[unisog] New exploit

Valdis.Kletnieks at vt.edu Valdis.Kletnieks at vt.edu
Tue Nov 11 18:45:37 GMT 2003


On Tue, 11 Nov 2003 13:08:55 EST, Jon Mitchiner <jon.mitchiner at gallaudet.edu>  said:

> The most common way that a computer is breached is either a) weak or blank
> passwords or b) machine was not kept up to date.

c) wide-open security (open shares/ports/etc).  Note that this is to some
degree different than (a) - a machine can have good passwords and all the
patches that have come out, but if you've shared C: to the world,
you're going to find malware in C:\WINDOWS or C:\WINNT soon enough....

d) User says "ooh! SHINY" <clicky-clicky> - It's a well known fact that unless
you stand there with a cluebat, users will click on almost anything, from
dancing hamsters to promises of topless celebrities....


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/unisog/attachments/20031111/3d2f7227/attachment-0003.bin


More information about the unisog mailing list