Re: disclosure the administrative password

• Previous message: Tom Stowell: "Re: disclosure the administrative password"
• In reply to: Thor: "Re: disclosure the administrative password"
• Next in thread: Jack Me: "Re: disclosure the administrative password"
• Reply: Jack Me: "Re: disclosure the administrative password"
• Reply: Thor: "Re: disclosure the administrative password"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: "Thor" <thor@hammerofgod.com>, <focus-ms@securityfocus.com>
Date: Wed, 2 Feb 2005 09:09:59 +0200

----- Original Message -----
From: "Thor" <thor@hammerofgod.com>
To: "Boris Skoblo" <borsk@techunix.technion.ac.il>;
<focus-ms@securityfocus.com>
Sent: Tuesday, February 01, 2005 11:58 PM
Subject: Re: disclosure the administrative password

> This sounds like one of those "loaded" questions... This is a security
> list, so we will want to know "why." Why is a smart card and all other
> hardware not applicable?

These methods not applicable because of budgetary limitations

> Why can't the operations be delegated?

For example, stoping and starting of various services for the diagnostic
purposes

> And so what if it is a custom logger- it's still a driver. Is it a root
> kit logger? If so, how do you know that?

Whether I do not know present keylogger at system,
 but potential possibility exists therefore I should take safety measures

>What actions does the admin have to perform that require RunAs in the first
>place, exactly? Answering these will help us give you better answers.

For example, stoping and starting of various services for the diagnostic
purposes

>
> Wipe the machine and prevent non-admin loading of drivers. User SAFER
> restrictions to only allow designated software to run. Initiate corporate
> policy to fire and or prosecute offending users.
>
> Use Remote Desktop on XP to initiate administrative tasks which bypass
> the hardware keystroke logger (until Blue Boar and I write our Terminal
> Services Keystroke Logger, that is. We're calling it Terminal Stroke.)
> Worse case, change the admin password after you have to do whatever it is
> you have to do as an admin on the box.

As about W2K workstations ?
>
> T
>
> ----- Original Message -----
> From: "Boris Skoblo" <borsk@techunix.technion.ac.il>
> To: <focus-ms@securityfocus.com>
> Sent: Tuesday, February 01, 2005 4:50 AM
> Subject: disclosure the administrative password
>
>
>> Hi All,
>>
>> There is a usual situation: on normal users computers ( W2k and Winxp )
>> an administrator should perform an administrative actions
>> (for example, with help RunAs) thus the administrative password is
>> entered. Do exist a potential possibility that on the user's computer
>> there is keylogger.
>>
>>
>> What ways to perform administrative operations exist, thus not
>> endangering disclosure the administrative password? There are some
>> limitations:
>>
>> 1. usage of smarts-cards and others hardvare devices are not applicable .
>>
>> 2. performed operations cannot be delegated for various reasons
>>
>> 3. keylogger is custom designed and any of existing protective software
>> yet does not find out it
>>
>> ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
>>
>> Regards,
>>
>> Boris Skoblo
>>

Boris

---------------------------------------------------------------------------
---------------------------------------------------------------------------

• Previous message: Tom Stowell: "Re: disclosure the administrative password"
• In reply to: Thor: "Re: disclosure the administrative password"
• Next in thread: Jack Me: "Re: disclosure the administrative password"
• Reply: Jack Me: "Re: disclosure the administrative password"
• Reply: Thor: "Re: disclosure the administrative password"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]