[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re[2]: [Full-Disclosure] Automatically passing NTLM authentication credentials on Windows XP

To: 3APA3A@xxxxxxxxxxxxxxxx
Subject: Re[2]: [Full-Disclosure] Automatically passing NTLM authentication credentials on Windows XP
From: "Hidenobu Seki" <urity_friday@xxxxxxxxxxx>
Date: Wed, 29 Sep 2004 18:10:42 +0900

From: 3APA3A <3APA3A@xxxxxxxxxxxxxxxx>

I  don't  think  problem  reported  by you is different issue, it's just
another exploit scenario for the same problem. I know few more tricks to
redirect user to UNC share.

I see your meaning. So, I agree.

I hope Microsoft fundamentally address the issue in the future. In the meantime, I expect you (Microsoft) to do something for their problems piece by piece. Don't leave "img src=file://..." as it is for 7 years. I think many people use Windows by default but get WindowsUpdate. They aren't aware that they use weak LM authentication.

Kind regards,
Urity

_________________________________________________________________ MSN 8 helps eliminate e-mail viruses. Get 2 months FREE*. http://join.msn.com/?page=features/virus

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Prev by Date: RE: [Full-Disclosure] JPEG AV Detection
Next by Date: [Full-Disclosure] directory traversal in ParaChat Server 5.5
Previous by thread: Re[2]: [Full-Disclosure] Automatically passing NTLM authentication credentials on Windows XP
Next by thread: RE: [Full-Disclosure] JPEG Virus
Index(es):
- Date
- Thread