RE: CR II - winME? confirmation? (Slightly OT)

From: Gregory_DeGennaroat_private
Date: Wed Aug 08 2001 - 14:42:23 PDT

  • Next message: Red Pantz: "Winnt/Win2k Vuln ?"

    Greg
    
    LOL ...
    
    I believe most of the 1000+ blocked scans a day that come across my firewall
    have the same user or system administrator mentality.  I did three OS scans
    with nmap against three violators and all of them turn up to be W2K running
    IIS on my cable network.  I wanted to see who was not being responsible ...
    :-)
    
    Greg
     
    
    -----Original Message-----
    From: Gregory McCann [mailto:cambriaat_private]
    Sent: Tuesday, August 07, 2001 6:28 PM
    To: Amer Karim; VULN-DEV List
    Subject: Re: CR II - winME? confirmation? (Slightly OT)
    
    
    On 8/7/2001 at 4:55 PM Amer Karim wrote:
    
    >I just came across a situation today where one of my clients
    >asked me to have a look at his home system since it was behaving rather
    >strangely.  Found out he was running W2K Pro w/ IIS installed (had a site
    >running w/ pics of his family), and when I asked him if he'd patched it for
    >the original CR he just gave a blank look - followed by "I though that was
    >only for servers." ...I just about put my head through the wall.
    
    Hard to blame him when even the SecurityFocus web site says of CR2, "only
    web servers are vulnerable -- home PC users are generally immune".
    
    http://www.securityfocus.com/news/232
    
    
    Greg
    



    This archive was generated by hypermail 2b30 : Thu Aug 09 2001 - 12:02:29 PDT