* Re: 1.7: Problem with Vista64b ACLs and sockets [not found] ` <20090417094415.GC5200@calimero.vinschen.de> @ 2009-04-18 9:10 ` Dave Korn 2009-04-18 17:27 ` Warren Young 0 siblings, 1 reply; 2+ messages in thread From: Dave Korn @ 2009-04-18 9:10 UTC (permalink / raw) To: The Vulgar and Hey-Dude-I-Totally-Hacked-The-Gibson! Cygwin-Talk Maiming List Corinna Vinschen wrote: > On Apr 16 14:17, Lee D. Rothstein wrote: >> I do a 'ping' in my profile of an Internet server to see if the >> network is up when I bring up the first terminal session/login. >> >> I'm getting the following error: >> >> ping: socket: Operation not permitted > > Cygwin's ping uses raw sockets. Using raw sockets is only allowed > to administrative users since Windows XP or so. ITYM "... since that FUDmonger Gibson started ranting and raving that the sky was falling if raw socket ops were permitted to ordinary user accounts". We now have the benefit of hindsight, and it's made exactly _how much_ difference to the usability of XP machines as botnet drones sending spoofed packets in DDoS attacks? Yep, that's right. None. A big fat zero. Zip, nil, zilch, nada, diddly-squat. Bugger all multiplied by bugger nothing. A goose egg; out for a golden duck. Nullity, void, the empty set; having no measurable or otherwise determinable value, nothing: a quantity of no importance; a mathematical element that when added to another number yields the same number. Aught, nought, naught, nix, nothing, null. It has, however, been a right PITA for legitimate users, so at least he achieved something. /me LOLs at Gibson. *And* his website still looks like it was done in RTF format in Wordpad[*]! cheers, DaveK -- [*] - By an eight-year-old![**] [**] - The kind of eight-year-old who's still sticking crayons up their nose at that age.[***] [***] - Look, do I have to spell it out?[****] [****]- Ralph Wiggum. His website looks like it was done by Ralph Wiggum. ^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: 1.7: Problem with Vista64b ACLs and sockets 2009-04-18 9:10 ` 1.7: Problem with Vista64b ACLs and sockets Dave Korn @ 2009-04-18 17:27 ` Warren Young 0 siblings, 0 replies; 2+ messages in thread From: Warren Young @ 2009-04-18 17:27 UTC (permalink / raw) To: The Vulgar and Unprofessional Cygwin-Talk List Dave Korn wrote: > > FUDmonger Gibson He does go to extremes sometimes, but that's his (self-appointed) job. In any sort of advocacy, it takes extremists on both sides to help the rest of us find the middle. The main criticism I have of Steve Gibson is that he frequently forgets that security is a people problem, not a technical problem. The software has to do the right thing, of course, but ultimately, if people want to roach their systems through negligence, no technology is going to help much. Tricking ignorant users into running malware has to be either the #1 or #2 way worms get on PCs. (It's a toss-up between that and all the remote code execution and privilege escalation holes.) > We now have the benefit of hindsight, and it's made exactly _how much_ > difference to the usability of XP machines as botnet drones sending spoofed > packets in DDoS attacks? Err...disallowing raw socket access to all users doesn't fix the people problems and the remote root exploits, so it's a bust? How about, instead, we educate the users and arm-twist Microsoft to fix all those holes so that it actually matters that raw sockets are restricted? If more people listened to Security Now, there'd be a lot fewer bots. I'm not saying that people should follow 100% of Steve's advice. Just getting cluebies to stop clicking on links in spam and "NAV2009" popups would help loads. Don't forget, what Microsoft did here is finally follow the standard behavior on Unix-like systems, which we're all supposed to really like here, right? /bin/ping on Linux is setuid, no doubt for this very reason. Does Windows not have something like setuid? If not, there's another legitimate reason to criticize Microsoft. ^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2009-04-18 17:27 UTC | newest] Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- [not found] <49E7764B.7080700@veritech.com> [not found] ` <20090417094415.GC5200@calimero.vinschen.de> 2009-04-18 9:10 ` 1.7: Problem with Vista64b ACLs and sockets Dave Korn 2009-04-18 17:27 ` Warren Young
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).