Re: XP SP2 - "Exploit writers need to stop being such a pussy"

[Matt Hargett <matt () use net>]

Halvar Flake wrote:
> > What would XP be without bundled IIS?  XP Pro (not Home) is IIS ready,
> > just use Add/Remove Programs.  You can get all the exposure and attention
> > of a honeypot without any of the boring useless data.
>
>
> The interesting question truly is: Assuming the purely theoretical
> possibility that SP2 fixes security vulnerabilities in smtpsvc.dll,
> what are the odds that they have not been backported to the smtpsvc.dll
> with Win2k ?

Is this a rhetorical question? ;>

I sincerely hope MS makes an effort to not leave Windows 2000 users 
holding their dicks like they did with Win98/ME. Since that isn't in 
their business interest of forcing everyone to upgrade to Win2k3, 
though, I doubt it will happen. :(

On a side note, made a rather annoying discovery. Win2k3 Web Server 
Edition doesn't include the nice firewall that every other Win2k3 
edition has -- it only has the crappy one from NT 4.0. I guess it's okay 
if all those servers get owned due to lack of firewall? Didn't Bill 
Gates blame Sasser/Blaster/etc on people not having firewalls turned on? 
How can Win2k3 web server edition users do that effectively? WTF were 
they thinking? Hopefully they fix that in Win2k3 SP1, and hopefully that 
comes out ASAFP and not in 2005 like they are currently projecting.

guh. Sorry, went into rant mode there for a moment.
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://www.immunitysec.com/mailman/listinfo/dailydave