Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
Subject: I think
From: Jay Mobley (jmobleyIEINET.COM)
Date: Tue May 23 2000 - 17:03:08 CDT
- Next message: Matt: "Re: Microsoft Security Bulletin (MS00-036)"
- Previous message: Federico G. Schwindt: "more majordomo brokeness"
- Next in thread: Ben Greenbaum: "Re: I think"
- Reply: Ben Greenbaum: "Re: I think"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
So, Im fairly green with all this security hub-bub, so admitedly I feel
pretty outta my league, but here is the low down. I use a product called
NetOps. Its a remote control client/server package ... or in thier terms,
host and guest.
Among its features is one that allows a guest to xfer files back and forth
from the host. In my case the host is run on our NT 4.0 server. a user
typically connects, sends the ctr-alt-del and logs in as if the user were
sitting at the console. Mouse and keyboard output is sent to the remote
The security flaw I think I have found has to do with simply connecting to
the host and beginning a file transfer. NO AUTHENTICATION IS REQUIRED to
either copy files to or from a host running this NetOps software!
Is this a valid secuity flaw??