lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <1058385186.3657.649.camel@localhost.localdomain>
From: jr at inconspicuous.org (John Reilly)
Subject: Odd Behavior - Windows Messenger Service

On Wed, 2003-07-16 at 17:00, morning_wood wrote:
> > Its generally not considered good practice to install your host in an
> > open (or even partially open) network.  The host should be fully
> > installed, patched and configured securely before connecting.
> 
> my post is in regaurd of Windows Messenger being accessable witthout any
> interactive login to take place... not that im dumb for firewalling wrong,
> configuration... etc

I don't think the fact that its accessible without interactive login is
the problem - the problem is that its accepting connections from
anywhere.  It should limit to localhost or at most, hosts on the same
subnet if connected to ethernet.  And yes, I do understand your lack of
firewall - maybe I replied a bit too fast, but in my mind connecting a
windows box without firewalling is a misconfiguration  :)   Point
accepted that there is a problem though.


> 
> donnie

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ