Re: win xp firewall

From: vinny (vinny@friggenbozo.com)
Date: 05/08/02 

From: "vinny" <vinny@friggenbozo.com>
Date: Tue, 7 May 2002 22:57:17 -0400

"Marshall Place" <punktdawg@cox.net> wrote in message
news:wX_B8.38061$9c5.1567841@news2.west.cox.net...
>
> "ThePsyko" <thepsyko@itookmyprozac.com> wrote in message
> news:Xns92079668DF58EIWishIWas@marashouse.org...
> > On 07 May 2002 in that fucked up hellhole known as
> > alt.hackers.malicious, an identity claiming to be Marshall Place spewed
> > forth news:lNUB8.36721$9c5.1532720@news2.west.cox.net:
> > >
> > > The firewall is not ment to block services that are already on.
> > > Granted it is not sufficient security it is still security.
> > > As for Vinny's response you're right most people don't know what
> > > services are. much less how to turn them off. Endless popups on
> > > individual's comps is not a security concern. It is a loophole that
> > > script kiddie pranksters will use. If someone's marriage results in a
> > > divorce due to net sends there's obviously already some serious trust
> > > issues going on. There are people trading valid credit card numbers on
> > > IRC and you are worried about net send messages and XP's crappy built
> > > in firewall, which on previous OS's they didn't even include any
> > > security. I don't know I am not defending Microsoft but hell it just
> > > doesn't seem like that big of a deal, when attachments could be
> > > executed through outlook without the user doing anything, that seemed
> > > like a big deal. Net send messages. We'll live, nothing is damaged.
> > > Let the kiddies have their laughs. Maybe if they do enough, they will
> > > grow up.
> > >
> >
> > I do believe that you have failed to grasp the essence of my previous
> > post. Go back and re-read it, then look at your reply..
> >
> > Quoting from the post you replied to:
> > "I also never referred to it in particular as a 'security flaw' "
> >
> > As I have said several times already, I don't *trust the XP firewall*,
> > and the net send "feature" was but one example I provided to support my
> > opinion.
> >
> > As for your contention that the firewall is "not meant to block services
> > that are already on" then WTF is it for? If the service isn't on, it
> > doesn't matter if you have a firewall or not because there's no way of
> > exploiting it. No services, no holes, no r00t :) Also, since the XP
> > firewall allegedly (I say that because I haven't tested it personally)
> > doesn't block outgoing traffic, it's useless once you've been
> > compromised. Keeping virus' out isn't it primary function or it would
be
> > called an "anti virus" program like so many others. No, the firewall is
> > there to control access to active services as defined by the user. To
> > keep unwanted traffic out and allow approved traffic in.
> >
> > Basically, my point was.. the XP firewall is known to not stop one kind
> > of traffic (the net send), allegedly was written to not stop ANY
outgoing
> > traffic, AND was coded to allow IPv6 traffic both IN and OUT.. Put all
> > that together, slap a microsoft label on it (please tell me you don't
> > trust them to not be sneaky) and you have a product that I *don't trust*
> > period..
> >
> > ok.. you had the pleasure of my first post of the afternoon.. hope you
> > enjoyed it.. :)
> > --
> > ThePsyko
> > Public Enemy #7
> > "God told me to skin you alive"
> >
> > http://prozac.iscool.net
>
> I just think that if you are that concerned with someone cracking into
your
> machine unplug it from the internet, or run a more secure OS than Windows.
> The hacker with the ability to compromise your system Psyko doesn't care
> about your system. No offense or anything, and if they did it's most
likely
> they wouldn't mess with anything. However a script kiddie would in fact
send
> you pop ups, see the lack of harm in that? It's just immature kids and
> sometimes adults who have no life. If they feel like they accomplished
> something great or were clever by figuring out that my ip has the service
> running then good for them. It doesn't really bother me that much.
> Eventually they will make a mistake and *** with the wrong person rather
> than helpless users and they will pay the price for their immaturity.
>
>

 So what would you do to this winpopup teenage monster?
 I'm trying to make a point that NOBODY ever makes.
"scriptkiddies" as everyone affectionitely refers to them use programs
written by NON-SCRIPTkiddies. Sometimes, maybe more than sometimes these
programs were written by TOTAL BADASSES.
 So you take winpopup, a safe little messaging program,
or is it? There might be somebody right now exploiting the mailslots
protocol, and might have already discovered something evil and nasty.
 Never before was it worth exploiting, but now its running by default on
every xp box on the planet and the default firewall lets it go right on
thru??
 My guess is it becomes a problem that needs patched sooner than later.
 If you can't see that...apply at microsoft for a job.