From proff Sat Sep 28 08:49:13 1996 Received: (proff@localhost) by suburbia.net (8.7.4/Proff-950810) id IAA06954 for best-of-security; Sat, 28 Sep 1996 08:49:13 +1000 Received: (sendmail@localhost) by suburbia.net (8.7.4/Proff-950810) id IAA04540; Sat, 28 Sep 1996 08:44:12 +1000 Received: from brimstone.netspace.org(128.148.157.143) via SMTP by suburbia.net, id smtpd02809aaa; Sat Sep 28 07:55:41 1996 Received: from netspace.org ([128.148.157.6]) by brimstone.netspace.org with ESMTP id <23768-18806>; Fri, 27 Sep 1996 17:53:32 -0500 Received: from netspace.org (netspace [128.148.157.6]) by netspace.org (8.7/8.6.12) with SMTP id RAA06696; Fri, 27 Sep 1996 17:50:53 -0400 Received: from NETSPACE.ORG by NETSPACE.ORG (LISTSERV-TCP/IP release 1.8b) with spool id 582055 for BUGTRAQ@NETSPACE.ORG; Fri, 27 Sep 1996 17:12:54 -0400 Received: from netspace.org (netspace [128.148.157.6]) by netspace.org (8.7/8.6.12) with SMTP id RAA02708 for ; Fri, 27 Sep 1996 17:12:35 -0400 Approved-By: ALEPH1@UNDERGROUND.ORG Received: from gateway.esisys.com (gateway.esisys.com [155.229.50.1]) by netspace.org (8.7/8.6.12) with SMTP id QAA27715 for ; Fri, 27 Sep 1996 16:16:49 -0400 Received: from jacob (jacob.esisys.com [155.229.50.12]) by gateway.esisys.com (8.6.10/8.6.10) with SMTP id PAA09183 for ; Fri, 27 Sep 1996 15:18:00 -0400 X-Sender: jacob@esisys.com Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" X-Mailer: Approved-By: Jacob Langseth Message-ID: <199609271918.PAA09183@gateway.esisys.com> Date: Fri, 27 Sep 1996 16:18:31 -0400 Reply-To: Jacob Langseth Sender: Bugtraq List From: Jacob Langseth Subject: Re: NT security et al (Dangers of NetBIOS/NBT?) To: Multiple recipients of list BUGTRAQ Approved: proff@suburbia.net >o Windows 3.11 has share bugs microsoft will never apparently fix, > whereby any share allows the whole disk to be accessed by using > a ../../.. type construct and the smbfs client code. Well, there is actually a fix available for Windows 3.11. Take a look at While we're on the subject of NT network pet peeves (aka NetBios gotchas), here's some more: ppl can view full process lists from remote (via pview's connect feature) (pview.exe is included w/ MSVC++). ppl can read portions of the registry remotely (via regedt32.exe). This can be REALLY BAD for NT workstations configured to use auto-logon, as people usually forget to remove read permission from the WinLogon entry (which keeps the auto-logon password stored in cleartext). ppl can read Application and Event logs remotely (w/ eventvwr.exe) Is it just me, or is the entire principle of releasing this kind of information (logs, processes, registry info), w/o explicit permission from the administrator, completely flawed? Anyone know how to disable these 'features'? JwL -- Jacob Langseth -=-finger for PGP key-=- Enhanced Systems, Inc. email: jacob@esisys.com 6961 PeachTree Ind Blvd voice: (770) 662-1504 ext. 684 Norcross, GA 30092 fax: (770) 662-1537