Tim Mullen, 2003-02-24
Why last week's big Windows security hole is nothing more than technology press hot air.
Colapse all |
Post comment
Media Gone Mad
2003-02-24
Anonymous (1 replies)
Anonymous (1 replies)
Media Gone Mad
2003-02-27
Linux_Hawk
Linux_Hawk
Are you Crazy?
I could agree with the Microsoft bashing, but they ask for it.
It was only Last year that Team MS stated that Linux was only a cancer and basically that they were the only choice for companies.
Their arrognance and "Rape the Economy" style of pricing scheme and trap the consumer at...
[ more ] [ reply ]
I could agree with the Microsoft bashing, but they ask for it.
It was only Last year that Team MS stated that Linux was only a cancer and basically that they were the only choice for companies.
Their arrognance and "Rape the Economy" style of pricing scheme and trap the consumer at...
[ more ] [ reply ]
I agree completely.
2003-02-24
Anonymous (4 replies)
Anonymous (4 replies)
What Tim is pointing out is something I have noticed for a LONG time. It seems some "security experts"; namely Linux buffs, are trying desperately to find something with W2K/XP to complain about and blow out of proportion... but that's OK - because anyone who admins a Windows box knows this is pure ...
[ more ] [ reply ]
[ more ] [ reply ]
Re: I agree completely.
2003-02-25
Anonymous (2 replies)
Anonymous (2 replies)
> What Tim is pointing out is something I have noticed for a LONG time.
> It seems some "security experts"; namely Linux buffs, are trying
> desperately to find something with W2K/XP to complain about and blow
> out of proportion...
sorry but "linux buffs" already know that you can mount...
[ more ] [ reply ]
> It seems some "security experts"; namely Linux buffs, are trying
> desperately to find something with W2K/XP to complain about and blow
> out of proportion...
sorry but "linux buffs" already know that you can mount...
[ more ] [ reply ]
Re: I agree completely.
2003-02-25
Anonymous (1 replies)
Anonymous (1 replies)
"sorry but "linux buffs" already know that you can mount the disk and do whatever they want." - Yeah? And how exactly would you "mount" the disk? Physical access? hmm... I think I could do anything to a box when I have physical access to it. If you mean mount as in remotely mount, well then your tar...
[ more ] [ reply ]
[ more ] [ reply ]
Re: Re: I agree completely.
2003-02-26
Anonymous
Anonymous
> "sorry but "linux buffs" already know that you can mount the disk and do whatever they want." - Yeah? And how exactly would
> you "mount" the disk? Physical access? hmm... I think I could do anything to a box when I have physical access to it. If
it might be my bad english but it seems that y...
[ more ] [ reply ]
> you "mount" the disk? Physical access? hmm... I think I could do anything to a box when I have physical access to it. If
it might be my bad english but it seems that y...
[ more ] [ reply ]
Re: I agree completely.
2003-02-25
Anonymous (2 replies)
Anonymous (2 replies)
"mount" is a *nix term for mapping, and no you cannot just "map" a windows box that has proper policies configured. I would like you to try and "mount" my box, you would be blocked via ipsec or what you would call "ip tables" right away, that is assuming you even passed the authentication layer.
...
[ more ] [ reply ]
...
[ more ] [ reply ]
Re: I agree completely, or NOT
2003-02-26
Anonymous (2 replies)
Anonymous (2 replies)
Mount is NOT a Unix term for drive mapping!
You are confusing windows network access with Unix physical access through the kernel. NO amount of windows encryption or mystical voodoo will secure a drive on a machine that has been booted to linux or unix.
You may be able to keep them out via ips...
[ more ] [ reply ]
You are confusing windows network access with Unix physical access through the kernel. NO amount of windows encryption or mystical voodoo will secure a drive on a machine that has been booted to linux or unix.
You may be able to keep them out via ips...
[ more ] [ reply ]
Re: I agree completely, or NOT
2003-02-27
Anonymous
Anonymous
I dont' know quite where you are coming with this in saying that no amount of Windows encryption will be useful. True, I would never say that any encryption is foolproof, but I challenge anyone with a few million spare computer-hours to try to break Windows EFS on even a single box.
If my secret...
[ more ] [ reply ]
If my secret...
[ more ] [ reply ]
Re: I agree completely, or NOT
2003-02-27
Eric Grabowski (eric@mazenet.com) (1 replies)
Eric Grabowski (eric@mazenet.com) (1 replies)
ANY box, whether it run windows, Linux, a flavor of UNIX, the mac OS or Amiga DOS is vunerable when someone has physical access to it. Period. Its already proven that given enough time and CPU cycles any encryption can be hacked, and if I can walk out the door with your sys drive I have all the time...
[ more ] [ reply ]
[ more ] [ reply ]
Re: I agree completely.
2003-02-26
Seb (1 replies)
Seb (1 replies)
I think you missed the point. The previous poster was talking about how with him having PHYSICAL access to YOUR server, he can boot up using a linux floppy or cdrom and have complete access to your files. Infact he could even reset the Administrator password on your server to something he wants an...
[ more ] [ reply ]
[ more ] [ reply ]
Re: I agree completely. - thank you
2003-02-28
Anonymous (1 replies)
Anonymous (1 replies)
> I think you missed the point. The previous poster was talking about
> how with him having PHYSICAL access to YOUR server
thanks - finally someone understood what i was talking about.
now as an excercise please count the number of posts from the
first 'Re: I agree completely' to the first p...
[ more ] [ reply ]
> how with him having PHYSICAL access to YOUR server
thanks - finally someone understood what i was talking about.
now as an excercise please count the number of posts from the
first 'Re: I agree completely' to the first p...
[ more ] [ reply ]
Re: I agree completely. - thank you
2003-03-02
Anonymous
Anonymous
If the comments I've read so far weren't so scary in their implications, they'd be funny.
Any 'Security Professional' worth his/her own s**t would tell you that you must have 'Defense in Depth'. If you forget or neglect any layer then you leave yourself vulnerable. You have to guard the network...
[ more ] [ reply ]
Any 'Security Professional' worth his/her own s**t would tell you that you must have 'Defense in Depth'. If you forget or neglect any layer then you leave yourself vulnerable. You have to guard the network...
[ more ] [ reply ]
I agree completely.
2003-02-25
Anonymous (1 replies)
Anonymous (1 replies)
Actually, anyone who knows Windows and knows security laughs, but not because it is silly. They laugh because Windows has a poor security design, and Microsoft forces underskilled administrators onto the market as "experts". The MCSE isn't worth the cost of the certificate.
While this bug is no...
[ more ] [ reply ]
While this bug is no...
[ more ] [ reply ]
I agree completely - a little vauge, let's hear your arguments....
2003-02-25
Anonymous (3 replies)
Anonymous (3 replies)
I'm interested in your comment that Windows (95,98,NT,2K?) has poor security design. I have a few questions for you:
1. What specific version are you talking about?
2. If you are talking about W2K/XP, I would be very interested if you could define exactly what you mean by "poor design". What can...
[ more ] [ reply ]
1. What specific version are you talking about?
2. If you are talking about W2K/XP, I would be very interested if you could define exactly what you mean by "poor design". What can...
[ more ] [ reply ]
I agree completely - a little vauge, let's hear your arguments....
2003-02-26
Anonymous (1 replies)
Anonymous (1 replies)
Sorry, I am not the OP, but...
1. What specific version are you talking about?
Any
2. If you are talking about W2K/XP, I would be very interested if you could define exactly what you mean by "poor design". What can you do in Linux that cannot be done in 2K through the use of Active Director...
[ more ] [ reply ]
1. What specific version are you talking about?
Any
2. If you are talking about W2K/XP, I would be very interested if you could define exactly what you mean by "poor design". What can you do in Linux that cannot be done in 2K through the use of Active Director...
[ more ] [ reply ]
I agree completely - your reply.
2003-02-28
Anonymous
Anonymous
Oh man... see, I didn't want to have to do this... but you forced me to.
"- One word--virii" - One reply - MS makes up most of the desktop environment out there, it is only logical to assume that "virii" would spread fast. By the way, are you not aware of the Linux viruses out there? I would also...
[ more ] [ reply ]
"- One word--virii" - One reply - MS makes up most of the desktop environment out there, it is only logical to assume that "virii" would spread fast. By the way, are you not aware of the Linux viruses out there? I would also...
[ more ] [ reply ]
I agree completely - a little vauge, let's hear your arguments....
2003-02-26
Anonymous (1 replies)
Anonymous (1 replies)
checkout my reply about KNOPPPIX... All versions of windows!
If I have unsupervised physical access, I have your data! and you can't stop me, or even tell I was there!...
[ more ] [ reply ]
If I have unsupervised physical access, I have your data! and you can't stop me, or even tell I was there!...
[ more ] [ reply ]
I agree completely - a little vauge, let's hear your arguments....
2003-02-27
Anonymous
Anonymous
It's the same with Linux. You have physical access to the box? Boot up in single user mode and change the root password. Voila! Full, ROOT access to the box!
(before you flame, I use both Linux and Windows. Each our better at some things than the other. I'm not a zealot of either OS. I use whiche...
[ more ] [ reply ]
(before you flame, I use both Linux and Windows. Each our better at some things than the other. I'm not a zealot of either OS. I use whiche...
[ more ] [ reply ]
I agree completely - a little vauge, let's hear your arguments....
2003-02-26
Anonymous
Anonymous
Ok, I'll join the discussion. If you want to harden a system you usually remove all unnecessary binaries and make directories with binaries immutable, so that you can't add new binaries or remove them (I usually do this by enabling the read-only jumper on SCSI disks, because it's hard to circumvent....
[ more ] [ reply ]
[ more ] [ reply ]
Media Gone Mad
2003-02-24
Anonymous (1 replies)
Anonymous (1 replies)
Perhaps the "guest" administrator account they are writing about is infact the very same account that is used in Safe Mode. By default, DELL (in the least) distro of Windows XP will grant full admin in Safe Mode....
[ more ] [ reply ]
[ more ] [ reply ]
Media Gone Mad
2003-02-24
Anonymous (1 replies)
Anonymous (1 replies)
"distro"? This is windows we are talking about here and no, it won't.
You are assuming the user has no login procedure, that would require them to configure that as such. All users, safe mode or not, still have to log in - and their permissions remain intact....
[ more ] [ reply ]
You are assuming the user has no login procedure, that would require them to configure that as such. All users, safe mode or not, still have to log in - and their permissions remain intact....
[ more ] [ reply ]
Media Gone Mad
2003-02-26
Anonymous
Anonymous
Well, it works on my computer (before I disabled it) and my roommates' Windows XP computers, so yeah this is an issue.
Whether or not something is a distr(ibution) is a matter of personal preference. Now you know mine. ^_^ There's nothing sacred about colloquialisms, by definition....
[ more ] [ reply ]
Whether or not something is a distr(ibution) is a matter of personal preference. Now you know mine. ^_^ There's nothing sacred about colloquialisms, by definition....
[ more ] [ reply ]
at least someone sees sense
2003-02-24
ravidew (1 replies)
ravidew (1 replies)
Bravo!
2003-02-24
Keydet89@yahoo.com
Keydet89@yahoo.com
It's about frickin' time!
How much longer do we have to go on getting the kind of media drivel that quotes MS-bashers as "security experts"? Better yet, can we just do away w/ all of these media types? For instance, if you're using Win9x/ME, or you aren't able to log into NT (or any of it's d...
[ more ] [ reply ]
How much longer do we have to go on getting the kind of media drivel that quotes MS-bashers as "security experts"? Better yet, can we just do away w/ all of these media types? For instance, if you're using Win9x/ME, or you aren't able to log into NT (or any of it's d...
[ more ] [ reply ]
Media Gone Mad or not?
2003-02-24
Anonymous
Anonymous
In a way, I have to agree -- this kind of problem is common,
and has been around longer than the PC. However, we've all
known that things like password-protecting the BIOS are
almost worthless, since opening the case and fiddling the
jumpers is usually quite easy. One can't defeat password
pr...
[ more ] [ reply ]
and has been around longer than the PC. However, we've all
known that things like password-protecting the BIOS are
almost worthless, since opening the case and fiddling the
jumpers is usually quite easy. One can't defeat password
pr...
[ more ] [ reply ]
If anyone thinks this is some new threat, then I have a bridge in Brooklyn for sale for you
2003-02-24
3n0k (2 replies)
3n0k (2 replies)
The concept of circumventing an OS'es security by booting another OS from a different device i.e. a bootable floppy disk has been around for a long time. There are numerous utilities for dumping password hashes from the registry and changing passwords for accounts off-line. I can't see how any "secu...
[ more ] [ reply ]
[ more ] [ reply ]
Re: If anyone thinks this is some new threat, then I have a bridge in Brooklyn for sale for you
2003-02-26
Anonymous
Anonymous
> The concept of circumventing an OS'es security by booting another OS from a different device i.e. a bootable floppy disk
> has been around for a long time. There are numerous utilities for dumping password hashes from the registry and changing
> passwords for accounts off-line. I can't se...
[ more ] [ reply ]
> has been around for a long time. There are numerous utilities for dumping password hashes from the registry and changing
> passwords for accounts off-line. I can't se...
[ more ] [ reply ]
If anyone thinks this is some new threat, then I have a bridge in Brooklyn for sale for you
2003-02-26
Anonymous
Anonymous
If your taking this that way then this is a new threat, I find it funny how everyone refer to the boot floppy thing because booting from floppy is very easy to block... I assume that every security professional, and most home user(especially Mac user) know that you can remove the floppy drive...
T...
[ more ] [ reply ]
T...
[ more ] [ reply ]
Norteamericano Gone Mad
2003-02-25
John Comeau http://risp.org/members/jcomeau (1 replies)
John Comeau http://risp.org/members/jcomeau (1 replies)
What you said makes sense, but you could have left out the slur. "Crazed soccer fans" would have done better; no nation has a monopoly on violence at sports arenas. Besides, "Colombian" is spelled with an 'o' not a 'u' in the second syllable.
I'm guilty of similar behavior now and then too, but a...
[ more ] [ reply ]
I'm guilty of similar behavior now and then too, but a...
[ more ] [ reply ]
Media Gone Mad
2003-02-25
Anonymous (4 replies)
Anonymous (4 replies)
I'm glad someone finally said it. I bet the Register and Slashdot don't pick up Tim's comments and report them either. Its a shame you can't the whole story any more on the "supposed" news sites....
[ more ] [ reply ]
[ more ] [ reply ]
Media Gone Mad
2003-02-25
Anonymous (1 replies)
Anonymous (1 replies)
Hehe - yeah, but considering TheRegister's reader base, they would most likely loose readers if they posted Tim's article. God forbid they know the truth. ;)...
[ more ] [ reply ]
[ more ] [ reply ]
Media Gone Mad
2003-02-26
Anonymous (1 replies)
Anonymous (1 replies)
Hehe - It's a good thing smart folks like you don't read the Register. Otherwise, others couldn't chuckle at the irony of your comment. The Reg did write about this glitch, in their usual, humorous way. The article pretty much went out of it's way to indicate that this was really not the major se...
[ more ] [ reply ]
[ more ] [ reply ]
Media Gone Mad
2003-02-27
Anonymous (1 replies)
Anonymous (1 replies)
Actually I DO read the Register. They posted some time afterwards - as did Slashdot.
Too bad they had to be shamed into it.
Maybe next time they won't be so quick to cry wolf.
...
[ more ] [ reply ]
Too bad they had to be shamed into it.
Maybe next time they won't be so quick to cry wolf.
...
[ more ] [ reply ]
WRONG!
2003-02-26
Charles Hill (9 replies)
Charles Hill (9 replies)
Actually, it is CRITICAL in one aspect.
If Avaya's security consultant Ken Pfeil is correct when he said:
"If the system is a member of a workgroup and not a domain, you can just change the user's password that the file was encrypted under," Pfeil said. "Then you can log on as that user havin...
[ more ] [ reply ]
If Avaya's security consultant Ken Pfeil is correct when he said:
"If the system is a member of a workgroup and not a domain, you can just change the user's password that the file was encrypted under," Pfeil said. "Then you can log on as that user havin...
[ more ] [ reply ]
WRONG!....err...not
2003-02-26
Anonymous
Anonymous
>Actually, it is CRITICAL in one aspect. If Avaya's security consultant Ken Pfeil is correct when he said:
"If the system is a member of a workgroup and not a domain, you can just change the user's password that the file was encrypted under," Pfeil said. "Then you can log on as that user having a...
[ more ] [ reply ]
"If the system is a member of a workgroup and not a domain, you can just change the user's password that the file was encrypted under," Pfeil said. "Then you can log on as that user having a...
[ more ] [ reply ]
WRONG!
2003-02-26
Ralf (1 replies)
Ralf (1 replies)
If you have a laptop and didn't even bother setting up a bios password, then you're really lame, why use a Windows login password in the first place, let's happily use TweakUI to autoboot the admin account or write the password on a post-it!
Then how easy one can override the bios password is yet...
[ more ] [ reply ]
Then how easy one can override the bios password is yet...
[ more ] [ reply ]
WRONG!
2003-02-26
jonsteph (1 replies)
jonsteph (1 replies)
Problem is, we're talking about Windows XP, so Mr. Pfeil is wrong.
Assuming one can get Admin access to the installed OS (re-installing OS destroys access to EFS-protected files), resetting the password on WinXP in a Workgroup (as opposed to changing it) destroys access to DPAPI-protected keys, a...
[ more ] [ reply ]
Assuming one can get Admin access to the installed OS (re-installing OS destroys access to EFS-protected files), resetting the password on WinXP in a Workgroup (as opposed to changing it) destroys access to DPAPI-protected keys, a...
[ more ] [ reply ]
Linux "boot" floppy? Wow, I'm impressed.
2003-02-26
TJ Miller jr (23 replies)
TJ Miller jr (23 replies)
"Or even better, I'd just whip out my Linux boot floppy, change the administrator password and go nuts."
Huh? Since when can you change the Windows "Administrator" Password with a Linux, err, "boot" floppy (esp. if the partition is formatted in NTFS)? I for one never knew LILO to be such a capabl...
[ more ] [ reply ]
Huh? Since when can you change the Windows "Administrator" Password with a Linux, err, "boot" floppy (esp. if the partition is formatted in NTFS)? I for one never knew LILO to be such a capabl...
[ more ] [ reply ]
Linux "boot" floppy? Wow, I'm impressed.
2003-02-26
Anonymous (1 replies)
Anonymous (1 replies)
"Huh? Since when can you change the Windows "Administrator" Password with a Linux, err, "boot" floppy"
Might want to do some digging before you besmirch a real security professional. Go here:
http://home.eunet.no/~pnordahl/ntpasswd/bootdisk.html
to get a copy of the "Offline NT Password & ...
[ more ] [ reply ]
Might want to do some digging before you besmirch a real security professional. Go here:
http://home.eunet.no/~pnordahl/ntpasswd/bootdisk.html
to get a copy of the "Offline NT Password & ...
[ more ] [ reply ]
Linux "boot" floppy? Wow, I'm impressed.
2003-02-26
Jason Zandri
Jason Zandri
Yep, Linux boot floppy for one, there are many others too.
http://www.ntsecurity.net/Articles/Index.cfm?ArticleID=9527
NTFSBoot disk quickly comes to mind as well.
If I can boot the system locally because I have physical access, I OWN the system, it is not yours any more it's mine....
[ more ] [ reply ]
http://www.ntsecurity.net/Articles/Index.cfm?ArticleID=9527
NTFSBoot disk quickly comes to mind as well.
If I can boot the system locally because I have physical access, I OWN the system, it is not yours any more it's mine....
[ more ] [ reply ]
Linux "boot" floppy? Wow, I'm impressed.
2003-02-26
Tiamat
Tiamat
Look it up fool. Type "linux boot floppy Win2K WinXP" into Google and see how many 100s of hits you get. There are at least 3 variations on this that I know of, and it's works. It'll mount a NTFS drive AND allow you to overwrite any user or admin password with whatever you want. I've used it to reco...
[ more ] [ reply ]
[ more ] [ reply ]
Linux "boot" floppy? Wow, I'm impressed.
2003-02-26
Anonymous
Anonymous
I used a single Linux disk with it's associated utilities to reset the administrator password on a Win2K machine last week. It took less than 5 minutes to do, and the disk prompted you for each and every step to take. *I* thought this was pretty impressive, as did the end user that got back into hi...
[ more ] [ reply ]
[ more ] [ reply ]
You are Just giving window system more credit than it should have
2003-02-26
Anonymous
Anonymous
It is a bit of a joke Windows NT/2000/XP is not that well NTFS there are tools to read and write NT/2000/XP from linux there is a catch of course but can be got around with a linux basic full drive backup.
Basicly you play a bit of luck. But it is lot less trouble if using windows NT just to got...
[ more ] [ reply ]
Basicly you play a bit of luck. But it is lot less trouble if using windows NT just to got...
[ more ] [ reply ]
Linux "boot" floppy? Wow, I'm impressed.
2003-02-26
Anonymous
Anonymous
Why would I turn on networking?
Why not copy the files to a disk and work on the minor encryption at home? If I opened a connection, I would leave tracks in the firewall log ( assuming they have a firewall)
If I have access to the server, then the chances are the admins are too clueless to set ...
[ more ] [ reply ]
Why not copy the files to a disk and work on the minor encryption at home? If I opened a connection, I would leave tracks in the firewall log ( assuming they have a firewall)
If I have access to the server, then the chances are the admins are too clueless to set ...
[ more ] [ reply ]
Linux "boot" floppy? Wow, I'm impressed.
2003-02-26
Anonymous (2 replies)
Anonymous (2 replies)
I don't see what this person is arguing with. He questions using a linux boot floppy, and then points out how it's possible. Linux floppy with NTFS, find the SAM, change the passwords... pretty damned easy....
[ more ] [ reply ]
[ more ] [ reply ]
I just love flamers who don't read the whole letter (grin)
2003-02-27
TJ Miller jr (1 replies)
TJ Miller jr (1 replies)
Yes, campers - a MODIFIED floppy can do these wonders (notice how I mention Trinux?) OTOH, a standard Linux boot floppy does none of this, something everyone failed to recognize.
For the kinder folk, I thank you for your reasoned response.
For all those flamers and the s00p4r-l33t self-assure...
[ more ] [ reply ]
For the kinder folk, I thank you for your reasoned response.
For all those flamers and the s00p4r-l33t self-assure...
[ more ] [ reply ]
I just love flamers who don't read the whole letter (frown)
2003-03-01
Anonymous
Anonymous
So, your entire reason for posting is because he said "Linux boot floopy" rather than "Modified boot disk that loads Linux and then lets you do other things"? If a disk boots Linux, it is a Linux Boot Disk. He didn't say "The Linux boot disk that ships with the default installation of Linux." It ...
[ more ] [ reply ]
[ more ] [ reply ]
Media did not gone mad, Linux "boot" floppy, Microsoft are bad guys, and other urban legends
2003-03-06
Amorphous
Amorphous
Yep. Run the password cracker of your choice - any OS, any encryption, change what you need (depending on the level of oyur knowledge, for sure), restore the logs and the passwords, and put the poor doctored bastard back to the production environment. BTW, not just *n*x boot floppy - DOS with DOS2NT...
[ more ] [ reply ]
[ more ] [ reply ]
Columnist Gone Mad
2003-02-26
Anonymous (2 replies)
Anonymous (2 replies)
Here's the lastest "headline" under "vulnerabilities" at Security Focus, as of Feb 26:
http://www.securityfocus.com/bid/6914
The "problem" describes how the "Eject" utility allows a local user to possibly exploit a file!!! Oh no!!! A malicious local user can exploit a document !!!
Sheesh. ...
[ more ] [ reply ]
http://www.securityfocus.com/bid/6914
The "problem" describes how the "Eject" utility allows a local user to possibly exploit a file!!! Oh no!!! A malicious local user can exploit a document !!!
Sheesh. ...
[ more ] [ reply ]
Columnist Gone Mad
2003-02-27
Anonymous
Anonymous
Actually, its completely different.
The issue described in the eject article allows a user (could be remote) to gather information for mounting an attack.
The much hyped WinXP "issue" is by design, if you have physical access to the box, you can do whatever the hell you like, someone booting a...
[ more ] [ reply ]
The issue described in the eject article allows a user (could be remote) to gather information for mounting an attack.
The much hyped WinXP "issue" is by design, if you have physical access to the box, you can do whatever the hell you like, someone booting a...
[ more ] [ reply ]
Think Kiosks or Remote Terminal User...
2003-02-27
Frank
Frank
First, the eject vulnerability was sent into the database by the author himself.
Second, a software application vulnerability is significantly different than a physical access vulnerability.
If I have a locked down Kiosks, or a remote user is in my machine via Terminal Services with no access...
[ more ] [ reply ]
Second, a software application vulnerability is significantly different than a physical access vulnerability.
If I have a locked down Kiosks, or a remote user is in my machine via Terminal Services with no access...
[ more ] [ reply ]
Media Gone Mad
2003-02-26
Anonymous
Anonymous
If I can gain access to the hardware and do this, then why can't a put a back door/keylogger/whatever onto the XP machine?
As anybody who has done actual security work would know, the threat of someone walking of with the hardware is much less of an issue compared to someone constantly monitoring y...
[ more ] [ reply ]
As anybody who has done actual security work would know, the threat of someone walking of with the hardware is much less of an issue compared to someone constantly monitoring y...
[ more ] [ reply ]
My Experience with The Linux
2003-02-26
Egg Troll (14 replies)
Egg Troll (14 replies)
I work as a consultant for several fortune 500 companies, and I think I can shed a little light on the climate of the open source community at the moment. I believe that part of the reason that open source based startups are failing left and right is not an issue of marketing as it's commonly believ...
[ more ] [ reply ]
[ more ] [ reply ]
re: My Experience with The Linux
2003-02-26
Stonewolf
Stonewolf
Unfortunately you point out in your own message why it didn?t work. You are already biased against Linux or any other open source solution. Read your post, use VB because it?s just at good. Sure, for specific apps, portability is not one of them.
I have also consulted for Fortune 500 companies,...
[ more ] [ reply ]
I have also consulted for Fortune 500 companies,...
[ more ] [ reply ]
My Experience with The Linux
2003-02-27
Anonymous
Anonymous
I sould not feed this self proclaimed troll, but I will give him a small bisquit
Just what distro of linux is the shareware version??
The fact that you chose to program in VB and do not have a clue about C is probable the reason the Linux " shareware" failed. " I don't believe in C programmin...
[ more ] [ reply ]
Just what distro of linux is the shareware version??
The fact that you chose to program in VB and do not have a clue about C is probable the reason the Linux " shareware" failed. " I don't believe in C programmin...
[ more ] [ reply ]
Re: My Experience with The Linux
2003-02-27
Anonymous
Anonymous
It's obvious you're a troll trying to provoke a response, so I'll be brief and respond only for the benefit of those who aren't as technically inclined and might not notice.
> we wanted to integrate the shareware version of Linux
There is no such thing as a shareware version of Linux. 'Freewar...
[ more ] [ reply ]
> we wanted to integrate the shareware version of Linux
There is no such thing as a shareware version of Linux. 'Freewar...
[ more ] [ reply ]
My Experience with The Linux
2003-02-27
Anonymous (1 replies)
Anonymous (1 replies)
Depends on what you wanted to do and which dist you were installing .. At the moment I would not buy this .. having on a Network utilising *nix vs win ... *nix always performs ... more downtime on win serves ...
[ more ] [ reply ]
[ more ] [ reply ]
My Experience with The Linux - downtime?
2003-02-28
Anonymous
Anonymous
Downtime? I never have downtime in my company of 1000+ users. Downtime is money, and I cannot afford to be down.
Do things right the first time, you should not have any downtime. If I check my helpdesk logs, I see that the last time we rebooted our Exchange server was Feb. 11th, 2001 - PDC - Apr...
[ more ] [ reply ]
Do things right the first time, you should not have any downtime. If I check my helpdesk logs, I see that the last time we rebooted our Exchange server was Feb. 11th, 2001 - PDC - Apr...
[ more ] [ reply ]
My Experience with The Linux
2003-02-27
Anonymous
Anonymous
Egg Troll indeed
What about HP-UX, Solaris, and other commerical Unices ... or are only systems with VB (LOL!) serious enough for you?
(I haven't been paid for anything other than computing for the last twenty-five years. I've seen 'em come and I've seen 'em go. And Basic hasn't been ready f...
[ more ] [ reply ]
What about HP-UX, Solaris, and other commerical Unices ... or are only systems with VB (LOL!) serious enough for you?
(I haven't been paid for anything other than computing for the last twenty-five years. I've seen 'em come and I've seen 'em go. And Basic hasn't been ready f...
[ more ] [ reply ]
My Experience with The Linux
2003-02-27
Anonymous (1 replies)
Anonymous (1 replies)
Nice joke. Hope this wasn't a serious message...
I found a bit dissapointing your comments on GPL vs MS shared source... That's serious stuff, no jokes please.
...
[ more ] [ reply ]
I found a bit dissapointing your comments on GPL vs MS shared source... That's serious stuff, no jokes please.
...
[ more ] [ reply ]
My Experience with The Linux
2003-02-27
Anonymous (1 replies)
Anonymous (1 replies)
hehe - the fact that all you dumb linux nerds are getting so defensive makes troll's point even more solid. I bet all these posts are from one guy!...
[ more ] [ reply ]
[ more ] [ reply ]
Egg Troll Rules! Anonymous Doesn't.
2003-02-28
Anonymous (1 replies)
Anonymous (1 replies)
> the fact that all you dumb linux nerds are getting so defensive makes troll's point even more solid. I bet all these posts are from one guy! <
They are! Look they're almost all from Anonymous. What would he know?!
Egg Troll, just post the link to your VB kernel that fits on a floppy. You k...
[ more ] [ reply ]
They are! Look they're almost all from Anonymous. What would he know?!
Egg Troll, just post the link to your VB kernel that fits on a floppy. You k...
[ more ] [ reply ]
As if
2003-03-03
Anonymous
Anonymous
They may have been posted by one person, or they might not have - doesn't really matter. They all make sense.
I for one have never had trouble with linux. In the more than 3 years I'm now using it, it crashed once (and I managed to recover *without* rebooting). I've only seen kernel panics for...
[ more ] [ reply ]
I for one have never had trouble with linux. In the more than 3 years I'm now using it, it crashed once (and I managed to recover *without* rebooting). I've only seen kernel panics for...
[ more ] [ reply ]
My Experience with The Linux
2003-03-05
blacklight
blacklight
Dear eggtroll,
I used to do client-server programming in VB years ago and until I read your post, I had no idea that such a high-level language as VB can be used to perform the kind of low-level programming tasks that C is used for. How you would manage to compile a VB binary and make that binary...
[ more ] [ reply ]
I used to do client-server programming in VB years ago and until I read your post, I had no idea that such a high-level language as VB can be used to perform the kind of low-level programming tasks that C is used for. How you would manage to compile a VB binary and make that binary...
[ more ] [ reply ]
Joy!
2003-02-26
Anonymous
Anonymous
Sure, absolutely. I completely agree! Thought so when i first heard this story.
Besides, i've used Linux (boot) CD's often enough (when forgetting to edit fstab and lilo after deleting some win partition on a dual boot ;-). But, how else are you going fix some boot problem? The former poster mentio...
[ more ] [ reply ]
Besides, i've used Linux (boot) CD's often enough (when forgetting to edit fstab and lilo after deleting some win partition on a dual boot ;-). But, how else are you going fix some boot problem? The former poster mentio...
[ more ] [ reply ]
Media Gone Mad
2003-02-26
Anonymous
Anonymous
The "physical access" argument is half irrelevant....
(and the LINUX 'boot floppy' one pathetic)
Why do OSs have password protected accesses if it's enough to be sitting next to the computer? Just for the fun of typing passwords?
Come on...
You cannot do the same, and obviously should not be a...
[ more ] [ reply ]
(and the LINUX 'boot floppy' one pathetic)
Why do OSs have password protected accesses if it's enough to be sitting next to the computer? Just for the fun of typing passwords?
Come on...
You cannot do the same, and obviously should not be a...
[ more ] [ reply ]
"Third Party Driver" ? This is slanted in the other direction
2003-02-26
Anonymous (1 replies)
Anonymous (1 replies)
While the core point of the article is correct, there are some dead giveaways that the author is a bit too eager to go the extra mile to make Microsoft come out smelling better than it deserves on this one.
Case in point, the archtype scenario for why you'd want to boot a recovery console in this...
[ more ] [ reply ]
Case in point, the archtype scenario for why you'd want to boot a recovery console in this...
[ more ] [ reply ]
"Third Party Driver" ? This is slanted in the other direction
2003-02-27
Eric Grabowski (eric@mazenet.com)
Eric Grabowski (eric@mazenet.com)
I would point out how many times I had a UNIX or Linux kernal "crash" due to bad drivers just as windows does. Granted .. its not as often .. Microsoft gives us a "kitchen sink" OS and because of that it is more likely to have compatability issues, but please dont preach about how pristine every oth...
[ more ] [ reply ]
[ more ] [ reply ]
Paying extra for patching buggy software...
2003-02-26
Anonymous
Anonymous
... is exactly what BillG and his horde do (yes, I agree with you on the rest of the article). For bug and security fixes for IE and Outlook, you have to accept updated license agreements that give Microsquish extra "rights" on your machine. There was a significant outcry re Win2k SP3 license, but...
[ more ] [ reply ]
[ more ] [ reply ]
Newsflash! Huge security hole in Linux!
2003-02-26
Anonymous (6 replies)
Anonymous (6 replies)
It's interesting to note that one can very easily boot up Linux, FreeBSD, et al, with boot floppies or CDs, get a shell, mount the file systems, and have your way with them. This has always been true. So what is the big deal?
Similarly, any non-NTFS Windows installation can be accessed by booting...
[ more ] [ reply ]
Similarly, any non-NTFS Windows installation can be accessed by booting...
[ more ] [ reply ]
Newsflash! Huge security hole in Linux! All true
2003-02-26
Anonymous
Anonymous
I agree, but the mentality of most of the MCSEs I have had the displeasure to interact with is this:
"Microsoft is C2 secure,The Government said so, Look at the press release! If there are any holes, Microsoft will notify us, We have a maintenance contract"
And when the mcse is lead kick...
[ more ] [ reply ]
"Microsoft is C2 secure,The Government said so, Look at the press release! If there are any holes, Microsoft will notify us, We have a maintenance contract"
And when the mcse is lead kick...
[ more ] [ reply ]
Media Gone Mad
2003-02-26
Anonymous
Anonymous
Well, maybe you should look before you spew tongue in cheek comments. Yes, there IS an NT/2000 admin password recovery diskette (or bootable CD if you prefer) that DOES boot linux, that DOES mount the drive (yes NTFS), and DOES run a script to guide you through the process. Here you go: http://home....
[ more ] [ reply ]
[ more ] [ reply ]
You don't need a Linux boot floppy
2003-02-27
Aaron Brooks
Aaron Brooks
LiLo and GRUB both by default allow you to pass the statment "single" along with kernel options. If you hit TAB at a LiLo prompt you can see the available kernels and type something like:
LiLo: vmlinuz single
and be at a runlevel 1 (single user) root prompt in a matter of seconds, no password...
[ more ] [ reply ]
LiLo: vmlinuz single
and be at a runlevel 1 (single user) root prompt in a matter of seconds, no password...
[ more ] [ reply ]
Media Gone Mad
2003-02-27
Anonymous
Anonymous
Well, there are other things which are security issues clearly in XP, besides the fact I preferred their beta look.
The issue isn't major, but you could force it to RC, copy a file to it, which creates a backdoor in the system when it's restored. of course- if you can do that, you can do that any...
[ more ] [ reply ]
The issue isn't major, but you could force it to RC, copy a file to it, which creates a backdoor in the system when it's restored. of course- if you can do that, you can do that any...
[ more ] [ reply ]
Media Gone Mad
2003-02-27
Anonymous (1 replies)
Anonymous (1 replies)
Thank you very much for this awesome column. Man, the last 3 years I indulged and spent a lot of money on servers and equipment that was no Microsoft OS based. I tried out Macs, and LINUX! My business is building solutions for clients on the best platform. Suprisingly it cost a LOT more money th...
[ more ] [ reply ]
[ more ] [ reply ]
Media Gone Mad
2003-02-27
Roberto J Dohnert
Roberto J Dohnert
Thank you very much for this article, I have been hearing about this " vulnerability " more times than I care to count and I tell people its nothing to worry about, its not an exploit. Yes and I do wish that people would leave Bill & Co. alone, people call this an exploit but then what does that ma...
[ more ] [ reply ]
[ more ] [ reply ]
the important bit - the ease of access to encypted files
2003-02-27
Anonymous (1 replies)
Anonymous (1 replies)
"If the system is a member of a workgroup and not a domain, you can just change the user's password that the file was encrypted under," Pfeil said. "Then you can log on as that user having access to the encrypted file."...
[ more ] [ reply ]
[ more ] [ reply ]
Alert: Major Security Flaws
2003-02-27
Asmo (2 replies)
Asmo (2 replies)
Alert: New Vulnerability Detected in OS We Don't Like
Severity: HIGH
Summary: Commonly available tools able crack into server.
Discussion:
Our crack team of Security and Expliot engineers at our east coast Propulsion Labrotories have recently discovered a serious security vulnerablity in an ...
[ more ] [ reply ]
Severity: HIGH
Summary: Commonly available tools able crack into server.
Discussion:
Our crack team of Security and Expliot engineers at our east coast Propulsion Labrotories have recently discovered a serious security vulnerablity in an ...
[ more ] [ reply ]
Alert: Major Security Flaws
2003-02-28
Anonymous
Anonymous
Cisco Catalyst switches and routers are also affected by the same vulnerability. Heck Cisco even goes the length to teach you how to carry out the exploit. One of the many versions : http://www.cisco.com/en/US/products/hw/switches/ps700/produc
ts_password_recovery09186a0080135657.shtml
All you nee...
[ more ] [ reply ]
ts_password_recovery09186a0080135657.shtml
All you nee...
[ more ] [ reply ]
This IS a major vulnerability
2003-02-27
obadii@hushmail.com (2 replies)
obadii@hushmail.com (2 replies)
I would argue this IS a significant vulnerability. If an organization is deploying XP to the desktop, then anyone with access to Windows 2000 media could access ANY information on any desktop.
You are right, if your server OS of choice is XP, and your server facilities are adiquate, this is a ...
[ more ] [ reply ]
You are right, if your server OS of choice is XP, and your server facilities are adiquate, this is a ...
[ more ] [ reply ]
This IS a major vulnerability- NOT!
2003-03-01
Anonymous
Anonymous
You say "For you to call this a non-vulnerability makes me question if you understand the fundamentals of security. It's nothing personal, but security comes down to what you can access, identification of someone accessing something they shouldn't be able to and auditability. This pretty much knocks...
[ more ] [ reply ]
[ more ] [ reply ]
Media Gone Mad - bye bye *nix
2003-02-27
Anonymous (1 replies)
Anonymous (1 replies)
Just like that Ford model-T you saw at the museum. Sure, it works fine, nice and simple, really basic - but I think I'd rather have the brand new Mercedes. You can keep your old, worn out peice of junk. ;)
*nix will soon meet the same fate as OS/2, I can see the headlines now - "Microsoft clubs ...
[ more ] [ reply ]
*nix will soon meet the same fate as OS/2, I can see the headlines now - "Microsoft clubs ...
[ more ] [ reply ]
Media Gone Mad
2003-02-28
Anonymous
Anonymous
Tim, thankyou for posting a well-written article.
We seem to have gotten off topic here.
If you still don’t understand what the issue is, read this. Pay attention to #2 and #3
The Ten Immutable Laws of Security
Law #1: If a bad guy can persuade you to run his program on your co...
[ more ] [ reply ]
We seem to have gotten off topic here.
If you still don’t understand what the issue is, read this. Pay attention to #2 and #3
The Ten Immutable Laws of Security
Law #1: If a bad guy can persuade you to run his program on your co...
[ more ] [ reply ]
It is our fault - we don't demand solutions to fill the gaps
2003-03-01
Eitan Caspi
Eitan Caspi
OK, so there is a free tool for doing this.
But? a vendor named "Winternals" has a product named "ERD Commander" that has a cost, but it has been doing just this and more for a long time.
Not only it is not CONSIDERED a vulnerability ? someone is making money out this fact for a long time?
I ha...
[ more ] [ reply ]
But? a vendor named "Winternals" has a product named "ERD Commander" that has a cost, but it has been doing just this and more for a long time.
Not only it is not CONSIDERED a vulnerability ? someone is making money out this fact for a long time?
I ha...
[ more ] [ reply ]
Media Gone Mad
2003-03-02
Anonymous
Anonymous
I work as QA for a TCP/UDP server product. We recently had a certain famous security firm report multiple vulnerabilities in our product. Some of the vulns were legit, but some of them were completely non-exploitable and therefore NOT security issues. However, the company still got CVE ids for ea...
[ more ] [ reply ]
[ more ] [ reply ]
STOOPID PEOPLE
2003-03-03
GENIUS GUY (2 replies)
GENIUS GUY (2 replies)
it is the fact that one OS rescue disk can activate another OS when they're supposed to be different.
Just goes to show how all the crud under the MS table is one and the same.
Same car key fits in every GM vehicle out there. Only you maroons would think so.
Not I the genius guy.
DUH! ...
[ more ] [ reply ]
Just goes to show how all the crud under the MS table is one and the same.
Same car key fits in every GM vehicle out there. Only you maroons would think so.
Not I the genius guy.
DUH! ...
[ more ] [ reply ]
STOOPID PEOPLE
2003-03-04
Anonymous
Anonymous
First, you spelled stupid wrong. It doesn't take a genius to know that. Secondly, the "OS" does not "activate" the other "OS." It is called a "file system", Genius. An OS gives you access to a file system. If your OS supports the file system, like Mullen said, you get access to the files.
Th...
[ more ] [ reply ]
Th...
[ more ] [ reply ]
It is unfortunate...
2003-03-03
Glenn Schulz (1 replies)
Glenn Schulz (1 replies)
Setting aside the issue of whether this is a vulnerability or not, I find Tim Mullen's points of reference to be misleading and flawed.
Most professionals involved in security models approach designs from a belt and suspenders standpoint; arguably either one can do the job but...
The comment t...
[ more ] [ reply ]
Most professionals involved in security models approach designs from a belt and suspenders standpoint; arguably either one can do the job but...
The comment t...
[ more ] [ reply ]
It is unfortunate...that you don't understand
2003-03-04
Anonymous (1 replies)
Anonymous (1 replies)
Layered security? Let's see- he talks about physical security, EFS, patching, hmmm... Sounds pretty reasonable to me. And just because you don't know about physical security does not make it a dream. Do you keep your servers in the parking lot? In the coffee room? Do you allow regular uses to lo...
[ more ] [ reply ]
[ more ] [ reply ]
It is unfortunate...that Glenn learned security from a text book.
2003-03-05
Erik (1 replies)
Erik (1 replies)
Glenn,
"Misleading and Flawed..."
Glenn, Glenn, Glenn please spare me your jaded view of Tim Mullen's writing. You are obviously a very "high-level" kind of guy; which is fine, but don't play word games to make your ?3rd grade security point? valid. We all agree that security must be layered....
[ more ] [ reply ]
"Misleading and Flawed..."
Glenn, Glenn, Glenn please spare me your jaded view of Tim Mullen's writing. You are obviously a very "high-level" kind of guy; which is fine, but don't play word games to make your ?3rd grade security point? valid. We all agree that security must be layered....
[ more ] [ reply ]
Reality
2003-03-06
Glenn Schulz (1 replies)
Glenn Schulz (1 replies)
Erik,
I do agree that the media overshot the message on XP. My heartburn is with Tim Mullen's sportscaster like ranting rather than providing a well articulated counterpoint.
Physical security for a typical XP environment is not one of locked doors, biometrics, and security guards. XP is typic...
[ more ] [ reply ]
I do agree that the media overshot the message on XP. My heartburn is with Tim Mullen's sportscaster like ranting rather than providing a well articulated counterpoint.
Physical security for a typical XP environment is not one of locked doors, biometrics, and security guards. XP is typic...
[ more ] [ reply ]
Agreement
2003-03-06
Erik (2 replies)
Erik (2 replies)
Glenn,
I do agree that the media overshot the message on XP. My heartburn is with Tim Mullen's sportscaster like ranting rather than providing a well articulated counterpoint.
erik>Tim does have a unique writing style (i won't argue that), but its fun. These articles are mostly read by people...
[ more ] [ reply ]
I do agree that the media overshot the message on XP. My heartburn is with Tim Mullen's sportscaster like ranting rather than providing a well articulated counterpoint.
erik>Tim does have a unique writing style (i won't argue that), but its fun. These articles are mostly read by people...
[ more ] [ reply ]
Agreement
2003-03-07
FUNNY (2 replies)
FUNNY (2 replies)
erik>Tim does have a unique writing style (i won't argue that), but its fun. These articles are mostly read by people like ourselves that understand the issue, but appreciate the slanted rant. I find it refreshing. You may not. Such is life.
///////////////////
It's fun? FUN? Fun as in "cool" a...
[ more ] [ reply ]
///////////////////
It's fun? FUN? Fun as in "cool" a...
[ more ] [ reply ]
Agreement - too much caffeine today?
2003-03-07
Anonymous
Anonymous
Your an idiot that needs to settle down.
If you don't have "fun" in your work, then you are in the wrong business my friend. "fun" is a mental requirement for most socially-sabby people, and contrary to your opinion, it makes for a much more healthy and productive work environment.
Go be a lit...
[ more ] [ reply ]
If you don't have "fun" in your work, then you are in the wrong business my friend. "fun" is a mental requirement for most socially-sabby people, and contrary to your opinion, it makes for a much more healthy and productive work environment.
Go be a lit...
[ more ] [ reply ]
Agreement.... what is your problem?
2003-03-07
Anonymous
Anonymous
Are you honestly serious? "fun" - "Microsoft term?". I have never heard something so absolutely ridiculous and pathetic in my life - what are you smoking? Can I have some?
They were having an excellent discussion and used the word "fun" because they enjoyed the relevant dialog they were having, d...
[ more ] [ reply ]
They were having an excellent discussion and used the word "fun" because they enjoyed the relevant dialog they were having, d...
[ more ] [ reply ]
MICROSOFT SUCKS!
2003-03-04
[ Discussion Closed ] (1 replies)
[ Discussion Closed ] (1 replies)
Media Gone Mad - Strikeback
2003-03-05
Anonymous
Anonymous
I'm very happy to see some Windows administrators finally standing up against the open-source community's never-ending rants and raves about how insecure Windows is. I've certainly been listening to it for far too long. I see the same arguments made over and over by the open source community, and I ...
[ more ] [ reply ]
[ more ] [ reply ]
what more can I do
2003-03-06
Tigger
Tigger
I agree, I should wipe that evil grin off my face ... but this stuff is just 2 funny. Can't you just imagine one IT director to another over lunch.... "yeah, we banned all use of the recovery console 2 ... when is Microsoft gonna offer us SOLUTIONS." SOLUTION nr. 1 : listen to the people that know !...
[ more ] [ reply ]
[ more ] [ reply ]
Thanks...
[ more ] [ reply ]