[4178] in bugtraq
Re: Internet Explorer Bug #4
daemon@ATHENA.MIT.EDU (Rubens Kuhl Jr.)
Sun Mar 16 15:37:00 1997
Date: Sat, 15 Mar 1997 18:05:59 -0300
Reply-To: "Rubens Kuhl Jr." <rkuhljr@PUERIDOMUS.BR>
From: "Rubens Kuhl Jr." <rkuhljr@PUERIDOMUS.BR>
To: BUGTRAQ@NETSPACE.ORG
> From: Steve Birnbaum <sbirn@NETMEDIA.NET.IL>
> To: BUGTRAQ@NETSPACE.ORG
> Subject: Re: Internet Explorer Bug #4
> Date: S=E1bado, 15 de Mar=E7o de 1997 15:44
> Forgetting about finding a way to get someone to sit down on the cons=
ole
> of the NT machine and trying to get to your web site, is it possible =
to
> spoof a WINS sync to that NT server? Hobbit's paper shows that
> NT trusts you to be who you say you are when connecting for a CIFS sh=
are.
> I'm curious if there is any more security involved in the case of an =
NT
> server that is set up to syncronize WINS tables with other NT servers=
.
WINS syncing is guarded by machine accounts (when the servers belong to=
the
same domain) or by domain trust relationships, not by machine names.
Rubens Kuhl Jr.
