[Dshield] Is this some kind of washing hands or pointing fingers at innocent parties?

John Sage jsage at finchhaven.com
Wed Sep 11 14:30:45 GMT 2002


Nuts.

On Wed, Sep 11, 2002 at 02:19:44PM +0300, Peter Stendahl-Juvonen wrote:
>  
> Do genuine grounds for recommendations like these (in chapter
> "Prevention") exist, or is this some kind of washing hands or pointing
> fingers at innocent parties?
>  
> http://support.microsoft.com/default.aspx?scid=kb;en-us;q328691
> (MicrosoftR Knowledge Base article - Q328691, MIRC Trojan-Related Attack
> Detection and Repair)
>  
> "Instead, the attacks seek to take advantage of situations where
> standard precautions have not been taken as detailed in the "Prevention"
> section of this article."

"Standard Precautions" should include Micro$oft's authoring software
that's not vulnerable out of the box.

<snip>
"Prevention

Microsoft recommends that customers protect their servers against this
and other attacks by making sure that they follow standard security
best practices, such as:

* Eliminating blank or weak administrator passwords.
* Disabling the guest account..."
:
<snip>

If:

Micro$oft would build its products such that a "..blank or weak
admininstrator password.." was *impossible*

and if:

Micro$oft would build its products such that the guest account *was
disabled* by default

Then: 

a whole *lot* of people would be spared a whole lot of problems.


But of course, this is not Micro$oft's fault.

Nothing is *ever* Micro$oft's fault.


- John
-- 
"Obviously, we do not want to leave zombies around."

PGP key:     http://www.finchhaven.com/pages/gpg_pubkey.html
Fingerprint: C493 9F26 05A9 6497 9800  4EF6 5FC8 F23D 35A4 F705




More information about the list mailing list