lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <BAY9-DAV17c7lzwmEzI00022bc7@hotmail.com>
From: se_cur_ity at hotmail.com (morning_wood)
Subject: Re: Re: GAYER THAN AIDS ADVISORY #01: IE 5 remote code execution

> Last time I was at my doctor's medical clinic, I noticed all the shiny new
> LCD monitors showing the Windows logon prompt with account Administrator. I
> asked the receptionist why. She said so that anyone could sing on any
> machine when they needed it, since individual machines lock out so only
> signed user or administrator can sign on. They did have the screensaver
> timeout so people off the street couldn't sign on. But the only way to make
> the multiple workstations usable from for anybody was to use administrator
> account on all of them.
>   This is a bit of a design flaw in the Windows network that means security
> is much less than it ought to be.
> 
my question is... who is the admin / security manager for this locale?
again, this is not a windows issue, it is an administrator issue in which
the controlling admin of the network is clueless as to how to manage
a flexible win-net.

Donnie Werner
dwerner@...loitlabs.com
http://exploitlabs.com 
360-312-8011

 


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ