Vulnerability Development mailing list archives
Re: Gibson (was Crack Office XP)
From: ian <cheeken () cs bu edu>
Date: Tue, 12 Jun 2001 23:21:29 -0400
http://support.microsoft.com/support/kb/articles/Q195/4/45.ASP summary : you need to be an admin to do raw sockets. i too, find it hard to believe they'd change this design decision in XP. however. if someone is on your box and getting ready to 'sp00f sUm pAcKeTz' needing to be an admin probably won't stop them for long. ian. Ric Messier wrote:
I think claims is the key word there. Has someone verified yet that anyone at any privilege level can get access to raw sockets under Windows XP? Knowing the levels of privileges, etc that Windows NT has always had, I would find it hard to believe that they have just opened up access to that facility to anyone who wanted it. Ric -----Original Message----- From: David Schwartz [mailto:davids () webmaster com] Sent: Monday, June 11, 2001 2:13 PM To: Fenris () HammerofGod com; ricardo_x () hotmail com; vuln-dev () securityfocus com Subject: RE: Gibson (was Crack Office XP)If Gibson isn't bright enough to figure out how to write a script kiddie trojan to dynamically load the packet driver, I don't trust him enough to be telling the world that he thinks there's a problem. Besides, if this was really a problem, we'd already see this occuring on Win32 systems, Unix systems, Mac systems, etc - all of which support raw sockets. Methinks Gibsons diatribe was one more of wanting publicity for himself or his siteIn fairness to Gibson, there does not exist any Unix system I know of that has the flaw he claims Windows XP has. They all restrict access to raw sockets to trusted/privileged code. DS
Current thread:
- Gibson (was Crack Office XP) Fenris (Jun 11)
- RE: Gibson (was Crack Office XP) David Schwartz (Jun 11)
- RE: Gibson (was Crack Office XP) Ric Messier (Jun 12)
- Re: Gibson (was Crack Office XP) ian (Jun 13)
- RE: Gibson (was Crack Office XP) Ric Messier (Jun 12)
- <Possible follow-ups>
- RE: Gibson (was Crack Office XP) Kayne Ian (Softlab) (Jun 11)
- Software authentication (was RE: Gibson (was Crack Office XP)) jts28 (Jun 13)
- Re: Software authentication (was RE: Gibson (was Crack Office XP)) Mark Collins (Jun 14)
- Re[2]: Software authentication (was RE: Gibson (was Crack Office XP)) dullien (Jun 15)
- Re: Software authentication (was RE: Gibson (was Crack Office XP)) J Edgar Hoover (Jun 15)
- Re: Software authentication (was RE: Gibson (was Crack Office XP)) bill_weiss (Jun 15)
- RE: Software authentication (was RE: Gibson (was Crack Office XP)) Dom De Vitto (Jun 17)
- Software authentication (was RE: Gibson (was Crack Office XP)) jts28 (Jun 13)
- RE: Gibson (was Crack Office XP) David Schwartz (Jun 11)