Re: NT Screen Saver Password Protect Bug
[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
Re: NT Screen Saver Password Protect Bug
- To: NTBUGTRAQ
LISTSERV.NTBUGTRAQ.COM
- Subject: Re: NT Screen Saver Password Protect Bug
- From: Paul Leach <paulleMICROSOFT.COM>
- Date: Fri, 27 Mar 1998 13:39:26 -0800
- Comments: To: Christopher L Buono <cbuonoalbany.net>
- Reply-To: Paul Leach <paulleMICROSOFT.COM>
- Sender: Windows NT BugTraq Mailing List <NTBUGTRAQLISTSERV.NTBUGTRAQ.COM>
> ----------
> From: Christopher L Buono[SMTP:cbuonoalbany.net]
> Sent: Friday, March 27, 1998 12:37 PM
> To: Paul Leach; NTBUGTRAQLISTSERV.NTBUGTRAQ.COM
> Subject: Re: NT Screen Saver Password Protect Bug
>
> "There is only one thing that can be done about it: DON'T LOG INTO SYTEMS
> WHERE YOU DON'T TRUST THE SYSTEM'S ADMIN."
>
> After posting this bug I've had to read this statement over and over
> again.
> It is quickly moving up my top ten list of most ridiculus statements. Yes,
> it would be nice if we could trust all of our LAN admins. (My current
> project puts me in an environment with over 120 sites with a local LAN
> admin
> in each. Do I trust all of them? Yeah, right! I don't even know half of
> them.)
>
You are at their mercy, regardless of whether you trust them, if they have
write access to the OS files on your system or physical access to your
machine. This is true for _any_ existing OS and _any_ existing machine
(excepting a few experimental ones that are (e.g.) sealed in epoxy blocks).
If you refuse to face these facts, and wish to continue to log into systems
where the admin isn't trustworthy,
then there's nothing I can do about it.
And the next time you have a large amount of money to transfer online, do I
have a system for you to log into to do it with... :-)
Expect questions on this topic on future MSCE exams, since it's clear from
the number of messages I have received, both public and private, that the
general education level on this subject is woefully inadequate.
Paul
