Firewall Wizards mailing list archives

Re: [Full-Disclosure] DCOM Exploit MS03-026 attack vectors

From: "R. DuFresne" <dufresne () sysinfo com>
Date: Sat, 2 Aug 2003 21:21:17 -0400 (EDT)


---------- Forwarded message ----------
From: Ron DuFresne <dufresne () winternet com>
Subject: Re: [Full-Disclosure] DCOM Exploit MS03-026 attack vectors
Cc: Bryan K. Watson <bwatson () nettracers com>, full-disclosure () lists netsys com,
     firewall-wizards-request () honor icsalabs com
Date: Sat, 2 Aug 2003 18:37:45 -0500 (CDT)
To: Jeremiah Cornelius <jeremiah () nur net>


        [SNIP]


Bluetooth phones as modems!  I have been calling on this issue for some
time, and generally received a dismissive response from System
Administrators and IT management.  No one wants the work load or
responsibility this entails.  I suppose that if you don't acknowledge the
problem's existence, you can't be faulted for lack of due care!  If they
keep their heads in the sand long enough, somebody is  going to find out
what Ostrich meat tastes like...



Which is most likely the reason that so many wireless implimentations are
setup in such crappy out-of-the-box default installs.  And put into
production settings that way, no WEP, default ssid's, open dhcp, etc.  And
often by organizastions that *should* know better!  You know, those big
companies with the .gov/dod contracts, that fill all the gov/mil sites
seats with consultants and such.

The industry has a bad track record as a whole with moving new technology
into production settings withouth the slightest consideration of how it
might iimpact what's already been iin place and tweaked over time to
provide some level of security.  Of course you then have them danged
.edu's, and the state of Texas and how they do things...but, that's a
horse been beaten near to death <grin>.

Thanks,

Ron DuFresne
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
        ***testing, only testing, and damn good at it too!***

OK, so you're a Ph.D.  Just don't touch anything.

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

Fw: [Full-Disclosure] DCOM Exploit MS03-026 attack vectors Jeremiah Cornelius (Aug 01)
- Re: Fw: [Full-Disclosure] DCOM Exploit MS03-026 attack vectors Paul Robertson (Aug 02)
- <Possible follow-ups>
- Re: [Full-Disclosure] DCOM Exploit MS03-026 attack vectors R. DuFresne (Aug 03)