lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <39307.207.81.153.6.1087875079.squirrel@207.81.153.6>
From: eric at arcticbears.com (Eric Paynter)
Subject: M$ - so what should they do?

On Mon, June 21, 2004 6:14 pm, Stuart Fox (DSL AK) said:
> You've got some valid points but there is one thing that you've overlooked
> - auditing.
[...]
> Having said that, I've never actually met anyone who uses the registry
> auditing, but I'm sure they're out there.

I actually knew a group who once tried to use Windows auditing. After
working on it for months they gave up. I never got the full details of
why, but apparently it doesn't work exactly as expected. Something to do
with the fact that in some cases, it logs what you *could have done*
rather than what you *actually did*. In other words, if in the audit logs,
when it says it granted permission to do something, that doesn't mean you
actually did it. Just that you were granted permission to do it, which to
many implies that you did it. However, it wouldn't hold up in court as
evidence of something having been done.


> It tends to be more related to issues such as dll's needing to be
> registered etc.

Registered where? ;-)

-Eric


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ