Re: Comcast Cable Setup Security Issue

[Gandalf The White <gandalf () digital net>]

Greetings and Salutations:

On 7/21/04 11:56 AM, "Ryan Murphy" <RMurphy () irvinecompany com> wrote:
> What did you mean when you wrote:
>
> > With Microsoft XP vulnerabilities and the way that it readily broadcasts
> any
> > password information that it is asked for, please reassure me that I
> > shouldn't be concerned.
>
> Do you have an article you can link me to that explains how XP readily
> broadcasts PW information?
>
> Thanks,
>
> Ryan

I was referring to zero day vulnerabilities that seem to always come up and
to enum.exe which can be used to get users / passwords using the null
session, see "II. The Bad and The Ugly ":
http://www.brown.edu/Facilities/CIS/CIRT/help/netbiosnull.html

I am anxiously awaiting XP SP2 to some out with "close by default" rather
than "open by default", although I know it will break things left and right.

Ken

---------------------------------------------------------------
Do not meddle in the affairs of wizards for they are subtle and
quick to anger.
Ken Hollis - Gandalf The White - gandalf () digital net - O- TINLC
WWW Page - http://digital.net/~gandalf/
Trace E-Mail forgery - http://digital.net/~gandalf/spamfaq.html
Trolls crossposts - http://digital.net/~gandalf/trollfaq.html



---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------