Yup. You'll need to ensure that the proper security is enabled on your domain. You should do this anyways.
There are various settings in Group Policy for requiring signing or encryption between machines. And there are various settings to DNS to require signing of records (DNSSEC). As usual, disable insecure mechanisms like NetBIOS. You can harden machines like this. Admittedly, most people probably don't. On Tue, 2007-06-05 at 12:47 +1000, Brian May wrote: > Hello, > > Has anybody considered security issues with wpkg? > > As far as I can tell, wpkg requires the local network to be > trusted. If it cannot be trusted, and the server goes off-line, then > anybody could set up a fraudulent server with the same name, which > serves a fraudulent copy of wpkg.js that does malicious things. > > As wpkg.js runs, automatically, as the system user on every Windows > computer, this would be an easy way to bring all Windows computers in > a company down. > > I conducted some tests using domain level security, but found I > domains do not prevent this type of attack. > > Any thoughts? > > Thanks. ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ wpkg-users mailing list wpkg-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wpkg-users
