BBV: Have you EVER seen Microsoft take ALL files off the web?

And if you wonder what this has to do with Black Box Voting, we began investigating whether illicit remote access could be gained via building atl.dll files, along with RPC library items. So, of course, we are using those Microsoft libraries heavily as we document our findings. GONE.

In the final stages of a line-by-line road map. What the hell happened?

All Microsoft pages down for MSDN (Microsoft Developers pages) -- all of the MSDN reference pages in connection to ATL files are gone. Just gone. Have you ever seen Microsoft do this? The RPC stuff went down last night and -- was it replaced? Some has red, saying "this is preliminary documentation."

Why are they doing this? Is the remote control bug that big a threat? Are you finding ANY ATL info on the MSDN site?

Just go into MSDN and enter ATL and see if you get ANY command references. No programming examples. No class examples. No nothing. Is it just the ones that match the Diebold code? Feedback please.

Am I nuts?

Bev Harris

Search Results from MSDN
for all the words: ATL
Change your Advanced Search


Downloads
Free Microsoft products & technologies, service packs, updates, code samples...
Active Template Library 2.0
The Active Template Library (ATL) is a set of template-based C++ classes that simplify the programming of Component Object Model (COM) objects. The COM support in Visual C++ allows developers to easily create a variety of COM objects, Automation servers, and ActiveX controls.
http://msdn.microsoft.com/visualc/downloads/updates/atl/default.aspx
Service Pack 3 - Readme
Microsoft Visual Studio 6.0 site with product information, technical information, samples and downloads, developer community information and product news and reviews
http://msdn.microsoft.com/vstudio/downloads/updates/sp/vs97/readme.aspx
Service Pack 3 Fixes for Microsoft Visual C++ - Overview
Microsoft Visual Studio 6.0 site with product information, technical information, samples and downloads, developer community information and product news and reviews.
http://msdn.microsoft.com/vstudio/downloads/updates/sp/vs6/sp3/vcfixes.asp
More Downloads results

BTW what we are talking about is the technical library info online.

There is info, but whole sections are not there. I'm sure they are updating them.

Bev

Someone out there must have MSDN universal. MSDN sends out dvds or cd's with the entire library on them, so if you are looking for specific information someone out there should be able to find it for you.

I'll send you something right now.

Thanks so much

Bev

Trying to link the latest security hole du jour to BBV is a LOOOOOOOONG stretch. And I say that as a friend.

...this latest exploit is one in a very long list, but it's meant hours for me as locations scramble to patch holes. Easiest 'best' defense is a non-Microsoft point of access and not letting users be Admins on their machines...

to look mostly at customer facing machines to begin with and then go after the workstations because sure as we're talking there will end up being a virus in a few months that takes advantage of the latest epxloits.

Happens every time....

The holes are found fast and fixed fast. There is no long term hole.

So if you were to pursue this angle, look for the many holes that were known and existed at the time of the election.

There are two questions here.

First, why use a notoriously insecure OS? Malevolence or incompetence? The downside for the malevolent is that holes close unpredictably. OTOH, there are lots to choose from, especially if a nonstandard componant is added. Beyond Linux, there are lots of OS's designed for machine control that are far less vulnerable - and cheaper.

Other options? I suspect the holes are persistent, and not likely to be closed by CE or NT patches, and rely more on "features" of the Microsoft OS rather than "bugs."

That's right. I have to check the source on that, I think it's in the letter from Brit Williams -- I'll hunt around -- they say they do NOT apply Microsoft patches.

The only reason they applied patches in Georgia was that the machines wouldn't work at all. Now, if you are in there rewriting MS files, maybe they won't work too well, and certainly you wouldn't want to be using the patches.


Bev

BWAAHAHAHAHAHAHAH :evilgrin: That's a joke right?

What part of ALL Windows platforms don't you understand? :shrug:

They are probably replacing files with patched versions or patching the servers that hold the files.

I've seen this time and again when a major security alert comes out.

Microsoft is in the same boat as everybody else. They need to patch their boxes just like everybody else and that means some things become unavailable at times.

But could the monster hole in their OS have something to do with them taking it down prior to script attacks from around the world?

BTW: something weird just happened on my home office machine. This box is hooked up to banking networks all over the place and also several trading desks downtown via proprietary software.
So, I'm on DU literally moments ago, and while typing a response, the page skips right over to Microsoft's Update and critical patch page and asks me to download the patch?

With NO input from me? I mean, sure, I need the updates and they ARE critical, but WTF? :wtf:

http://search.microsoft.com/search/results.aspx?na=84&st=a&View=msdn&qu=atl.dll&qp=&qa=&qn=&c=1&s=1



NT 3.51
http://download.microsoft.com/download/vc60pro/Update/6.0/WIN98MeXP/EN-US/ATL.Zip

http://download.microsoft.com/download/vc60pro/Update/6.0/WIN98MeXP/EN-US/objwiz.zip

http://download.microsoft.com/download/vc60pro/Update/6.0/WIN98MeXP/EN-US/DOCS.zip

NT4
http://download.microsoft.com/download/vc42ent/Samples/4.0/WIN98MeXP/EN-US/atlinst.exe

http://download.microsoft.com/download/vc60pro/Update/6.0/WIN98MeXP/EN-US/objinst.exe

http://download.microsoft.com/download/vc60pro/Update/6.0/WIN98MeXP/EN-US/docsinst.exe

1.) This particular exploit only works if RPC is turned on and port 135 is open. If this was true for either GEMS host machines or AccuTouch units, my first question is WHY? Fredda has told us again and again they were "stand alone machines".

2.) This exploit was discovered by (wait for it...) The Last Stage of Delirium Research Group in Poland. Several other small, Eastern European "security" firms made news a few years back:
http://www.cnn.com/2001/TECH/internet/03/08/hacker.attacks/

<snip>
The FBI says the Eastern European groups, after successfully hacking into a company, then attempt to extort the company offering services to solve the computer vulnerability.

"If the victim company is not cooperative in making payments or hiring the group for their security services, the hackers' correspondence has become more threatening," the FBI announcement said.
<snip>

My next question is: why did this firm reveal this juicy little exploit FOR FREE?

It's common in the hacker to security Biz ; going straight is where the money's at.

BFEE may have a useful task from them in , oh, about 16 months.....?
:grr:

.

the parameters of the problem. The article says they need to fix some holes first. It indicates there is more to come.

Bev

This is their FIRST Microsoft vulnerability posted. All the others involved every OS but Windows...

http://lsd-pl.net/vulnerabilities.html

Some history. Under the Clinton administration a lawsuit was set in motion against MS. Its eventual outcome was a guilty verdict for MS and a looming split of the company. Lawyers tied the judgement up for a time until * got in office. Then the case went to ground for a while and eventually resurfaced with MS getting a slap on the wrist instead of being torn asunder. The sentence was they had to donate $90million (IIRC) in computers to the public education system.

I wondered at the time what kind of deal was cut to get this slap on the wrist.

An aside. In my opinion it was the initial sentence against MS that initiated the Dot.Com bubble burst. Right after MS got the verdict other tech stocks tumbled. They never recovered.

One only has to think about their predatory, um, "marketing" to realize these are NOT nice people.

I have no doubt in my mind, whether this is related to BBV or not, that MS has known about this for some time. It's odd for it to be surfacing now, but -- who knows? Things keep getting stranger and stranger these days.

Strange days indeed, momma.

Eloriel

Message removed by moderator. Click here to review the message board rules.

http://story.news.yahoo.com/news?tmpl=story&u=/ap/20030717/ap_on_hi_te/cisco_vulnerability_5

Can't speak for Microsoft, but since I work for one of the "Big Three" long-distance companies, I can definitely tell you that our router folks have been scrambling for the last two days to patch the IOS on EVERY router we have.....

altogether, whereas the Microsoft hole allows remote access to computers.

Bev