Re: My Windows XP system is 100% secure - nobody can get in

From: Dave Thornburgh (dave-thorn@nodash.adelphia.net)
Date: 02/22/03 

From: "Dave Thornburgh" <dave-thorn@nodash.adelphia.net>
Date: Sat, 22 Feb 2003 07:19:53 GMT

"Don Jenkins" <bigwheeze@hotmail.net> wrote in message
news:3E5646D9.7050403@hotmail.net...

> In the rest of your post you said you were going to give specifics,
> then you proceeded to give generalities. You did not give even one
> specific. You are a bullshitter. Any idiot can quote generalities
> about computer security.
>
> Stay out of this thread if you either have no desire or are not
> qualified to intelligently participate.

I owe you my most abject apology. I hadn't realized that you have your
own home-made dictionary, with a different definition of both "specific"
and "generality" than the rest of us use.

You said I gave you not even one specific. Now who's full of it? I
gave you highly targeted links to SANS, CERT, Bugzilla, etc. The
documents referred to are highly detailed, extremely specific, verified
and verifiable. They have information about the risk level, the mechanism,
the effects, how to determine if they apply to you, and how to mitigate
or eliminate the vulerability.

As is almost always the case, I believe that the single biggest risk to
the security of your computer is the luser currently sitting at your
keyboard. I gave you a chance to move beyond your own generalities by
raising SPECIFIC points that you could have answered. Do you maintain
a strong password (and, for that matter, do you know that in XP, an
8-character password is much less secure than a 7-character one)? Have
you disabled the resource sharing and anonymous login "features" of XP?
Have you obtained and applied the patches recommended by the very vendors
that you trust so generously?

In case you didn't recognize that those were links that you were supposed
to follow, I'll post excerpts from one of them. Can you please enlighten
us about how this is not specific enough?

And, your response was exactly what I predicted.

--------------------------------------------
from <http://www.kb.cert.org/vuls/id/591890> :

Vulnerability Note VU#591890
Buffer overflow in Microsoft Windows Shell

Overview
A remotely exploitable buffer overflow exists in the Microsoft Windows
Shell. This buffer overflow is present in all versions of Windows XP,
but it is not present in other versions of Windows.

[snip]

Several different attack vectors can be used to exploit this vulnerability.

If a user opens a folder containing a file with malformed attributes,
the Windows Shell will read the attributes automatically.

If a user visits a web site hosting an audio file with malformed attributes
and hovers their mouse over the malicious file, the Windows Shell will read
the attributes automatically.

Via email. Again, quoting from MS02-072:
An attacker might embed a link to a share that contained the file in a frame
that would display when the user opened the email. An attacker could also
attach the file to an email message and send it to a user with a suggestion
that the user save the file to their desktop. Once the file was present on
the desktop, if the user hovered over the file with their mouse the
vulnerability could be exploited. Finally, an attacker could include in an
email message a link to a share that contained the file, along with a
suggestion that the user click on the link. If the user clicked the link,
the
share would be displayed and the vulnerability could be exploited.

II. Impact
An attacker can either execute arbitrary code (any such code would run with
the privileges of the victim) or crash the Windows Shell.

III. Solution
Apply a patch.

---------------------------------------------------
[end of quote]

And, if you've read this far, look again at the parenthetical note in the
"Impact" section. If you are running as an admin, then the attacker
inherits those admin rights. Specific enough for you? If not, then STFU.

Dave

Loading