| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: greg-fulldisclosure at nest.cx (Gregory Steuck)
Subject: Blaster: will it spread without tftp?
>>>>> "Nick" == Nick FitzGerald <nick@...us-l.demon.co.uk> writes:
Nick> "Least privilege" and "minimized services" are standard
Nick> security mantra, right? If so, WTF do so many Windows boxes
Nick> even have TFTP client executables installed? What proportion
Nick> of "normal users" has _any_ real need for TFTP these days? In
Nick> fact, who in their right mind would use it at all?? Ditto RCP
Nick> and RSH amongst much other archaic and/or arcane crap that MS
Nick> seems to feel "needs" to be on every box under the sun.
Last I heard "Secure by default" is not in Microsoft's repertoire. How
big is minimal install of Win2K? How much of that does not comply with
"least privilege" and "minimized services" security mantra?
Nick> Sure, removing these tools does not completely fix your boxes,
Nick> but by setting the bar higher you should be increasing the
Nick> average complexity needed for any possible attack scenario to
Nick> be successfully exploited _on your boxes_.
Nah, that's only a marginal difference. Once adversary code executes on
your system (with SYSTEM privs, giggle), you are screwed, period. Just
check out how they uudecoded executables on those highly stripped
systems. And I bet uudecode can be even written in shell. So, in our
general purpose OSes we cannot do anything but "hard cover - chewy
core".
Bye
Greg
Powered by blists - more mailing lists