Home page logo
/

basics logo Security Basics mailing list archives

RE: Windows Messenger Pop-up spam
From: Harlan Carvey <keydet89 () yahoo com>
Date: Mon, 6 Dec 2004 04:03:11 -0800 (PST)

Steven 
 
Harlan, as you well know, there are *many* other
things listening
to/on the subset of ports used by messenger spam,
turning
off the messenger service in no way blinds/deafens
the *rest* of 
the RPC subsystem, where $DEITY knows how many vulns
have been (and remain to be) discovered.

True.  Agreed.  No question/problem/issue with that
whatsoever.
 
Simply turning off the service in no way increases
the security 
of the machine, because those ports and the
multiplicity of 
services that use them will still be exposed, quite
obviously.

Again, agreed.  However, as is many times the case,
this has nothing whatsoever to do with the original
poster's (OP) question.  

The OP asked:
"Is this sort of stuff still a problem? Does it still
exist in the wild?"

The OP did NOT ask:
"Does shutting off the Messenger service significantly
improve my security?"

Anyone sufficently addled as to run a machine
exposed in this 
way is also extremely unlikely to be patched up the
eyeballs, 
thus we have exposed *and* vulnerable services. 
Thus it will 
be game over when the first worm reaches the
machine.

Hhhmmm...depends on the worm, but yes.  But again,
this is not the issue at hand.  

Thanks,

Harlan 



 

=====
------------------------------------------
Harlan Carvey, CISSP
"Windows Forensics and Incident Recovery"
http://www.windows-ir.com
http://groups.yahoo.com/group/windowsir/

"Meddle not in the affairs of dragons, for
you are crunchy, and good with ketchup."

"The simplicity of this game amuses me. 
Bring me your finest meats and cheeses."
------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]