Slashdot Mirror

← Back to Stories (view on slashdot.org)

File and Printer Sharing Insecure in XP SP2

Posted by michael on from the old-dogs-learn-new-tricks dept.

ProKras writes "German magazine PC-Welt has discovered a major security flaw in Windows XP SP2 when installing over SP1. The article says that 'with a certain configuration, your file and printer sharing data are visible worldwide, despite an activated Firewall.' The magazine claims they were 'able to discover private documents on easily accessible computers on the Internet' and that the configuration is fairly common."

4 of 368 comments (clear)

  1. Re:Slashdot and SP2 by VividU · · Score: 0, Flamebait

    Well said. Slashdot is quickly becoming the FreeRepublic or Lucianne.com of MS Haters.

    It's too bad. What a great resource wasted on the ignorant.

  2. Re:"insecure"? WTF? by diegocgteleline.es · · Score: 0, Flamebait

    Which is not important. I don't care what PC Welt thinks and how much it sells - it's just one source. What makes people think a single "authority" is right? I recall a similar post by Mr Taco where some illuminated "expert" said it there was a huge security hole in the SP2 because it allowed a process to check if a antivirus is installed (querying the "security center" WMI database).

    It didn't matter you needed root privileges to do that (the moron put it in their page but "because windows users use windows as root..."). It didn't matter that you could format the disks, steal password from other users, everything - the illuminated moron put in his page that it was a major security bug, that they contacted microsoft and that microsoft didn't seem to see a bug like he was seeing, etc etc. This made it's way in the slashdot front page - and people commenting how insecure XP is, how linux will resolve all their problems....despite the fact it was NOT a bug at all no matter how you look at it

    As far as I can tell, I've installed SP2 and nothing like that happened so it's false to my eyes. Dunno what the heck they did to their machines - perhaps their machines were office machines configured to share their disks and SP2 preserved their settings, and opened the firewall ports so it works as before, just like you'd expect from a decent product?

    I didn't saw a single line in their page talking if this was a recently installed machine with default config or not. In other words, if this pretends to be a serious "security report", I laught at it. If this is a major publication in germany I don't want to know how are the others.

  3. Re:"insecure"? WTF? by sparkz · · Score: 1, Flamebait

    For fuck's sake - America recently went to war against a country based on a single (incorrect) source. Bashing MS is hardly the same scale.

    --
    Author, Shell Scripting : Expert Re
  4. Re:Before you Micrsoft Bashers come out to play! by haruchai · · Score: 0, Flamebait

    Once again, I've exposed the true colors of the Micro$ofties. Wassamatter, Bill-lickers? Don't dish it if you can't take it.

    --
    Pain is merely failure leaving the body