Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Microsoft
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Items within XP SP2 and Win2003

from [kyle] Network Security [Permanent Link]
Subject: Re: Items within XP SP2 and Win2003
Date: Mon, 27 Sep 2004 13:35:46 -0500 
The particular exploit I examined appeared with SP2, and was described as a 
just SP2 vulnerability, I may have misread that myself, but the impression I 
got out of the way it was written was it was SP2 only. 

On Monday 27 September 2004 07:29 am, you wrote:

Perhaps I misread this issue.  The drag and drop vulnerability you speak
is not unique to SP2.  It also affects computers running SP1.

Denny


-----Original Message-----
From: kyle [mailto:kyle@inetconnection.com]
Sent: Monday, September 27, 2004 8:04 AM
To: Depp, Dennis M.; focus-ms@securityfocus.com
Subject: Re: Items within XP SP2 and Win2003

I believe the drag and drop error that works with IE and SP2
was a new
problem. I know there were more, but that was the largest
one. (if you are
not familiar with it, basically a webmaster can code it so by
moving the
mouse on the page, he has the ability to install anything and
bypass your
firewall) And I've seen ways people can get around the
"active x install
protection/download protection" that microsoft has included
(a simple string
tells it you already hit yes)
I think that if you don't have to upgrade to SP2, don't. Get
a real firewall
(ex: zone alarm, shorewall, or make a hardware one like
smoothwall) and keep
them up to date. They specialize in security, while m$
admitted they wont be
secure until 2010 (see slashdot for more info on that)

On Monday 27 September 2004 06:14 am, you wrote:

Interesting comment.  The arbitrary code exploits you mentioned, are
these unique to SP2 or does SP1 fall prey to them as well.  I am not
aware of any exploits that are unique to SP2.  The firewall is not
perfect I will admit, but it is a vast improvement over its
predecdessor.  The current firewall is great for a home machine.
However, when you use the wizard to poke holes in the firewall, they
seem to be much larger than needed.  I think a better


analogy for the


firewall is a privacy fence, but when you use the wizard to open the
firewall, often you are removing several boards when a knot


hole would


have worked just as well.

Denny


---------------------------------------------------------------------------
---------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Items within XP SP2 and Win2003, Depp, Dennis M.
Next by Date:  RE: Items within XP SP2 and Win2003, Hyland Jeremy J CONT KPWA
Previous by Thread:  RE: Items within XP SP2 and Win2003, Depp, Dennis M.
Next by Thread:  RE: Items within XP SP2 and Win2003, Hyland Jeremy J CONT KPWA
Indexes:  [Date] [Thread] [Top] [All Lists]