Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: shell:windows command question
From: Xavier Beaudouin <kiwi () oav net>
Date: Thu, 8 Jul 2004 11:15:52 +0200

This is not a real security matter

Denial of Service causing the user to reset his system is not a security

I don't think that Denial of Service causing local user to reset his system because of local application locks the whole system... is not a security problem, but OS + Security problem...

If the M$ Operating System cannot deal with an application that locks... then the problem not only on application but also the whole system.

But this DoS is a bit less big than a remote DoS... that can compromise lots of OS...

BTW I really think that M$ is unresponsible with XP SP1 / SP2 about the fact the OS cannot be upgraded and fix the numerous holes that such OS gets all the time.

I am ok with the fact that people *should* buy the OS they use (especialy if it is a commerial OS), but M$ should take the responsability of all DDoS that is comming from his broken operating system that cannot be secured.

This is really a problem for lots of ISP that have "end users" target and that gets lots of infected system online on xDSL...

Even if M$ will make a patch for <any> hole, it will not be available nor automatically patched on all "copied" system...

Really we should make that on all our firewall, until MS takes his responsabilities :

           block in proto tcp from any os Doors
           block in proto tcp from any os "Doors PT"
           block in proto tcp from any os "Doors PT SP3"

Replace "Doors" by what you know...

My 0,02€

Xavier Beaudouin - Unix System Administrator & Projects Leader.
President of Kazar Organization : http://www.kazar.net/
Please visit http://caudium.net/, home of Caudium & Camas projects

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]