HalbaSus wrote:
> My question would be... Why would anyone want to patch it ? Here are some
> reasons for not bothering about it.
I have worked at a school in the past which was running NT(/w2k) workstations,
in such a case there are good reasons to fix it...
[..]
> 2. Currently there are plenty of remote vulnerabilities which leave you with
> enough priviledge to do some nasty stuff on a Win32-box [..]
The workstations aren't running IIS or something, the only ports open are for
filesharing/rpcstuff (which ofcourse also had/have bugs).
> 3. As long as someone needs phisical access for this it's not really such a
> serious problem.. usually when someone has phisical access to a computer he
> can do mostly whatever he/she wants. Without using exploits...
That's right but it will take some time to open up the computer so it's highly
likely a teacher will see it.
> 4. And probably the most important reason: Shatter is one of those mostly
> harmless yet very neet exploits that you can impress your friends with... [..]
I don't agree with this.
Just because users can logon locally doesn't make any root exploit on that box harmless.
For example: a user can install a keyb logger to sniff passwords from other
users logging in at that machine.
Bram Matthys.
This archive was generated by hypermail 2b30 : Mon Aug 26 2002 - 08:15:43 PDT