1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

RDP Exploit!

Discussion in 'Computer Security' started by dales, Sep 8, 2011.

  1. dales

    dales Gigabyte Poster

    1,998
    46
    97
    Hey all,

    This is making the news recently a worm that exploits the RDP protocol, it only tries a limited set of passwords (god help you if you have any of those passwords on your network).

    Just so's you know More Here
     
    Certifications: vExpert 2014+2015+2016,VCP-DT,CCE-V, CCE-AD, CCP-AD, CCEE, CCAA XenApp, CCA Netscaler, XenApp 6.5, XenDesktop 5 & Xenserver 6,VCP3+5,VTSP,MCSA MCDST MCP A+ ITIL F
    WIP: Nothing
  2. soundian

    soundian Gigabyte Poster

    1,460
    71
    107
    Nothing any company with a sensible password change practice won't be able to nip in the bud by the looks of the recommendations.
     
    Certifications: A+, N+,MCDST,MCTS(680), MCP(270, 271, 272), ITILv3F, CCENT
    WIP: Knuckling down at my new job
  3. craigie

    craigie Terabyte Poster

    3,020
    173
    155
    Some companys aren't sensible mate.

    If the directors decide they can only remember un complex passwords then thats what you have to roll with.
     
    Certifications: CCA | CCENT | CCNA | CCNA:S | HP APC | HP ASE | ITILv3 | MCP | MCDST | MCITP: EA | MCTS:Vista | MCTS:Exch '07 | MCSA 2003 | MCSA:M 2003 | MCSA 2008 | MCSE | VCP5-DT | VCP4-DCV | VCP5-DCV | VCAP5-DCA | VCAP5-DCD | VMTSP | VTSP 4 | VTSP 5
  4. soundian

    soundian Gigabyte Poster

    1,460
    71
    107
    I suspected it may be more widespread than I feared. I hate "password day" because I have about 30 personal passwords to change every 28 days. That sucks, especially when they mostly have 24 change histories, similar complexity rules and seemingly random dictionaries of forbidden letter combinations.
     
    Certifications: A+, N+,MCDST,MCTS(680), MCP(270, 271, 272), ITILv3F, CCENT
    WIP: Knuckling down at my new job
  5. dmarsh

    dmarsh Terabyte Poster

    3,782
    302
    184
    30+ Passwords is bonkers, and on complex password policy and 28 day change cycle, people are only going to end up having to record some of them somewhere, meaning overall security goes DOWN !

    The pointy haired security bosses at your place must be nuts !

    Haven't they heard of Single Sign On ?
     
    Certifications: CITP, BSc, HND, SCJP, SCJD, SCWCD, SCBCD, SCEA, N+, Sec+, Proj+, Server+, Linux+, MCTS, MCPD, MCSA, MCITP, CCDH
  6. soundian

    soundian Gigabyte Poster

    1,460
    71
    107
    Most users only have about 4 to remember. I need all those for password resets and scheduled/ad hoc testing.
     
    Certifications: A+, N+,MCDST,MCTS(680), MCP(270, 271, 272), ITILv3F, CCENT
    WIP: Knuckling down at my new job

Share This Page

Loading...