lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1065834864.32314.24.camel@stargate>
From: nodialtone at comcast.net (Byron Copeland)
Subject: Re: Bad news on RPC DCOM vulnerability

If this is at all really a new version of the rpc exploit that presents
the attacker with the holy grail, then it is probably as bad as others
have suggested.  I haven't tested yet.  But one thing I'd do is go
through all of my windows systems and turned the RPC service off. 
Patching is one thing, but if you don't need the service, turn it off.

On Out!

On Fri, 2003-10-10 at 20:05, Bobby Brown wrote:
> So I can "assume" no other information is posted, other than this site, to collaborate the RPC issue is not resolved or should we all try to translate this site using the helpful hints, which they are?
> 
> 
> BB
> 
> 
> -----Original Message-----
> From: full-disclosure-admin@...ts.netsys.com
> [mailto:full-disclosure-admin@...ts.netsys.com]On Behalf Of petard
> Sent: Friday, October 10, 2003 4:40 PM
> To: Brown, Bobby (US - Hermitage)
> Cc: full-disclosure@...ts.netsys.com
> Subject: Re: [Full-Disclosure] Re: Bad news on RPC DCOM vulnerability
> 
> 
> On Fri, Oct 10, 2003 at 03:34:04PM -0400, Brown, Bobby (US - Hermitage) wrote:
> > For us that can not interpret the site, what more information can be
> > provided.
> > 
> > Bobby
> > 
> FYI, the site is in Russian. Here are the steps for enlightening yourself:
> 
> 1. Visit your favorite search engine.
> 2. Type the words "online translator russian" (without quotation marks) into
> the query field.
> 3. Visit one of the many free or paid translating services that are listed there.
> 4. Select your preferred language (English, I'd wager), enter the URL, and let
> the translator go to work.
> 5. Read the slightly stilted but informative result.
> 
> FWIW, entering that query into google and clicking "I'm feeling lucky" gives good
> results.
> 
> Good luck.
> 
> HTH,
> 
> petard
> 
> 
> --
> If your message really might be confidential, download my PGP key here:
> http://petard.freeshell.org/petard.asc
> and encrypt it. Otherwise, save bandwidth and lose the disclaimer.
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ