Posting sensitive info, was => Re: Taking control of ones machine
From: H C (keydet89@yahoo.com)Date: 12/21/01
- Previous message: Darren W. MacDonald: "RE: Taking control of ones machine"
- In reply to: Steven Bonici: "Taking control of ones machine"
- Next in thread: Windex King: "Re: Posting sensitive info, was => Re: Taking control of ones machine"
- Next in thread: H Carvey: "Re: Taking control of ones machine"
- Reply: Windex King: "Re: Posting sensitive info, was => Re: Taking control of ones machine"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 21 Dec 2001 06:09:24 -0800 (PST) From: H C <keydet89@yahoo.com> To: focus-ms@securityfocus.com
As we reach the end of 2001, I find it hard to believe
that posts like this are still making their way to
public forums. For all of the strides we think we've
made with regards to security, there still seems to be
an effort to undermine that effort.
What we see with this post is an admin (quick check to
NSI's whois lookup confirms this) who is publicly
stating that at least one of his servers has a
web-based remote admin utility installed.
Quick checks of other public forums via a search
engine reveal quite a bit more information about the
infrastructure, applications used, and the apparent
knowledge level of the admins.
Now, don't misunderstand me...I'm all for the sharing
of information, and getting assistance from
knowledgeable sources. However, what I do find to be
extremely concerning is the apparent need for some
administrators to post sensitive information about
their infrastructure. Why not create a Yahoo account
specifically for such posts?
--- Steven Bonici <sbonici@groupea.com> wrote:
>
>
> You have to forgive me with the following questions,
> as I am not sure if
> this is the right group.
>
> We have been asked by one of our software vendors to
> allow them to use WebEx
> to take control of one of our servers. They
> explained to me that all I need
> to do is to install a "plug-in" and they can take
> control of the server
> through a web browser. We staged a test with a test
> server, and they came
> right in and took control. Isn't way too easy?
>
> I haven't contacted them yet, I thought I would ask
> here first. Is there
> any documentation or white papers into how this
> actually works and what can
> be done to protect the machine? Does anyone have
> any insight into WebEx? I
> am really curious as to how easy this is. I know
> once you go to the WebEx
> web site you need to agree and "allow" someone to
> actually connect, but it
> just seems way too easy.
>
> I know that websites can grab information from your
> browser, but again I
> would love to know "how" and all this seems to be
> connected in some way. I
> downloaded a copy of "pcaudit.exe" (by Internet
> Security Alliance), and that
> just goes to prove how vulnerable one is.
>
> Any information would be greatly appreciated.
> Thanks - Steven
__________________________________________________
Do You Yahoo!?
Check out Yahoo! Shopping and Yahoo! Auctions for all of
your unique holiday gifts! Buy at http://shopping.yahoo.com
or bid at http://auctions.yahoo.com
- Previous message: Darren W. MacDonald: "RE: Taking control of ones machine"
- In reply to: Steven Bonici: "Taking control of ones machine"
- Next in thread: Windex King: "Re: Posting sensitive info, was => Re: Taking control of ones machine"
- Next in thread: H Carvey: "Re: Taking control of ones machine"
- Reply: Windex King: "Re: Posting sensitive info, was => Re: Taking control of ones machine"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
