Security Incidents mailing list archives
RE: Q328691 ?
From: "Byrne, David" <dbyrne () tiaa-cref org>
Date: Tue, 10 Sep 2002 11:44:07 -0600
The KB article has been updated and it looks like Microsoft is recanting. The intrusions were due to poor system configuration including weak or no administrator passwords. That's really some el33t hacking going on. David Byrne TIAA-CREF -----Original Message----- From: Byrne, David Sent: Friday, September 06, 2002 4:42 PM To: incidents () securityfocus com Subject: RE: Q328691 ? There's a similar thread on the focus-ms list. My take is that a new and/or stupid manager at Microsoft panicked. The article describes planting trojans and changing security settings. This is so vague and so common in intrusions that it could mean anything. They are probably seeing a number of systems compromised by a single person/group/tool. Nothing in the article indicates the intrusions were through a common vulnerability or configuration mistake. What is their solution? "Fully-patched computers that follow security best practices provide the best protection from hacking or other malicious software." It reads like an NIPC alert. Vague threat, common symptoms and obvious solutions. David Byrne TIAA-CREF -----Original Message----- From: Joe Blatz [mailto:sd_wireless () yahoo com] Sent: Friday, September 06, 2002 3:36 PM To: Bronek Kozicki; incidents () securityfocus com Subject: Re: Q328691 ? There's been some dicussion at the link below. One person says he's been aware of this for a number of weeks, and that weak passwords may playing a part. http://arstechnica.infopop.net/OpenTopic/page?a=tpc&s=50009562&f=12009443&m= 6340983235 --- Bronek Kozicki <brok () rubikon pl> wrote:
There seems to be an increase of attacks on Windows recently:
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q328691
Any ideas? B.
********************************************************************** This message, including any attachments, contains confidential information intended for a specific individual and purpose, and is protected by law. If you are not the intended recipient, please contact sender immediately by reply e-mail and destroy all copies. You are hereby notified that any disclosure, copying, or distribution of this message, or the taking of any action based on it, is strictly prohibited. TIAA-CREF ********************************************************************** ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- RE: Q328691 ?, (continued)
- RE: Q328691 ? Byrne, David (Sep 09)
- Re: Q328691 ? Security (Sep 09)
- Re: Q328691 ? sunzi (Sep 09)
- Re: SV: Q328691 ? H C (Sep 09)
- Re: Q328691 ? Bernt Lervik (Sep 09)
- RE: Q328691 ? Jason Coombs (Sep 09)
- Re: Q328691 ? Bronek Kozicki (Sep 09)
- Re: Q328691 ? H C (Sep 09)
- Re: SV: Q328691 ? jennifer smith (Sep 09)
- Re: SV: Q328691 ? H C (Sep 09)
- RE: Q328691 ? Byrne, David (Sep 10)
- Re: Q328691 ? Kyle Lai (Sep 11)