lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
From: dufresne at winternet.com (Ron DuFresne) Subject: DCOM RPC exploit (dcom.c) > > Len, > > IMHO there's a difference between "security through obscurity" and posting > working exploit code. Knowing that there is a vulnerability in DCOM, accessible > over a range of RPC mechanisms (primarily 135/tcp) is all that most > administrators need to know. It's one thing knowing that you can kill a person > with a gun, and it's another to give away firearms. > [SNIP] I'm just trying to understand how corporate networks would/should be at risk with this, why port 135 would not be filtered already limiting exposure. Is there a reason why it would not be that I'm missing? The main exposure seems to be the home users not aware of why certain services and ports should be properly configured and/or filtered. The gartner group seems to have come to this conclusion, one of their better statements in the recent past: <quote> SECURITY WIRE DIGEST, VOL. 5, NO. 55, JULY 24, 2003 ... *GARTNER URGES PERSONAL FIREWALLS FOR MICROSOFT FLAWS Research firm Gartner Group is urging corporations to consider using personal firewalls on all desktop and notebook computers connected to networks to hedge against the steady stream of Microsoft vulnerabilities. Gartner says applying all the necessary patches to address the dozen "critical" alerts that Microsoft released between January and June would take most enterprises at least six months. "And more desktop vulnerabilities will be discovered in the near future," says Gartner VP John Pescatore. While implementing and maintaining personal firewalls will amount to a substantial cost of as much as $150 per machine, Pescatore says they will help protect individual devices--particularly those used by remote workers--from the type of executable attacks that are becoming more popular. Pescatore says the Internet Connection Firewall built into Windows XP isn't sufficient protection because it blocks only incoming connections. Enterprise firewalls should also be outfitted with URL blocking products that filter out URLs known to be sources of attacks. http://www3.gartner.com/resources/116100/116197/116197.pdf </quote> It seems more and more folks in the industry are coming to the conclusion that maintaining patched systems is an overwhelming job, and that the best mitigation is filtering at the gateway in the various forms that can be accomplished. This still leaves the average home user in a rut, since most lack the basic knowledge of the consquesnces of not filtering out the nasty cruft from the benighn, let alone the skills to recognise such. It would be nice to see other vendors step up to Dell's recent announcement to start shipping systems with a more secure 'default' install, and perhaps find a way to expand upon that shipping systems with a personal firewalling system capablle of providing a safer networking setup out of the box for joe average websurfer. Until the environment changes as regards those vendors releasing code/applications/OS', then the best we have at present is those vendors shipping the systems to the endusers. Thanks, Ron DuFresne ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart ***testing, only testing, and damn good at it too!*** OK, so you're a Ph.D. Just don't touch anything.
Powered by blists - more mailing lists