[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-Disclosure] Re: Re: GAYER THAN AIDS ADVISORY #01: IE 5 remote code execution
- To: "Bill Royds" <full-disclosure@royds.net>, <insecure@ameritech.net>, "'Tim'" <tim-security@sentinelchicken.org>
- Subject: Re: [Full-Disclosure] Re: Re: GAYER THAN AIDS ADVISORY #01: IE 5 remote code execution
- From: "morning_wood" <se_cur_ity@hotmail.com>
- Date: Wed, 18 Feb 2004 20:04:47 -0800
> Last time I was at my doctor's medical clinic, I noticed all the shiny new
> LCD monitors showing the Windows logon prompt with account Administrator. I
> asked the receptionist why. She said so that anyone could sing on any
> machine when they needed it, since individual machines lock out so only
> signed user or administrator can sign on. They did have the screensaver
> timeout so people off the street couldn't sign on. But the only way to make
> the multiple workstations usable from for anybody was to use administrator
> account on all of them.
> This is a bit of a design flaw in the Windows network that means security
> is much less than it ought to be.
>
my question is... who is the admin / security manager for this locale?
again, this is not a windows issue, it is an administrator issue in which
the controlling admin of the network is clueless as to how to manage
a flexible win-net.
Donnie Werner
dwerner@exploitlabs.com
http://exploitlabs.com
360-312-8011
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html