[prev in list] [next in list] [prev in thread] [next in thread]
List: bugtraq
Subject: RE: Too much misleading advice on the Universal Plug-and-Play security hole
From: "David LeBlanc" <dleblanc () mindspring ! com>
Date: 2001-12-29 21:53:22
[Download RAW message or body]
> From: Richard M. Smith [mailto:rms@computerbytesman.com]
> "Customers using Windows 98, 98SE or ME should apply the patch
> if the Universal Plug and Play (UPNP) service is installed
> and running"
As Matt pointed out, it will only be there if you've installed Internet
Connection Sharing that came with XP. I'm not 100% sure on this, being a
long-time NT-Win2k-XP bigot who hasn't run the Win9x line since '95 was
in beta.
> BTW, another option that the FBI is offering at the
www.nipc.gov Web site is to turn off UPNP altogether:
Update: "Universal Plug and Play Vulnerabilities"
http://www.nipc.gov/warnings/advisories/2001/01-030-2.htm
Which is incorrect information that will leave you vulnerable because it
tells you to turn off the WRONG service. NIPC, unfortunately, isn't a
very good source of information right now. Vendor bulletins and this
list are better (IMHO).
David LeBlanc
dleblanc@mindspring.com
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic