RE: Priviledge escalation attack
From: Laura A. Robinson (larobins@bellatlantic.net)Date: 10/31/02
- Previous message: Raghu Chinthoju: "RE: Access to well-known ports on Win2K"
- In reply to: Henry Sieff: "RE: Priviledge escalation attack"
- Next in thread: Nero, Nick: "RE: Priviledge escalation attack"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Laura A. Robinson" <larobins@bellatlantic.net> To: "'Henry Sieff'" <hsieff@orthodon.com>, "'Eric Howard'" <dlydl7502@sneakemail.com>, <focus-ms@securityfocus.com> Date: Thu, 31 Oct 2002 14:37:47 -0500
You are correct in everything you say, though: the default permissions
are completely insufficient to lock down a server which will have
interactive logins (like a terminal server). They are even to loose for
a web server.
-- Henry SieffI disagree a bit- he's only correct in saying that the default permissions are weak. His scenario for an exploit was not correct.
Additionally, .Net is bringing significant changes as far as default security settings, but that's another topic. ;-)
Laura
- Previous message: Raghu Chinthoju: "RE: Access to well-known ports on Win2K"
- In reply to: Henry Sieff: "RE: Priviledge escalation attack"
- Next in thread: Nero, Nick: "RE: Priviledge escalation attack"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
