Re: CR II - winME? confirmation? (Slightly OT)

From: Enrique A. Compań Gzz. (enriqueat_private)
Date: Thu Aug 09 2001 - 10:14:33 PDT

  • Next message: HackHawk: "Re: CR II - winME? confirmation? (Slightly OT)"

    Yeahp. It's true. Everyone is at risk of being exploited... not only by
    CRI/II but to other variants of the worm too.
    I have Win 2K, and I don't use my computer as a server, but I have a cable
    modem and I'm connected constantly.
    
    Normal users don't need to have IIS installed/running on their computers,
    but some people (like me) DO have
    IIS installed AND running, i.e. for development, testing, learning, etc. The
    point is, that everyone can be vuln.
    
    I was aware of this situation, since the first deep analisis of CR was
    released... so I installed a firewall (Gauntlet ;-)) and everything is
    right. I also have Mandrake 8.0. and found in the apache logs, an attempt
    of  intrusion from a CR-owned host (it was actually an ISP from the US).
    
    I think that's another example of the disadvantages of running m$ software.
    
    Try switching to Linux/BSD...
    
    ----- Original Message -----
    From: "Gregory McCann" <cambriaat_private>
    To: "Amer Karim" <amerkat_private>; "VULN-DEV List"
    <VULN-DEVat_private>
    Sent: Tuesday, August 07, 2001 8:28 PM
    Subject: Re: CR II - winME? confirmation? (Slightly OT)
    
    
    > On 8/7/2001 at 4:55 PM Amer Karim wrote:
    >
    > >I just came across a situation today where one of my clients
    > >asked me to have a look at his home system since it was behaving rather
    > >strangely.  Found out he was running W2K Pro w/ IIS installed (had a site
    > >running w/ pics of his family), and when I asked him if he'd patched it
    for
    > >the original CR he just gave a blank look - followed by "I though that
    was
    > >only for servers." .I just about put my head through the wall.
    >
    > Hard to blame him when even the SecurityFocus web site says of CR2, "only
    web servers are vulnerable -- home PC users are generally immune".
    >
    > http://www.securityfocus.com/news/232
    >
    >
    > Greg
    >
    



    This archive was generated by hypermail 2b30 : Fri Aug 10 2001 - 11:10:52 PDT