Security Basics mailing list archives
Re: Comcast Cable Setup Security Issue
From: Gandalf The White <gandalf () digital net>
Date: Wed, 21 Jul 2004 21:05:39 -0500
Greetings and Salutations: On 7/21/04 11:56 AM, "Ryan Murphy" <RMurphy () irvinecompany com> wrote:
What did you mean when you wrote:With Microsoft XP vulnerabilities and the way that it readily broadcastsanypassword information that it is asked for, please reassure me that I shouldn't be concerned.Do you have an article you can link me to that explains how XP readily broadcasts PW information? Thanks, Ryan
I was referring to zero day vulnerabilities that seem to always come up and to enum.exe which can be used to get users / passwords using the null session, see "II. The Bad and The Ugly ": http://www.brown.edu/Facilities/CIS/CIRT/help/netbiosnull.html I am anxiously awaiting XP SP2 to some out with "close by default" rather than "open by default", although I know it will break things left and right. Ken --------------------------------------------------------------- Do not meddle in the affairs of wizards for they are subtle and quick to anger. Ken Hollis - Gandalf The White - gandalf () digital net - O- TINLC WWW Page - http://digital.net/~gandalf/ Trace E-Mail forgery - http://digital.net/~gandalf/spamfaq.html Trolls crossposts - http://digital.net/~gandalf/trollfaq.html --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
Current thread:
- RE: Comcast Cable Setup Security Issue, (continued)
- RE: Comcast Cable Setup Security Issue Herman F. Ebeling Jr. (Jul 21)
- Re: Comcast Cable Setup Security Issue Gandalf The White (Jul 21)
- RE: Comcast Cable Setup Security Issue Lopez, Jason (ISS Southfield) (Jul 21)
- RE: Comcast Cable Setup Security Issue Tim Sceurman (Jul 22)
- Comcast Cable Setup Security Issue - Follow-up InHisGrip (Jul 23)
- Re: Comcast Cable Setup Security Issue - Follow-up jpc (Jul 27)
- RE: Comcast Cable Setup Security Issue - Follow-up Burton M. Strauss III (Jul 28)
- Comcast Cable Setup Security Issue - Follow-up InHisGrip (Jul 23)
- RE: Comcast Cable Setup Security Issue SMiller (Jul 23)
- RE: Comcast Cable Setup Security Issue Taylor, Bud (Jul 22)
- RE: Comcast Cable Setup Security Issue Ryan Murphy (Jul 22)
- Re: Comcast Cable Setup Security Issue Gandalf The White (Jul 22)