[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    RE: Too much misleading advice on the Universal Plug-and-Play security hole
From:       "David LeBlanc" <dleblanc () mindspring ! com>
Date:       2001-12-29 21:53:22
[Download RAW message or body]



> From: Richard M. Smith [mailto:rms@computerbytesman.com] 

>    "Customers using Windows 98, 98SE or ME should apply the patch 
>    if the Universal Plug and Play (UPNP) service is installed 
> and running"

As Matt pointed out, it will only be there if you've installed Internet
Connection Sharing that came with XP. I'm not 100% sure on this, being a
long-time NT-Win2k-XP bigot who hasn't run the Win9x line since '95 was
in beta.
 
> BTW, another option that the FBI is offering at the 
www.nipc.gov Web site is to turn off UPNP altogether:

   Update: "Universal Plug and Play Vulnerabilities"
   http://www.nipc.gov/warnings/advisories/2001/01-030-2.htm

Which is incorrect information that will leave you vulnerable because it
tells you to turn off the WRONG service. NIPC, unfortunately, isn't a
very good source of information right now. Vendor bulletins and this
list are better (IMHO).

David LeBlanc
dleblanc@mindspring.com

[prev in list] [next in list] [prev in thread] [next in thread]