lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: nick at virus-l.demon.co.uk (Nick FitzGerald)
Subject: DCOM RPC exploit (dcom.c)

Etaoin Shrdlu <shrdlu@...ddrop.org> wrote:

> There've been a lot of moronic statements made in this thread, true enough,

No there's a surprise...     8-)

> but I've actually learned a couple of things here. It's been mostly
> interesting, strange though that may seem, including (I think it was
> Nick's) a reference to a site on locking down windows that I hadn't seen
> before. I dunno.

This one??

   Minimizing Windows network services

   by Jean-Baptiste Marchand

   http://www.hsc.fr/ressources/breves/min_srv_res_win.en.html.en

It is an excellent page for explaining stuff you will not (or at least 
that I had previously not been able to) find in the MS KnowledgeBase.

Also, if you've read that page in the past, please note that it gets 
updated from time to time but its author seems to neglect updating the 
date near the top of the page.  Despite that date currently reading 
"(02/09/2002)", and regardless of whether that is a US or "proper" 
format date, it is quite clearly outdated, as much further down the 
page you can read:

   Microsoft released on 4/16/2003 a new version of the rpccfg tool,
   that can list network interface indexes and configure interfaces
   restriction. This tool is available at
   http://download.microsoft.com/ (search keyword: rpccfg).

So, if you find this page at all useful or interesting, revisit it 
occasionally (or add its URL to your favourite page-change alerting 
service, etc...).

> It's a lot more interesting that having some fool complain about Mr. XSS
> (aka morning wood), and then quote the WHOLE damned post, so that those of
> us who have him quietly killfiled still get smacked with his sophomoric
> dribblings.  ...

Surely you can't be serious...  You don't hang in F-D for Mr XSS's 
every word?

8-)


Regards,

Nick FitzGerald

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ