Dailydave mailing list archives

Re: Lame studies that people quote as fact that haveno basis in reality and still don't prove anything even if they did

From: Sinan Eren <sinan.eren () immunitysec com>
Date: Wed, 4 Feb 2004 19:08:40 -0800 (PST)

Windows 98 had quite a few remote vulns. There were the Winsock stack 
issues (all those fun DoS attacks), there was the NetBIOS share name 
password disclosure/bypass bug, and some serious disclosure issues when 
then file sharing was enabled. The second you dropped any network service 
onto the system, you opened up another flood of vulnerabilities. I have 
run into 98 boxes running SQL Server 7, IIS 4.0, Personal Web Server, 
etc. The best thing about 98 and network services was the "..." directory 
traversal attacks... Software which runs reasonable securely on NT 4.0 
becomes a gaping security hole when you install it on a 9x box.


still you have not named one remote "shell popping" vulnerability in the 
default install. there are no default shares, sharing is not 
even enabled... yes, there are BSOD but they do not matter much for real 
hackers, only fame seeking win32 vuln researchers. so obviously there is 
no remotely interesting exploit (at least public) for a default win98 
install but on the otherhand i can own a off the shelve openbsd 2.4 in 
many different ways! (of course not including the icmp kernel backdoor)

now, openbsd choose to claim security in the default install by not 
running anything (netstat -an will prove that on a 3.4, only ssh),
much like win98 (none of the apps you mentioned runs on a default 
install). so i can claim 1998 model windows is much more secure than 1998 
model OpenBSD and 1998 model windows is equally secure with 2004 model 
OpenBSD.


ping!
-sinan


On Wednesday 04 February 2004 08:11 pm, Sinan Eren wrote:

for some serious phun here it goes.

principle in the design stage? Does anyone seriously believe that Win
98 is more secure than OpenBSD?


yes i DO. lets roll time back to 1998 with all you current sploits

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://www.immunitysec.com/mailman/listinfo/dailydave

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://www.immunitysec.com/mailman/listinfo/dailydave

Current thread:

Re: Lame studies that people quote as fact that have no basis in reality and still don't prove anything even if they did, (continued)
- - Re: Lame studies that people quote as fact that have no basis in reality and still don't prove anything even if they did Dave Aitel (Feb 04)
- RE: Lame studies that people quote as fact that have no basis in reality and still don't prove anything even if they did Chris Eagle (Feb 04)
  - Re: Lame studies that people quote as fact that have no basis in reality and still don't prove anything even if they did Blue Boar (Feb 04)
    - Re: Lame studies that people quote as fact that have no basis in reality and still don't prove anything even if they did Dave Aitel (Feb 04)
    - RE: Lame studies that people quote as fact that have no basis in reality and still don't prove anything even if they did Chris Eagle (Feb 04)
    - Re: Lame studies that people quote as fact that haveno basis in reality and still don't prove anything even if they did Matt Hargett (Feb 04)
    - RE: Lame studies that people quote as fact that haveno basis in reality and still don't prove anything even if they did Chris Eagle (Feb 04)
    - Re: Lame studies that people quote as fact that haveno basis in reality and still don't prove anything even if they did Gunnar Peterson (Feb 04)
    - Re: Lame studies that people quote as fact that haveno basis in reality and still don't prove anything even if they did Sinan Eren (Feb 04)
    - Re: Lame studies that people quote as fact that haveno basis in reality and still don't prove anything even if they did H D Moore (Feb 04)
    - Re: Lame studies that people quote as fact that haveno basis in reality and still don't prove anything even if they did Sinan Eren (Feb 04)
    - Re: Lame studies that people quote as fact that haveno basis in reality and still don't prove anything even if they did H D Moore (Feb 04)
    - Re: Lame studies that people quote as fact thathaveno basis in reality and still don't prove anything even ifthey did Matt Hargett (Feb 04)
    - RE: Lame studies that people quote as fact that haveno basis in reality and still don't prove anything even if they did Rodney Thayer (Feb 04)
    - Re: Lame studies that people quote as fact that have no basis in reality and still don't prove anything even if they did the grugq (Feb 04)
- Re: Lame studies that people quote as fact that have no basis in reality and still don't prove anything even if they did Matt Hargett (Feb 04)
  - Re[2]: Lame studies that people quote as fact that have no basis in reality and still don't prove anything even if they did Halvar Flake (Feb 05)
    - Re: Re[2]: Lame studies that people quote as fact that have no basis in reality and still don't prove anything even if they did Matt Hargett (Feb 05)