[vox-tech] microsoft zen: the dual nature of XP
Joel Baumert
vox-tech@lists.lugod.org
Thu, 20 Dec 2001 15:17:19 -0800
I read through the details on this one... _NASTY_
This is eeye's report. It is clear enough so the CodeGreen
or whatever the next windows worm is will be out within a
couple of days.
>From my read of the problem one broadcast UDP message on
a network can infect all unpatched XP boxes. Nice... You
get someone to click on the current email executable attachment
and it does one UDP broadcast and everyone gets to share in
the joyous occasion.
http://www.eeye.com/html/Research/Advisories/AD20011220.html
Joel
On Thu, Dec 20, 2001 at 02:34:43PM -0800, Peter Jay Salzman wrote:
> first the good news...
>
> www.microsoft.com/windowsxp/pro/techinfo/planning/security/whatsnew/default.asp
>
> Windows XP provides the most dependable version of Windows ever-with the
> best security and privacy features Windows has ever provided.
>
>
>
> now for the bad news...
>
> www.cnn.com/2001/TECH/ptech/12/20/microsoft.hackers.ap/index.html
>
> Microsoft's newest version of Windows, billed as the most secure ever,
> contains several serious flaws that allow hackers to steal or destroy a
> victim's data files across the Internet or implant rogue computer software.
>
> A Microsoft official acknowledged that the risk to consumers was
> unprecedented because the glitches allow hackers to seize control of all
> Windows XP operating system software without requiring a computer user to
> do anything except connect to the Internet.
>
>
>
> then the good news:
>
> "This is the most secure version of Windows we have ever released,"
> -- Scott Culp, Microsoft Security Response Center manager
>
>
>
> and then for the bad:
>
> Hackers could attack individual computers directly, though the flaws also
> allow hackers to transmit an attack to a single Internet address and strike
> all the nearby Windows XP computers within a corporation or neighborhood.
>
>
> doors open, boys. ;)
>
> pete
[...]