Re: sudo for windows

From: dcdave (dcdave@att.net)
Date: 07/26/01 

Message-ID: <00fc01c1157a$4423b9f0$5c782ec8@dcdave>
From: "dcdave" <dcdave@att.net>
To: "H C" <keydet89@yahoo.com>, "Michael Leone" <turgon@mike-leone.com>, "Gustavo Basualdo" <guasaman@hotmail.com>, "Focus on Microsoft Mailing List" <FOCUS-MS@SECURITYFOCUS.COM>
Subject: Re: sudo for windows
Date: Wed, 25 Jul 2001 21:25:32 -0500

If I can configure IIS, even as a guest, I can have sufficient fun on the
host box.
dcdave
----- Original Message -----
From: "H C" <keydet89@yahoo.com>
To: "dcdave" <dcdave@att.net>; "Michael Leone" <turgon@mike-leone.com>;
"Gustavo Basualdo" <guasaman@hotmail.com>; <focus-ms@securityfocus.com>
Sent: Tuesday, June 19, 2001 4:48 PM
Subject: Re: sudo for windows

>
> > The problem I see here is on MS products, once you
> > are running and
> > configuring IIS, you pretty much have the keys to
> > the kingdom (thank you,
> > Bill!)
>
> This seems very odd to me, Dave. Why would you alter
> the default installatiion of IIS, and run it under an
> Admin-level account? By default, IIS runs as a guest.
> This is why the extended Unicode exploited can be
> defeated by something as simple as not allowing anyone
> other than the Administrator to have executeable
> rights to the /scripts/ directory.
>
> Also, it's not really Bill's fault, is it? I mean,
> there is a plethora of information available on how to
> secure NT and 2K, as well as IIS 4.0 and 5.0. If
> someone wants to run IIS, but doesn't want to invest
> any effort into securing it, any compromise of the box
> can't really be blamed on Bill.
>
> Carv
>
> __________________________________________________
> Do You Yahoo!?
> Spot the hottest trends in music, movies, and more.
> http://buzz.yahoo.com/

Relevant Pages

  • Re: been hit by hacker, servudaemon installed
    ... security patching on iis 4.0 ... security fixes into the new version. ... >install all service packs and patches from Microsoft, ... >>>Windows, Apache, you name it. ...
    (microsoft.public.inetserver.iis.security)
  • Re: been hit by hacker, servudaemon installed
    ... security patching on iis 4.0 ... security fixes into the new version. ... :>install all service packs and patches from Microsoft, ... :>>>Windows, Apache, you name it. ...
    (microsoft.public.inetserver.iis.security)
  • Re: Mac Server Hacked In Less Than 6 Hours
    ... Windows has RAS, and for it is built in since NT 3.1 ... | A typical IIS box and this Mac are not the same thing so the comparison ... IIS has been subject to quite a few bugs and so have ... Security isn't a proprietary attribute. ...
    (sci.crypt)
  • Re: File sharing, major security issue
    ... > windows file sharing for hours with no luck. ... > seem to be set by IIS though, ... don't have a firewall, you need one. ... your logs to know which ISP to complain to. ...
    (microsoft.public.inetserver.iis.security)
  • Re: Cannot view SSI on IIS
    ... > We have a Windows 2000 Server running IIS. ... enable auditing on the server and then enable file ... How to set secure NTFS Permissions on IIS directories and log files - ... IWAM_computername account instead of the IUSR_computername account. ...
    (microsoft.public.inetserver.iis.security)