Re: Security? Right.
From: andy smart (anonymus_at_discussions.microsoft.com)
Date: 05/18/05
- Next message: Karl Levinson, mvp: "Re: IE vulnerabilities..."
- Previous message: Matt Gibson: "Re: Help! Advice!"
- In reply to: Imhotep: "Re: Security? Right."
- Next in thread: Mark Randall: "Re: Security? Right."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 18 May 2005 22:55:46 +0100
Imhotep wrote:
> andy smart wrote:
>
>
>>zamdrist@gmail.com wrote:
>>
>>>http://www.microsoft.com/security/twc/vision_frame.mspx
>>>
>>>Security Vision and Framework
>>>
>>>"Microsoft is committed to enabling every customer to work,
>>>communicate, and transact business more securely."
>>>"Implementing threat modeling and other key security considerations in
>>>design and development stages."
>>>"Promoting more secure deployment and management of our software."
>>>
>>>Now read:
>>>
>>>
>
> http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/TechRef/0926da81-f03a-4986-959d-827b6753c22f.mspx
>
>>>Remote Limitations
>>>
>>>"In addition to exposing your server to unauthorized users, Remote has
>>>the following limitations..."
>>>
>>>"Remote performs no security authorization. It permits anyone running
>>>Remote.exe Client to connect to your remote server. Because of this,
>>>the account under which the remote server was run is open to anyone who
>>>connects."
>>>
>>>Wow. What a joke.
>>>
>>
>>It's not your 'server' in the sense of the physical box though is it?
>>Sounds more like a remote virtual server started on the physical server
>>from this article:
>>
>>
>
> http://pensieve.thinkingms.com/CommentView,guid,bcd86023-c8e0-4ef7-a2f5-60ddf47635cc.aspx
>
>>Sounds as though you'd need quite a bit of inside information from
>>somebody with administrator rights before you could misuse it though?
>
>
> Ah no. It sound like *anyone* who connects *is* an administrator...I would
> not recommend using this crapware...
>
> -Im
Yes, but only for that session which has already been created by a
system administrator running on the server - that's how I read it. This
is a tool which appears to have been part of the WinNT resource kit so I
have no idea who is still using it of course!
- Next message: Karl Levinson, mvp: "Re: IE vulnerabilities..."
- Previous message: Matt Gibson: "Re: Help! Advice!"
- In reply to: Imhotep: "Re: Security? Right."
- Next in thread: Mark Randall: "Re: Security? Right."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
