lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <41A52934.5080703@easynix.net>
From: devis at easynix.net (devis)
Subject: Windows user privileges

So it looks like MS itself will settle that one:

[quote]
-------------------------------------------
[snip]

Amongst the many things this malware does, all of which require admin 
rights, are:

    * Creating files in the system32 directory.
    * Terminating various processes.
    * Disabling the Windows Firewall.
    * Downloading and writing files to the system32 directory.
    * Deletes registry values in HKLM.

All these fail if the user running the e-mail client is not an 
administrator.

So wouldn't it be useful (read: safer) if you could browse the Web, read 
e-mail, and so on as a non-admin, even though you need to perform your 
normal daily tasks as an admin?
__________________________________________________________

[end quote]

by Michael Howard (Senior Security Program Manager in the Secure 
Engineering group at Microsoft).

The DropMyRights Application.

http://msdn.microsoft.com/security/securecode/columns/default.aspx?pull=/library/en-us/dncode/html/secure11152004.asp

This should be pushed as an update and the steps of shortcut described 
in the link automatised.

BTW, after cracked Sound application for creating .wav, in that one 
we've got :
Location: C:\warez\dropmyrights.exe "c:\program files\internet 
explorer\iexplore.exe"

C:\warez ..... no comments.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ