Re: Windows File Sharing: Facing The Mystery

Daniel Premium,MVM join:2000-06-26 Pleasanton, CA clubs:	reply to ghost16825 Re: Windows File Sharing: Facing The Mystery said by ghost16825 : Great article. But just one point I'd like to make which I didn't see. Sure, Steve Gibson sensationalises things and has little in the way of helpful factual information. But the main reason why these services are dangerous, is usually not for their file enumeration ability nor their file sharing capabilities. It's the fact that they are (often by default) a running service with open ports as a consequence - which by itself implies that they will inevitably be vulnerable to buffer overflows from certain created input. Definitely. The focus here, however, was to say on the networking side of things with a slant towards security. In other words, I wanted to discuss the file sharing technologies themselves and not go into the much larger subject of securing a Windows machine in a more general sense. I was going to go down that path, but it would have become much more than a couple hours woth of article in a hurry. I wrote most of this while watching some little Panda movie on T.V. with my girlfriend. That wouldn't be possible if I had expanded the scope any. Thanks for the comments though; I see what you mean. -- dmiessler.com - grep understanding knowledge
	to forum · permalink · · 2005-04-07 12:00:13 ·
ghost16825 Use security metrics Premium join:2003-08-26	reply to Daniel Great article. But just one point I'd like to make which I didn't see. Sure, Steve Gibson sensationalises things and has little in the way of helpful factual information. But the main reason why these services are dangerous, is usually not for their file enumeration ability nor their file sharing capabilities. It's the fact that they are (often by default) a running service with open ports as a consequence - which by itself implies that they will inevitably be vulnerable to buffer overflows from certain created input. Plus the fact that these services are difficult to "turn off" completely on Windows machines. And this goes for almost any service with remote functionality, including those on UNIX machines. (Unix has had its share of RPC security issues). Most security issues arise not because of the functionality or abuse of the functionality itself, but from input bounds-checking issues which allow buffer overflows and consequently malware to be executed remotely. -- Admin of the Kerio 2x-like open source project: http://sourceforge.net/projects/kerio/ http://kerio.sourceforge.net/
	to forum · permalink · · 2005-04-07 06:32:24 ·


Sunday, 29-Nov 01:29:27	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 10 years online! © 1999-2009 dslreports.com.republican-creole page compression OFF