Re: How to fix broken security in Windows 2000?
From: Shannon Jacobs (shanen_at_my-deja.com)
Date: Tue, 8 Feb 2005 20:51:33 +0900
Why did you (Karl Levinson, mvp) post all this stuff? Isn't that a question
you can actually handle? Since you have nothing interesting to say, why not
say nothing? All you are "accomplishing" is forcing me to scan your stuff in
the vague hope you might slip something useful in there.
The security problem is Microsoft's, but you (Karl Levinson, mvp) have not
been any part of the solution.
Karl Levinson [x y] mvp wrote:
> "Shannon Jacobs" <firstname.lastname@example.org> wrote in message
>> And why do you want to disguise your identity now with the cute
>> bracket trick? Have you suddenly become ashamed of your name?])
> You're right, you caught me. I added Karl Levinson [x y] to the end
> of my name so you wouldn't figure out it was me. How did you ever
> figure out it was me?
> Thanks for finding my  brackets cute. I'll explain how the trick
> works later, it's complicated. It involves pressing certain keys,
> and making a mountain out of a molehill.
>> Of course, Microsoft can, to a great degree, ignore
>> the real world
> I'm not sure you're fully in "the real world."
>> From an actual security expert (found elsewhere),
> If "elsewhere" is so much better, then I suggest you spend more time
>> I qualified my statement about the certificate chains fairly
>> carefully because in the real world there are several public key
>> algorithms, various implementations, and a variety of possible steps
>> involved in importing security certificates.
> Yes, there are a lot of PKI solutions out there. Why would you bother
> bringing them up in trying to fix this problem? They are irrelevant
> here and are only confusing you. The differences between, say, PGP
> and Microsoft code signing are not proof that Microsoft is writing
> its own RFCs.
>> apparently claiming expertise in the "Microsoft way" of security.
>> if you study Microsoft's "support" pages as carefully as you claim,
> I said none of these things. I simply tried to point out that you
> said some things that are inaccurate, but apparently you don't make
>> would notice a number of points that do suggest their security
>> certificates do use chaining and that there are sequence
>> dependencies, and therefore I could not word my statement in more
>> absolute terms.
> Chaining is not the same thing as saying you have to install or
> re-install certificates in a particular order. If you deleted them
> out of order, just go ahead and use Microsoft's instructions to
> restore them, regardless of order.
>> I have actually been
>> informed that the certificate problems with W2K are fairly well
>> known--and actually started as long ago as SP1.
> You can't provide specifics, because you are spouting nonsense. You
> also claim that Win2K certificates are irreparably broken, and yet
> you seem to be the only one having these problems. Sounds like user
> error, or an ID ten T problem.
>> We are still discussing the situation,
>> but he thinks the situation is broken beyond repair. However, if we
>> do find a solution, it would be amusing to circulate it and let it
>> trickle back to Microsoft.
> I don't know why you hide behind this pretense of being forced to
> support and use Microsoft products. There are no *nix support jobs
> available in your country? Either make the switch, or stop posing
> and whining about it. It gets rather boring.
>> Now that I've considered the technical aspects,
> Funny how you've "considered the technical aspects," and yet you
> haven't said a single thing to clarify what your problem is. In the
> past two days you have said that certs are missing, certs are not
> missing, you need to know how to restore certs, you know how to
> restore the certs and your method is easier than Microsoft's, and
> restoring the missing certs would not fix your problem.
> You also have never addressed why exactly you mistakenly think the
> link I posted doesn't answer your questions. It quite plainly gives
> the certs and files you need to check, and you keep coming back with
> non-existent Microsoft conversations in your head and vague
> discussions about the existence of other irrelevant non-Microsoft PKI