Re: userenv and NETLOGON errors

Matt,
This question on whether to post IPCONFIG has been discussed to death.

A short discussion which I participated is in Susan's blog archives. I'm not
the only person to question this practice, in summary the information by
itself is not a fatal compromise but
- It's a substantial amount of very useful information to a hacker
- Like everything else posted to a public forum/Internet, the information
lives forever.

In other words, the exploit that uses the information may not be common
practice today, but if the information is still valid 8 years from now and
the exploit is developed that uses that information, you'll regret what you
thought was a minor indescretion.

Tony




"Matt Gibson" wrote:

>
> > Although others might disagree with me, I generally discourage posting
> > IPCONFIGS for security reasons, but if there is no alternative the bottom
> > line is getting fixed.
>
> Posting this makes people think there IS a security risk to it.
>
> You're spreading FUD, and making it harder for us to help people in this
> newsgroup.
>
> Please stop.
>
> Matt Gibson - GSEC
>
>
>
.