From: Virus Guy on 8 Mar 2010 08:49 Anyone want to comment on the technical accuracy / execution of this website: http://bcheck.scanit.be/bcheck/ I'm looking for 2 answers: 1) are the tests designed and executed correctly to simulate the browser exploits being tested for? 2) what fraction of all possible (all known) drive-by exploits are represented by these tests? Is anyone in a position to test, say, an unpatched XP-SP1 or SP2 installation?
From: Virus Guy on 8 Mar 2010 09:29 ASCII wrote: > I have XP home SP2, isn't the Service Pack considered a patch? > > I ran all the tests and no vulns were detected here. Is your system fully patched? What I meant was, does anyone have a machine in a "virgin" XP-SP1 or SP2 state where some of these vulnerabilities are not patched.
From: Dustin Cook on 12 Mar 2010 05:08 Virus Guy <Virus(a)Guy.com> wrote in news:4B950071.38B52A5C(a)Guy.com: > Anyone want to comment on the technical accuracy / execution of this > website: > > http://bcheck.scanit.be/bcheck/ > > I'm looking for 2 answers: > > 1) are the tests designed and executed correctly to simulate the browser > exploits being tested for? > > 2) what fraction of all possible (all known) drive-by exploits are > represented by these tests? > > Is anyone in a position to test, say, an unpatched XP-SP1 or SP2 > installation? > I'm just curious, at what point will you do any of the research for your questions on your own; and possibly share what you find? Instead of asking people here and in other forums to do it all for you? You really won't (obviously) learn much if others have to keep explaining things to you. -- "Hrrngh! Someday I'm going to hurl this...er...roll this...hrrngh.. nudge this boulder right down a cliff." - Goblin Warrior
From: Virus Guy on 12 Mar 2010 09:31 Dustin Cook wrote: > > Anyone want to comment on the technical accuracy / execution of > > this website: > > > > http://bcheck.scanit.be/bcheck/ > > > > Is anyone in a position to test, say, an unpatched XP-SP1 or SP2 > > installation? > > I'm just curious, at what point will you do any of the research for > your questions on your own; If I was already a user of a system with virtualization capability it would be easier for me to simulate platforms with known unpatched vulnerabilities and hence I would have my answer. Since I don't have a system with virtualization capability, I figured there would be no harm in putting forward this question to this community. Why are you taking my post so bluntly? What exactly do you have against people asking questions on usenet? Is that a foreign concept for you? Should I have not mentioned that site here? Should I have not invited discussion as to the operational merits of the facility being offered by that site? Should I have not asked here if others can test the functional accuracy of that site? > and possibly share what you find? Instead of asking people > here and in other forums to do it all for you? What the hell kind of attitude is that? Where do you get off that I want to sit back and let others do all the work? If you were to look back at my posts here, you'd see plenty of evidence of what I investigate and post the results of. When there are things I can't do (or do easily) why does it offend you if I ask if others might be interested enough to try it? > You really won't (obviously) learn much if others have to > keep explaining things to you. What you're saying is that nobody should ever ask a question, and nobody should ever explain something to someone else. Not here, not in usenet, maybe not even in a classroom. Because if they ask, then they'll never learn. Just what is the nature of learning then? So what should be posted to these newsgroups, if not questions? What does that leave? If you don't want to discuss that web-browser test site, then fine, you didn't have to post a reply. That you posted a reply that is just abusive says a lot about your character.
From: George Orwell on 13 Mar 2010 04:57 "Virus Guy" wrote: > Should I have not asked here if others can test the functional accuracy > of that site? What you should have asked is if you could stick your finger up ASCII's bum. On second thoughts, ASCII's answer would be a resounding "Yes", making the question moot and possibly generating further disapproving comments from the group, so perhaps it was better left un-asked. There is no need to wait for an invitation, by the way. ASCII's bum is always primed and ready for a good hard male-to-male prostate stimuation session. Il mittente di questo messaggio|The sender address of this non corrisponde ad un utente |message is not related to a real reale ma all'indirizzo fittizio|person but to a fake address of an di un sistema anonimizzatore |anonymous system Per maggiori informazioni |For more info https://www.mixmaster.it
|
Pages: 1 Prev: botnetWorks - Call for experimental botnet beta testers Next: Basura |