[22328] in bugtraq
RE: HTML email "bug", of sorts.
daemon@ATHENA.MIT.EDU (David LeBlanc)
Mon Aug 20 14:01:01 2001
Reply-To: <dleblanc@mindspring.com>
From: "David LeBlanc" <dleblanc@mindspring.com>
To: <thomas.rowe@bankofamerica.com>, <bugtraq@securityfocus.com>
Date: Sun, 19 Aug 2001 12:39:34 -0700
Message-ID: <0f2101c12991$a5041730$0100a8c0@davenet.local>
MIME-Version: 1.0
Content-Type: text/plain;
charset="US-ASCII"
Content-Transfer-Encoding: 7bit
In-Reply-To: <86256AAD.00116E61.00@notes.bankofamerica.com>
If you're filtering outbound traffic in a corporate environment (something
I'd recommend), it will stop that sort of thing. Additionally, if you're
just a normal dial-up user, you can stop it by opening your connection icon,
choose properties, networking, and make sure "File and Printer Sharing for
Microsoft Networks" is unchecked, as well as "Client for Microsoft
Networks". The first is off by default, the second is enabled by default. If
you are a dial-up user, and not on a home LAN, turning off the Workstation
service will accomplish the same thing. Additionally, a home user can enable
SMB signing, which also defeats the attack. Rolling out SMB signing in a
corporate environment is a bit more complicated.
> -----Original Message-----
> From: thomas.rowe@bankofamerica.com
> And if you were running WinNT 4 and that referrer pointed to a server
> advertising a share, NT would send your username and password
> to try to log
> you on without your knowledge. It could be grabbed and sent
> back to your
> machine, logon, and the atttacker would have all rights to
> your machince and
> network that the ID you're using has.
> (as I've mentioned before, MS has known about this hole since
> before SP2)
