> Just because users can logon locally doesn't make > any root exploit on that box harmless. Any privilege escalation attack that works is potentially deadly. Limiting physical access will only prevent (or slow down) certain classes/types of attackers...the malicious or disgruntled employee is not one of the ones that will be deterred. For example, the DebPloit mentioned a bit ago on NTBugTraq was/is a local exploit, but the example executable was included in the Masy worm. There was also nothing preventing an authorized user from installing it on their own workstation. I'm just as guilty of it as others. As a consultant, I used PipeUpAdmin.exe to give myself Admin privileges on my workstation. __________________________________________________ Do You Yahoo!? Yahoo! Finance - Get real-time stock quotes http://finance.yahoo.com
This archive was generated by hypermail 2b30 : Mon Aug 26 2002 - 08:48:32 PDT