Results 1 to 5 of 5

Thread: Got Windoze????

  1. #1
    Member
    Join Date
    Mar 2003
    Posts
    99

    Exclamation Got Windoze????

    Got this update from CERT last night.....Don't know if it's been posted yet, but here it is anyways...


    Got Windoze?????

    http://www.cert.org/advisories/CA-2003-08.html

  2. #2
    Antionline Herpetologist
    Join Date
    Aug 2001
    Posts
    1,165
    If you don't password protect your shares and have a null password, wtf do you expect? I have a share on my comp. In fact, the whole of my D: is shared. But, only one IP is allowed to access it. Others can't even see the share. Also, the user account that has the priveleges of seeing the share, is a Non-Admin account with absolutely minimal priveleges with a 15 character password. Windows shares are already notoriously insecure, so if you need to use them, make sure you secure them as much as you can.
    Cheers,
    cgkanchi
    Buy the Snakes of India book, support research and education (sorry the website has been discontinued)
    My blog: http://biology000.blogspot.com

  3. #3
    Member
    Join Date
    Mar 2003
    Posts
    99
    Have you ever done an SMB scan on some public networks? You'd be throughly surprised at what is accessible out there. You are smart enough to know to put passwords on system resources, but what about the guy who just bough his new version of XP or 2000, that doesn't know that C$ and ADMIN$ are shared out automatically? This article was just FYI.....sharing the wealth, as one of my former bosses said, as he stole information from another co-worker...hahahaha

  4. #4
    Senior Member
    Join Date
    Feb 2003
    Posts
    211
    ya .. i know SMB mate .. and i understand what do you talking .

    Have you ever done an SMB scan on some public networks?
    SMB is a client server, request-response protocol. The only exception to the request-response nature of SMB is when the client has requested opportunistic locks / oplocks and the server sequently has to break an already granted oplock because another client has requested a file open. And about the security SMB defines :
    1). Share level.
    2). User Level.

    in this case i agree with "d0ppelg@nger"

    If you don't password protect your shares and have a null password, wtf do you expect? I have a share on my comp. In fact, the whole of my D: is shared. But, only one IP is allowed to access it. Others can't even see the share. Also, the user account that has the priveleges of seeing the share, is a Non-Admin account with absolutely minimal priveleges with a 15 character password.
    and also "cgkanchi" correct about windows share security becoz i do windows share security either but ever done with SMB for a while.
    Both of you gave good explanation and suggestion .. so i think both of you correct.

    When I lay me down to sleep, Pray the LORD my soul to keep.
    If I die before i wake, Pray the LORD my soul to take.

    http://www.AntiOnline.com/sig.php?imageid=389

  5. #5
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,323
    Dude,

    Can you not explain something in your own words?

    This is from here:

    SMB is a client server, request-response protocol. The only exception to the request-response nature of SMB is when the client has requested opportunistic locks / oplocks and the server sequently has to break an already granted oplock because another client has requested a file open.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •