At 10:34 AM 4/28/98 -0500, Dominique Brezinski wrote: >This is a known issue that has been reported to MS already. The two well >known commercial vulnerability scanners use this technique to determine the >administrator account name. At least one of them also tries to list all the >user names through this method. Just a note about who gets credit for this one - Dominique and I worked on this together at the first part of the year. We'd both batted some theory around, and I wrote the first code to accomplish this - he then took it and improved on it significantly. I certainly have to share the credit with him as it was definately a joint effort. To the best of my knowledge, no one else (outside MS) knew about this when we worked it out. David LeBlanc dleblancat_private
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:51:38 PDT