lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20030728113134.JYLO1380.lakecmmtao03.coxmail.com@vaio>
From: andy at digitalindustry.org (Andy Wood)
Subject: DCOM RPC exploit  (dcom.c) (fwd)

	Thanks, 0.   

Users:

	There are inexpensive tools to take care of this for you.  Dameware
NT utilties is one.  If you're an admin and haven't touched this one you're
missing out.  A few click of the mouse and all you can hope for can come
true.  It also can be used on both sides of the fence....it is one of my
main utilities for working my way into networks.  Now, be warned all, it may
not have a button to do the exact function you're looking for, but rather
has the ability to perform batch functions, and that's really the issue
here, right.  If'n one is blessed with "Creativity" then that person may
just be able to use it beyond the help, faq and user files.

-----Original Message-----
From: uidzer0 [mailto:uidzer0@....net] 
Sent: Sunday, July 27, 2003 7:48 PM
To: Andy Wood

What'd I tell you man.. this list is all you@...!;)

-
uidzer0

---------- Forwarded message ----------
Date: Sun, 27 Jul 2003 17:09:21 -0500 (CDT)
From: Ron DuFresne <dufresne@...ternet.com>
To: Paul Schmehl <pauls@...allas.edu>
Cc: Jason <security@...enik.com>, Chris Paget <chrisp@...software.com>,
     Len Rose <len@...sys.com>,
     "full-disclosure@...ts.netsys.com" <	>
Subject: Re: [Full-Disclosure] DCOM RPC exploit  (dcom.c)

On 27 Jul 2003, Paul Schmehl wrote:

> On Sun, 2003-07-27 at 14:24, Jason wrote:
> >
> > Ok:
> > In short it goes like this.
> >
> > Click Start->Run
> > Type "dcomcnfg.exe"
> > Turn it off
>
> Great!  Now go click all 5000 computers we have to take care of.  This 
> is exactly what I'm talking about.  You smugly criticize networks for 
> not fixing problems, yet you completely ignore the fact that the tools 
> to do this on an enterprise scale either don't exist, are far too 
> expensive for the average network or require scripting expertise that 
> most don't have.  Not to mention the fact that for this to even work, 
> the security context must be administrator and the concept of sudo 
> hasn't entered the Windows world in a secure implementation (that I'm 
> aware of).

	[SNIP]

Blame the provider of the OS you are trying to tame.  sheesh, whine whine
whine, I can't do my job Im underpaind and over worked, I can't secure my
network cause some fools gonna tell me they can't play their fav game with
friend on another network, I want windows and all the shit that comes with
it, but, I don;t want to have to deal with the fallout eachtime the built in
kitchen sink blows up.  Then get the edu site yer at to force a desktop OS
change to something you might be betterable to contreol with less effort.
If the beast exists.  but, better yet, get a job in a filed that does not
stress you to such extreme limits.

Either lead, follow or get the hell outta the way with yer whining...

first you ask to be spoon fed how to disable DCOm, then when given the
ability, you whine that now you have to go fix 5000 boxes allowed to be
misconfigged anyways.  What others are telling you is there are ways this
could have been mitigated *prior* to the time exploits came out and prior to
the  time the  vulnerability was announced.  Next thing yer gonna be wanting
psychic pre-announcments 6 months in advance of public disclosure.

As you mentioned in many replies in this thread, this is the real world, you
have a job yer paid to do, now go do it.  After the made patch rush is over
for you, prior to the next 2-6 months down the road, reread all the advice
offered by many here and devise a policy for your network that might help
avoid the mad rush, be it a proper security perimiter, hiring others to hump
and touch each system when/if a *wokring* patch is released or recommend a
better desktop/server environment to help avoid the problems that you feel
the M$ world has blessed you with.

But nearly this same thread was bounced about when slammer hit, and nimda,
and the cored reds, so I tend to think that the status quo will remain after
then next 3-10 exploits/worms strike.  And the Texas edu system will still
have risky ports and protocols and applications up the butt open for the
exploits to takke advantage of.

Until something on the order of change does happen, this will remain a
revolving thread.


Thanks,

Ron DuFresne
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
	***testing, only testing, and damn good at it too!***

OK, so you're a Ph.D.  Just don't touch anything.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.504 / Virus Database: 302 - Release Date: 7/24/2003
 

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.504 / Virus Database: 302 - Release Date: 7/24/2003
 


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ