| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <Pine.NEB.4.55.0307161954050.14118@panix2.panix.com> From: jays at panix.com (Jay Sulzberger) Subject: Odd Behavior - Windows Messenger Service On Wed, 16 Jul 2003, David Vincent wrote: > this is messenger service spam. > > the messenger service runs by default out of the box. since it runs as a > service, it is running and accepting connections before anyone logs in. > > you happenned to login with the admin login, i bet if you'd done the same > thing with a user account it would have been on that desktop too. those > messenger spams are sent to MACHINES not USERS. > > this is a FEATURE not a bug or a security vuln. > > if you don't want these, there's TONS of info on how to stop it. turning > off the messenger service/installing a firewall/not being stupid and setting > up an unprotected machine while connected to the internet are all good > options. > > > -d Do not use any system which by default listens on a uncontrolled channel, which channel may easily be used to fool the sysadmin, and, even more easily, most users. oo--JS. > > > > > -----Original Message----- > > From: morning_wood [mailto:se_cur_ity@...mail.com] > > Sent: July 16, 2003 1:12 PM > > To: Martin; full-disclosure@...ts.netsys.com > > Subject: Re: [Full-Disclosure] Odd Behavior - Windows > > Messenger Service > > > > > > > I can confirm this behavior. This service is enabled on Windows 2000 > > > and XP by default. > > > I noticed it on my sister's PC after she clicked away 3 > > advertisement > > >pop-ups and growling at the PC. I think that the average user does > > >not know how to disable it. > > > (And btw: NO, the average MS-Windows user is NOT USING any > > firewalls.) > > > > > > > > > more to the point... THERE WAS NO LOGIN PERIOD > > this was a fresh install.. waiting at the login prompt.. the > > pop up was > > there before any user ( admin ) settings initialized or login > > took place. > > once again.. this is out of the box install following all prompts, no > > sharing etc. ( only setting computer name and workgroup > > )reboot.. sit at > > login prompt.. login.. pop up was waiting on an uninitialized > > desktop.. > > this is my question / issue... NOT my personal security or lack of > > knowlege about basic networking / security. > > disabling the service is easy, im reporting on default out of the box > > behavior, not how to get rid of it or protect myself. > > please all.. re-read my scenario... > > > > donnie > > > > > > _______________________________________________ > > Full-Disclosure - We believe in it. > > Charter: http://lists.netsys.com/full-disclosure-charter.html > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html >
Powered by blists - more mailing lists