lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Fri, 28 Aug 2009 07:14:40 -1000
From: Peter Besenbruch <prb@...a.net>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: [Fwd: Re:  windows future]

On Friday 28 August 2009 03:39:14 Thor (Hammer of God) wrote:
> If the entire argument is around the default escalation behavior being
> "enter a password" (which they already know) vs clicking OK because you
> assume entering the password is more of a deterrent, then OK, but the
> premise of "the people I work with are too stupid to know the difference"
> kind of takes away from that.  And one should also note that in a domain
> environment, the default behavior is indeed username and password.  Just
> thought I'd throw that in as well.

It is entirely what the escalation behavior is. My objection to Vista is 
two-fold: Clicking OK instead of entering a password. As I have argued 
before, there really is a difference between clicking OK and entering a 
password. That brings me to my second objection. Vista puts up more 
escalations than Ubuntu, further exacerbating that difference. Your point 
about using a password to log into domains might be valid, but only in 
limited instances, as I would hope that the department that set up the domain 
would have its users not running as administrators.

We basically agree on the main point: Separate user and administrator accounts 
are better. I wonder if Microsoft will start enforcing that? 

-- 
Hawaiian Astronomical Society: http://www.hawastsoc.org
HAS Deepsky Atlas: http://www.hawastsoc.org/deepsky

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ