Full Disclosure mailing list archives
Re: shell:windows command question
From: Xavier Beaudouin <kiwi () oav net>
Date: Thu, 8 Jul 2004 11:15:52 +0200
This is not a real security matterDenial of Service causing the user to reset his system is not a securityissue?
I don't think that Denial of Service causing local user to reset his system because of local application locks the whole system... is not a security problem, but OS + Security problem...
If the M$ Operating System cannot deal with an application that locks... then the problem not only on application but also the whole system.
But this DoS is a bit less big than a remote DoS... that can compromise lots of OS...
BTW I really think that M$ is unresponsible with XP SP1 / SP2 about the fact the OS cannot be upgraded and fix the numerous holes that such OS gets all the time.
I am ok with the fact that people *should* buy the OS they use (especialy if it is a commerial OS), but M$ should take the responsability of all DDoS that is comming from his broken operating system that cannot be secured.
This is really a problem for lots of ISP that have "end users" target and that gets lots of infected system online on xDSL...
Even if M$ will make a patch for <any> hole, it will not be available nor automatically patched on all "copied" system...
Really we should make that on all our firewall, until MS takes his responsabilities :
block in proto tcp from any os Doors block in proto tcp from any os "Doors PT" block in proto tcp from any os "Doors PT SP3" Replace "Doors" by what you know... My 0,02€ /Xavier -- Xavier Beaudouin - Unix System Administrator & Projects Leader. President of Kazar Organization : http://www.kazar.net/ Please visit http://caudium.net/, home of Caudium & Camas projects _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- shell:windows command question Perrymon, Josh L. (Jul 07)
- Re: shell:windows command question Andreas Sandblad (Jul 07)
- Re: shell:windows command question Barry Fitzgerald (Jul 07)
- Re: shell:windows command question Komrade (Jul 07)
- Re: shell:windows command question Eric Paynter (Jul 07)
- Re: shell:windows command question Xavier Beaudouin (Jul 08)
- Re: shell:windows command question Barry Fitzgerald (Jul 07)
- Re: shell:windows command question Andreas Sandblad (Jul 08)
- Re: shell:windows command question Andreas Sandblad (Jul 08)
- Re: shell:windows command question Barry Fitzgerald (Jul 08)
- Re: shell:windows command question Darren Reed (Jul 08)
- Re: shell:windows command question Barry Fitzgerald (Jul 08)
- Re: shell:windows command question Darren Reed (Jul 08)
- Re: shell:windows command question Andreas Sandblad (Jul 07)
- <Possible follow-ups>
- RE: shell:windows command question Perrymon, Josh L. (Jul 08)
- Re: shell:windows command question Andrew Poodle (Jul 08)
- RE: shell:windows command question Clairmont, Jan M (Jul 08)
- RE: shell:windows command question Perrymon, Josh L. (Jul 08)