Full Disclosure mailing list archives

Re: Re: Re: GAYER THAN AIDS ADVISORY #01: IE 5 remote code execution

From: "morning_wood" <se_cur_ity () hotmail com>
Date: Wed, 18 Feb 2004 20:04:47 -0800

Last time I was at my doctor's medical clinic, I noticed all the shiny new
LCD monitors showing the Windows logon prompt with account Administrator. I
asked the receptionist why. She said so that anyone could sing on any
machine when they needed it, since individual machines lock out so only
signed user or administrator can sign on. They did have the screensaver
timeout so people off the street couldn't sign on. But the only way to make
the multiple workstations usable from for anybody was to use administrator
account on all of them.
  This is a bit of a design flaw in the Windows network that means security
is much less than it ought to be.

my question is... who is the admin / security manager for this locale?
again, this is not a windows issue, it is an administrator issue in which
the controlling admin of the network is clueless as to how to manage
a flexible win-net.

Donnie Werner
dwerner () exploitlabs com
http://exploitlabs.com 
360-312-8011

 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Re: GAYER THAN AIDS ADVISORY #01: IE 5 remote code execution, (continued)
- - - Re: GAYER THAN AIDS ADVISORY #01: IE 5 remote code execution gabriel rosenkoetter (Feb 18)
    - Re: Re: GAYER THAN AIDS ADVISORY #01: IE 5 remote code execution Dave Sherohman (Feb 18)
    - RE: Re: GAYER THAN AIDS ADVISORY #01: IE 5 remote code execution Steve Wray (Feb 18)
    - Re: Re: GAYER THAN AIDS ADVISORY #01: IE 5 remote code execution Tim (Feb 18)
    - Re: Re: GAYER THAN AIDS ADVISORY #01: IE 5 remote code execution gabriel rosenkoetter (Feb 18)
    - Re: Re: Re: GAYER THAN AIDS ADVISORY #01: IE 5 remote code execution Tim (Feb 18)
    - Re: Re: Re: GAYER THAN AIDS ADVISORY #01: IE 5 remote code execution insecure (Feb 18)
    - RE: Re: Re: GAYER THAN AIDS ADVISORY #01: IE 5 remote code execution Bill Royds (Feb 18)
    - Re: Re: Re: GAYER THAN AIDS ADVISORY #01: IE 5 remote code execution Phil Brutsche (Feb 18)
    - RE: Re: Re: GAYER THAN AIDS ADVISORY #01: IE 5 remote code execution Paul Schmehl (Feb 18)
    - Re: Re: Re: GAYER THAN AIDS ADVISORY #01: IE 5 remote code execution morning_wood (Feb 18)
    - Re: Re: Re: GAYER THAN AIDS ADVISORY #01: IE 5 remote code execution Paul Schmehl (Feb 18)
    - RE: Re: Re: GAYER THAN AIDS ADVISORY #01: IE 5 remote code execution Byron Copeland (Feb 18)
    - Re: Re: Re: GAYER THAN AIDS ADVISORY #01: IE 5 remote code execution morning_wood (Feb 18)
    - RE: Re: Re: GAYER THAN AIDS ADVISORY #01: IE 5 remote code execution Shawn K. Hall (RA/Security) (Feb 18)
    - RE: Re: Re: GAYER THAN AIDS ADVISORY #01: IE 5 remote code execution CHS (Feb 18)
    - RE: Re: Re: GAYER THAN AIDS ADVISORY #01: IE 5 remote code execution Byron Copeland (Feb 18)
    - Re: GAYER THAN AIDS ADVISORY #01: IE 5 remote code execution madsaxon (Feb 18)
    - Re: Re: GAYER THAN AIDS ADVISORY #01: IE 5 remote code execution Brent J. Nordquist (Feb 18)
    - Re: Re: GAYER THAN AIDS ADVISORY #01: IE 5 remote code execution Jorrit Kronjee (Feb 19)
    - Re: GAYER THAN AIDS ADVISORY #01: IE 5 remote code execution Cael Abal (Feb 18)

(Thread continues...)