Re: Privilege-escalation attacks on NT-based Windows are unfixable

From: Douglas A. Gwyn (DAGwyn@null.net)
Date: 08/21/02


From: "Douglas A. Gwyn" <DAGwyn@null.net>
Date: Wed, 21 Aug 2002 20:06:37 GMT

Barry Margolin wrote:
> (OS ensured this automatically when you first dialed
> up on a modem, and there was a procedure involving the BREAK signal for use
> on hard-wired terminals).

It's interesting that as of Windows 2000 the *default* setting does not
ensure the legitimacy of the login screen; one has to enable this via
the Password applet. (After which, Ctrl-Alt-Del is required to obtain
the login screen. I wonder if Ctrl-Alt-Del is trappable by a spoofing
application.)