DANGEROUS new internet security hole

[Laura Fredericks]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

...The source cited in the source where it should
be.

ROFLMAO!

Is that what you think a web page's "source code" is
for? For attributions?

ROFLMAO!

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.2
Comment: http://www.queenofcyberspace.com/laura_fredericks.asc

iQA/AwUBP9v1XaRseRzHUwOaEQKnFACgwpJC8B2Feut4N9N/DpWnIegVibYAoN7Y
eLVVXw+3bls+b7nN+hESKOYV
=7qIF
-----END PGP SIGNATURE-----

--
Laura Fredericks
PGP key ID - DH/DSS 2048/1024: 0xC753039A

http://www.queenofcyberspace.com/usenet/

Remove CLOTHES to reply.

 

[NewGyi]

Haha. The good thing in alt.comp.virus is that some things never
change

We can add this to the (already long) list:

http://groups.google.com/groups?selm=d4bjru8jdrq06hm80p6v0o2ig3l3ce36ks@news.asynchrone.net

I didn't see anywhere that he said he created it? I also do not see anything
wrong with his copying a POC expressly seeing as how he left the original
creators url to be pulled into the POC he put on his web site. Maybe if
more people were to copy POC's and put them up in more then one place then
others could find and be equipped to not be take advantage by them. If the
POC's are only on a page that very few know about then what is the point?
I (and a thing quite a few others) do NOT thing of Sugien as what you
and Laura and maybe a few others do; but we rather applaud his efforts. I
also thing that every one has taken code from everyone else and what you and
others can't stand is only that Sugien says he has done nothing wrong (and
he has not) and you and they can't stand it, that he had acquired a sort of
web fame by standing on the shoulders of midgets, and you and Laura are only
mad because you are not as famous or well liked as he/she is.
I have lurked here and other UseNet groups for some time and personally
I wish there were quite a few more like him. Even one of his worse
detractors (4Q) says that Sugien has not done any more code ripping then
that any other coder has it is just as 4Q says Sugien is just so "in your
face" with his "I have done nothing wrong"
Maybe if you and others would get off his case and spend more time
looking in your mirror and as the old saying goes "Let he that is without
sin cast the first stone". Maybe Sugien should just remember that if he
casts his pearls before swine he must expect for the swine to not
understand. After all afaik Sugien has never made dollar one with anything
he has ever created as he has said "Lego Style", and has only ever tried to
help people.
To my way of thinking, seeing as how he has only ever tried to help
people, I could care less how or where he got the code. If he ripped the
code from publicly available free source code and then creates something
useful and gives it away, I for one do not care if he doesn't credit the
original authors; because in this day and age of programming who is to say
who created something FIRST?


by the way
I figured I would post a LONG post; because , well just to see who would
say what, lol who knows maybe I will be accused of being the <cough> master
programmer/coderipper extraordinaire.

 

[NewGyi]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



Absolutely, Gabriele. ;-) The story's all over the
place... But you know Sooooooooooge -- trying to
impress his script kiddy friends. ;-) Anyone with
half-a-brain already knew about this exploit, because

if that is the case then how do you know about it? because you sound like
you have less then half a brain

they read computer security sites on a regular basis.

There was no reason for him to create demo links on

maybe he thought it was important enough to place on more then one! page

his site, 'cause these demos *already exist*. He's
just trying to make himself into some be-all, know-all
god, ya know? <snicker> Like it was *him* that

As long (quite some time; but now I choose to make my presence known) as I
have been lurking I have NEVER seen him even remotely act like he thinks
himself to be some kind of know it all; but only that he sincerely seems to
want to try and warn people. What's the foul? even his arch enemy 4Q says
on his page that Sugien has not done anything more then any other programmer
has ever done and that the only thing Sugien gets into trouble with you and
others is because Sugs' is just so in your face with "I have not done
anything wrong" and that I think is what rubs people the wrong way. Even
though he hasn't in my opinion done anything wrong or that any other
programmer has not, he just rubs you and others the wrong way; because you
think he may be gaining some limited fame for trying to help folks for free
that you and some of your cronies either can't or won't

discovered this exploit! ROFLMAO! Note how he doesn't
cite even one source in his post! ;-)

Did you read something in his post that I could not see? I did not see
anywhere he said anything remotely resembling his having discovered it. The
source cited in the source where it should be.

All Sooooooooge had to do was make a post saying, "In
case you missed it..." and provide a URL to one of the
MANY credible source articles -- so as not to insult
the intelligence of the *rest* of us. ;-)

Get off the guys back. Just because his posting style is not what you think
it should be what is the problem? How could he insult something
(intelligence) that by your comments you show you do not have?

But what do you expect from a known coderipper and
plagiarist? ;-)

I have followed this Sugien thing for some time and I have never found
anything that he has done that any other programmer hasn't. As for
plagiarism, how can you say that when you admit to STEALING screen captures
from his web page that says is not allowed and then create a page using
them? True plagiarism and stealing like you did are two different things.
I think you are more of a thief for stealing his copyrighted content and
then your admitting to stealing them and then warning anyone that views your
page to not do likewise and for them to not steal his stuff like what you
have. One other thing on his being a plagiarist, if I remember correctly
the person which Sugien was accused that of, posted saying he did not and I
read the local paper in which Sugien admitted the mistake and printed a
correction. Printing a correction sounds honorable to me and had he
intended to do then he would to my way of thinking never have had his column
print a correction.

 

[Mal]

I didn't see anywhere that he said he created it? I also do not see anything
wrong with his copying a POC expressly seeing as how he left the original
creators url to be pulled into the POC he put on his web site. Maybe if
more people were to copy POC's and put them up in more then one place then
others could find and be equipped to not be take advantage by them. If the
POC's are only on a page that very few know about then what is the point?

The original finder of a security vulnerability should be credited with
finding it.

Just copying it and repasting it somewhere else deprives them of the
credit/reputation they deserve for finding the issue.

While I don't agree with the original finder telling Microsoft the same
day they posted the POC to a security mailing list, I still feel that
they should get due credit for their research.

At the very least Sugien should have put something on that page advising
the source of the original POC, and having a link back to the original
finder's site.

 

[Mal]

I figured I would post a LONG post; because , well just to see who would
say what, lol who knows maybe I will be accused of being the <cough> master
programmer/coderipper extraordinaire.

Interesting posting style. I for one will say that you may not be
Sugien, but have a lot of similarities with him:

http://groups.google.com/groups?num...+less"+alt.comp.anti-virus&btnG=Google+Search

Is the most obvious one that I found.

I could point out more similarities in the writing styles... but have
better things to do today.

 

[Laura Fredericks]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Interesting posting style. I for one will say that
you may not be Sugien, but have a lot of similarities
with him:

"NewGyi" is one of Sooooooooooge's hillbilly cousins
in Ohio, so the same blood runs through their veins*.
Granted he's a sock puppet, but they're different
people. ;-)

*Insert [purported] 18" schlong joke of your choice
HERE.

Fwiw, someone just e-mailed me with the
hysterically-funny subject line of, "Soooge has a
sock"! <snicker> Actually, rather then Soooooooooooge
*having* a sock, I think he should just put a *sock*
IN IT!

*hahhaha* *ROFL* *LMFAO* *hehHeHe*
(c) 4Q

(Notice how I OPENLY credited the original author of
that guffaw. It's not hidden in the message "source".
<snicker>)

I mean, really! It would be pretty low for
Soooooooooge to start creating new nyms just to defend
himself! Granted no one else, here is gonna defend him
- -- but other personas? Comon! I personally don't think
Sooooooooge would stoop that low. He's a Vietnam vet,
for crissakes! ;-)

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.2
Comment: http://www.queenofcyberspace.com/laura_fredericks.asc

iQA/AwUBP9wZ1aRseRzHUwOaEQKYMwCg4efs8+vPhhK5+6wQQr99dJDu3RwAoLEF
GGTd/KRdobOeSYBg6QaP1fwf
=SflP
-----END PGP SIGNATURE-----

--
Laura Fredericks
PGP key ID - DH/DSS 2048/1024: 0xC753039A

alt.comp.virus photo gallery:
http://www.queenofcyberspace.com/acvgallery/

usenet flamewars:
http://www.queenofcyberspace.com/usenet/

Remove CLOTHES to reply.

 

[James Egan]

Actually, your spelling, syntax, and ideation, all bear a striking
similarity to that of our friend Paul. <g>

The syntax and style bears closer resemblance to that of the poster
Buggar_Off but he hasn't been heard of for close on two years. Maybe
he's back with a different nym.


Jim.

 

[Guillermito]

Actually, your spelling, syntax, and ideation, all bear a striking
similarity to that of our friend Paul. <g>

The IP too

NNTP-Posting-Host: 209.173.164.134

Which resolves to: chil-3com-1-cs-636.dial.bright.net (OH)

(Sounds like Chillicothe, heh?)

Looks like Soooge got a new ISP at bright.net two days ago to replace
or complement his usual adelphia.net. Then he did the obvious first
thing to do, before trying new nicknames: a test post.

http://groups.google.com/[email protected]&output=gplain

You will probably make an interesting addition to Guillermito's
collection of dissociative personality types who manifest a vicarious
persona via usenet.

Indeed. I love people who speak about themselves in the third person.
It tells a lot about how they construct a delusional universe around
themselves, because the reality does not seem good enough for them.

The good thing with Soooge is that he is easy to trace. Even if he
used a proxy or a remailer, the obvious thing to do to avoid being
traced, I'm sure I could code an heuristic detector of Sugien posts,
just from, as you said, the syntax and spelling

 

[FromTheRafters]

The syntax and style bears closer resemblance to that of the poster
Buggar_Off but he hasn't been heard of for close on two years. Maybe
he's back with a different nym.


Jim.

<Mr. Spock voice>

Right you are, Jim ~ fascinating....

</Mr. Spock voice>

Both were very "sugienesque".

Can anyone translate..

"Maybe if more people were to copy POC's and put them up in
more then one place then others could find and be equipped to
not be take advantage by them."

....into English?

It indeed looks as if Buggar_Off has buggared back.

...as for Sugien's post, it sure beats an AVG update notification. ;o)

 

[me]

<Mr. Spock voice>

Right you are, Jim ~ fascinating....

</Mr. Spock voice>

Both were very "sugienesque".

Can anyone translate..

"Maybe if more people were to copy POC's and put them up in
more then one place then others could find and be equipped to
not be take advantage by them."

...into English?

It indeed looks as if Buggar_Off has buggared back.

..as for Sugien's post, it sure beats an AVG update notification. ;o)

Also, S is much easier to plonk than the AVG POS

J

 

[Smitty]

In Message-ID:<[email protected]> posted on Sat, 13 Dec


Actually, your spelling, syntax, and ideation, all bear a striking
similarity to that of our friend Paul. <g>
You will probably make an interesting addition to Guillermito's
collection of dissociative personality types who manifest a vicarious
persona via usenet.

Sort of like your use of "Damn Straight" and "Nadie Ninguno" 'nyms, eh
bin-Bailey? I nominate Bart as 2003's internet Kook of the Year!

 

[Laura Fredericks]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

...I'm sure I could code an heuristic detector of
Sugien posts, just from, as you said, the syntax and
spelling

Go for it. Would be hilarious! :-D

But if you use another writer's code snippet, don't

Looks like Soooge got a new ISP at bright.net two
days ago to replace or complement his usual
adelphia.net. Then he did the obvious first thing to
do, before trying new nicknames: a test post.

Soooooooooooge, Sooooooooge, Soooooooooooooooooge! You
disappoint me! Here I was, defending you, thinking you
would NEVER stoop so low as to be your own sock
puppet! But I was wrong. <sob> I'll never believe
anything you ever say, again! (Oh wait...)

What was that e-mail's subject line, again? Ah yes,
"Sooooge has a sock". Wrong! It should be "Sooooge IS
a sock"! ROFLMAO!

Anyway, Dimbulb, glad to see you got your webcam back
up. I missed it! But tell your fat wife to wash her
feet, 'kay? Perhaps she should put on a pair of
<snicker> socks.
http://tinyurl.com/z7a3

*hahhaha* *ROFL* *LMFAO* *hehHeHe*
(c) 4Q

(And thanks, Guillermito! Your pic *shines* in the acv
photo gallery!)

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.2
Comment: http://www.queenofcyberspace.com/laura_fredericks.asc

iQA/AwUBP9yzZ6RseRzHUwOaEQIKUgCeL//+DS88DmbvGZYMv36hwFAqavYAoNtq
yt0PuWsaIluX83Lf0k/SztL/
=EcPD
-----END PGP SIGNATURE-----

--
Laura Fredericks
PGP key ID - DH/DSS 2048/1024: 0xC753039A

alt.comp.virus photo gallery:
http://www.queenofcyberspace.com/acvgallery/

usenet flamewars:
http://www.queenofcyberspace.com/usenet/

Remove CLOTHES to reply.

 

[Gabriele Neukam]

On that special day, Sugien, ([email protected])
said...

Only a bit late to those that have already seen it somewheres else. You
should remember however that quite a few that come here are not as agressive
as you and myself and others when scouring the web for holes;o)

Well, www.heise.de is one of the authorities re security among German
journalists. If they wouldn't cover this topic instantly, they would
soon be scolded as not being aware of their self chosen task.

To demonstrate the various security holes in browsers (they don't
concentrate on the IE alone), they are providing demo pages, which are
updated every time a new flaw is announced. They call it the "heise
browser check".

So they put a simple demo on this page, which will only redirect to
their main homepage, presumably provided by Microsoft; nothing else will
happen:

http://www.heise.de/security/dienste/browsercheck/demos/ie/e5_18.shtml

The non-JavaScript version doesn't fool my Opera; moving the pointer
onto the link, will display the portion beyond the faulty character.

I didn't try the JavaScript version.


Gabriele Neukam

(e-mail address removed)

 

[Gabriele Neukam]

On that special day, Laura Fredericks, ([email protected])
said...

He's
just trying to make himself into some be-all, know-all
god, ya know? <snicker> Like it was *him* that
discovered this exploit! ROFLMAO! Note how he doesn't
cite even one source in his post! ;-)

Now, now, Laura, if you let him down that hard, it will hurt him :-? Be
nice and tell him how to try harder.


Gabriele Neukam

(e-mail address removed)

 

[kurt wismer]

I have lurked here and other UseNet groups for some time and personally
I wish there were quite a few more like him. Even one of his worse
detractors (4Q) says that Sugien has not done any more code ripping then
that any other coder has it is just as 4Q says Sugien is just so "in your
face" with his "I have done nothing wrong"

if 4q said that then 4q needs to associate himself with a better class
of coder...

i'm a coder (a fairly prolific one from what i gather), i code
professionally... i don't rip code... there are occasionally times when
the standard documentation isn't enough to help me solve a problem, and
at such times i do seek out alternative sources of documentation which
often includes souce code - but i don't use the code, i read it, i
understand it, and if it fits my problem i apply one or more of the
techniques it contains, but not the actual code... and when i do apply
said techniques, i make no bones about where i got the solution from...

Maybe if you and others would get off his case and spend more time
looking in your mirror and as the old saying goes "Let he that is without
sin cast the first stone". Maybe Sugien should just remember that if he
casts his pearls before swine he must expect for the swine to not
understand. After all afaik Sugien has never made dollar one with anything
he has ever created as he has said "Lego Style", and has only ever tried to
help people.

even if i believed his intentions really were always good (and what
i've seen doesn't lead me to believe that), you still know what they
say about good intentions...

 

[kurt wismer]

Mal wrote:
[snip]

At the very least Sugien should have put something on that page advising
the source of the original POC, and having a link back to the original
finder's site.

no... the least sugien should have done is provide links to the
original *without* putting up a copy... he can put up a copy if/when
the original mysteriously goes missing... he could have included with
his links a commentary of how important this security hole is and why
he thought it so...

but of course, that's not the way sugien operates...

 

[Bart Bailey]

FU set to exclude ahm (I don't read it)

In Message-ID:<sm2ptvcjgid38rtdth2tns88oe7oq45c6s@zobi> posted on Sun,

Indeed. I love people who speak about themselves in the third person.
It tells a lot about how they construct a delusional universe around
themselves, because the reality does not seem good enough for them.

Third person self reference implies a desire to maintain a protective
layer of insulation, however evanescent it may be, and I suspect it's
not so much reality falling short of their expectations of merit, but
rather fear that reality may exceed their ability to cope.

 

[D McAuliffe]

Opera 7.2 raises a dialog:

"Security warning:
You are about to go to an address containing a username.
Username: www.microsoft.com[unprintable character here]
Server: zapthedingbat.com
Are you sure you want to go to this address?
OK Cancel"

Obviously, yet another reason to dump IE.

And dump I did. Thanks for the heads up example you gave from a new Opera
user
--
~~~~~~~~~~~~~~~~~
Dave McAuliffe
Central Mass. USA
To Reply -
Replace: mailinator.com
With: email.com
~~~~~~~~~~~~~~~~~.

 

[Zilker]

DANGEROUS new internet security hole

Well ok maybe not all that new; but in this configeration it may just
well be new:

The bad guys have now found a new way to make you think you are at a
different web page then what you really are. It use to be if you clicked on
a link even the old type of fake URL you could still tell where it sent you
by looking at the address bar of your web browser (IE). Now however there
is a new way in which you can click on a link that says it is a Microsoft
link and when you get to the page instead of the web browsers address bar
saying where you actually are instead using this new bug/hole the address
bar can say anything they like.
To see a harmless example go here:
http://dino-soft.org/security/vun1.html

<snip>

Gee. What a familiar looking web page...Where ever did it come from?

http://www.cotse.net/users/zilker/vuln1.html Maybe?

/Zilker

 

[Sugien]

<snip>

Gee. What a familiar looking web page...Where ever did it come from?

http://www.cotse.net/users/zilker/vuln1.html Maybe?

/Zilker

Yep, what's your point?

/Sugien