Re: CR II - winME? confirmation? (Slightly OT)

["Enrique A. Compañ Gzz." <enrique () virtekweb net>]

Yeahp. It's true. Everyone is at risk of being exploited... not only by
CRI/II but to other variants of the worm too.
I have Win 2K, and I don't use my computer as a server, but I have a cable
modem and I'm connected constantly.

Normal users don't need to have IIS installed/running on their computers,
but some people (like me) DO have
IIS installed AND running, i.e. for development, testing, learning, etc. The
point is, that everyone can be vuln.

I was aware of this situation, since the first deep analisis of CR was
released... so I installed a firewall (Gauntlet ;-)) and everything is
right. I also have Mandrake 8.0. and found in the apache logs, an attempt
of  intrusion from a CR-owned host (it was actually an ISP from the US).

I think that's another example of the disadvantages of running m$ software.

Try switching to Linux/BSD...

----- Original Message -----
From: "Gregory McCann" <cambria () owt com>
To: "Amer Karim" <amerk () telus net>; "VULN-DEV List"
<VULN-DEV () securityfocus com>
Sent: Tuesday, August 07, 2001 8:28 PM
Subject: Re: CR II - winME? confirmation? (Slightly OT)


> On 8/7/2001 at 4:55 PM Amer Karim wrote:
>
> > I just came across a situation today where one of my clients
> > asked me to have a look at his home system since it was behaving rather
> > strangely.  Found out he was running W2K Pro w/ IIS installed (had a site
> > running w/ pics of his family), and when I asked him if he'd patched it
for
> > the original CR he just gave a blank look - followed by "I though that
was
> > only for servers." .I just about put my head through the wall.
>
> Hard to blame him when even the SecurityFocus web site says of CR2, "only
web servers are vulnerable -- home PC users are generally immune".
> http://www.securityfocus.com/news/232
>
>
> Greg