Saturday, November 19, 2005

uPnP Denial of Service Vulnerability in Windows 2000

Secunia offered a vulnerability announcement for Windows XP SP1 and Windows 2000. When a system running one of these operating systems requests a device list via RPC, the system is vulnerable to a potential Denial of Service attack.

The vulnerability announcement can be found here: http://secunia.com/advisories/17595/
Microsoft's Security Advisory is here: http://www.microsoft.com/technet/security/advisory/911052.mspx

The original write-up announcing the vulnerability is here: http://seclists.org/lists/vuln-dev/2005/Nov/0008.html
An addendum is here: http://seclists.org/lists/vuln-dev/2005/Nov/0007.html

Exploit code is in the write-up with the addendum containing a correction.

Good Article on Developing Stronger Passwords

This paper was actually put on the SANS Reading Room site a while ago, however, I just recently read it because it came up for Honors designation. It gives some good ideas for how to create stronger passwords in order to help end users. While most see the days of simple passwords to secure systems and data coming to an end sooner than later, the paper is still a very good read.

http://www.sans.org/rr/whitepapers/authentication/1636.php