Re: Security? Right.
Date: 05/19/05

Date: 19 May 2005 11:05:12 -0700

The obvious, easiest answer is to just not use the tool, and makes sure
it isn't on your system. Nevertheless, I think we are in agreement its
the disparaging messages sent about security thats most troublesome.

Microsoft may want to be serious about security, and I'm sure there are
a number of people at Micorsoft very serious about Microsoft...but
overall, the message is not getting out.

Roger Abell wrote:
> That is pretty embarassing, worse actually.
> IIRC this Remote.exe is much like an earlier NT4 era MSDN
> sample to illustrate client/server. No checks, if you know the
> port and syntax . . .
> I imagine someone thought, its is not much different from other
> remote shell type binaries one can get to install on someone's
> machine, that one must first have admin it install a service, etc.
> basically too much old generation MS-think that they are still
> working to infuse throughout the company.
> But placing it in the ResKit as a remote admin tool, embarassing.
> It reminds me of a comment nearly a couple years back by an
> MS sec strategist to effect that the ResKit is misnamed and
> should have been called the Windows cracker's toolkit.
> Anyway, I am emailing off as this is IMO something that has
> so far gone overlooked in the multiple waves of content purging
> that have happened since the security initiative got manpower.
> --
> Roger Abell
> Microsoft MVP (Windows Security)
> MCSE (W2k3,W2k,Nt4) MCDBA
> <> wrote in message
> >
> >
> > Security Vision and Framework
> >
> > "Microsoft is committed to enabling every customer to work,
> > communicate, and transact business more securely."
> > "Implementing threat modeling and other key security considerations
> > design and development stages."
> > "Promoting more secure deployment and management of our software."
> >
> > Now read:
> >
> >
> >
> > Remote Limitations
> >
> > "In addition to exposing your server to unauthorized users, Remote
> > the following limitations..."
> >
> > "Remote performs no security authorization. It permits anyone
> > Remote.exe Client to connect to your remote server. Because of
> > the account under which the remote server was run is open to anyone
> > connects."
> >
> > Wow. What a joke.
> >

Relevant Pages

  • [NT] Remote PC Access Server DoS Attack Vulnerability
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: ... Remote PC Access is "fast, compact software for accessing and controlling ... order to crash the remote server or remote system. ... acknowledgment code back to the local client, after this process, by ...
  • Re: remote control program
    ... The security of the interface has nothing to do with SSL. ... the security of your online banking technology also has nothing to do with SSL. ... If the technology was not properly assessed by a qualified security team then I wouldn't trust it. ... for remote work to the same location who complains about jitter and delay ...
  • RE: remote control program
    ... consider that you meant back-end security measures when I responded; ... I've never seen a vulnerability reported on them anywhere, ... To get in to the application one does not need credentials, ... when you attempt a remote session. ...
  • Re: Active Directory/HIPPA Question
    ... The client ... > roll out AD when their top priority this year is securing the applications ... Security is one of the biggest reasons. ... ESPECIALLY if you have 800 remote offices. ...
  • Re: DomainLocalServer$ is not a valid user
    ... I have traced by SQL-profiler on remote computer. ... it's always traced the user account. ... Its Security is ... to use the current user credential to logon to the remote server. ...