Full Disclosure mailing list archives

RE: Odd Behavior - Windows Messenger Service


From: "Bojan Zdrnja" <Bojan.Zdrnja () LSS hr>
Date: Sat, 19 Jul 2003 21:02:18 +1200



-----Original Message-----
From: full-disclosure-admin () lists netsys com 
[mailto:full-disclosure-admin () lists netsys com] On Behalf Of gregh
Sent: Saturday, 19 July 2003 8:42 p.m.
To: Bojan.Zdrnja () lss hr; 'Disclosure Full'
Subject: Re: [Full-disclosure] Odd Behavior - Windows 
Messenger Service

There are different levels of "open".

Certainly are. In this case the term would be "wide open". 
Take an easy example. Put a 98 box on your lan with a program 
on it and go run it from any other machine while it is 
waiting to be logged onto locally. 

Well, "wide open" is same as anything else in the world. OP was talking
about a *default* installation.
I assume that you, as any other security aware person, will harden it's box
before putting it on the Internet.
And you can install a host based firewall and make it even more secure.

Putting a 98 box on a LAN is equivalent with putting RedHat 6.2 on a LAN.

OK well I wont be condescending - I'll just say that if 
Microsoft acknowledge that it is something they will take 
care of by making it an option in the future as they said 
when I reported it to them last year, then someone obviously 
thinks it CAN be a problem.

I don't really see a point in implementing this. So, if I understood you
correctly, they won't allow any network connection to a box until you log
in???
IMHO, that's not need feature at all. And besides, you won't be able to use
it if you have a network logon (domain).
What about when you lock your screen and go away?
 
That was in reference to:

I don't see a reason on bashing WinXP for starting a RPC service
automatically when absolutely everything does that (don't 
mention obsolete
Oses please).

I still see no connection between WinXP starting a RPC service and a company
next door to you not needing anti-virus.

Anyway, this is going waaaay from the list charter (IMHO, again) and I won't
participate anymore and filling everyone's mailboxes unless it will be
related to some security issues.

Best regards,

Bojan Zdrnja

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


Current thread: