Comments: Careful about the analysis you read about MS08-067

Holy SHIT dude, you're a fucking idiot. Try decompiling a function at 4 in the morning as fast as you possibly can. So fucking what that Alex messed up ONE operating. People make mistakes and the function is still VULN.

MS fan boys like you and jesper piss me off to no end, no matter what you're at the defense of MS.

(notice my use of random capital letters, much like your blog posts)

Posted by ErikC at October 25, 2008 01:59 PM

Here are some points:
1. If your security analysis is based on someone "decompiling a function at 4 in the morning as fast as you possibly can", then the analysis is going to be flawed, or at least stands more chance of being flawed than if it's carried out a little more leisurely, or with access to people who know things. I think that's Dana's point here.
2. We're apparently supposed to forgive Alex for providing a detailed and incorrect decompilation, but Dana's supposed to "fuck off and die in a fire" for noting this? That's something of a double standard, surely.
3. Yes, the function is still vulnerable - the decompilation was supposed to show us that, but unfortunately it's impossible to tell what's the vulnerability and what's a transcription error. That makes Alex's original post somewhat useless (I gather he has made some changes, but the last time I visited it, this error had crept back in again).
4. Jesper and Dana (and myself) are not "MS fan boys". "Paid stooges" doesn't really cover it, either. We're know-it-all busybodies who have persistently won a Microsoft award for voluntarily helping Microsoft users. Me, I support Windows because it's where I make money - I think Dana's the same. Jesper - well, he's a special breed unto himself. Used to work for Microsoft, now works at a shop that likes to not use Windows, so I'd say he's not exactly a fan-boy by any stretch of the term.
5. I'm not quite sure what "ONE operating" is, or how you might mess it up, so I'm wondering if it was 4am where you are when you wrote the post, or perhaps if you believe you're uniquely qualified to assess the idiocy or otherwise of a post due to your own extensive experience in that sphere.
Whatever the case is, your comment serves as a good example of how not to comment if you want what you say to be taken remotely seriously. Thanks for the object lesson.
P.S. Where an argument lacks in its ability to persuade, profanity doesn't generally hide that. It just makes you sound like a pre-teen.

Posted by Alun Jones at October 28, 2008 01:59 PM