[Dshield] Security Alert: Remote Vulnerability in Internet Explorer via DCOM

John Sage jsage at finchhaven.com
Fri Jul 5 12:58:08 GMT 2002


On Wed, Jul 03, 2002 at 10:27:07PM -0700, Kenneth Porter wrote:
> On Wed, 2002-07-03 at 04:52, Geoff Shively wrote:
> > If one knew the account name and the password of a remote machine, one
> > can remotely control the software component on it using DCOM.
> 
> Am I missing something? If you know the username/password, then you're
> *supposed* to be able remote control things there. How is this different
> from legitimate ssh?

I believe the point is, as has been often stated, that many many
people use a password such as "password" or their last name, or
somesuch...

Given that generally most people's passwords are very insecure, and,
say, a staff directory, you'd be into many corporate computer systems,
right quick.


- John
-- 
^ALÍ! This program cannot be run in DOS mode.^M

PGP key      http://www.finchhaven.com/pages/gpg_pubkey.html
Fingerprint  FE 97 0C 57 08 43 F3 EB 49 A1 0C D0 8E 0C D0 BE C8 38 CC B5 




More information about the list mailing list