lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20030813210818.66933.qmail@web20610.mail.yahoo.com>
From: joey2cool at yahoo.com (Joey)
Subject: smarter dcom worm

...or AV/Firewall killing.msblast is very sloppy. The fact that it uses the old code that reboots the computer ruined their hopes of spreading undetected. Now if you are unpatched, chances are(random IP generating taken into account), your computer will reboot at least once a day or more. Some people might just shut their computer off and call for repair, not realizing that the problem is because they are connected to the internet.Overall i think microsoft is to blame for allowing the RPC service to be available on the internet. They are saying it was never meant to be on the internet, yet their NT line has always been designed for internet use. Even with the patch, port 135 is still open. You have no option to close that port if you are installing a fresh copy of windows. With other OSs(like linux) you have a complete list of packages that you can enable or disable, while microsoft hides most. They even force you to install their crappy Windows Messanger program(which also listens
 on ports). Now you need to first be disconnected from the internet while you enable the firewall so you wont get rooted automatically!Hasn't Microsoft gotten wise that their products are full of security holes? What other OS/webserver/browsers have more buffer overflows with arbituary code execution than those developed by MS? I don't believe this trend will stop as their current policy on the RPC vulnerability and blaster worm was that the RPC service should never be exposed to the internet. Why doesn't it then at least be limitied to localhost or LAN connections?Since the exploit was released for the most "important" service in windows that supposedly makes windows impossible to run if you disable it, I think microsoft has no credibility to say their OSs are secure or "most secure version of windows ever" because there is NO SECURITY. Their server line is joke as well because the exploit effected them too. Think of someone with a limited user account at a university or corporate
 windows 2000/2003 active directory managed network. With an unpatched DC, they would have the ability to have unrestricted access to everyone elses accounts ect by rooting it. Changing grades, stealing financial information ect.Just my two cents.--- gml  wrote:> Maybe even some polymorphic code and PE injection.> 

---------------------------------
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20030813/4dd06104/attachment.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ