforms are.
This person wanted XP and I knew it was a **** product.
I was SURPRISED to discover just how **** it is.
I maybe should say ex-MCSE since I have not studied any M$ stuff for
well over a year and would like to forget it even exists.
I have deliberately tried to remove all traces of the propagandistic,
crippled, biased teaching methods and ideologies from my mind.
As you are well aware security is not taught in any meaningful form as
M$ try and pretend security is not an issue with their products.

I am currently involved with ADSL projects and will be setting up a
VPN using Draytek Vigor routers shortly.
Hopefully they will not ask me anything about M$ **** as I really want
to forget it all.

You are asking the wrong questions.
The question you should be asking is WHY should a user need to install
spybot, spyblaster, ad-aware, kerio pf, avast, avg and e-trust just
before they can dare to connect to the internet ?
answer is they shouldnt and if you were honest - and intelligent - you
would admit this.
But I fear you are neither.




 
Reply With Quote
 
sam1967@hetnet.nl
Guest
Posts: n/a
 
      02-12-2004
On 11 Feb 2004 23:10:52 GMT, donutbandit <(E-Mail Removed)> wrote:

>"(E-Mail Removed)" <(E-Mail Removed)> wrote in
>news:(E-Mail Removed) :
>
>> from what i can gather all the AV products , spyware and trojan
>> scanners and firewalls in the world is not enough to protect you if
>> you are using a MS operating system - especially the ones built on NT
>> code.
>>

>
>Nonsense. Pure, utter poppycock.
>
>Tbe average home user needs only to practice "safe computing" to be 99%
>immune to any of the recent exploits.
>
>"Safe computing:"
>


>1. Do not use Outlook Express. I recommend not using Internet Explorer
>either, but those who do should make sure it's patched up to date, disable
>"install on demand" and javascript, and configure the security settings to
>a high level. However, I highly recommend using a Gecko based browser like
>Mozilla, Firefox or Netscape, since doing so automatically makes these
>exploits null and void.
>
>2. Never open unknown attachments.
>
>3. Stay away from P2P networks.
>
>4. Use a simple software firewall that will alert you to changes in
>programs, and when disallowed programs try to call out. It simply doesn't
>get any better than Kerio 2.1.5 for this.
>
>5. Use a simple free AV program that will alert you if something you
>downloaded is infected. I use AVG, and it has alerted me twice in the past
>to infected files.
>
>6. Scan occasionally for trojans and viruses: but if you practice safe
>computing, there is really no chance of getting any.
>
>7. Be very careful about purchased CD with games, programs, etc. on them.
>Many contain spy and adware.
>
>That's basically it. If 100% of the people who contracted and spread the
>Lovsan worm (or any of the others) used Eudora (just an example) rather
>than OE, worms would be almost nonexistent. They use the built in
>insecurities in OE (and the built in ignorance of the average computer
>user) to proliferate.
>
>I am speaking of the single home user, not those running a network, or who
>allows others to access and use their computer.


all excellent points. but the chances of the above happening are about
a million to one.

 
Reply With Quote
 
Leythos
Guest
Posts: n/a
 
      02-12-2004
In article <(E-Mail Removed)>, sam1967
@hetnet.nl says...
> I only connect windows 98 boxes to the internet as a rule as I know
> how insecure the other platforms are.
> This person wanted XP and I knew it was a **** product.
> I was SURPRISED to discover just how **** it is.
> I maybe should say ex-MCSE since I have not studied any M$ stuff for
> well over a year and would like to forget it even exists.


This would make you a "Paper-MCSE", one that didn't learn anything about
the material, and that has no experience with MS products or networking.

In fact, I would also suggest that on top of being a troll that you are
in some way related to Tracker.

--
--
(E-Mail Removed)
(Remove 999 to reply to me)
 
Reply With Quote
 
sam1967@hetnet.nl
Guest
Posts: n/a
 
      02-12-2004
On Thu, 12 Feb 2004 17:06:52 GMT, Leythos <(E-Mail Removed)> wrote:

>In article <(E-Mail Removed)>, sam1967
>@hetnet.nl says...
>> I only connect windows 98 boxes to the internet as a rule as I know
>> how insecure the other platforms are.
>> This person wanted XP and I knew it was a **** product.
>> I was SURPRISED to discover just how **** it is.
>> I maybe should say ex-MCSE since I have not studied any M$ stuff for
>> well over a year and would like to forget it even exists.

>
>This would make you a "Paper-MCSE", one that didn't learn anything about
>the material, and that has no experience with MS products or networking.
>

I dont need to prove my technical skills to anyone who uses a RR cable
modem do I ?
I certainly dont need to prove them to such an opinionated blowhard as
yourself do I ?





 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
microsoft.public.certification, microsoft.public.cert.exam.mcsa, microsoft.public.cert.exam.mcad, microsoft.public.cert.exam.mcse, microsoft.public.cert.exam.mcsd loyola MCSE 4 11-15-2006 02:40 AM
microsoft.public.certification, microsoft.public.cert.exam.mcsa, microsoft.public.cert.exam.mcad, microsoft.public.cert.exam.mcse, microsoft.public.cert.exam.mcsd loyola Microsoft Certification 3 11-14-2006 05:18 PM
microsoft.public.certification, microsoft.public.cert.exam.mcsa, microsoft.public.cert.exam.mcad, microsoft.public.cert.exam.mcse, microsoft.public.cert.exam.mcsd loyola MCSD 3 11-14-2006 05:18 PM
microsoft.public.certification, microsoft.public.cert.exam.mcsa, microsoft.public.cert.exam.mcad, microsoft.public.cert.exam.mcse, microsoft.public.cert.exam.mcsd realexxams@yahoo.com Microsoft Certification 0 05-10-2006 02:35 PM
microsoft.public.dotnet.faqs,microsoft.public.dotnet.framework,microsoft.public.dotnet.framework.windowsforms,microsoft.public.dotnet.general,microsoft.public.dotnet.languages.vb Charles A. Lackman ASP .Net 1 12-08-2004 07:08 PM



Advertisments