|
 |
Orchid XP v7 nous apporta ses lumieres en ce 2007/12/13 15:47:
> Gail Shaw wrote:
>> "Orchid XP v7" <voi### [at] dev null> wrote in message
>> news:47617e7a$1@news.povray.org...
>>> As I understand it, anybody who can guess what your admin password is
>>> can have unlimited access to your PC via RPC. Nice...>
>>
>> Anyone who's guessed your admin password owns your machine regardless.
>>
>> del \\machine\c$\*.* /S
>
> Which, as I understand it, only works because RPC is enabled.
>
> If you can't remotely talk to the machine, you can't do anything to it.
>
>> And that's not even considering them walking up to the machine (if its
>> not a
>> server) and loging in. Or if it is a server, usign remote
>> desktop/terminal
>> services
>>
>> Strong admin password, perhaps?
>
> I was thinking more of the millions of people who have PCs in their
> homes, probably with a blank or default admin password, who have no idea
> that random people on the Internet can use that password to remotely do
> stuff to it.
>
Turning RPC off mean that your programms can't accept any input from your
keyboard and mouse. It mean that your programms can't even create ther main
window, let alone display anything in them. It mean that you can't access the disks.
It mean that Windows itself can't accept keyboard and mouse inputs and can't
access the display. It mean that the various parts of Windows can't communicate
with each other. Most calls for DLL functions use RPC. Any call to code at an
address that is more than 64K away may be a "remote" call.
A system that ask for a password, with a blank password, is more secure than the
same system with a weak password. The reason is that when a password is asked,
you don't just hit "enter", you try to find a password... and that cracker
applications are not made to try the blank password.
--
Alain
-------------------------------------------------
Wiccan: An it harm none, let shit happen.
Post a reply to this message
|
|
