Dailydave mailing list archives
Re: Lame studies that people quote as fact that haveno basis in reality and still don't prove anything even if they did
From: Sinan Eren <sinan.eren () immunitysec com>
Date: Wed, 4 Feb 2004 19:08:40 -0800 (PST)
Windows 98 had quite a few remote vulns. There were the Winsock stack issues (all those fun DoS attacks), there was the NetBIOS share name password disclosure/bypass bug, and some serious disclosure issues when then file sharing was enabled. The second you dropped any network service onto the system, you opened up another flood of vulnerabilities. I have run into 98 boxes running SQL Server 7, IIS 4.0, Personal Web Server, etc. The best thing about 98 and network services was the "..." directory traversal attacks... Software which runs reasonable securely on NT 4.0 becomes a gaping security hole when you install it on a 9x box.
still you have not named one remote "shell popping" vulnerability in the default install. there are no default shares, sharing is not even enabled... yes, there are BSOD but they do not matter much for real hackers, only fame seeking win32 vuln researchers. so obviously there is no remotely interesting exploit (at least public) for a default win98 install but on the otherhand i can own a off the shelve openbsd 2.4 in many different ways! (of course not including the icmp kernel backdoor) now, openbsd choose to claim security in the default install by not running anything (netstat -an will prove that on a 3.4, only ssh), much like win98 (none of the apps you mentioned runs on a default install). so i can claim 1998 model windows is much more secure than 1998 model OpenBSD and 1998 model windows is equally secure with 2004 model OpenBSD. ping! -sinan
On Wednesday 04 February 2004 08:11 pm, Sinan Eren wrote:for some serious phun here it goes.principle in the design stage? Does anyone seriously believe that Win 98 is more secure than OpenBSD?yes i DO. lets roll time back to 1998 with all you current sploits_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://www.immunitysec.com/mailman/listinfo/dailydave
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://www.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Re: Lame studies that people quote as fact that have no basis in reality and still don't prove anything even if they did, (continued)
- RE: Lame studies that people quote as fact that have no basis in reality and still don't prove anything even if they did Chris Eagle (Feb 04)
- Re: Lame studies that people quote as fact that have no basis in reality and still don't prove anything even if they did Blue Boar (Feb 04)
- Re: Lame studies that people quote as fact that have no basis in reality and still don't prove anything even if they did Dave Aitel (Feb 04)
- RE: Lame studies that people quote as fact that have no basis in reality and still don't prove anything even if they did Chris Eagle (Feb 04)
- Re: Lame studies that people quote as fact that haveno basis in reality and still don't prove anything even if they did Matt Hargett (Feb 04)
- RE: Lame studies that people quote as fact that haveno basis in reality and still don't prove anything even if they did Chris Eagle (Feb 04)
- Re: Lame studies that people quote as fact that haveno basis in reality and still don't prove anything even if they did Gunnar Peterson (Feb 04)
- Re: Lame studies that people quote as fact that haveno basis in reality and still don't prove anything even if they did Sinan Eren (Feb 04)
- Re: Lame studies that people quote as fact that haveno basis in reality and still don't prove anything even if they did H D Moore (Feb 04)
- Re: Lame studies that people quote as fact that haveno basis in reality and still don't prove anything even if they did Sinan Eren (Feb 04)
- Re: Lame studies that people quote as fact that haveno basis in reality and still don't prove anything even if they did H D Moore (Feb 04)
- Re: Lame studies that people quote as fact that have no basis in reality and still don't prove anything even if they did Blue Boar (Feb 04)
- Re: Lame studies that people quote as fact thathaveno basis in reality and still don't prove anything even ifthey did Matt Hargett (Feb 04)
- RE: Lame studies that people quote as fact that haveno basis in reality and still don't prove anything even if they did Rodney Thayer (Feb 04)
- Re: Lame studies that people quote as fact that have no basis in reality and still don't prove anything even if they did the grugq (Feb 04)