lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Fri, 28 Aug 2009 10:48:06 -0300
From: "Thor (Hammer of God)" <thor@...merofgod.com>
To: "my.security.lists@...il.com" <my.security.lists@...il.com>,
	"full-disclosure@...ts.grok.org.uk" <full-disclosure@...ts.grok.org.uk>
Subject: Re: [Fwd: Re:  windows future]

> Thor (Hammer of God) wrote:
> > But that's the same on my Mac and Ubuntu distro too.  The first user
> is the admin.  Granted, the default behavior on Mac/nix requires the
> admin password and not just a confirmation, but at the end of the day,
> it's all the same.  I actually like being able to change the behavior
> to suit my environment, which I can do with Visa/Win7.
> 
> In regards to Ubuntu, that isn't necessarily correct.
> 
> Yes, the first user is setup and given access as a sudoer, but that is
> all.  When you log in, you are logging in with user priveleges and have
> to escalate each time, for each independant act that requires system
> modification.

Nice to see intelligent dialog on Full-Disclosure, eh?  ;)   

Yes, but the point is that it is the *same* username and password set up initially.  The true 'administrator' user on Vista is disabled by default, and though the user you set up initially is a member of the administrators group, it also requires that each action (needing admin privileges) must escalate in the same way; the method used is configurable by the user, but set to a confirmation dialog box rather than a password.  

At this point in the game, it's all fundamentally the same, with each OS having its own nuances.  It's when I see people responding to the "Mac commercial" type hyperbole of having to use UAC for every function, and how all they have to do is click "OK" (thus showing that they are running as admin which they shouldn't do, but certainly can) when I have to respond.  

t

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ