lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <002d01c34dd1$8d48adc0$0100a8c0@p3600>
From: chows at ozemail.com.au (gregh)
Subject: Odd Behavior - Windows Messenger Service

> ----- Original Message ----- 
> From: Bojan Zdrnja 
> To: 'gregh' ; 'Disclosure Full' 
> Sent: Saturday, July 19, 2003 6:07 PM
> Subject: RE: [Full-Disclosure] Odd Behavior - Windows Messenger Service


> There are different levels of "open".

Certainly are. In this case the term would be "wide open". Take an easy example. Put a 98 box on your lan with a program on it and go run it from any other machine while it is waiting to be logged onto locally. 


> My english or understanding is probably way below this.

> And I believe you are mixing apples and .. Ummm .. Bananas.

OK well I wont be condescending - I'll just say that if Microsoft acknowledge that it is something they will take care of by making it an option in the future as they said when I reported it to them last year, then someone obviously thinks it CAN be a problem.

> And what does that have to do with (quoting you): "the company next door and
> the people I know dont see a need for a virus program to protect THEIR A$200
> windows boxes so why should I shell out US$35 to protect my A$500,000 a year
> business ..."
> From your previous post?

That was in reference to:

>> I don't see a reason on bashing WinXP for starting a RPC service
>> automatically when absolutely everything does that (don't mention obsolete
>> Oses please).


> Allowing any access to sensitive machine and data is, obviously, wrong. But
> that has nothing to do with the original post in this thread (which was
> about puting a *default* installed machine on the network).

Actually, it does.

Greg.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ