Slashdot Mirror


File and Printer Sharing Insecure in XP SP2

ProKras writes "German magazine PC-Welt has discovered a major security flaw in Windows XP SP2 when installing over SP1. The article says that 'with a certain configuration, your file and printer sharing data are visible worldwide, despite an activated Firewall.' The magazine claims they were 'able to discover private documents on easily accessible computers on the Internet' and that the configuration is fairly common."

4 of 368 comments (clear)

  1. hmm... by focitrixilous+P · · Score: 5, Insightful
    with a certain configuration, your file and printer sharing data are visible worldwide, despite an activated Firewall.

    With a certain configuration, ssh is accessable from outside, even with a firewall. if the configuration includes passwordless root, well then, a slashdot summary "ssh allows remote root access despite firewall" would be a tad overzealous, right? Unless the certain configuration is ever the default, this is just users not understanding what they are doing and missetting things. Not a MS problem, it's giving users a choice. It's just a very bad choice to make, but no different than, say, root telnet over wireless internet or something.

    --
    SAILING MISHAP
  2. Re:Slashdot and SP2 by nbert · · Score: 5, Insightful
    It seems that Slashdot is desperate to publish any story that is negative about SP2, despite coming from a dubious source with little to no detail on this "flaw". I have to say that it really seems to me that MS got it right this time.


    Slashdot might be eager to publish bad news related to SP2, but calling PC-Welt a dubious source sounds ridiculous to me (can you tell me about a US computer mag, which actually features news?).
    I don't think you ever heard of PC-Welt prior to this thread. You could as well state that nothing happened in Beslan, because you saw it on BBC (aka foreign media).
    I don't want to say that PC-Welt is a great mag - I bought my last issue about 5 years ago and I no regrets not reading it anymore. But if /. cites some "dubious" news from an unknown website some take it more seriously than news from a mag with real journalists and computer experts. Isn't there something wrong about this behaviour?
  3. Re:I'm shocked! by Anonymous Coward · · Score: 5, Insightful

    I spent an afternoon printing warnings on people's printers

    As well intentioned as you were, you shouldn't do such things. It's likely against your ISP's usage policy, generally considered unethical, and potentially against the law depending on where you live.

  4. Re:I'm shocked! by Curtman · · Score: 5, Insightful

    So does bandwidth consumed by infected zombie computers relaying spam.