Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: RDP over the internet

From: Ansgar Wiechers <bugtraq () planetcobalt net>
Date: Tue, 10 Jan 2012 20:27:48 +0100
On 2012-01-10 Ricardo Ferreira wrote:

On 10-01-2012 16:00, Mike Hale wrote:

"Don't leave port 3389 open on the Internet at all, the port is much
too vulnerable."

Explain.  What unpatched vulnerabilities for RDP exist in Server
2008?

Why is it more secure to provide your credentials to a third party
and to install a third party client on your machine?


Answers to your questions...

http://technet.microsoft.com/en-us/security/bulletin/MS09-044
http://technet.microsoft.com/en-us/security/bulletin/ms11-017
http://technet.microsoft.com/en-us/security/bulletin/ms11-065


Which part of "unpatched" did you fail to understand?

Not to mention that it certainly doesn't explain AT ALL why anyone in
his right mind would want to trust his credentials to a third party.

Regards
Ansgar Wiechers
-- 
"All vulnerabilities deserve a public fear period prior to patches
becoming available."
--Jason Coombs on Bugtraq

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: