[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-Disclosure] Blaster: will it spread without tftp?
- To: nick@virus-l.demon.co.uk
- Subject: Re: [Full-Disclosure] Blaster: will it spread without tftp?
- From: Gregory Steuck <greg-fulldisclosure@nest.cx>
- Date: 12 Aug 2003 23:38:27 -0700
>>>>> "Nick" == Nick FitzGerald <nick@virus-l.demon.co.uk> writes:
Nick> "Least privilege" and "minimized services" are standard
Nick> security mantra, right? If so, WTF do so many Windows boxes
Nick> even have TFTP client executables installed? What proportion
Nick> of "normal users" has _any_ real need for TFTP these days? In
Nick> fact, who in their right mind would use it at all?? Ditto RCP
Nick> and RSH amongst much other archaic and/or arcane crap that MS
Nick> seems to feel "needs" to be on every box under the sun.
Last I heard "Secure by default" is not in Microsoft's repertoire. How
big is minimal install of Win2K? How much of that does not comply with
"least privilege" and "minimized services" security mantra?
Nick> Sure, removing these tools does not completely fix your boxes,
Nick> but by setting the bar higher you should be increasing the
Nick> average complexity needed for any possible attack scenario to
Nick> be successfully exploited _on your boxes_.
Nah, that's only a marginal difference. Once adversary code executes on
your system (with SYSTEM privs, giggle), you are screwed, period. Just
check out how they uudecoded executables on those highly stripped
systems. And I bet uudecode can be even written in shell. So, in our
general purpose OSes we cannot do anything but "hard cover - chewy
core".
Bye
Greg
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html