Microsoft does it again
David Kramer
david at thekramers.net
Tue Aug 6 14:58:58 EDT 2002
On Tue, 6 Aug 2002, Derek D. Martin wrote:
> If you're relying on Windows privileges to secure your network, you're
> basically screwed. A whitepater was released today detailing how to
> gain localsystem privileges on any Win32-based platform. And the
> kicker is, because it takes advantage of a fundamental flaw in the
> design of Windows, it's basically unpatchable, requiring a complete
> overhaul of the Windows messaging system to fix.
>
> And the best part is, if you're providing terminal services via a
> Citrix server, anyone can own your server, and you'll never be able to
> stop them...
>
> http://security.tombom.co.uk/shatter.html
>
I read this in detail, and I hate to admit that I agree with Microsoft.
Once bad people are sitting logged onto your machine, you should already
considered it compromised, regardless of what techniques the bad person
has at their disposal.
----------------------------------------------------------------------------
DDDD David Kramer david at thekramers.net http://thekramers.net
DK KD Some people have told me they don't think a fat penguin really
DKK D embodies the grace of Linux, which just tells me they have never seen
DK KD an angry penguin charging at them in excess of 100mph. They'd be a
DDDD lot more careful about what they say if they had. Linus Torvalds
More information about the Discuss
mailing list