Code-I Moronics

Paul H. Merrill PaulMerrill at acm.org
Sun Aug 5 21:09:01 PDT 2001 

Being the whore that I am (actually, high priced
call girl) I don't "not tolerate" anything.

"Update" is an ambiguous word.  

One can download, from the Microsoft site, patches
for damn near every piece of software that they
sell or have sold in the recent past. Security
patches (actually replacement files, not patches,
for the most part) are a big favorite, though
improved functionality is also popular. 

There are also third party products that can be
bought.  For instance, SecureIIS fixes known flaws
and "fixes" buffer overflow exploits that haven't
been found yet. (Yeah, it does what responsible
programmers would have done in the first place.)
Code-Red has not been successful against SecureIIS
enhanced IIS.

If there is some aspect not answered by this
answer, feel free to ask a less ambiguous
question.

PHM


-- 
Paul H. Merrill, MCNE, MCSE+I, CISSP
PaulMerrill at ACM.Org

"Wilfred L. Guerin" wrote:
> 
> [ Re: Code-255RandomCharacters. ]
> 
> Ok, Time to fix this correctly.
> 
> Someone already upgraded the old one, at least 2 others have been released
> recently...
> 
> I personally do NOT tolerate M$ products to do anything relevant in my
> environment, so if anyone can help us out by answering a few questions, we
> will have to fix M$ the hard way...
> 
> First, does the IIS server have any auto-update mechanism, if so, is this
> dictated by a moronic registry value, variable setting, etc?
> 
> If not, what is the quickest and most effective method to update (by hand
> and manual access) an IIS server installation?
> 
> Are there any alternate methods than [this] to update the IIS server software?
> 
> Other Suggestions?
> 
> [ Yes, creation of exe on disk or in process, get of file from m$, and
> running of it with /autobullshit would work too. ]
> 
> ...
> 
> Now, for any competant individual on this planet, you would already realize
> that the intent now, if i feel like wasting time fixing the rest of the
> world's incompetance, is to generate a forceful update and force all of
> these foolish IIS servers to reinstall the newer version (with only a few
> less problems)...
> 
> At the rate of ideal propogation, this security breach and hastle can be
> remedied in full in less than a week. I would strongly suggest an open
> petition of inquiry as to why msoft is so incapable of basic software design.
> 
> In this regard, I see at least 8 totally independant mechanisms of
> completing this process, however, because I personally do not tolerate
> moronics, I will not personally create additional code until someone gives
> me a good reason to do so.
> 
> Unless, of course, everyone continues to fail, I may waste the time, in
> which case i will need an individual in a politicly and logisticly neutral
> environment who has a simple modem, to instantiate the fix.
> 
> Inversely, if everything fails, we eliminate the servers from operation. A
> far better solution.
> 
> All I shall do is provide operational code, if so desired. Im not up for
> the bullshit that will result from other antics.
> 
> So, anyone care to fix the world, or shall we all play incompetant sheep as
> always and give no heed to the potential benefits of doing something
> relevant or competant for once in our lives?
> 
> I leave you with this...
> 
> -Wilfred L. Guerin
> Wilfred at Cryogen.com
> 
> ...

-- 
Paul H. Merrill, MCNE, MCSE+I, CISSP
PaulMerrill at ACM.Org

More information about the cypherpunks-legacy mailing list