IWETHEY v. 0.3.0 | TODO
1,095 registered users | 0 active users | 0 LpH | Statistics
Login | Create New User
IWETHEY Banner

Welcome to IWETHEY!

New Shields up is a waste of time.
Nmap is far better, and doesn't provide a web-based DDOS mechanism.

(Crappy IP address hashing in the algorithm used to generate the URL that initiates the scan means that I can use grc.com to hit other people's computers. Security-minded, my arse)

Steve should stick to hard disks.


Peter
[link|http://www.no2id.net/|Don't Let The Terrorists Win]
[link|http://www.kuro5hin.org|There is no K5 Cabal]
[link|http://guildenstern.dyndns.org|Home]
Use P2P for legitimate purposes!
New Elitist smugness
Steve realizes the attention span and priorities of the impatient/uninformed majority-caste.
For the unwashed, Shields Up is simple and a fuck of a lot better than nothing at all == the Usual situation.

Now tell me how many of the clueless are going to find out how to install and use WinPcap first, then remember wtf DOS was, then launch their nmap and go back to gaze again at that [link|http://www.insecure.org/nmap/install/inst-windows.html#fig-windows-cmdshell-exec| DOS readout] and interpret same. Ditto the "Win" version that still displays in DOS box. Stark as evah. woo.

Nicely accurate details - for those familiar with such details.
For the rest - it's Google time to find out [what a port is] exactly which ports should be open and why/when. And how to CLOSE them (by port #) in whatever serves as their 'firewall' du jour.

They won't find any 'interpretive assistance' at insecure.org [if they find That] but... it's Out There, innit.

Sure, Peter -- LOTS of folks can, will do this;
they Love increasing their l33T skillz - piece o'cake.
We should restrict such tests to only those who can savour all the details and find out how to interpret them. Right after they learn how to edit the Registry.

As to hijacking via his site -?- I guess so.
But then, lots of folks open e-mail attachments too.
So Steve should make it comprehensive, free, easy + bulletproof, or: it sux, izzat it?
Maybe he should require e-mail confirmation of your addy before you can push that button.



You're a crank, y'know?

(But then, I too have mixed feelings about people who've been 'using' these machines for 10 years and get all weepy-eyed on first discovering what the word 'backup' might mean. Fuck-em - maybe they SHOULD all have to use nmap and XP-Hovel-edition forever...)

Speaking of us unwashed -
Hey! I almost.. got a Beast-modem to function in Mepis! init-string Bingo, etc.
Hell, >IT< thought it was 'Active', except ...

when it came to ackshully processing those little AT thingies and deciding to dial something. Mepis-Hovel-edition?
(The Hayes Optima is fine - but that was too easy.) ;^>




Ed: Optima or nit-picky ackurasy

Expand Edited by Ashton Jan. 29, 2006, 06:10:34 AM EST
New Whatever, Ash.
ShieldsUP is a DDOS waiting to happen. (Or not waiting at all: who knows?)

(Its usage is also against the AUP of most ISPs - portscanning anything for any reason is usually verboten. You probably won't get caught, though.)

But hey, it's EASY, so therefore it's GOOD.

Gibson knows loads about hard disks and next to bugger-all about security.

I don't genuflect before his image.


Peter
[link|http://www.no2id.net/|Don't Let The Terrorists Win]
[link|http://www.kuro5hin.org|There is no K5 Cabal]
[link|http://guildenstern.dyndns.org|Home]
Use P2P for legitimate purposes!
New Sorry Ash, but Peter is right here.
New I acknowledge those valld criticisms.
But I also accept that - until some DDOS affair is definitely traced back to his site / or / ISPs more uniformly trap port scans.. (or at least sequential ones of this magnitude) -- it's still probably the closest thing to nmap that the clueless will actually use.

And it does, at least - flag the wide-open machines. The user may not grok much, but seeing a lot of red boxes -- just may prompt a few to ask someone to tell them the obvious.

Anyone who manages to close some of those ports, finally - is one less zombie. And isn't that what we mainly bitch about? the millions who don't even know that they don't know shit?


Then again.. likely it is merely Pearls before swine.
Maybe if grc closed its doors, there'd be no perceptible change in the zombie population. But since we can't measure that, anyway - -

     Steve Gibson: "WMF flaw was a deliberate back door". - (Andrew Grygus) - (30)
         He needs to adjust his tinfoil IMHO -NT - (altmann) - (9)
             He's got a pretty good case - (bepatient) - (8)
                 Yup - (broomberg)
                 Is there more in it that what was in the transcript? - (altmann) - (3)
                     Where'd you find a transcript? - (jb4) - (2)
                         On GRC - (Another Scott)
                         Podcast is just an MP3 -NT - (drewk)
                 A guy over at SysInternals is said to be . . . - (Andrew Grygus) - (2)
                     Sysinternals verdict: Not a back door - (altmann) - (1)
                         Just stupidity and incompetence, eh? SOP for M$. -NT - (n3jja)
         Seems very unlikely to me - (JayMehaffey) - (13)
             But thats just as bad - (bepatient) - (5)
                 Do I unnderstand this right? - (drewk) - (3)
                     did $MS understand multithreading when they wrote it? -NT - (boxley)
                     It is part of that - (JayMehaffey)
                     No. - (broomberg)
                 I would say not quite as bad - (JayMehaffey)
             Microsoft have an explanation. - (static) - (6)
                 Artful Dodging - (admin) - (1)
                     Link fixed. - (static)
                 I like how that "blog" doesn't allow comments, too. -NT - (admin)
                 If it's brought forward from legacy stuff . . . - (Andrew Grygus) - (2)
                     Dang. Beat me to it. That was my first thought. -NT - (mmoffitt) - (1)
                         No default program for WMF = No "critical" vulnerability -NT - (altmann)
         Interesting "analysis" / Guess-of-motives - (Ashton) - (5)
             Shields up is a waste of time. - (pwhysall) - (4)
                 Elitist smugness - (Ashton) - (3)
                     Whatever, Ash. - (pwhysall) - (2)
                         Sorry Ash, but Peter is right here. -NT - (inthane-chan)
                         I acknowledge those valld criticisms. - (Ashton)

Certainly, as long as they don't require any treatment.
55 ms