On Thu, Feb 23, 2006 at 12:04:50PM +0100, Javier Fernández-Sanguino Peña wrote:
The former worm targeted a critical OS service, the later a database service. Neither of which were actually useful if bound to loopback, BTW.
Actually, they were. A lot of the embedded DB servers were only used by local applications (e.g., IIRC, a virus scanner) and never made use of the network in normal applications. And *a lot* of standalone systems were vulnerable to the DCOM thing even though they weren't (intended to be) managed over the network. That's exactly the danger in making assumptions about how things are going to be used.
-- Michael Stone -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
