Win XP and UPnP

Subject: Win XP and UPnP
From: Gary Stoneburner <stoneburner@nist.gov>
Date: Tue, 15 Jan 2002 20:39:56 -0500
Content-Type: multipart/alternative; boundary="=====================_3230542==_.ALT"

re: http://www.cnn.com/2002/TECH/ptech/01/09/xp.security.idg/index.html

Russ Cooper, an analyst at TruSecure Corp. in Herndon, Virginia, and moderator of the Windows NTBugTraq mailing list, said UPnP "offers many more opportunities for problems," and Microsoft shouldn't have released the UPnP capability until the protocol was well thought out.

"Microsoft had to modify the UPnP protocol as defined by the UPnP Forum in order to patch against vulnerabilities demonstrated by eEye," Cooper said. "If the only way to protect against the vulnerabilities is to modify the protocol, the protocol is flawed."

Cheers,
Gary

************************************************************************** * Opinions expressed are not intended to reflect an official position ************************************************************************** * Gary Stoneburner *(been mobilized - Major, US Army Land Information Warfare Activity (LIWA)) * NIST contact points are still valid: * Phone: 301-975-5394, FAX: 301-948-0279, Email: Stoneburner@nist.gov **************************************************************************

Prev by Date: Computer Security Vulnerabilities Double In '01- CERT Next by Date: Virus Threatens Shockwave Flash Files Prev by thread: Virus Threatens Shockwave Flash Files Next by thread: Computer Security Vulnerabilities Double In '01- CERT Date Index | Thread Index | Problems or questions? Contact list-master@nist.gov