Bugtraq mailing list archives
Re: Windows XP Beta
From: "Andrew G. Tereschenko" <tag () ibis odessa ua>
Date: Tue, 27 Mar 2001 20:07:57 +0300
Ingenius, Just for you - read newsgroups and NDA first. Just to prevent lame backdoor threads in news: <statement> This account/password is a random generated and _designed_ for making system secure. </statement> <prove part="1"> From: "Justin Kwak[MS]" <jykwak () microsoft com> Subject: Re: SUPPORT_NNNNNNxN account? Date: Fri, 10 Nov 2000 12:11:28 -0800 To explain the need/usage of those accounts, I am going to talk about some background information first As you may know, in Whistler (and WinME), we change "HELP" a lot. Now when you click help, it will take you to Help and Support Center. Help and Support Center is point where users can find all the resources for help they may need. Help and Support Center (from PCHealth team) services include Help Contents, System Restore, System File Protection, Support Automation Framework, Remote Assistance and many more. Support Automation Framework is frame which OEM can be able to create their help content easily and provide to the user thru Help and Support Center. And because of security concern we ask OEM to do following step 1. OEM make their contents 2. Make a Cab file 3. Microsoft digitally sign the cab 4. OEM can "install" the cab into Help and Support Center In WinME, help content are running under same privilege as user. But in Whistler we now need to thinking about user privilege. If OEM contents are running same privilege as current user, what OEM help content can do is very limited. Specially those who need help are more likely low privilege user. We need to make OEM contents run different then current user's privilege. So we create those account for each OEM contents writer. Since each OEM contents provider has their own account, system admin can set different privilege to those different content provider. System admin has full control of those accounts I hope above explain make sense to you guys. If you have further question, feel free to post here Thanks </prove> <prove part="2"> From: ericf () microsoft com ("Eric Fitzgerald [MS]") Organization: Microsoft Corporation Date: Wed, 14 Feb 2001 02:50:07 GMT Subject: Re: SUPPORT_NNNNNNxN account? This is an account added as part of our Help and Support Services feature. The password is random. Don't take my word for it- do two clean installations of Whistler and use PWDUMP to compare the password hashes. I'm investigating to see exactly how this account is used, and I'll report back. Eric Fitzgerald Beta Technology Support Microsoft Corporation </prove> <note> Never, never post information you don't know. Even if you know a few - keep silence, there is always people who know this Subj better. </note> <postscript> Probably this letter for VULN-DEV List. </postscript> ============================= Andrew G. Tereschenko Software Engineer tag () ibis odessa ua
Current thread:
- Windows XP Beta Ingenius (Mar 27)
- <Possible follow-ups>
- Re: Windows XP Beta Andrew G. Tereschenko (Mar 27)