lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <40604436.2070900@siol.net>
From: himba at siol.net (himba)
Subject: Re: [OFF TOPIC] winxp home expusure

Richard Maudsley wrote:
> The VNC server runs as a system service. It is able to function when there
> are no users logged on.
> 
> What do you mean 'how bad'?

bad in security perspective - there are alot of 'rummors' and online 
articles about winXP home edition being the worst case for use in 
local area networks (company lan, not home lan). We are still running 
win98 on most of the desktops but notebooks we obtained recently have 
winxp home edition installed by default and didn't bother to use eg. 
win98 or winxp pro. though we will have to start using pro version if 
want to be able to use vpn and file access from outside of the lan.

> 
> You are suggesting that Windows lies about the state of its network
> interfaces?
hmm, yes, so what it actually closes are maybe just -home networking- 
connnections eg. no access to local shares ? So if somebody planted 
malicious program it would run always, no matter if someone is logged 
in or not.

If the actions performed upon log out would really close all network 
connections to the machine running winxp home I belive this would at 
least be one very good setting implemented by ms  :)

rgrds, himba
> 
> -rich
> 
> himba <himba@...l.net> wrote:
> 
>>Hi,
>>
>>How bad is it to have Win XP HOME at work - in LAN ?
>>I ask for security reasons - I just logged off in winxp home from 
>>vncviewer and it said -closing all network connections ...- and my vnc 
>>connection still remained active :)?
>>
>>regards, himba
>>
>>_______________________________________________
>>Full-Disclosure - We believe in it.
>>Charter: http://lists.netsys.com/full-disclosure-charter.html
> 
> 


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ