lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <58DB1B68E62B9F448DF1A276B0886DF194D99DE8@EX2010.hammerofgod.com>
Date: Tue, 20 Mar 2012 20:43:40 +0000
From: "Thor \(Hammer of God\)" <thor@...merofgod.com>
To: Jim Harrison <Jim@...tools.org>,
  "'bugtraq@...urityfocus.com'" <bugtraq@...urityfocus.com>
Subject: RE: Regarding MS12-020

Actually, the tool included (which I will post here since it would be quite difficult to pull the code from the PDF) mitigates WS03 as well.  Mathematically, there is a 1 in 4 billion chance someone could establish an RDP session, but applicably,  no one ever would.  

Security in depth, and least privilege.  It works :)

t

>-----Original Message-----
>From: Jim Harrison [mailto:Jim@...tools.org]
>Sent: Tuesday, March 20, 2012 1:28 PM
>To: Thor (Hammer of God); 'bugtraq@...urityfocus.com'
>Subject: RE: Regarding MS12-020
>
>Gee, Tim - someone might think you had an axe to grind <ducks swinging
>keyboard>...
>I know; Thor has a hammer, but it still works (barely).
>
>One thing worth mentioning is that there is no mitigation for those who are
>still stuck using WS03, since NLA doesn't exist prior to Vista.
>Those deployments are also great examples of what happens when layer-8 is
>the primary motivating factor in the security choices you make.
>
>Jim
>
>-----Original Message-----
>From: Thor (Hammer of God) [mailto:thor@...merofgod.com]
>Sent: Tuesday, March 20, 2012 8:12 AM
>To: 'bugtraq@...urityfocus.com'
>Subject: Regarding MS12-020
>
>PoC code for MS12-020 (RDP) is obviously floating about, and many are still
>worried about worm activity from this.
>
>One of my criticisms about this industry is that rarely is mitigation information
>shared or discussed; people seem to concentrate on breaking and not
>preventing exploitation.  I wanted to point out that anyone who followed the
>processes or techniques in my RDP chapter of Thor's Microsoft Security Bible
>(or used the tool I wrote for RDP access) would have been automatically
>protected from this vulnerability.  That is not a point of ego, just a point of
>fact.
>
>If you are concerned with RDP security, as you should be, you can read most
>(if not all) of Chapter 7 for *free* using the Amazon "preview a page" feature.
>If the RDP vulnerabilities have caused you any level of concern, then I suggest
>you do.  Like I said on the FD list, I'm far more concerned with making sure
>people get the information they need (for free of course) than I am trying to
>earn a buck - anyone who knows me knows I've always freely shared all
>information in an effort to contribute to security.
>
>The first think I will tell you is to always use NLA (network level
>authentication).  It can be a very powerful way to obviate exploitability.  The
>rest of the information is all right there gratis for your viewing pleasure.
>
>If you are in a pinch and need help with any of this, I'll try my best to help if
>you want to ping me offline.   Thanks.
>t
>
>
>---------------------------
>Timothy "Thor"  Mullen
>www.hammerofgod.com
>
>There's no need to think outside the box if you don't think yourself into to
>start with.
>
>
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ