RE: HTML email "bug", of sorts.

From: David LeBlanc (
Date: 08/19/01

From: "David LeBlanc" <>
To: <>, <>
Subject: RE: HTML email "bug", of sorts.
Date: Sun, 19 Aug 2001 12:39:34 -0700
Message-ID: <0f2101c12991$a5041730$0100a8c0@davenet.local>

If you're filtering outbound traffic in a corporate environment (something
I'd recommend), it will stop that sort of thing. Additionally, if you're
just a normal dial-up user, you can stop it by opening your connection icon,
choose properties, networking, and make sure "File and Printer Sharing for
Microsoft Networks" is unchecked, as well as "Client for Microsoft
Networks". The first is off by default, the second is enabled by default. If
you are a dial-up user, and not on a home LAN, turning off the Workstation
service will accomplish the same thing. Additionally, a home user can enable
SMB signing, which also defeats the attack. Rolling out SMB signing in a
corporate environment is a bit more complicated.

> -----Original Message-----
> From:

> And if you were running WinNT 4 and that referrer pointed to a server
> advertising a share, NT would send your username and password
> to try to log
> you on without your knowledge. It could be grabbed and sent
> back to your
> machine, logon, and the atttacker would have all rights to
> your machince and
> network that the ID you're using has.
> (as I've mentioned before, MS has known about this hole since
> before SP2)

Relevant Pages

  • Re: using network interfaces as raw devices
    ... networks. ... TCP is just a particular service 'likely to be ... useful' (for file transfers of all sorts) provided on top of ...
  • Please help...going from bad to worse
    ... I have had to re-install windows XP and since am having all sorts of ... In the control panel I have 2 Networks? ...
  • Re: Impeach Hillary
    ... It seems *your* side is feeling all sorts of things about her, ... rather large number of mini-right wing versions of anti-hillary ... The U.S. networks have joined in, two polls released, one showing ...