|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Dailydave] Lame studies that people quote as fact that haveno basis in reality and still don't prove anything even if they did
From: Sinan Eren (sinan.eren
immunitysec.com)
Date: Wed Feb 04 2004 - 21:08:40 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
> Windows 98 had quite a few remote vulns. There were the Winsock stack
> issues (all those fun DoS attacks), there was the NetBIOS share name
> password disclosure/bypass bug, and some serious disclosure issues when
> then file sharing was enabled. The second you dropped any network service
> onto the system, you opened up another flood of vulnerabilities. I have
> run into 98 boxes running SQL Server 7, IIS 4.0, Personal Web Server,
> etc. The best thing about 98 and network services was the "..." directory
> traversal attacks... Software which runs reasonable securely on NT 4.0
> becomes a gaping security hole when you install it on a 9x box.
still you have not named one remote "shell popping" vulnerability in the
default install. there are no default shares, sharing is not
even enabled... yes, there are BSOD but they do not matter much for real
hackers, only fame seeking win32 vuln researchers. so obviously there is
no remotely interesting exploit (at least public) for a default win98
install but on the otherhand i can own a off the shelve openbsd 2.4 in
many different ways! (of course not including the icmp kernel backdoor)
now, openbsd choose to claim security in the default install by not
running anything (netstat -an will prove that on a 3.4, only ssh),
much like win98 (none of the apps you mentioned runs on a default
install). so i can claim 1998 model windows is much more secure than 1998
model OpenBSD and 1998 model windows is equally secure with 2004 model
OpenBSD.
ping!
-sinan
>
> On Wednesday 04 February 2004 08:11 pm, Sinan Eren wrote:
> > for some serious phun here it goes.
> >
> > > principle in the design stage? Does anyone seriously believe that Win
> > > 98 is more secure than OpenBSD?
> >
> > yes i DO. lets roll time back to 1998 with all you current sploits
> _______________________________________________
> Dailydave mailing list
> Dailydavelists.immunitysec.com
> http://www.immunitysec.com/mailman/listinfo/dailydave
>
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]