| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: dufresne at winternet.com (Ron DuFresne) Subject: DCOM RPC exploit (dcom.c) On 27 Jul 2003, Paul Schmehl wrote: > On Sun, 2003-07-27 at 14:24, Jason wrote: > > > > Ok: > > In short it goes like this. > > > > Click Start->Run > > Type "dcomcnfg.exe" > > Turn it off > > Great! Now go click all 5000 computers we have to take care of. This > is exactly what I'm talking about. You smugly criticize networks for > not fixing problems, yet you completely ignore the fact that the tools > to do this on an enterprise scale either don't exist, are far too > expensive for the average network or require scripting expertise that > most don't have. Not to mention the fact that for this to even work, > the security context must be administrator and the concept of sudo > hasn't entered the Windows world in a secure implementation (that I'm > aware of). [SNIP] Blame the provider of the OS you are trying to tame. sheesh, whine whine whine, I can't do my job Im underpaind and over worked, I can't secure my network cause some fools gonna tell me they can't play their fav game with friend on another network, I want windows and all the shit that comes with it, but, I don;t want to have to deal with the fallout eachtime the built in kitchen sink blows up. Then get the edu site yer at to force a desktop OS change to something you might be betterable to contreol with less effort. If the beast exists. but, better yet, get a job in a filed that does not stress you to such extreme limits. Either lead, follow or get the hell outta the way with yer whining... first you ask to be spoon fed how to disable DCOm, then when given the ability, you whine that now you have to go fix 5000 boxes allowed to be misconfigged anyways. What others are telling you is there are ways this could have been mitigated *prior* to the time exploits came out and prior to the time the vulnerability was announced. Next thing yer gonna be wanting psychic pre-announcments 6 months in advance of public disclosure. As you mentioned in many replies in this thread, this is the real world, you have a job yer paid to do, now go do it. After the made patch rush is over for you, prior to the next 2-6 months down the road, reread all the advice offered by many here and devise a policy for your network that might help avoid the mad rush, be it a proper security perimiter, hiring others to hump and touch each system when/if a *wokring* patch is released or recommend a better desktop/server environment to help avoid the problems that you feel the M$ world has blessed you with. But nearly this same thread was bounced about when slammer hit, and nimda, and the cored reds, so I tend to think that the status quo will remain after then next 3-10 exploits/worms strike. And the Texas edu system will still have risky ports and protocols and applications up the butt open for the exploits to takke advantage of. Until something on the order of change does happen, this will remain a revolving thread. Thanks, Ron DuFresne ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart ***testing, only testing, and damn good at it too!*** OK, so you're a Ph.D. Just don't touch anything.
Powered by blists - more mailing lists