lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20030813195538.644.qmail@web20604.mail.yahoo.com>
From: joey2cool at yahoo.com (Joey)
Subject: ISS Security Brief: "MS Blast" MSRPC DCOM Worm Propagation (fwd)

svchost.exe listens on several ports on windows xp.
If microsoft is saying that it should never be on the
internet, couldn't there be more b0f's discovered in
the future? One peculiar service "DNS Client",
although listening on a few random ports just about
1024, also runs off of svchost.exe.

--- Nick FitzGerald <nick@...us-l.demon.co.uk> wrote:
> They cannot do _any business whatsoever_ if they
> cannot expose a  pile 
> of crap like MS RPC to the Internet?  Code that MS
> now openly admits 
> should never be exposed to "hostile environments"? 
> Who was responsible 
> for such horrendous mis-design?

__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ