in reply to Re: Windows Service Pack Information
in thread Windows Service Pack Information

If you have rsh enabled on it then I'd think most security types would say that by definition don't have a secure network . . . :)

(Seriously there's better alternatives (such as ssh as was recommended elsewhere in the thread) that aren't gaping vulnerabilities begging to be exploited (they're smaller potential vulnerabilities which under active attack and countermeasure development :).)

The cake is a lie.
The cake is a lie.
The cake is a lie.

Replies are listed 'Best First'.
Re^3: Windows Service Pack Information
by BrowserUk (Patriarch) on Apr 17, 2008 at 21:11 UTC
[reply]

      You mean that the Windows version actually bases its authentication on something more robust than the source IP, a low port number, and who you claim to be and that it doesn't send potentially sensitive traffic over the wire in the clear?

      Update: And as for being part of the OS, this and some other googling seem to indicate that it's not a part of the stock install and only available as part of the Services for UNIX add-on (Vista and on at least). If you've got to install something, then again it's better to install something that's not a gaping hole than the gaping hole that's on the second install CD.

      Update: And this isn't just run-of-the-mill anti-Windows bigotry, it's that any installation of any of the ancient r-programs is an invitation to fail.

      (Not that the sheer Wintendo-try in that they don't ship anything better by default isn't just icing on the cake, mind you. :)

      The cake is a lie.
      The cake is a lie.
      The cake is a lie.

[reply]
        You mean that the Windows version actually bases its authentication on something more robust than the source IP, a low port number, and who you claim to be and that it doesn't send potentially sensitive traffic over the wire in the clear?

        Yes. From the docs:

        TCP/IP Remote Utilities

        The tools described in this appendix allow a network administrator to manage network computers from a distance. Many are similar to UNIX utilities. In This Appendix:

        • Finger
        • Ftp
        • Rcp
        • Rexec
        • Rsh
        • Telnet
        • Tftp

        Note: All passwords used by Windows networking services are encrypted. However, the Ftp, and Rexec connectivity tools all rely on cleartext password authentication by the remote computer. Cleartext passwords are not encrypted before being sent over the network. This enables another user equipped with a network analyzer on the same network to steal a user's remote account password. For this reason, choose different passwords from those used for Windows 2000–based computers or domains when connecting to non-Microsoft remote computers with the Ftp, Rexec, or Telnet tools. Note that the protocols themselves prohibit encryption; cleartext passwords are not a standard that Microsoft encourages.

        Examine what is said, not who speaks -- Silence betokens consent -- Love the truth but pardon error.
        "Science is about questioning the status quo. Questioning authority".
        In the absence of evidence, opinion is indistinguishable from prejudice.
[reply]

In Section Seekers of Perl Wisdom