 |
|
|
|
|
|
| |
| |
|
|
|
|
| |
| |
|
|
"Orchid XP v7" <voi### [at] dev null> wrote in message
news:47617baa$1@news.povray.org...
> >> What, you mean like if you turned RPC off? :-}
> >
> > Huh?
>
> Turning RPC off reputedly causes Windoze-based PCs to malfunction to the
> point of being unuseable. Great if you want to close this large security
> hole...
>
It's not that large a security hole. Unless you fiddle with the default
security, it's remote process communication on your own machine.
RPC is used by various processes of windows to communicate with each other
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Gail Shaw wrote:
> "Orchid XP v7" <voi### [at] devnull> wrote in message
> news:47617baa$1@news.povray.org...
>>>> What, you mean like if you turned RPC off? :-}
>>> Huh?
>> Turning RPC off reputedly causes Windoze-based PCs to malfunction to the
>> point of being unuseable. Great if you want to close this large security
>> hole...
>>
>
> It's not that large a security hole. Unless you fiddle with the default
> security, it's remote process communication on your own machine.
>
> RPC is used by various processes of windows to communicate with each other
Depends on your definition of "large".
As I understand it, anybody who can guess what your admin password is
can have unlimited access to your PC via RPC. Nice...
--
http://blog.orphi.me.uk/
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
"Orchid XP v7" <voi### [at] devnull> wrote in message
news:47617e7a$1@news.povray.org...
>
> As I understand it, anybody who can guess what your admin password is
> can have unlimited access to your PC via RPC. Nice...>
Anyone who's guessed your admin password owns your machine regardless.
del \\machine\c$\*.* /S
And that's not even considering them walking up to the machine (if its not a
server) and loging in. Or if it is a server, usign remote desktop/terminal
services
Strong admin password, perhaps?
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Gail Shaw wrote:
> "Orchid XP v7" <voi### [at] devnull> wrote in message
> news:47617e7a$1@news.povray.org...
>> As I understand it, anybody who can guess what your admin password is
>> can have unlimited access to your PC via RPC. Nice...>
>
> Anyone who's guessed your admin password owns your machine regardless.
>
> del \\machine\c$\*.* /S
Which, as I understand it, only works because RPC is enabled.
If you can't remotely talk to the machine, you can't do anything to it.
> And that's not even considering them walking up to the machine (if its not a
> server) and loging in. Or if it is a server, usign remote desktop/terminal
> services
>
> Strong admin password, perhaps?
I was thinking more of the millions of people who have PCs in their
homes, probably with a blank or default admin password, who have no idea
that random people on the Internet can use that password to remotely do
stuff to it.
--
http://blog.orphi.me.uk/
http://www.zazzle.com/MathematicalOrchid*
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Orchid XP v7 wrote:
> If you can't remotely talk to the machine, you can't do anything to it.
RPC includes things like programs talking to the graphics subsystem,
login process talking to the protected storage process, and console
programs talking to CRSS (console simulation subsystem).
Kind of like eliminating pipes and sockets on Unix.
--
Darren New / San Diego, CA, USA (PST)
It's not feature creep if you put it
at the end and adjust the release date.
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Orchid XP v7 nous apporta ses lumieres en ce 2007/12/13 15:47:
> Gail Shaw wrote:
>> "Orchid XP v7" <voi### [at] devnull> wrote in message
>> news:47617e7a$1@news.povray.org...
>>> As I understand it, anybody who can guess what your admin password is
>>> can have unlimited access to your PC via RPC. Nice...>
>>
>> Anyone who's guessed your admin password owns your machine regardless.
>>
>> del \\machine\c$\*.* /S
>
> Which, as I understand it, only works because RPC is enabled.
>
> If you can't remotely talk to the machine, you can't do anything to it.
>
>> And that's not even considering them walking up to the machine (if its
>> not a
>> server) and loging in. Or if it is a server, usign remote
>> desktop/terminal
>> services
>>
>> Strong admin password, perhaps?
>
> I was thinking more of the millions of people who have PCs in their
> homes, probably with a blank or default admin password, who have no idea
> that random people on the Internet can use that password to remotely do
> stuff to it.
>
Turning RPC off mean that your programms can't accept any input from your
keyboard and mouse. It mean that your programms can't even create ther main
window, let alone display anything in them. It mean that you can't access the disks.
It mean that Windows itself can't accept keyboard and mouse inputs and can't
access the display. It mean that the various parts of Windows can't communicate
with each other. Most calls for DLL functions use RPC. Any call to code at an
address that is more than 64K away may be a "remote" call.
A system that ask for a password, with a blank password, is more secure than the
same system with a weak password. The reason is that when a password is asked,
you don't just hit "enter", you try to find a password... and that cracker
applications are not made to try the blank password.
--
Alain
-------------------------------------------------
Wiccan: An it harm none, let shit happen.
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
