Full Disclosure mailing list archives

RE: ISS Security Brief: "MS Blast" MSRPC DCOM Worm Propagation (fwd)

From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Wed, 13 Aug 2003 20:36:14 +1200

"Dennis Heaton" <dennish () comcast net> wrote:

On the car radio today I heard that the Maryland Dept. of Motor Vehicles was
shutdown completely as well as numerous other state and federal agencies in
the USA.


Wow -- really?

They cannot do _any business whatsoever_ if they cannot expose a  pile 
of crap like MS RPC to the Internet?  Code that MS now openly admits 
should never be exposed to "hostile environments"?  Who was responsible 
for such horrendous mis-design?

Is that monumentally stupid or what?

Or was a case of this type of thing:

   http://vmyths.com/rant.cfm?id=241&page=4

Or was it mis-reporting?


Regards,

Nick FitzGerald

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

RE: ISS Security Brief: "MS Blast" MSRPC DCOM Worm Propagation (fwd), (continued)
- - RE: ISS Security Brief: "MS Blast" MSRPC DCOM Worm Propagation (fwd) Mike (Aug 12)
  - Re: ISS Security Brief: "MS Blast" MSRPC DCOM Worm Propagation (fwd) Chris Garrett (Aug 12)
    - Re: ISS Security Brief: "MS Blast" MSRPC DCOM Worm Propagation (fwd) Andrew Simmons (Aug 12)
  - Re: ISS Security Brief: "MS Blast" MSRPC DCOM Worm Propagation (fwd) gregh (Aug 13)
- RE: ISS Security Brief: "MS Blast" MSRPC DCOM Worm Propagation (fwd) Richard Stevens (Aug 12)
  - Re: ISS Security Brief: "MS Blast" MSRPC DCOM Worm Propagation (fwd) Lan Guy (Aug 12)
  - Re: ISS Security Brief: "MS Blast" MSRPC DCOM Worm Propagation (fwd) Jonathan Rickman (Aug 12)
    - RE: ISS Security Brief: "MS Blast" MSRPC DCOM Worm Propagation (fwd) Dennis Heaton (Aug 12)
    - RE: ISS Security Brief: "MS Blast" MSRPC DCOM Worm Propagation (fwd) Gordon Ewasiuk (Aug 12)
    - Re: ISS Security Brief: "MS Blast" MSRPC DCOM Worm Propagation (fwd) Jeremiah Cornelius (Aug 13)
    - RE: ISS Security Brief: "MS Blast" MSRPC DCOM Worm Propagation (fwd) Nick FitzGerald (Aug 13)
    - RE: ISS Security Brief: "MS Blast" MSRPC DCOM Worm Propagation (fwd) Joey (Aug 13)
    - RE: ISS Security Brief: 'MS Blast' MSRPC DCOM Worm Propagation (fwd) Daniele Muscetta (Aug 14)
    - RE: ISS Security Brief: 'MS Blast' MSRPC DCOM Worm Propagation (fwd) Joey (Aug 14)
    - RE: ISS Security Brief: 'MS Blast' MSRPC DCOM Worm Propagation (fwd) Daniele Muscetta (Aug 14)
    - Re: ISS Security Brief: "MS Blast" MSRPC DCOM Worm Propagation (fwd) morning_wood (Aug 12)
- RE: ISS Security Brief: "MS Blast" MSRPC DCOM Worm Propagation (fwd) Evans, Arian (Aug 12)
  - Blaster: will it spread without tftp? Maarten (Aug 12)
    - Re: Blaster: will it spread without tftp? Craig Pratt (Aug 12)
    - Re: Blaster: will it spread without tftp? Maarten Hartsuijker (Aug 12)
    - Re: Blaster: will it spread without tftp? Jim Clausing (Aug 12)

(Thread continues...)