Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Messenger service abuse (from inside the network)

From: "Rod Trent" <rodtrent () yahoo com>
Date: Tue, 9 Dec 2003 13:16:03 -0500
Never assume anything is more secure just because you think its obscure.
Yahoo just recently released a fix for a serious vulnerability. 

-----Original Message-----
From: Mark Harris [mailto:mharris () aspacesolutions com] 
Sent: Tuesday, December 09, 2003 5:25 AM
To: 'Zachary Mutrux'; 'Security-Basics'
Subject: RE: Messenger service abuse (from inside the network)

I believe Yahoo do a supposedly 'secure' mesesenger service. It being off
the main track of Microsoft may mean it will be less open to attack (but we
all know that may not be correct ;-)

Have not looked into this myself, but am checking into this for my own
comapny, any feedback welcome.

Regards,


Mark Harris, CISSP
CISO

ASPACE Solutions - Securing your multi-channel business
T: +44 (0)20 7744 6248
M: +44 (0)7793 047 875
Website www.aspacesolutions.com

Three Tuns House
109 Borough High Street
London SE1 1NL


-----Original Message-----
From: Zachary Mutrux [mailto:zmutrux () compumentor org]
Sent: 05 December 2003 17:13
To: Security-Basics
Subject: RE: Messenger service abuse (from inside the network)


Like Shawn said, use NTFS permissions to deny access to the net.exe program,
to anyone but system and whatever groups should have authorized access. No
need to visit each computer individually, these settings can be assigned via
group policy.

However, this won't stop someone from bringing his own copy of net.exe in on
a floppy or downloaded from the Internet.

Does anyone know of a good replacement for the Messenger service? I would be
particularly interested in a cross-platform (Mac/PC) solution. Or something
that will let the Mac receive notes sent via the Messenger service. Maybe
that should be a separate thread.

If the students' computers aren't already on their own separate network,
that might be a place to start. Then their Messenger hijinks won't affect
computers used by teachers and administration.

I like the idea of being able to block messenger traffic with a packet
filter, but where would this be implemented? Not on the firewall, not on the
server. It would have to be implemented on all the workstations. Is there a
way to do that in W2K Pro? A managed personal firewall might work, but the
administrative overhead is too high to justify, just to stop this problem.

zm


-----Original Message-----
From: Shawn Jackson [mailto:sjackson () horizonusa com]
Sent: Wednesday, December 03, 2003 4:48 PM
To: Alexander Lukyanenko; security-basics () securityfocus com
Subject: RE: Messenger service abuse (from inside the network)


      Just ACL the net command to SYSTEM, DOMAIN ADMINS, etc. Make sure

you 

got everything locked down on the system (gpedit.msc). Also make sure 
they aren't installing any software for messenger spamming.



---------------------------------------------------------------------------
----------------------------------------------------------------------------




---------------------------------------------------------------------------
----------------------------------------------------------------------------


---------------------------------------------------------------------------
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: