Slashdot Mirror

← Back to Stories (view on slashdot.org)

File and Printer Sharing Insecure in XP SP2

Posted by michael on from the old-dogs-learn-new-tricks dept.

ProKras writes "German magazine PC-Welt has discovered a major security flaw in Windows XP SP2 when installing over SP1. The article says that 'with a certain configuration, your file and printer sharing data are visible worldwide, despite an activated Firewall.' The magazine claims they were 'able to discover private documents on easily accessible computers on the Internet' and that the configuration is fairly common."

27 of 368 comments (clear)

  1. I'm shocked! by hlygrail · · Score: 5, Funny

    ...wait, no I'm not.

    1. Re:I'm shocked! by dmaxwell · · Score: 3, Funny

      If you REALLY wanted to make an impression, why not print out the Goatse Man? That'd convince my MOM to take some geekly advice.

    2. Re:I'm shocked! by KarmaMB84 · · Score: 5, Funny

      Printer ink and paper cost money.

    3. Re:I'm shocked! by Smidge204 · · Score: 4, Funny

      Holy cow! Imagine spammers printing adverts on the office printer! Bad enough we get junk faxes...

      "Hey Richards, I was going through your latest project proposal and... what's this about penis enlargement?"
      =Smidge=

    4. Re:I'm shocked! by ari_j · · Score: 2, Funny

      I tried that once, only to find that several of the printers I hit were actually connected to my machine through the same hole and the bastards had shared 'em out locally, as well!

    5. Re:I'm shocked! by Master+of+Transhuman · · Score: 3, Funny

      "Or are there 100 million insane people in usa all working for the federal government?"

      Yes.

      By George, I think he's got it!

      --
      Richard Steven Hack - This sig is TOO GODDAMN SHORT TO DO ANYTHING USEFUL WITH! MORONS!
  2. And this is news how? by Thaidog · · Score: 4, Funny

    Wow... MS now ADVERTISING XP as a secure computing system with SP2. Now you're fscked for sure!

    --

    ||| I still can't believe Parkay's not butter.

    1. Re:And this is news how? by NanoGator · · Score: 4, Funny

      "Now you're fscked for sure!"

      Argh. That'd be annoying if some script kiddie caused my files to get checked.

      --
      "Derp de derp."
    2. Re:And this is news how? by Thaidog · · Score: 2, Funny
      You mean I can get away with saying fuck? Fuck that! That's fucking great! I feel so fucking free!


      Here's hoping they don't fsck my fuck post I' on a fucking roll!!!

      --

      ||| I still can't believe Parkay's not butter.

  3. This isn't a bug... by sgant · · Score: 5, Funny

    It's a feature! Now you can share all your documents with the world! Think of it as having a server hooked to the internet! Don't have to buy expensive server software or set up very hard to figure out Apache web servers...just install SP2 and you're "online" in more ways than one!

    Worry about your ISP not liking you operating a server? They (and you) don't even have to know!

    It's a feature!

    --

    "Leo Fender was in a 'state of grace' when he designed the Stratocaster." -- Paul Reed Smith
    1. Re:This isn't a bug... by AndroidCat · · Score: 5, Funny

      With printer sharing, the world can share its documents with you! (I'm sure the spammers will find this useful.)

      --
      One line blog. I hear that they're called Twitters now.
    2. Re:This isn't a bug... by NanoGator · · Score: 4, Funny

      "Could we "accidentally" print out goatse on Bills computer."

      Bill: I am getting a video from a Mr. Valenti, it looks like he's opening his mouth to talk...

      --
      "Derp de derp."
  4. Cue Mortal Kombat voice over by Darkman,+Walkin+Dude · · Score: 3, Funny

    Humiliation...

    --
    What he can't kill, he has sex on. Trent.
  5. Smell that FUD by Anonymous Coward · · Score: 2, Funny

    This site is getting worse by the day. I mean, come on.

  6. Like the man said... by Hortensia+Patel · · Score: 5, Funny

    Backups are for wimps. Real men put their data on a WinXP internal share and have the rest of the world mirror it.

  7. Can we find the Spammer's shared printers... by OneDeeTenTee · · Score: 2, Funny

    ...and send them goat.cx?

    --
    Stop the world; I need to get off.
  8. Yep. I already exploited this one. by boijames · · Score: 5, Funny

    My roomie (who I hate) has a printer he was hiding that he's now all of a sudden sharing. 3 words: All. Black. Printjobs. I repeated those, uh, words, about a hundred times. Hilarity did -not- ensue. (Well, it did for me).

  9. You could do this on purpose with IPTABLES by Limburgher · · Score: 3, Funny
    and Samba, and acheive the same effect.

    But why?

    --

    You are not the customer.

  10. Re:Firewalls don't belong on the desktop anyway. by Anonymous Coward · · Score: 2, Funny

    > Well, I certainly wouldn't want to share my joystick with the whole world!

    I'm sure the world wouldn't want you to share your joystick either..

  11. Re:"insecure"? WTF? by PPGMD · · Score: 2, Funny
    It's an open source website, almost everyone on here are advocates of open source.

    Personally I don't really care much, I browse through a bunch of articles, MOD down zealots, and MOD up the truly good comments.

    Hey it's better than working.

  12. Re:NAT for the masses by Anonymous Coward · · Score: 1, Funny

    Because he's part of the cult of NAT. He believes that anything which makes things inconvenient and broken is inherently good because, if it's broken no-one can use it, and if no-one can use it, it's secure, do you see?

    People like him put those useless "locked down" PCs into schools that can't do anything useful for fear that it will compromise the network/ damage the configuration or otherwise cause someone work. People like him own cars that don't start well "I'd love to see someone steal this crate, hell even I can't get it started some mornings, heh"

    Kids, don't pretend that NAT is security. A well written and properly implemented firewall policy is security, NAT is just NAT, and you should be aiming to eliminate NAT where possible, not introduce more.

    Why doesn't your VoIP work well? NAT. Why do some of your IM clients not work or work inconsistently? NAT. How come some web sites won't let you vote in a poll if anyone else from your home has? NAT. NAT was a hack introduced back in the dark days when "I'd like more IPs" said "I'm a sucker who wants to pay $50 per month extra service charges" to money-grubbing ISPs. Those days are more or less over, and NATs ought to be disappearing with them, instead of becoming part of a new wave of voodoo network security.

    And of course once they've done their voodoo dance, these people skip all the REAL essentials of network security. They don't apply patches ("I have like a dozen virus checkers, and a spyware detector, and I use NAT, the patches will just break stuff") and then they get pwned by a JPEG, or a Word document, or some Javascript. False security is worse than none at all.

  13. Shared by Mark_MF-WN · · Score: 2, Funny

    These computing resources were being placed in the public domain. It's like finding a laser printer lying on the sidewalk and printing something on it.

  14. The Microsoft Way... by rice_burners_suck · · Score: 2, Funny
    The magazine claims they were 'able to discover private documents on easily accessible computers on the Internet' and that the configuration is fairly common.

    By leveraging innovative technologies, content providers streamline compelling enterprise solutions.

  15. Re:Link for Eye-friendly version of the comments p by topynate · · Score: 2, Funny

    Alternatively, http://www.malfunction.org/fulifier/nph-fulify.cgi ?URL=http%3A%2F%2Fit.slashdot.org%2Farticle.pl%3Fs id%3D04%2F09%2F18%2F2143242%26tid%3D128%26tid%3D20 1%26tid%3D1

  16. Yes by SuperKendall · · Score: 4, Funny

    That's why I close all my letters I print on other people's computers with:

    Hugs and Kisses, Bill Gates

    --
    "There is more worth loving than we have strength to love." - Brian Jay Stanley
  17. No wonder.... by losinggeneration · · Score: 2, Funny

    Is it any wonder that when I got a free XP Service Pack 2 cd from school this is what became of it? Before After

  18. We GET it Slashdot... by rd_syringe · · Score: 3, Funny

    ...you hate SP2. You hate Windows XP.

    Do we need an SP2 article every single day? More Linux news, please!