[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <005501c34bf1$41337a00$0100a8c0@p3600>
From: chows at ozemail.com.au (gregh)
Subject: Odd Behavior - Windows Messenger Service
> ----- Original Message -----
> From: morning_wood
> To: dos cerveza ; full-disclosure@...ts.netsys.com
> Sent: Thursday, July 17, 2003 8:17 AM
> Subject: Re: [Full-Disclosure] Odd Behavior - Windows Messenger Service
> > The service starts before you login.
> > This is normal behaviour.
> > Please read the previous replies you have recieved.
> > The service starts before you login.
> imho it is iresponsible default behaivor for a workstation OS to allow
> remote resources / services / enumeration
> before any interactive user or administrative login.
Exactly my point from my posting on this issue last week and this is why that payroll machine was open to inspection when it should not have been. XP allows you to have a standard system come up to a Welcome page and sit there waiting for you to click on an icon and provide a password if that is how you choose to logon to your own machin locally. However, as an example, if you are just a user/abuser who works with a machine not on the machine and come in, turn your local machine on and then walk away while it is booting to get your morning coffee and come back then click an icon and provide a password, if the machine is fast enough, it is sitting at that welcome prompt allowing others on the local LAN at the very least, access to whatever programs and files you have on it in a standard XP home or Pro issue. Yes, it should be set up better but I think that, by now, we all know of the companies cutting corners who have an employee "who knows about computers" who can set up a lan to work but bugger-all else. You reading this may think that isnt your problem as eventually you will be called in and paid to fix it BUT the problem is that if just ONE person on that lan is stupid enough to "click on an attachment" in the standard infecting style, it is possible the whole lan is open to inspection and whatever else. Then we have the "Echo Valley" scenario from there - you know the one where you yell "Hello" and it rebounds off everything you can see in the same way as an address book worm sends to all and sundry and catches many with the same tired old thing? At that point who will be complaining about the lost packets and stuffed up networks?
This is the issue I reported to Miscrosoft and their reply was that they will fix it in the next SP or full Windows whichever comes first, not as a fix but as an option. Eg, you will have a tick box somewhere that basically stops lan connection until the username/password are typed at logon or retyped in the case of a screen saver or program taking the local machine back to a welcome screen. IMHO this is the way it ALWAYS should have been.
Greg.
Powered by blists - more mailing lists