On 8/17/05, T. Joseph CARTER <[EMAIL PROTECTED]> wrote: > True, but in this case the worm targets the UPnP service. Linux could > easily have such a service with the same vulnerability. It happens not > to, and the usefulness of UPnP is somewhat questionable overall when > compared to less invasive services such as DNS-SD and mDNS.
This was yet another stupid "invention" by Microsoft. Instead of using an established standard (like ZeroConf, etc) they went and created their own standard, which is full of design and security flaws. I'm not even sure why UPnP is still enabled, anyway, as most people don't have a use for it. And most who do, just use it to autoconf their Linksys/Belkin firewall. FWIW its worth, UPnP is disabled by default on Windows 2003, which is the only version of Windows this Linux-abhoring, Windows lover will touch. /per _______________________________________________ EUGLUG mailing list [email protected] http://www.euglug.org/mailman/listinfo/euglug
