[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Re: It's not that simple...
- To: full-disclosure@xxxxxxxxxxxxxxxxx
- Subject: Re: [Full-disclosure] Re: It's not that simple...
- From: Micheal Espinola Jr <michealespinola@xxxxxxxxx>
- Date: Thu, 18 Aug 2005 10:40:43 -0400
2001? My hardening doc was written in 1995, and even then that was
not completely undiscovered information. It's been sitting in plain
sight, in security related KB's ever since at least NT 3.5. You just
had to know enough to look for it.
I don't think it wasn't until people starting compiling procedural
security docs (like I did), did it start to really become widely
known. It was unfortunate that it took MS so long to disseminate this
information themselves in a more accessible way with their own Best
Practices documentation and Security Checklists years later.
Null pipes are evil.
On 8/18/05, Paul Melson <pmelson@xxxxxxxxx> wrote:
>
>
> -----Original Message-----
> > Subject: Re: [Full-disclosure] Re: It's not that simple...
> >
> > Not clear whether Windows 2000 allows disabling of null sessions, but the
> implication is not.
>
> http://www.brown.edu/Facilities/CIS/CIRT/help/netbiosnull.html#_Toc25025304
>
> It's been part of Windows server hardening best-practices since at least
> 2001.
>
> Very little pity for those who haven't hardened servers and workstation
> images this late in the game.
>
> PaulM
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
--
ME2 <http://www.santeriasys.net/>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/