Ok, in pure RFP style, I borked *another* release. The only total freakin' idiot around here is me. Luckily, I now have technical peer review for my advisories....that should stop this from happening. Humbly a dork, .r.f.p. ---------- Forwarded message ---------- Date: Fri, 05 Nov 1999 23:37:14 PST From: mike borkin <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: mistake in "Antidote for RFPoison" Rain Forest Puppy, You have no idea how weird it is to actually address this to "Rain Forest Puppy" but after reading your diatribe on Bugtraq about being called Russ, I ain't messing with it :-) Anyways, I read your Antidote for RFPoison and was implementing David LeBlanc's suggestion for a fix when I noticed an error in the name of the key. It should be: \HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa rather than: \HKEY_LOCAL_MACHINE\System\CurrentControlSet\Current\Lsa Since you state that if you don't have the DWORD key named 'restrict anonymous' you must create it, this could actually confuse someone into creating two new keys, "Current" and "Lsa" before adding the 'restrict anonymous' DWORD and value and thus give you no security. Before you say that only a total freakin' idiot who has no clue what he is doing would make this mistake, understand that there are total freakin' idiots like myself who do stupid things like that even though it doesn't seem right. Of course, every once in a while we double check and find an understandable mistake and get to report it to people who know what they are doing. I hope I am not duplicating what others are sending you about this, and thanks for all your work in finding these vulnerabilities. Mike ______________________________________________________ Get Your Private, Free Email at http://www.hotmail.com