| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <200308131511.42547.jeremiah@nur.net> From: jeremiah at nur.net (Jeremiah Cornelius) Subject: smarter dcom worm On Wednesday 13 August 2003 02:08 pm, Joey wrote: <SNIP> > Since the exploit > was released for the most "important" service in windows that supposedly > makes windows impossible to run if you disable it, I think microsoft has no > credibility to say their OSs are secure or "most secure version of windows > ever" because there is NO SECURITY. Their server line is joke as well > because the exploit effected them too. Think of someone with a limited user > account at a university or co! rporate > windows 2000/2003 active directory managed network. With an unpatched DC, > they would have the ability to have unrestricted access to everyone elses > accounts ect by rooting it. Changing grades, stealing financial information > ect.Just my two cents. Two cents? You got about 4-bits there! No, really. Give yourself a big, shiny gold "I Get It." It is an astounding testimony to the mighty power of the dollar, and M$'s marketing apparat, that there continue to be "Business and Market considerations" that continue to case this stuff to be deployed. The expensive, sub-optimal solution wins again! Maybe the next worm will take out the life work of a few MBA's, and these notions will occur to someone _outside_ of engineering. -- Jeremiah Cornelius, CISSP, CCNA, MCSE, Debianaut farm9 Security email: jc@...m9.com - mobile: 415.235.7689 "What would be the use of immortality to a person who cannot use well a half hour?" --Ralph Waldo Emerson
Powered by blists - more mailing lists