Re: [Full-Disclosure] Re: Re: GAYER THAN AIDS ADVISORY #01: IE 5 remote code execution

From: morning_wood (se_cur_ity_at_hotmail.com)
Date: 02/19/04

  • Next message: Paul Schmehl: "RE: [Full-Disclosure] Re: Re: GAYER THAN AIDS ADVISORY #01: IE 5 remote code execution" 
    To: "Bill Royds" <full-disclosure@royds.net>, <insecure@ameritech.net>, "'Tim'" <tim-security@sentinelchicken.org>
Date: Wed, 18 Feb 2004 20:04:47 -0800

    > Last time I was at my doctor's medical clinic, I noticed all the shiny new
    > LCD monitors showing the Windows logon prompt with account Administrator. I
    > asked the receptionist why. She said so that anyone could sing on any
    > machine when they needed it, since individual machines lock out so only
    > signed user or administrator can sign on. They did have the screensaver
    > timeout so people off the street couldn't sign on. But the only way to make
    > the multiple workstations usable from for anybody was to use administrator
    > account on all of them.
    > This is a bit of a design flaw in the Windows network that means security
    > is much less than it ought to be.
    >
    my question is... who is the admin / security manager for this locale?
    again, this is not a windows issue, it is an administrator issue in which
    the controlling admin of the network is clueless as to how to manage
    a flexible win-net.

    Donnie Werner
    dwerner@exploitlabs.com
    http://exploitlabs.com
    360-312-8011

     

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html

  • Next message: Paul Schmehl: "RE: [Full-Disclosure] Re: Re: GAYER THAN AIDS ADVISORY #01: IE 5 remote code execution"

    Relevant Pages

    • Re: msconfig problem
      ... Operating system is Windows XP Home Edition Version 2002 with SP2. ... Administrator to make the return to Normal Startup. ... Event Type: Warning ...
      (microsoft.public.windowsxp.help_and_support)
    • Re: Automatic and web based Windows Update Installs all fail...
      ... "Administrators only" error message when you attempt to use the Windows ... Please contact your system administrator." ... CD, (by clicking on the Install Windows 2000 link), I receive the infamous ...
      (microsoft.public.win2000.windows_update)
    • Re: Automatic and web based Windows Update Installs all fail...
      ... "Administrators only" error message when you attempt to use the Windows ... Please contact your system administrator." ... CD, (by clicking on the Install Windows 2000 link), I receive the infamous ...
      (microsoft.public.win2000.windows_update)
    • Re: Administrator rights-QuickBooks2006Pro
      ... XP and Windows 2000 users must have Power Users or Administrator group rights in order to run QuickBooks. ... Quite simply, the application doesn't "know" how to handle individual user profiles with differing security permissions levels, or the application is designed to make to make changes to "off-limits" sections of the Windows registry or protected Windows system folders. ... limited accounts, you can fix it to allow limited users to access the ...
      (microsoft.public.windowsxp.security_admin)
    • RE: forgot password
      ... You can also log into with the default or Bult-in Administrator account ... and the password is the one you have set during initial setup of Windows XP ... If you created a password reset disk for Windows XP, ... Click the user account that you forgot the password for, ...
      (microsoft.public.windowsxp.general)