Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Bug Operating Systems Software Windows

File and Printer Sharing Insecure in XP SP2 368

ProKras writes "German magazine PC-Welt has discovered a major security flaw in Windows XP SP2 when installing over SP1. The article says that 'with a certain configuration, your file and printer sharing data are visible worldwide, despite an activated Firewall.' The magazine claims they were 'able to discover private documents on easily accessible computers on the Internet' and that the configuration is fairly common."
This discussion has been archived. No new comments can be posted.

File and Printer Sharing Insecure in XP SP2

Comments Filter:
  • by hlygrail ( 700685 ) on Saturday September 18, 2004 @06:33PM (#10287570)
    ...wait, no I'm not.

    • Re:I'm shocked! (Score:5, Interesting)

      by Curtman ( 556920 ) on Saturday September 18, 2004 @07:03PM (#10287748)
      I thought this was already common knowledge. Grab a copy of any P2P software and spend a few minutes port scanning clients you see in it. I spent an afternoon printing warnings on people's printers, with instructions on how to disable file & print sharing. Its quite an amazing thing to witness. About half of them are wide open, and don't require any password to mount the C drive or print documents. smbclient is a really fun utility. :)
      • Re:I'm shocked! (Score:5, Insightful)

        by Anonymous Coward on Saturday September 18, 2004 @07:37PM (#10287911)
        I spent an afternoon printing warnings on people's printers

        As well intentioned as you were, you shouldn't do such things. It's likely against your ISP's usage policy, generally considered unethical, and potentially against the law depending on where you live.
        • Re:I'm shocked! (Score:5, Insightful)

          by geeber ( 520231 ) on Saturday September 18, 2004 @07:43PM (#10287942)
          I spent an afternoon printing warnings on people's printers

          As well intentioned as you were, you shouldn't do such things. It's likely against your ISP's usage policy, generally considered unethical, and potentially against the law depending on where you live.

          While I can understand why such behavior might piss off an ISP, I don't see why it would generally be considered unethical. It's not like he was installing software remotely on someone's computer, which seems very different to me.

          Would it be unethical if he knocked on their door and told them in person of their vulnerabilities? How about if he slipped a flyer under their door while they weren't home? That seems to me to be the ethical equivilence of using their computer to print a warning.
        • Shared (Score:3, Funny)

          by Mark_MF-WN ( 678030 )
          These computing resources were being placed in the public domain. It's like finding a laser printer lying on the sidewalk and printing something on it.
          • Re:Shared (Score:4, Insightful)

            by Tim C ( 15259 ) on Sunday September 19, 2004 @04:31AM (#10289761)
            These computing resources were being placed in the public domain.

            So if I go out for the day and accidently leave my front door open, have I placed all my possessions in the public domain?

            I've said it before, and it looks like I'm going to have to keep on saying it - just because you *can* do something doesn't mean that you *should* or that you're *allowed* to.
            • Re:Shared (Score:3, Interesting)

              by Mark_MF-WN ( 678030 )
              We're not just talking about an open door, we're talking about a house with the door wide open and advertisements on the street saying "Come on in, public laser printer inside!". Windows Shares are exactly that -- shares. They are being shared out publically. The fact that Microsoft makes it possible to share things by accident is simply a demonstration of how hideously insecure Windows is. This is WAY beyond the simple flaws that Windows is known for -- those kinds of flaws are understandable and have
            • Re:Shared (Score:5, Insightful)

              by ultranova ( 717540 ) on Sunday September 19, 2004 @05:51AM (#10289902)

              These computing resources were being placed in the public domain.

              So if I go out for the day and accidently leave my front door open, have I placed all my possessions in the public domain?

              Since Windows file sharing is meant to share files - allow access to them - I don't really see how any document in a world-readable directory could be likened to the stuff in your house. You made the directory world-readable. You placed the document there. How could anyone make any other conclusion than that you meant the document to be readable by anyone. Same for printers - if you don't want people to print random garbage with them, why did you make them world-printable ?

              Now, it's possible that your computer is buggy and shared the directory by itself, or that you're an idiot who plays around with his computers configuration without understanding what's he doing, but how is anyone else supposed to know that ?

              As for your example, if keeping your front door open is commonly considered an invitation to come inside and take whatever you want, then yes, leaving your front door open is going to mean exactly that.

              I've said it before, and it looks like I'm going to have to keep on saying it - just because you *can* do something doesn't mean that you *should* or that you're *allowed* to.

              That, however, doesn't change the fact that you can hardly be blamed for using resources someone else has made available. Open port is an invitation. If the inviter wanted to limit his invitation to a certain group of people, he should have used a password. Otherwise, people have no way of knowing that this invitation didn't include them.

      • Re:I'm shocked! (Score:5, Interesting)

        by LO0G ( 606364 ) on Saturday September 18, 2004 @07:40PM (#10287928)
        My suspicion is that the "bug" is that while the XP SP2 firewall closes File&Print sharing on public IP addresses, there are several ISPs out there that give internet-connected computers private network (10.x.x.x) IP addresses.

        XP's firewall thinks that the machine is on a private network (and thus behind a hardware firewall), and so it allows access through the firewall. Unfortunately, in this case, the ISP screwed up and put the private IP on the internet without protection.
        • 10.x addresses will not route across the Internet (nor will the other private blocks). Routers will simply discard them as escaped packets.
          • They do this here at UIC. We have 10.x.x.x addresses BUT they each map to a unique address outside the ResNet world. So we can be addressed uniquely from the outside, but we think we're behind NAT. Dumb setup if you ask me.
      • If you REALLY wanted to make an impression, why not print out the Goatse Man? That'd convince my MOM to take some geekly advice.
      • by ari_j ( 90255 )
        I tried that once, only to find that several of the printers I hit were actually connected to my machine through the same hole and the bastards had shared 'em out locally, as well!
  • by Thaidog ( 235587 ) <slashdot753.nym@hush@com> on Saturday September 18, 2004 @06:33PM (#10287572)
    Wow... MS now ADVERTISING XP as a secure computing system with SP2. Now you're fscked for sure!
  • by sgant ( 178166 ) on Saturday September 18, 2004 @06:35PM (#10287579) Homepage Journal
    It's a feature! Now you can share all your documents with the world! Think of it as having a server hooked to the internet! Don't have to buy expensive server software or set up very hard to figure out Apache web servers...just install SP2 and you're "online" in more ways than one!

    Worry about your ISP not liking you operating a server? They (and you) don't even have to know!

    It's a feature!
  • by Darkman, Walkin Dude ( 707389 ) on Saturday September 18, 2004 @06:35PM (#10287581) Homepage

    Humiliation...

  • Slashdot and SP2 (Score:4, Interesting)

    by Anonymous Coward on Saturday September 18, 2004 @06:37PM (#10287591)
    It seems that Slashdot is desperate to publish any story that is negative about SP2, despite coming from a dubious source with little to no detail on this "flaw". I have to say that it really seems to me that MS got it right this time.

    Security over features and security over performance... isn't this exactly what we have been asking for? I mean, do you really care that the guy down the hall is running Powerpoint 9% slower?

    Cause all I care about is that he is not hammering my webserver with the latest virus.
    • by jm.one ( 655706 )
      So a print magazine with 2 million readers is dubios. (`cause it`s over there?) The flaw is well explained but it is a little bit comlicated. Maybe you shluld read again. This means everybody who has used file and printer sharing in SP1 an has updated to Sp2 and uses the build in Firewall insteed of something else is affected. That is a very likely szenario, don`t you think?
    • by nbert ( 785663 ) on Saturday September 18, 2004 @07:03PM (#10287742) Homepage Journal
      It seems that Slashdot is desperate to publish any story that is negative about SP2, despite coming from a dubious source with little to no detail on this "flaw". I have to say that it really seems to me that MS got it right this time.


      Slashdot might be eager to publish bad news related to SP2, but calling PC-Welt a dubious source sounds ridiculous to me (can you tell me about a US computer mag, which actually features news?).
      I don't think you ever heard of PC-Welt prior to this thread. You could as well state that nothing happened in Beslan, because you saw it on BBC (aka foreign media).
      I don't want to say that PC-Welt is a great mag - I bought my last issue about 5 years ago and I no regrets not reading it anymore. But if /. cites some "dubious" news from an unknown website some take it more seriously than news from a mag with real journalists and computer experts. Isn't there something wrong about this behaviour?
    • Re:Slashdot and SP2 (Score:5, Interesting)

      by Izago909 ( 637084 ) * <tauisgod@noSPaM.gmail.com> on Saturday September 18, 2004 @07:10PM (#10287789)
      Dubious or not, the solution is something that most people should do by default:
      This error can be corrected by choosing "User defined List" and entering the IP addresses that are supposed to have access - the IP addresses of your LAN. A whole range of an IP area can be entered as "192.168.x.0/255.255.255.0", if the respective addresses start with 192.168.x.
      So we should not allow file and printer sharing beyod our local network. Who would a thought? They also recommend using a router with a firewall or a secondary software firewall. It's been a while since I used zone alarm, but the last version I tried didn't notify the user if a windows process tried to access the network. That's why I switched to Sygate. [sygate.com] You'd be suprised what parts of windows want to transmitt data (like the file inexing serive) even though you aren't running them.
      • by mvdwege ( 243851 )

        What bugs is that this is not on by default.

        I mean, how hard can it be to set file and printer sharing by default to the local subnet only? Those parameters are already known, and in 90% of the cases this would suffice for normal usage.

        The very fact that MS overlooks such simple security measures and pushes things like the new security control panel (forgot what it's called) as a 'solution' proves to me that MS is more concerned about the appearance of security than actual security itself.

        Microsoft shows

    • by Anonymous Coward on Saturday September 18, 2004 @07:13PM (#10287797)
      You think it's better to hide Security Holes than to warn people of them!?!

      I, for one, welcome Slashdot's reporting of any security holes whether in Linux or MSWindows products. I can then research more and know what to be aware of before they get exploited.

      Or are you some kind of h4x0r who wants people to remain ignorant of shared filesystems?

    • Hold on a minute.

      This might be just the entry point virus writers have been looking for.

      Having unrestricted access to that guys C drive enables software to be deposited and potentially run.

      This software can add itself to the list of approved applications for firewall access and carry on spamming anyway.

      This is important.
    • 75 people in Dept A had no reboot today from their Windows XP.

      In a small town in France, Jean-Louis had a baguette for lunch along with some delicious red wine from the local winery.

      On Slashdot, an Anonymous Coward dared not post under a real name because he was too ashmed of his own rant.
    • Re:Slashdot and SP2 (Score:5, Interesting)

      by Aadain2001 ( 684036 ) on Saturday September 18, 2004 @08:09PM (#10288059) Journal
      I think /. is very quick to post bad news about SP2 because MS is out singing to the heavens about how much more "secure" it is and how they are taking security "seriously" now. Bugs like this are just evidence that MS is yet again trying to tack on security after-the-fact instead of doing what is necessary: start over and have security in mind from the ground up in designing, developing, and testing of their OS and applications. MS is still a breeding ground for viruses, backdoors, worms, etc, all because MS will not admit that their products are pieces of crap who's only positive traits are being easy to use (if you are already used to using MS products that is) and pretty to look at (if all you have ever seen is MS products). From a admistrative point of view, their stuff is buggy, bloated, and a POS at the source code level. The firewall in SP2 should be simple, clean, and not affected by ANY other program or hook instead of Windows. But MS couldn't even get that right, instead doing their usual "tie-it-into-eveything-else-we-loose-market-share- to-a-competitor" routine, giving the user a false sense of security. That is why /. railes against MS and SP2. We don't like being lied to by the marketing department.
    • by 0x0d0a ( 568518 )
      Second this. Seriously, people complain about MS running FUD campaigns. Know what? Their complaints are legitimate. That's why a lot of people in the know don't like Microsoft much.

      The solution is to continue to provide better information than Microsoft does, not to do the same damn thing about some stupid Microsoft service pack (which, FWIW, I'd say is the most security-oriented and Slashdotter-happiness-inducing patch Microsoft has come out with in years, beating many Linux distributions to noexec st
  • SP2 breaks lots of things, but the one argument for installing it was security. Now that's not a good argument I can simply say no to breaking a bunch of applications and crippling my system, but I can site the same "security reasons" any lame sysadmin may site site. Less admin on my laptops. Yay!
  • Samba (Score:2, Interesting)

    by Stevyn ( 691306 )
    And when people complain how much a pain Samba can be to set up can now realize at least we're not sharing with the whole world.

    Not to be a dick, but Microsoft, wtf?
  • by LostCluster ( 625375 ) * on Saturday September 18, 2004 @06:41PM (#10287621)
    The Slashdot summary is a little mis-worded such that it'll cause some unneeded alarm.

    If you configure File/Print sharing in the "wrong" way as the article talks about, it'll expose those services to the whole 'net even through the Windows Firewall. If there's firewall security installed anywhere else on the way to the Internet, such as at the edge router where firewalls really belong, Windows XP isn't so dumb as to pierce that level of security. Even a simple NAT is enough to be an effective blocker.

    In other words... we're running into "That's not a bug, that's a feature!" terroritory. If you ask Windows to share your files and printers accross an IP-based networks, you should be sure that the network is separated by a real firewall from the rest of the Internet. Fail to do that, and you might as well expect this is going to happen.
    • If there's firewall security installed anywhere else on the way to the Internet, such as at the edge router where firewalls really belong, Windows XP isn't so dumb as to pierce that level of security.

      Well it's not really Windows XP being not dumb enough to let outsiders in through the firewall, it's that it really can't let outsiders in, as it can't really control it (except for this uPNP thing for routers, can anyone explain what that is?).

    • In other words... we're running into "That's not a bug, that's a feature!" terroritory. If you ask Windows to share your files and printers accross an IP-based networks, you should be sure that the network is separated by a real firewall from the rest of the Internet. Fail to do that, and you might as well expect this is going to happen.

      If I hadn't read this article, I probably would have never known that I could (or at least there was intended functionality to let me) share files and printers across a f

    • by ProKras ( 727865 ) on Saturday September 18, 2004 @06:56PM (#10287708)
      I believe that the point of the article is that it's fairly easy for Average Joe user to to inadvertently configure their machine to share with the world what they intend to share only over a LAN. The Windows firewall in SP2 provides a false sense of security to these users.

      You're absolutely right that firewalls don't belong on the desktop.
    • It's also worth noting that most US broadband ISP block all Windows Filesharing traffic -- otherwise your network neighborhood becomes your real neighborhood. So this "issue" isn't likely to affect many users.
    • I'd *love* to agree, but if someone brings an infected machine *inside* your firewall--possible at home, more likely if you run an open AP (default settings, remember), and *very* likely at work. Sadly, we *do* need firewalls on the desktop. *Also*. Remember, security is *layers*.
  • "insecure"? WTF? (Score:3, Insightful)

    by diegocgteleline.es ( 653730 ) on Saturday September 18, 2004 @06:43PM (#10287640)
    Oh, so you can see docs and printers of a XP box? What good news sherlock, that's really a feature, not a "security bug". And I still wonder how on eart that "insecurity" didn't happened in my box when I upgraded from SP1 to SP2.

    But since a well know and famous page like pcwelt.de (or something like that) says it, we must put it in the slashdot's front page without even checking if it's true!!

    Just like the "XP SP2 Can Slow Down Business Apps" (read http://it.slashdot.org/comments.pl?sid=122264&cid= 10284438 [slashdot.org] or http://it.slashdot.org/comments.pl?sid=122264&cid= 10283379 [slashdot.org]) and docens of other news by MrTaco, etc.

    It doesn't seems matter all this can be pure FUD It's Windows!!!!1

    I can't tell slashdot editors what they have to put in their own page, but I'm not visiting slashdot anymore if this FUD continues. Sure windows sucks - what about putting news about how much it sucks instead of all this senseless FUD?
    • Re:"insecure"? WTF? (Score:5, Interesting)

      by NanoGator ( 522640 ) on Saturday September 18, 2004 @07:42PM (#10287936) Homepage Journal
      " Sure windows sucks - what about putting news about how much it sucks instead of all this senseless FUD?"

      It generates comments, and comments generate ad hits, and ad hits generate revenue. Somebody chimes in and says "That proves it, Microsoft utterly and completely dropped the ball, may they go down in flames!" Slashdot gets money. That's a gross oversimplification of how Slashdot generates revenue, but I have to admit, I'm seriously impressed on how they capitalized on anti-MS FUD.

      My point? Well, your beef really isn't with Slashdot. It's with the people commenting in stories like this. Lots of people are competing to get that +5 comment, and a lot of people with mod points out there (not all of them, maybe not even most) mod up the "this is proof that MS is OCP evil!" comments.

      I agree with you that the idea of not visiting is interesting. I'm rather sick of odd conclusions being drawn then lauded.
    • It's an open source website, almost everyone on here are advocates of open source.

      Personally I don't really care much, I browse through a bunch of articles, MOD down zealots, and MOD up the truly good comments.

      Hey it's better than working.

  • This service pack has been a complete failure. This is no longer about performance issues [slashdot.org] or or installation issues [slashdot.org].
    This a serious bug, and proof of what a poor work Microsoft has done with the Service Pack.
    I just remember how Microsoft executives stated (can't find the link, but read it here on slashdot) a bug was never discovered that they didn't know about in beforehand, and wanna laugh.
    Let's hope this gets some media attention and people start migrating to other OS's. I'm sure the boys at Redmond wou
  • hmm... (Score:5, Insightful)

    by focitrixilous P ( 690813 ) on Saturday September 18, 2004 @06:50PM (#10287675) Journal
    with a certain configuration, your file and printer sharing data are visible worldwide, despite an activated Firewall.

    With a certain configuration, ssh is accessable from outside, even with a firewall. if the configuration includes passwordless root, well then, a slashdot summary "ssh allows remote root access despite firewall" would be a tad overzealous, right? Unless the certain configuration is ever the default, this is just users not understanding what they are doing and missetting things. Not a MS problem, it's giving users a choice. It's just a very bad choice to make, but no different than, say, root telnet over wireless internet or something.

    • Re:hmm... (Score:3, Informative)

      by fymidos ( 512362 )
      >With a certain configuration, ssh is accessable
      >from outside, even with a firewall.
      indeed, but only if the firewall is not configured to block ssh.

      This is quite different: it's like an ssh server *not accessable from outside*, that magically becomes accesible from outside after a kernel update. It's not overzealous, it's a configuration problem that is encountered when you upgrade to SP2.
      Yes, it's not an exploit. It's just configuration, but still an SP2 problem.
  • by Anonymous Coward
    This site is getting worse by the day. I mean, come on.
  • NAT for the masses (Score:5, Informative)

    by alatesystems ( 51331 ) <chris@NOSpAm.chrisbenard.net> on Saturday September 18, 2004 @06:51PM (#10287682) Homepage Journal
    Please PLEASE if you have friends, family, or loved ones that are not behind a NAT router/box, please install one for them.

    Not just for flaws like this, but for windows problems in general and basically so you don't have to worry about the win32 machines BEHIND the nat before you worry about the nat box itself.

    Hint: ICS doesn't count as NAT IMHO.

    Chris
    • by LincolnQ ( 648660 ) on Saturday September 18, 2004 @07:49PM (#10287972)
      I just got to college a couple weeks ago.

      The school hands out external IP's to everyone! It's ridiculous. All these folks who drag their Windows laptops from home where they had a wireless router/NAT are now exposed on the open Internet.

      The school tells them to patch, but it's too late -- the half-life of an unpatched Windows box on the open 'net is about six minutes.

      Now, I brought two computers, Linux and Mac OS X, and I _STILL_ NAT them for security! (There are enough ports in my dorm room so that I wouldn't need to, but I do.)

      I'm pretty much the only one who wants or needs an external IP. I serve web, ssh, and files. So I'm really happy. But all the Windows boxes on the network are crying.

  • Hardware routers (Score:5, Insightful)

    by Schemat1c ( 464768 ) on Saturday September 18, 2004 @06:52PM (#10287684) Homepage
    Most of these security issues are solved by simply having an inexpensive netgear or linksys router and up to date virus software. They are cheap and easy enough to use that they should be considered standard equipment on any home PC connecting to the internet.
    • by CowboyBob500 ( 580695 ) on Saturday September 18, 2004 @07:17PM (#10287818) Homepage
      I don't think that that is the point. What you're suggesting is fixing a Microsoft problem with a 3rd party solution. That is not good enough, especially when Microsoft make overstated claims about the security of SP2.

      The problem should be fixed at Microsoft's end without having to rely on any 3rd party solutions at all. But then so many people seem to just bend over and take it where it hurts wherever Microsoft is concerned.

      For example it seems to be standard practice to put a Linux router/firewall in front of a Microsoft Exchange server. When, and more importantly how, did solutions like this become acceptable?

      Bob
      • by Schemat1c ( 464768 ) on Saturday September 18, 2004 @07:43PM (#10287946) Homepage
        I don't think that that is the point. What you're suggesting is fixing a Microsoft problem with a 3rd party solution. That is not good enough,...

        I think the point is to protect your data and your pc. If you choose to use Windows you should expect to make the necessary precautions or get nailed.

        It might make sense for bicycle manufacturers to include helmets and pads to protect you from injuries caused by using their product. Since this isn't the case one most purchase third party protections. It may not be fair, just the way things are.

        • Re:Hardware routers (Score:4, Interesting)

          by sparkz ( 146432 ) on Saturday September 18, 2004 @11:32PM (#10289024) Homepage
          If BMX promote their bikes as "Trustworthy Cycling" with a "Safety Update", that's language which implies that a user doesn't need any 3rd-party stuff to make it secure. It certainly doesn't imply that the most common method of using the bike (on public roads) or PC (directly connected to the internet) is known to be likely to cause major problems, which is the case with MS Windows (so far).
  • by bob65 ( 590395 )
    Are they talking about sharing files and printers *across* a firewall? If you purposely make holes in your firewall to let others on the other side to access your files and printers, wouldn't you expect everyone on the other side to have access, unless you had some sort of special authentication process or IP based rule to only allow some access?
  • by doorbot.com ( 184378 ) on Saturday September 18, 2004 @06:56PM (#10287710) Journal
    If I'm understanding it correctly, using the "Subnet" scope for your dialup connections actually allows access from the entire Internet. The article seems to argue that this "bug" is due to Windows ignoring certain settings when it deals with dialup connections. It doesn't say if the firewall code is flawed (and thus not properly calculating the "subnet" scope), or if there is some other DUN code which is overriding the firewall settings.
    • It's not clear. RTFA though so here is what I gather.

      According to the article...

      Each network connection has it's own configuration settings. Regardless of the settings in this dialogue window, if a file/print sharing is enabled (this is an internal windows service, which can potentionally use any network connection), then it is enabled by default on all active network connections. There are some conditions to this actually.

      The article does say this applies to all network connections (dialup, DSL, etc.
  • by Hortensia Patel ( 101296 ) on Saturday September 18, 2004 @06:59PM (#10287728)
    Backups are for wimps. Real men put their data on a WinXP internal share and have the rest of the world mirror it.
  • This is just pure BS (Score:3, Informative)

    by Anonymous Coward on Saturday September 18, 2004 @07:03PM (#10287750)
    I work at an OEM making bespoke Video Editing systems under XP. We are installing XP SP2 on all of our machines currently - these are machines that need VERY high performance in terms of both IO and actual OS-level resources.

    Service Pack 2 has a couple of irritations, and does seem to make things a tad slower on a couple of configurations, but this is just pure BS - I have not seen a single instance where it has enable File & Print Sharing as default on a Dial-up connection - or even where it has had those ports unblocked in the (rudimentary) firewall as default.

    Every one of our machines is different, I have NEVER encountered this problem on any of them.

    If you're stupid enough to tick a box in the Network Connections settings and you have no idea what it does, then you deserve to be 0wned!
  • ...and send them goat.cx?
  • by Anonymous Coward on Saturday September 18, 2004 @07:08PM (#10287774)
    A number of test scans run by PC-Welt revealed that this in fact is a common configuration and not a rare sight.
    How many were XP SP2? We all know that many misconfigured 95/98 systems exist. These systems have been probed for over half a decade. Nothing is new.
    It must be assumed, that these users wrongly believe they are safe and that their sharing configurations are only visible in their network at home: Often, we did not even encounter password protection.
    Misleading statement. Windows XP does not allow accounts with no password to be used with File and Printer Sharing.
    Due to the bug carried over from SP1 as well as a new bug, the firewall configuration with SP2 has a catastrophic effect. The SP2 installation simply uses the previous configuration of the firewall: If it was active for the dial-up connection, now it also has been activated for the network adapter. At the same time, an exception is determined for file and printer sharing: For the internal network card - and astonishingly also for all adapters.
    The default configuration does have an exception for File and Printer Sharing. However, the exception only covers the user's private home network; the internet will not have access to F&P Sharing.
    With the first use of the dial-up connection after installing SP2, all of your shared data are available on the Internet. Now, other users can start guessing your passwords for administrator and guest and you basically are no more secure than the first Windows 95 users with an Internet connection - thanks to Service Pack 2.
    The sentence order is wrong. "All of your shared data" are not available on the internet. The password would first have to be guessed, which is resilient to attacks due to the lockout policy for entering too many invalid passwords.
    After these measures, you can be sure to be as safe as you were with SP1. Great, don't you think?
    It wasn't broken in the first place, idiot. This article is embarrassing for even the zealous MS basher.
  • People are stupid. (Score:4, Interesting)

    by RoundTop-VJAS ( 580788 ) on Saturday September 18, 2004 @07:09PM (#10287782)
    both here and in the world.

    The reason that this was done likely is because SP2 enables the firewall by default. so you don't want people calling asking why their file shares and printer shares don't work.

    In addition to that, if it is a local network like that, they have a router in the first place, they are safe.

    In addition to that... remember in windows XP unless you CREATE a share it is not going to be there (even though the file and printer sharing may be turned on).

    In addition to THAT... winXP by default has guest turned off, so you would have to be an authenticated user to get access.

    someone is trying to be sensationalist and not thinking about things.
    • "someone is trying to be sensationalist and not thinking about things."

      Heh. The Register ran a story about how Internet Explorer was being used at an airport and it crashed bringing the whole place down. Their evidence of this was a picture somebody took of a display showing IE saying "page not found". I submitted the story under the headline "New Exploit Prevents IE from Finding Web Pages when Internet Connection is Broken". I don't think the Slashdot editors were amused.

  • by boijames ( 641781 ) on Saturday September 18, 2004 @07:11PM (#10287792) Homepage
    My roomie (who I hate) has a printer he was hiding that he's now all of a sudden sharing. 3 words: All. Black. Printjobs. I repeated those, uh, words, about a hundred times. Hilarity did -not- ensue. (Well, it did for me).
  • Windows (Score:4, Interesting)

    by Anonymous Coward on Saturday September 18, 2004 @07:18PM (#10287821)
    The fix is broken on computers that have already been compromised. Which is probably a fair number of them. This bothers me.

    Think about it, for a moment. The firewall is blocking internally-generated connections. Which is fair enough. (Though silently dropping would likely have been safer.) However, to lock the machine up, the TCP stack has got to be taking the error as cause to retransmit the packet.

    Why am I so certain that this is what's happening? Because Windows has had some degree of preemption for a while. It's not great, but it works. Sort-of. Lock-ups should be next to impossible on a totally pre-emptive OS, as the locked-up program would simply be interrupted. It'd slow the machine down, slightly, but it wouldn't be fatal.

    What we're getting here, though, looks like something fouling up big-time in a non-blockable part of Windows. Odds are pretty good that it's the network code. My suspicion is that the TCP stack and firewall are in an unbreakable infinite loop, with the error generated by the firewall causing the TCP code to resend the packet, ad infinitum.

    A lot of people have argued that Microsoft isn't to blame for other people's crappy code. Which is fair enough. But they are very much to blame for their own crappy code. If you're going to have non-blockable code (a VERY bad idea!) then you've got to be damn sure that there are no scenarios in which that code will put itself into a spin-dry cycle.

    It seems as though Microsoft merely added firewall code, with absolutely no thought as to the possible impact it could have on the rest of Windows.

    Further, if my suspicion is correct (and I'm pretty confident it is), then it should be possible to crash any Windows box remotely. Simply generate a packet that Windows cannot reply to. By forcing the TCP stack and the firewall to fight it out, you'd paralyze the machine.

    The correct way to handle this kind of situation is to recognise when a connection is administratively prohibited or impossible, and to not keep retrying. You'd then escape out of the non-blockable code, and pre-emption would allow you to continue as normal.

    If you want slightly "smarter" behaviour, then if a process repeatedly keeps retrying a connection or activity that is prohibited, every time it gets woken back up, it should drop in priority, be slept a reasonably long time (in the hope the problem can be cleared by then) or get kicked off the system. ("Three strikes and you're out." logic.)

    It should absolutely not be possible for any user process, no matter how badly written, to create a situation in which an uninterruptable infinite loop can develop. Either there needs to be some mechanism to interrupt any loop that might be infinite, OR there needs to be a mechanism for recognising when a loop is running unacceptably long.

    It's no use Microsoft whining that customers should clean their computers first. That would be like McAffee arguing that you should clean your computer of viruses before running their software. And how are you supposed to do that, if you've no software installed for detecting and/or cleaning the damn things in the first place?

    The only way you can know (for certain) that there's nothing trying to access an unauthorised port is by blocking the ports and seeing what happens when you try to use the computer as normal. And the only way you can then do anything about it is if the computer can cope with that situation in a controlled manner.

    bw
    • Re:Windows (Score:3, Informative)

      by Wumpus ( 9548 )
      I've seen this exact same post elswhere. Is this the new "BSD is dying" troll?

      Moderators - read this carefully. It doesn't make any sense.
  • Guilty of P2P (Score:5, Interesting)

    by Nom du Keyboard ( 633989 ) on Saturday September 18, 2004 @07:24PM (#10287854)
    Clearly Microsoft is guilty of distributing P2P software now. In fact, by now they're probably the biggest P2P supplier out there.

    I just can't wait to see the **AA go up against M$ over this.

    Does this mean that they won't use Microsoft DRM anymore?

  • by Limburgher ( 523006 ) on Saturday September 18, 2004 @07:34PM (#10287895) Homepage Journal
    and Samba, and acheive the same effect.

    But why?

  • MS has been so busy smearing Linux they forgot item 2 of their Security Vision [microsoft.com]!

    Or more probably they consciously decided that FUD was of utmost importance.
    MS is just digging their own grave with their ulterior [slashdot.org] motives [slashdot.org].

    I do a fair share of programming so I can understand some glitches here [microsoft.com] and there [theregister.co.uk] but this one is an enormously major fuckup.

    Dont they friggin test their software? What the hell?
    This could easily have been prevented if they had just 1 halfway knowledgeable employee trying to break the
  • by Sxooter ( 29722 ) on Saturday September 18, 2004 @08:22PM (#10288124)
    Microsoft goes on a bit about how much better their commercial software is because they have commercial code reviewers to catch this kind of thing, i.e. people who have a job to do and are getting paid to do it must be doing a better job than the great unwashed masses.

    Microsoft tells us they do these kinds of things better, but the reality of the situation is that fixing security issues require a group of people who know what they're doing, and honestly, I don't think Microsoft has a whole lot of those people.
  • by rice_burners_suck ( 243660 ) on Saturday September 18, 2004 @10:37PM (#10288751)
    The magazine claims they were 'able to discover private documents on easily accessible computers on the Internet' and that the configuration is fairly common.

    By leveraging innovative technologies, content providers streamline compelling enterprise solutions.

  • by Entropius ( 188861 ) on Sunday September 19, 2004 @12:11AM (#10289150)
    People really shouldn't rely on the built-in WinXP firewall for protection.

    It might be alright for compartmentalization--keeping boxes on a LAN safe from each other. But I sure wouldn't want to put a machine on the internet with just the WinXP firewall between it and the Big Network.

    Sygate is easy to use, informative, and more secure than the built-in firewall. Hardware firewalls/routers/NAT-gizmos are cheap and for the most part will keep Joe Sixpack safe* while letting him do what he wants to do with no fuss.

    Ideally each machine on a lan has its own software firewall, and then the lan has its own gateway/firewall--either a NAT-in-a-box or a Linux machine. Even in that situation I wouldn't trust Microsoft for the software firewall, mainly because it'll probably get in the way and I can't fine-tune it.

    But anyone who puts a WinXP machine on the net with nothing but the built-in firewall is asking for trouble.

    *wlan security aside, but that's a whole separate issue--and another argument for software firewalls on every machine.

"Virtual" means never knowing where your next byte is coming from.

Working...