Re: disclosure the administrative password
From: Thor (thor_at_hammerofgod.com)
Date: 02/01/05
- Previous message: John Madden: "Wireless GPO"
- In reply to: Boris Skoblo: "disclosure the administrative password"
- Next in thread: Boris Skoblo: "Re: disclosure the administrative password"
- Reply: Boris Skoblo: "Re: disclosure the administrative password"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "Boris Skoblo" <borsk@techunix.technion.ac.il>, <focus-ms@securityfocus.com> Date: Tue, 1 Feb 2005 13:58:36 -0800
This sounds like one of those "loaded" questions... This is a security
list, so we will want to know "why." Why is a smart card and all other
hardware not applicable? Why can't the operations be delegated? And so
what if it is a custom logger- it's still a driver. Is it a root kit
logger? If so, how do you know that? What actions does the admin have to
perform that require RunAs in the first place, exactly? Answering these
will help us give you better answers.
Wipe the machine and prevent non-admin loading of drivers. User SAFER
restrictions to only allow designated software to run. Initiate corporate
policy to fire and or prosecute offending users. Use Remote Desktop on XP
to initiate administrative tasks which bypass the hardware keystroke logger
(until Blue Boar and I write our Terminal Services Keystroke Logger, that
is. We're calling it Terminal Stroke.) Worse case, change the admin
password after you have to do whatever it is you have to do as an admin on
the box.
T
----- Original Message -----
From: "Boris Skoblo" <borsk@techunix.technion.ac.il>
To: <focus-ms@securityfocus.com>
Sent: Tuesday, February 01, 2005 4:50 AM
Subject: disclosure the administrative password
> Hi All,
>
> There is a usual situation: on normal users computers ( W2k and Winxp )
> an administrator should perform an administrative actions
> (for example, with help RunAs) thus the administrative password is
> entered. Do exist a potential possibility that on the user's computer
> there is keylogger.
>
>
> What ways to perform administrative operations exist, thus not endangering
> disclosure the administrative password? There are some limitations:
>
> 1. usage of smarts-cards and others hardvare devices are not applicable .
>
> 2. performed operations cannot be delegated for various reasons
>
> 3. keylogger is custom designed and any of existing protective software
> yet does not find out it
>
> ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>
> Regards,
>
> Boris Skoblo
>
> ---------------------------------------------------------------------------
> ---------------------------------------------------------------------------
>
>
>
---------------------------------------------------------------------------
---------------------------------------------------------------------------
- Previous message: John Madden: "Wireless GPO"
- In reply to: Boris Skoblo: "disclosure the administrative password"
- Next in thread: Boris Skoblo: "Re: disclosure the administrative password"
- Reply: Boris Skoblo: "Re: disclosure the administrative password"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
