[Dshield] Is this some kind of washing hands or pointing fingers at innocent parties?

Peter Stendahl-Juvonen peter.stendahl-juvonen at welho.com
Wed Sep 11 14:51:06 GMT 2002


Ed, et al.


The "their servers" in

"Microsoft recommends that customers protect their servers against this
and other attacks by making sure that they follow standard security best
practices, such as: ..."

possibly, wrongly mislead one believing MicrosoftR targeted this
Knowledge Base article to real System or Network Administrators rather
than 'Home User' type of admins.

Hence, speculation if there really was need for this kind of
recommendations, or was it "pot calling the kettle black".

Should your response be interpreted MicrosoftR targeted this Knowledge
Base article to 'Home User' type of 'admins' running their "servers"
rather than real System or Network Administrators.

In one's opinion, looked by the eye of Home User, 'Home User' type of
admin or real System or Network Administrator's, the recommendations
rather fall in the category of truism.

Hence, Microsoft's target audience for these recommendations possibly
was just "the average Home User", i.e. a fictitious, non-existing
character.


-  Peter

             "I shall th'effect of this good lesson keep 
                     as watchman to my heart." 
      William Shakespeare (1564-1616), English dramatist, poet.



list-admin at dshield.org <mailto:list-admin at dshield.org> wrote on
Wednesday, September 11, 2002 3:00 PM on behalf of Ed Truitt:

> Actually, there are valid reasons for these recommendations.  IIRC,
> two of the major ones were "eliminate blank or weak administrator
> passwords" and "stay up-to-date on security patches".  These are also
> mentioned in the "SANS/FBI Top 20 List", which can be viewed at
> 
> http://www.sans.org/top20.htm
> 
> SQLSnake and Nimda/CRII are good examples of what can happen when you
> don't follow these.
> 
> Running current A/V software and making sure your internal servers are
> behind a firewall are also considered generally good things to do.
> Disabling the GUEST account is a Windows-specific thing, but it is
> also a very good thing to do (in fact, renaming the account, setting
> the password to a randomized strong string (alpha, numeric, special
> and non-printable characters), and setting the flag to prevent it
> from logging on, is probably the best thing you can do to it.
> 
> Cheers,
> Ed Truitt
> PGP fingerprint:  5368 D25E 468C A250 9833  CCD6 DBAE 9C25 02F9 0AB9
> http://www.etee2k.net
> http://www.bsatroop148.org
> 
> "Note to spammers:  my 'delete' key is connected to YOUR ISP.
>  Also, if you send me UCE, I reserve the right to post your spew
> on my Web site, with the appropriate color commentary, so that
> others may have a good laugh at your expense."
> 
> 
> ----- Original Message -----
> From: "Peter Stendahl-Juvonen" <peter.stendahl-juvonen at welho.com>
> To: "Dshield General DShield Discussion List" <list at dshield.org>
> Sent: Wednesday, September 11, 2002 6:19 AM
> Subject: [Dshield] Is this some kind of washing hands or pointing
> fingers at innocent parties?
> 
> 
>> 
>> Do genuine grounds for recommendations like these (in chapter
>> "Prevention") exist, or is this some kind of washing hands or
>> pointing fingers at innocent parties? 
>> 
>> http://support.microsoft.com/default.aspx?scid=kb;en-us;q328691
>> (MicrosoftR Knowledge Base article - Q328691, MIRC Trojan-Related
>> Attack Detection and Repair) 
>> 
>> "Instead, the attacks seek to take advantage of situations where
>> standard precautions have not been taken as detailed in the
>> "Prevention" section of this article." 
>> 
>> 
>> -Peter
>> 
>>           "A single stone can cause a building to collapse."
>> 
>>    Francisco de Quevedo y Villegas (1580-1645); Spanish writer.
>> 
>> 
>> 
>> _______________________________________________
>> Dshield mailing list
>> Dshield at dshield.org
>> To change your subscription options (or unsubscribe), see:
> http://www.dshield.org/mailman/listinfo/list
>> 
> 
> _______________________________________________
> Dshield mailing list
> Dshield at dshield.org
> To change your subscription options (or unsubscribe), see:
> http://www.dshield.org/mailman/listinfo/list 




More information about the list mailing list