Hosting Provided By

RE: MS Terminal Services open to the world

From: Curt Purdy <purdy(at)tecman.com>
Date: Thu Apr 11 2002 - 09:35:11 EDT

Actually we prefer TS to VNC with unencrypted passwords and PC-Anywhere that broadcasts it's existance on the Internet.

Curt Purdy CISSP, MCSE+I, CNE, CCDA
Senior Systems Engineer
Information Security Engineer
DP Solutions

If you spend more on coffee than on IT security, you will be hacked. What's more, you deserve to be hacked.
-- White House cybersecurity adviser Richard Clarke

-----Original Message-----

From: Ralph Los [mailto:RLos@enteredge.com] Sent: Friday, January 10, 2003 9:09 AM
To: 'Pen-test@securityfocus.com'
Subject: MS Terminal Services open to the world Sensitivity: Confidential

Hello all,

I've got a pretty good client of mine who absolutely refuses to heed my warnings about keeping Terminal Services open to the world. They rely on Windows passwords and figure that's strong enough for all their servers (management). Now I'm given the task of auditing their security/infrastructure and would like to come up some creative ways to back up my point about MS TS open to the Internet being a bad idea.

Any thoughts or input is appreciated.

Ralph

This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/

Do you need help?

This message: [ Message body ]
Next message: Indian Tiger: "Penetration Testing using OSSTMM"
Previous message: Dominick Baier: "AW: MS Terminal Services open to the world"
In reply to: Ralph Los: "MS Terminal Services open to the world"
Reply: Robert G. Ferrell: "Re: MS Terminal Services open to the world"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:02:31 EDT