HalbaSus wrote: > My question would be... Why would anyone want to patch it ? Here are some > reasons for not bothering about it. I have worked at a school in the past which was running NT(/w2k) workstations, in such a case there are good reasons to fix it... [..] > 2. Currently there are plenty of remote vulnerabilities which leave you with > enough priviledge to do some nasty stuff on a Win32-box [..] The workstations aren't running IIS or something, the only ports open are for filesharing/rpcstuff (which ofcourse also had/have bugs). > 3. As long as someone needs phisical access for this it's not really such a > serious problem.. usually when someone has phisical access to a computer he > can do mostly whatever he/she wants. Without using exploits... That's right but it will take some time to open up the computer so it's highly likely a teacher will see it. > 4. And probably the most important reason: Shatter is one of those mostly > harmless yet very neet exploits that you can impress your friends with... [..] I don't agree with this. Just because users can logon locally doesn't make any root exploit on that box harmless. For example: a user can install a keyb logger to sniff passwords from other users logging in at that machine. Bram Matthys.
This archive was generated by hypermail 2b30 : Mon Aug 26 2002 - 08:15:43 PDT