Random restart or random registry crash not soo random...
From: Michael (Starkiller5@Hotmail.com)
Date: 01/06/03
- Next message: Joe C: "Re: Network Access and Passwords"
- Previous message: Tom Della-Latta: "Re: Mycrowsoft's appetite for opaserv worm"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Michael" <Starkiller5@Hotmail.com> Date: Sun, 5 Jan 2003 15:25:50 -0800
Hello,
I have recently discovered a major security issue in
Windows XP, 2000 and 9X (Including ME) that addresses an
open port through MSN and Microsoft.net services, or other
services, such as AOL, that use a similar port. In
essence, even with the Windows XP firewall ENABLED, a
computer may still be left vunerable to certain attacks,
and even file and registry access without knowledge to the
individual user. Windows XP and 2000 address this as a
device driver error, when in fact, that is only part of
the issue. What happens is someone from the outside may
have accessed the system registry or files on an
individual's computer. In my case, part of my registry
was being deleted without my knowledge, in turn, causing
the computer to simply either have a stop error, or
restart. Once restarted, I would usually get prompted
that my system file, or, system.dat (depending on OS), had
been rendered unreadable and told to restore using Windows
Recovery Console. This had happened several times and had
forced me to re-install XP several times before I caught
on to what was happening. The remote shutdown feature
also still remain vulnerable and can cause the computer to
restart at random as well. The way a cracker can access
is through a port that is left open through services such
as MSN, AOL, Yahoo, and others. These ports work around
XP's Internet Connection Firewall and can be used in this
manner. This issue especially applies to Windows XP
since .Net Passport integration is part of logon. This
issue can also only be done as long as that port is left
open to a cracker that knows the individual user. In
other words, someone that is in any of the user's buddy
lists that is not blocked, and may not be known as
malicious to the other user. I figured out that it was an
ex friend of mine that was doing this to my computer.
Also, keep your feathers numbered for such an occurance.
I found that the registry backup stored in the "Repair"
folder of your Windows 2000 or XP installation was
created, and is not updated, only after a fresh install of
the OS and does not contain any changes since then. I
recommend to Microsoft to please make it soo that after
your computer has a successful start-up or, restart, to
make Windows re-backup or refresh the registry to the
repair folder as well as system restore. Fortunately, I
have both Windows ME and XP and used ME to back-up the
XP's regitry files into compressed files, and extracted
the registry from those instead. Until Microsft solves
this issue, I recommend doing the same in-case of such an
occurrence or registry crash in general.
Thank you.
- Next message: Joe C: "Re: Network Access and Passwords"
- Previous message: Tom Della-Latta: "Re: Mycrowsoft's appetite for opaserv worm"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
