Full Disclosure mailing list archives

Re: Windows Dcom Worm planned DDoS

From: Jeremiah Cornelius <jeremiah () nur net>
Date: Tue, 12 Aug 2003 09:21:23 -0700

On Tuesday 12 August 2003 06:40 am, Franky Van Liedekerke wrote:

I guess everybody can implement SUSserver (www.susserver.com): it's a
local version of a windows update server.
If you implement this, you can allow only this server access to the
microsoft update sites, and let everybody else (from within the
ISP his network) connect to the local update server.


 
I guess everyone can implement THIS to upgrade Windows:
 
http://www.tldp.org/HOWTO/KickStart-HOWTO.html
 
 
Or even better!  Why should you distribute risky code to every physical point 
in an organization?  Personal OS installs are for laptops.
 
http://www.ltsp.org/documentation/ltsp-3.0-4-en.html
 
 
 
Microsoft's "Trustworthiness' is running a wee bit thin.  This exploit 
survived their charming little 'code review and profiling' PR episode last 
year - and the 5 month delay of Win2003 for security reasons.

From a risk perspective, every security manager in the world should be

weighing the value of including any MS platform or protocol in their trusted 
operations.  Factors in this equation include a vendor who's business 
interests are in potential or active conflict with most of their customers; a 
vendor with a track record of CONSISTANTLY getting the most important things 
wrong 8 out of 10 times; a vendor with a willingness to embed^H^H^H^H^H 
infest server platforms with public keys, for which they maintain the private 
keys. 

 
This last factor - from any vendor - should present an irrepairable violation 
of Security Policy.  Why worry about trojans on your OS of choice, when the 
OS is itself a trojan? 

 
-- 
Jeremiah Cornelius, CISSP, CCNA, MCSE
 
Information Security Technology
 
email: jcorneli () hotmail com - mobile: 415.235.7689
 
 
"What would be the use of immortality 
to a person who cannot use well a half hour?"
 
--Ralph Waldo Emerson
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

RE: Windows Dcom Worm planned DDoS, (continued)
- - RE: Windows Dcom Worm planned DDoS Andrew Thomas (Aug 12)
    - Re: [normal] RE: Windows Dcom Worm planned DDoS opticfiber (Aug 12)
    - Re: [normal] RE: Windows Dcom Worm planned DDoS martin f krafft (Aug 12)
    - Re: [normal] RE: Windows Dcom Worm planned DDoS martin f krafft (Aug 12)
    - RE: Re: [normal] RE: Windows Dcom Worm planned DDoS Marc Maiffret (Aug 12)
    - Re: [normal] RE: Windows Dcom Worm planned DDoS James Greenhalgh (Aug 12)
    - Re: [normal] RE: Windows Dcom Worm planned DDoS morning_wood (Aug 12)
- Re: Windows Dcom Worm planned DDoS Nick FitzGerald (Aug 12)
  - RE: Windows Dcom Worm planned DDoS Andrew Thomas (Aug 12)
    - Re: Windows Dcom Worm planned DDoS Franky Van Liedekerke (Aug 12)
    - Re: Windows Dcom Worm planned DDoS Jeremiah Cornelius (Aug 12)
    - RE: Windows Dcom Worm planned DDoS Nick FitzGerald (Aug 12)
  - Re: Windows Dcom Worm planned DDoS Matthew Murphy (Aug 12)
    - Re: Windows Dcom Worm planned DDoS Valdis . Kletnieks (Aug 13)
    - Re: Windows Dcom Worm planned DDoS Max Valdez (Aug 15)
    - Re: Windows Dcom Worm planned DDoS Valdis . Kletnieks (Aug 16)
  - Re: Windows Dcom Worm planned DDoS Sebastian Niehaus (Aug 12)
    - Re: Windows Dcom Worm planned DDoS martin f krafft (Aug 12)
    - Re: Re: Windows Dcom Worm planned DDoS Sebastian Niehaus (Aug 13)
    - Re: Windows Dcom Worm planned DDoS Reveret Julien (Aug 12)
    - Re: Windows Dcom Worm planned DDoS Nick FitzGerald (Aug 12)

(Thread continues...)