Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Microsoft does it again



On Tue, 6 Aug 2002, Derek D. Martin wrote:

> If you're relying on Windows privileges to secure your network, you're
> basically screwed.  A whitepater was released today detailing how to
> gain localsystem privileges on any Win32-based platform.  And the
> kicker is, because it takes advantage of a fundamental flaw in the
> design of Windows, it's basically unpatchable, requiring a complete
> overhaul of the Windows messaging system to fix.
> 
> And the best part is, if you're providing terminal services via a
> Citrix server, anyone can own your server, and you'll never be able to
> stop them...
> 
>   http://security.tombom.co.uk/shatter.html
> 

I read this in detail, and I hate to admit that I agree with Microsoft.   
Once bad people are sitting logged onto your machine, you should already 
considered it compromised, regardless of what techniques the bad person 
has at their disposal.

----------------------------------------------------------------------------
DDDD   David Kramer         david at thekramers.net       http://thekramers.net
DK KD  Some people have told me they don't think a fat penguin really 
DKK D  embodies the grace of Linux, which just tells me they have never seen 
DK KD  an angry penguin charging at them in excess of 100mph. They'd be a 
DDDD   lot more careful about what they say if they had.      Linus Torvalds





BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org