Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: TS/3389 risk on Internet

from [Tim] Network Security [Permanent Link]
Subject: Re: TS/3389 risk on Internet
Date: Mon, 1 Nov 2004 22:43:03 -0500 
If you choose to do this you need to enable high encryption which uses
128 bit and change the port TS listens on.
http://support.microsoft.com/default.aspx?scid=187623



I think the originator of this thread is aware of this problem, but
based on many of the other posts, it appears others aren't, so I'll post
it here:
  http://seclists.org/lists/bugtraq/2003/Apr/0038.html

AFAIK, M$ has changed nothing to fix this major design flaw.  My point
here is, no amount of encryption will do any good if you aren't
authenticating who you are sending it to, as a client.  If you can
masquerade as the server, then you should be able to inject your own
session keys, and read any data coming from the client, which would
include any login passwords.
(If there have been any recent changes by M$ in newer versions which
correct this, please, do tell.)

Come to think of it, perhaps using an alternative client (rdesktop?) one
could authenticate and store server keys/fingerprints, fixing this
user-interface flaw.  I haven't touched Windoze in a while, does anyone
know if this feature is available in alternative clients?

thanks,
tim
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: SAP Pen-Test, Nicolas Gregoire
Next by Date:  Re: TS/3389 risk on Internet, Neale Green
Previous by Thread:  RE: TS/3389 risk on Internet, Peadro, Jeff (AIS)
Next by Thread:  Re: TS/3389 risk on Internet, Travis Potter
Indexes:  [Date] [Thread] [Top] [All Lists]