lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Pine.GSO.4.43.0307271654290.26148-100000@tundra.winternet.com>
From: dufresne at winternet.com (Ron DuFresne)
Subject: DCOM RPC exploit  (dcom.c)

On 27 Jul 2003, Paul Schmehl wrote:

> On Sun, 2003-07-27 at 14:24, Jason wrote:
> >
> > Ok:
> > In short it goes like this.
> >
> > Click Start->Run
> > Type "dcomcnfg.exe"
> > Turn it off
>
> Great!  Now go click all 5000 computers we have to take care of.  This
> is exactly what I'm talking about.  You smugly criticize networks for
> not fixing problems, yet you completely ignore the fact that the tools
> to do this on an enterprise scale either don't exist, are far too
> expensive for the average network or require scripting expertise that
> most don't have.  Not to mention the fact that for this to even work,
> the security context must be administrator and the concept of sudo
> hasn't entered the Windows world in a secure implementation (that I'm
> aware of).

	[SNIP]

Blame the provider of the OS you are trying to tame.  sheesh, whine whine
whine, I can't do my job Im underpaind and over worked, I can't secure my
network cause some fools gonna tell me they can't play their fav game with
friend on another network, I want windows and all the shit that comes with
it, but, I don;t want to have to deal with the fallout eachtime the built
in kitchen sink blows up.  Then get the edu site yer at to force a desktop
OS change to something you might be betterable to contreol with less
effort.  If the beast exists.  but, better yet, get a job in a filed that
does not stress you to such extreme limits.

Either lead, follow or get the hell outta the way with yer whining...

first you ask to be spoon fed how to disable DCOm, then when given the
ability, you whine that now you have to go fix 5000 boxes allowed to be
misconfigged anyways.  What others are telling you is there are ways this
could have been mitigated *prior* to the time exploits came out and prior
to the  time the  vulnerability was announced.  Next thing yer gonna be
wanting psychic pre-announcments 6 months in advance of public disclosure.

As you mentioned in many replies in this thread, this is the real world,
you have a job yer paid to do, now go do it.  After the made patch rush is
over for you, prior to the next 2-6 months down the road, reread all the
advice offered by many here and devise a policy for your network that
might help avoid the mad rush, be it a proper security perimiter, hiring
others to hump and touch each system when/if a *wokring* patch is released
or recommend a better desktop/server environment to help avoid the
problems that you feel the M$ world has blessed you with.

But nearly this same thread was bounced about when slammer hit, and nimda,
and the cored reds, so I tend to think that the status quo will remain
after then next 3-10 exploits/worms strike.  And the Texas edu system will
still have risky ports and protocols and applications up the butt open for
the exploits to takke advantage of.

Until something on the order of change does happen, this will remain a
revolving thread.


Thanks,

Ron DuFresne
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
	***testing, only testing, and damn good at it too!***

OK, so you're a Ph.D.  Just don't touch anything.


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ