Full Disclosure mailing list archives
Re: Blaster: will it spread without tftp?
From: Gregory Steuck <greg-fulldisclosure () nest cx>
Date: 12 Aug 2003 23:38:27 -0700
"Nick" == Nick FitzGerald <nick () virus-l demon co uk> writes:
Nick> "Least privilege" and "minimized services" are standard Nick> security mantra, right? If so, WTF do so many Windows boxes Nick> even have TFTP client executables installed? What proportion Nick> of "normal users" has _any_ real need for TFTP these days? In Nick> fact, who in their right mind would use it at all?? Ditto RCP Nick> and RSH amongst much other archaic and/or arcane crap that MS Nick> seems to feel "needs" to be on every box under the sun. Last I heard "Secure by default" is not in Microsoft's repertoire. How big is minimal install of Win2K? How much of that does not comply with "least privilege" and "minimized services" security mantra? Nick> Sure, removing these tools does not completely fix your boxes, Nick> but by setting the bar higher you should be increasing the Nick> average complexity needed for any possible attack scenario to Nick> be successfully exploited _on your boxes_. Nah, that's only a marginal difference. Once adversary code executes on your system (with SYSTEM privs, giggle), you are screwed, period. Just check out how they uudecoded executables on those highly stripped systems. And I bet uudecode can be even written in shell. So, in our general purpose OSes we cannot do anything but "hard cover - chewy core". Bye Greg _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: ISS Security Brief: "MS Blast" MSRPC DCOM Worm Propagation (fwd), (continued)
- Re: ISS Security Brief: "MS Blast" MSRPC DCOM Worm Propagation (fwd) morning_wood (Aug 12)
- RE: ISS Security Brief: "MS Blast" MSRPC DCOM Worm Propagation (fwd) Evans, Arian (Aug 12)
- Blaster: will it spread without tftp? Maarten (Aug 12)
- Re: Blaster: will it spread without tftp? Craig Pratt (Aug 12)
- Re: Blaster: will it spread without tftp? Maarten Hartsuijker (Aug 12)
- Re: Blaster: will it spread without tftp? Jim Clausing (Aug 12)
- Re: Blaster: will it spread without tftp? Matthew Murphy (Aug 12)
- RE: Blaster: will it spread without tftp? Derek Soeder (Aug 12)
- Re: Blaster: will it spread without tftp? Nick FitzGerald (Aug 12)
- Re: Blaster: will it spread without tftp? Russell Fulton (Aug 12)
- Re: Blaster: will it spread without tftp? Gregory Steuck (Aug 13)
- Blaster: will it spread without tftp? Maarten (Aug 12)
- Re: Blaster: will it spread without tftp? Valdis . Kletnieks (Aug 13)
- RE: ISS Security Brief: "MS Blast" MSRPC DCOM Worm Propagation (fwd) Ron DuFresne (Aug 12)
- Re: ISS Security Brief: "MS Blast" MSRPC DCOM Worm Propagation (fwd) Gregory Steuck (Aug 13)
- RE: ISS Security Brief: "MS Blast" MSRPC DCOM Worm Propagation (fwd) Mike (Aug 13)