Larry the Tool™

Another techie journalist putting foot in mouth.

Get It Try It

According to eWEEK, Larry Seltzer has been working in and around computers since his graduation from the University of Pennsylvania in 1983. This is true - but it's mostly been 'around' rather than 'in'.

eWEEK also claim Larry was amazed he could graduate from university. Really!

What's important is that if Larry were a real programmer he would have stuck by it. As with actors and critics, those that can't program usually go into journalism.

But one shudders to imagine what Larry would do to perfectly good computer hardware if the logical bombs and booby traps in evidence in his 'journalism' were applied to software engineering.

As any longtime hardcopy subscriber knows, eWEEK have had their share of 'ace' reporters. Good people. Such as Peter Coffee and Jim Rapoza. But Larry Seltzer's always been - 'different'. A bit of a Microsoft tool.

Every new release of Windows is going to be great and finally cure all the ails the system's inherently plagued with, the GUI's looking great, Outlook is a feature rich mail client - that sort of thing.

'Larry the Tool™: Not Exactly a Good Reason to Read eWEEK.'® On 22 January Larry Seltzer decided it was time to enter the MOAB foray. There's good publicity in it.

'Opinion: the consensus is the 'Month of XXX Bugs' disclosures are just publicity stunts', writes Seltzer in bold face font under his title header 'The Month of Selfish Publicity Hogging' - right there you know you're onto something grand.

For what in the name of all that's not yet lobotomised can that possibly mean? There's an opinion there may be a consensus? Is there a consensus or isn't there?

And barring - or considering - eWEEK are guarding their reputation, Larry still ends up looking the tool - something the article's title already reveals.

And Larry takes to the allies available. For it's not only fanboys who've had their feathers ruffled. As Larry himself says, 'security research, like any business, is competitive, and everyone's looking for some new angle'. And the fat cats who sat idly by now realise they've been upstaged and are perspiring profusely.

Ptomas Ptacek - he's the cutie pie in the shoulder length blue hair who demonstrated he can't even read an advisory. He thought he was being clever by claiming the MOAB crew didn't understand Unix, only to discover it was he who, in his consummate arrogance, hadn't even bothered reading the advisory in question.

Ptacek's the perfect ally for Larry Seltzer. Feeling wounded after his rightful trouncing at the hands of MOAB, the pterrific Ptacek organised an informal survey to see what other fat cats thought about MOAB. Not surprisingly they didn't like it - they weren't in on it and couldn't reap any of the rewards.

Larry will of course cite these egregious sources as he builds up his article on selfish publicity hogging.

In the presence of MS Greatness®: Larry the Tool™'s computer den with screens showing Windows, Windows, and Windows - and a US flag, an MS spell checker for all those difficult words, and a centerfold of one's favourite baseball hero. Feel privileged®.

'Mark Maifrett CTO of eEye [and another blue haired wonder] makes the important point a lot of these bugs are just bugs', continues Seltzer in his endeavour to drop land mines up and down the information highway.

Failing to recall for readers it was Maifrett who garnered very lucrative publicity for Code Red and who uses security research to promote his own (Windows) products.

Failing to recall either how these charlatans, as soon as there's a major Windows worm outbreak, invariably get together and hold a sumptuous weekend feast. Because they know how much money they're going to make.

There's a big difference between trying to bring a smug vendor and a smug fan base down to size and sticking at a business you know is filthy because you get filthy rich from it.

But now the rainbow haired freakos have been upstaged. All eyes are on - Apple? No one's looking in their direction anymore. So they say magnificent things like 'THESE BUGS ARE JUST BUGS' and Ptacek's classic 'BUT A FILE OP WILL RESET PERMISSIONS' - if you were waiting for proof positive these people were FUD masters you need wait no longer.

And time and time again the MOAB team have answered the hysterical and greedy criticism by - as they said they would - publishing more and more exploits. While the old guard of the dying Windows security industry clear their throats and try in vain to wrestle attention back from MOAB, MOAB just go on publishing.

Good for them! But Larry - where's Larry? Has anyone seen Larry?

Oh yeah - Larry's still working on his diatribe against 'irresponsible disclosure'.

You have to forgive Larry a bit - or at least understand where he's not coming from. Larry has not a clue about anything outside Notepad. He doesn't know how Apple consistently ignore security researchers and leave tickets open for years at a time. Larry has no way of knowing Apple sink all their $$$ into PR and marketing and spin medicine and let security support founder because they have a rock solid foundation of something or other.

No: trying to shock this company into shape is simply irresponsible.

Far more irresponsible than leaving the Opener hole open for nearly ten years - a hole described by the author of Opener as not so much a hole as a crater: the easiest and most dangerous exploit ever against any personal computer operating system.

Far more irresponsible than leaving the 'input managers' hole in place for almost as many years - a hole that only now because of the persistence of one of the MOAB crew has finally been recognised as a security breach by Apple.

Far more irresponsible than threatening Jon Ellch and David Maynor and then slandering them in the fanboy controlled media. But back to our Tool™.

'These large numbers of bugs are the fruit of fuzzing, a testing technique in which outside test software randomly or semi-randomly generates input to the program under test', states Larry the Tool™ unequivocally, thereby demonstrating he's read the MOAB advisories about as well as Ptomas Ptacek can.

Exactly how do you use a fuzzing tool to discover a security design flaw in /Library/Receipts, Larry? Or in Rosnya Keller's thankfully almost unique Application Enhancer? Do you use a fuzzing tool to detect SUID bits sitting alongside group and world writable bits?

That's quite the tool, you tool. MOAB would love to have a copy. Did you write it yourself?

Ah but Larry's not finished yet. He has one final point to make. And let's first recall the motivation behind this article: MOAB are dangerous. By releasing these exploits without letting Apple sit on them until the next millennium, MOAB - and not Apple - are being irresponsible.

So how does Larry Seltzer wind up? He winds up with something that wouldn't get a 'D' in Hack Writing 101.

'Like most tabloid journalism, most of the bugs are of no real consequence to real people.'®

Knowing of his experience with such journalism, you can almost take Larry the Tool™ at his MS Word.