RDP Exploit!

Discussion in 'Computer Security' started by dales, Sep 8, 2011.

  1. dales

    dales Terabyte Poster

    2,005
    51
    142
    Hey all,

    This is making the news recently a worm that exploits the RDP protocol, it only tries a limited set of passwords (god help you if you have any of those passwords on your network).

    Just so's you know More Here
     
    Certifications: vExpert 2014+2015+2016,VCP-DT,CCE-V, CCE-AD, CCP-AD, CCEE, CCAA XenApp, CCA Netscaler, XenApp 6.5, XenDesktop 5 & Xenserver 6,VCP3+5,VTSP,MCSA MCDST MCP A+ ITIL F
    WIP: Nothing
  2. soundian

    soundian Gigabyte Poster

    1,460
    71
    107
    Nothing any company with a sensible password change practice won't be able to nip in the bud by the looks of the recommendations.
     
    Certifications: A+, N+,MCDST,MCTS(680), MCP(270, 271, 272), ITILv3F, CCENT
    WIP: Knuckling down at my new job
  3. craigie

    craigie Terabyte Poster

    3,020
    174
    155
    Some companys aren't sensible mate.

    If the directors decide they can only remember un complex passwords then thats what you have to roll with.
     
    Certifications: CCA | CCENT | CCNA | CCNA:S | HP APC | HP ASE | ITILv3 | MCP | MCDST | MCITP: EA | MCTS:Vista | MCTS:Exch '07 | MCSA 2003 | MCSA:M 2003 | MCSA 2008 | MCSE | VCP5-DT | VCP4-DCV | VCP5-DCV | VCAP5-DCA | VCAP5-DCD | VMTSP | VTSP 4 | VTSP 5
  4. soundian

    soundian Gigabyte Poster

    1,460
    71
    107
    I suspected it may be more widespread than I feared. I hate "password day" because I have about 30 personal passwords to change every 28 days. That sucks, especially when they mostly have 24 change histories, similar complexity rules and seemingly random dictionaries of forbidden letter combinations.
     
    Certifications: A+, N+,MCDST,MCTS(680), MCP(270, 271, 272), ITILv3F, CCENT
    WIP: Knuckling down at my new job
  5. dmarsh
    Honorary Member 500 Likes Award

    dmarsh Petabyte Poster

    4,305
    503
    259
    30+ Passwords is bonkers, and on complex password policy and 28 day change cycle, people are only going to end up having to record some of them somewhere, meaning overall security goes DOWN !

    The pointy haired security bosses at your place must be nuts !

    Haven't they heard of Single Sign On ?
     
  6. soundian

    soundian Gigabyte Poster

    1,460
    71
    107
    Most users only have about 4 to remember. I need all those for password resets and scheduled/ad hoc testing.
     
    Certifications: A+, N+,MCDST,MCTS(680), MCP(270, 271, 272), ITILv3F, CCENT
    WIP: Knuckling down at my new job

Share This Page

Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.