[Dshield] Is this some kind of washing hands or pointing fingers at innocent parties?
jsage at finchhaven.com
Wed Sep 11 14:30:45 GMT 2002
On Wed, Sep 11, 2002 at 02:19:44PM +0300, Peter Stendahl-Juvonen wrote:
> Do genuine grounds for recommendations like these (in chapter
> "Prevention") exist, or is this some kind of washing hands or pointing
> fingers at innocent parties?
> (MicrosoftR Knowledge Base article - Q328691, MIRC Trojan-Related Attack
> Detection and Repair)
> "Instead, the attacks seek to take advantage of situations where
> standard precautions have not been taken as detailed in the "Prevention"
> section of this article."
"Standard Precautions" should include Micro$oft's authoring software
that's not vulnerable out of the box.
Microsoft recommends that customers protect their servers against this
and other attacks by making sure that they follow standard security
best practices, such as:
* Eliminating blank or weak administrator passwords.
* Disabling the guest account..."
Micro$oft would build its products such that a "..blank or weak
admininstrator password.." was *impossible*
Micro$oft would build its products such that the guest account *was
disabled* by default
a whole *lot* of people would be spared a whole lot of problems.
But of course, this is not Micro$oft's fault.
Nothing is *ever* Micro$oft's fault.
"Obviously, we do not want to leave zombies around."
PGP key: http://www.finchhaven.com/pages/gpg_pubkey.html
Fingerprint: C493 9F26 05A9 6497 9800 4EF6 5FC8 F23D 35A4 F705
More information about the list