| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <acdc033d05081807402763b301@mail.gmail.com> Date: Thu Aug 18 15:40:55 2005 From: michealespinola at gmail.com (Micheal Espinola Jr) Subject: Re: It's not that simple... 2001? My hardening doc was written in 1995, and even then that was not completely undiscovered information. It's been sitting in plain sight, in security related KB's ever since at least NT 3.5. You just had to know enough to look for it. I don't think it wasn't until people starting compiling procedural security docs (like I did), did it start to really become widely known. It was unfortunate that it took MS so long to disseminate this information themselves in a more accessible way with their own Best Practices documentation and Security Checklists years later. Null pipes are evil. On 8/18/05, Paul Melson <pmelson@...il.com> wrote: > > > -----Original Message----- > > Subject: Re: [Full-disclosure] Re: It's not that simple... > > > > Not clear whether Windows 2000 allows disabling of null sessions, but the > implication is not. > > http://www.brown.edu/Facilities/CIS/CIRT/help/netbiosnull.html#_Toc25025304 > > It's been part of Windows server hardening best-practices since at least > 2001. > > Very little pity for those who haven't hardened servers and workstation > images this late in the game. > > PaulM > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > -- ME2 <http://www.santeriasys.net/>
Powered by blists - more mailing lists