Security Basics mailing list archives
re: Actual Security Cases
From: H C <keydet89 () yahoo com>
Date: Sun, 2 Feb 2003 06:02:20 -0800 (PST)
On the other hand, users setting up their own
dial-in
modems at their desks is virtually impossible to "implement, configure, and manage/monitor appropriately".
Actually, it's not all that difficult. Configure the phone switch such that those dial-out lines that you do need do not havd DiDs, and cannot be dialed into. Then, get yourself something like my mdmchk.pl to scan for installed modem drivers on desktops.
The "Lioten" worm that struck in early December used
a short list of trivial passwords such as "12345".
Another excellent example of how a relatively 'dumb' piece of computer code can run the Internet and outsmart the admins... __________________________________________________ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com
Current thread:
- RE: Actual Security Cases David Gillett (Jan 31)
- <Possible follow-ups>
- re: Actual Security Cases H C (Feb 05)
- Re: Actual Security Cases Govind (Feb 07)
- Re: Actual Security Cases Jeffrey C. Keyser (Feb 07)