Re: Security? Right.
zamdrist_at_gmail.com
Date: 05/19/05
- Next message: zamdrist_at_gmail.com: "Re: Security? Right."
- Previous message: bill: "RE: booting to dos"
- In reply to: Roger Abell: "Re: Security? Right."
- Next in thread: Roger Abell: "Re: Security? Right."
- Reply: Roger Abell: "Re: Security? Right."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 19 May 2005 11:05:12 -0700
The obvious, easiest answer is to just not use the tool, and makes sure
it isn't on your system. Nevertheless, I think we are in agreement its
the disparaging messages sent about security thats most troublesome.
Microsoft may want to be serious about security, and I'm sure there are
a number of people at Micorsoft very serious about Microsoft...but
overall, the message is not getting out.
Roger Abell wrote:
> That is pretty embarassing, worse actually.
> IIRC this Remote.exe is much like an earlier NT4 era MSDN
> sample to illustrate client/server. No checks, if you know the
> port and syntax . . .
> I imagine someone thought, its is not much different from other
> remote shell type binaries one can get to install on someone's
> machine, that one must first have admin it install a service, etc.
> basically too much old generation MS-think that they are still
> working to infuse throughout the company.
> But placing it in the ResKit as a remote admin tool, embarassing.
> It reminds me of a comment nearly a couple years back by an
> MS sec strategist to effect that the ResKit is misnamed and
> should have been called the Windows cracker's toolkit.
> Anyway, I am emailing off as this is IMO something that has
> so far gone overlooked in the multiple waves of content purging
> that have happened since the security initiative got manpower.
>
> --
> Roger Abell
> Microsoft MVP (Windows Security)
> MCSE (W2k3,W2k,Nt4) MCDBA
> <zamdrist@gmail.com> wrote in message
> news:1116424362.039003.8290@o13g2000cwo.googlegroups.com...
> > http://www.microsoft.com/security/twc/vision_frame.mspx
> >
> > Security Vision and Framework
> >
> > "Microsoft is committed to enabling every customer to work,
> > communicate, and transact business more securely."
> > "Implementing threat modeling and other key security considerations
in
> > design and development stages."
> > "Promoting more secure deployment and management of our software."
> >
> > Now read:
> >
> >
>
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/TechRef/0926da81-f03a-4986-959d-827b6753c22f.mspx
> >
> > Remote Limitations
> >
> > "In addition to exposing your server to unauthorized users, Remote
has
> > the following limitations..."
> >
> > "Remote performs no security authorization. It permits anyone
running
> > Remote.exe Client to connect to your remote server. Because of
this,
> > the account under which the remote server was run is open to anyone
who
> > connects."
> >
> > Wow. What a joke.
> >
- Next message: zamdrist_at_gmail.com: "Re: Security? Right."
- Previous message: bill: "RE: booting to dos"
- In reply to: Roger Abell: "Re: Security? Right."
- Next in thread: Roger Abell: "Re: Security? Right."
- Reply: Roger Abell: "Re: Security? Right."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
