Yeahp. It's true. Everyone is at risk of being exploited... not only by CRI/II but to other variants of the worm too. I have Win 2K, and I don't use my computer as a server, but I have a cable modem and I'm connected constantly. Normal users don't need to have IIS installed/running on their computers, but some people (like me) DO have IIS installed AND running, i.e. for development, testing, learning, etc. The point is, that everyone can be vuln. I was aware of this situation, since the first deep analisis of CR was released... so I installed a firewall (Gauntlet ;-)) and everything is right. I also have Mandrake 8.0. and found in the apache logs, an attempt of intrusion from a CR-owned host (it was actually an ISP from the US). I think that's another example of the disadvantages of running m$ software. Try switching to Linux/BSD... ----- Original Message ----- From: "Gregory McCann" <cambriaat_private> To: "Amer Karim" <amerkat_private>; "VULN-DEV List" <VULN-DEVat_private> Sent: Tuesday, August 07, 2001 8:28 PM Subject: Re: CR II - winME? confirmation? (Slightly OT) > On 8/7/2001 at 4:55 PM Amer Karim wrote: > > >I just came across a situation today where one of my clients > >asked me to have a look at his home system since it was behaving rather > >strangely. Found out he was running W2K Pro w/ IIS installed (had a site > >running w/ pics of his family), and when I asked him if he'd patched it for > >the original CR he just gave a blank look - followed by "I though that was > >only for servers." .I just about put my head through the wall. > > Hard to blame him when even the SecurityFocus web site says of CR2, "only web servers are vulnerable -- home PC users are generally immune". > > http://www.securityfocus.com/news/232 > > > Greg >
This archive was generated by hypermail 2b30 : Fri Aug 10 2001 - 11:10:52 PDT