[Am-info] Windows Messenger Could Pose Security Risk!
Fred A. Miller
fm@cupserv.org
Thu, 19 Dec 2002 11:29:56 -0500
MickySoft strikes again! I hope 2003 brings us BIG GROWTH in open source!
Fred
Windows Messenger Service Allows Pop-up Spam, Could Pose Security Risk
A number of companies have figured out how to exploit Windows
Messenger Service to send pop-up spam to Internet users. AOL now
block the ports that Messenger Service uses. Messages are accepted
by default in Windows 2000, NT and XP; Windows 95, 98 and Me do
not have the service enabled. The open port could also be used for
malicious purposes. One company that sells software that allows
massive Messenger mailings maintains its product was designed for
administrators to send alerts to users on LANs and that misuse of
their product is not their responsibility.
http://story.news.yahoo.com/news?tmpl=story2&ncid=1212&e=10&u=/pcworld/20021207/tc_pcworld/107754&sid=95612658
[Editor note (Northcutt): This is not a new vulnerability. If you
want to block the Messenger Service, it is running on UDP 135.]
--
Fred A. Miller
Systems Administrator
Cornell Univ. Press Services
fm@cupserv.org, www.cupserv.org