David Eckard wrote:

>In , on 09/05/2004 
>   at 11:53 PM, Franklin  said:
>
>>THANK YOU VERY MUCH! Such a simple problem so easily overlooked. And a
>>possible major security problem. 
>>    
>>
>It's not really a security problem.  You need something as the default. 
>After you create accounts, at least one that is admin, then you are
>supposed to delete it.  This is no different than something Kevin Mitnick
>used years ago on unix machines.  They too had a default account of some
>sort.  Kevin managed to knock out over 6000 machines at a time when that
>was significant by making use of that default account/email address.  The
>admins were supposed to delete it once they had the machine setup.  Too
>many didn't.
>
>Where the security hole is in our case is that if you overwrite certain
>files (net.acc I think, not looking it up) with the default from an
>install CD, for example, all accounts get deleted and userid/password is
>recreated.  There is nothing that prevents this from happening.  
>
>In truth, as much as we all laugh at MS for security holes, eCS has a
>large security gap in it when it comes to account management.  I can't
>create a new user with a different desktop, so far as I know.  We do need
>a signon screen, account management etc and to use them by default.
>
>David Eckard 
>

Hi David,

Have you tried out the following?

 From the tail of the readme from Security/2 [recently latest was 
"sses-alpha-0.2.4.zip"]

19. Supporting the project
__________________________

 If you want to support Security/2 project, please, make your donation on
 BMT Micro site at 
https://secure.bmtmicro.com/ECommerce-OffSite/11980001.html
 or on Mensys at http://shop.mensys.nl/uk/security2.

 Also, visit the Security/2 homepage at http://os2.kiev.ua/en/sses.php

20. Author
__________

 nickk, dev.nul{at}mail.ru

 Big thanks for big help to :
 ----------------------------
 sunlover
 zuko
 Sergey I. Yevtushenko, es{at}os2.ru
 all those brave guys, who run this software and send me bugreports.

I have it downloaded, but not yet installed, so can't comment on it, but 
from the readme seems powerful, even if not completely customised 
indvidual desktops - just restricted access to features that may be 
still "visible".

-- 
Regards,
Mike

Failed the exam for
--------------------
MCSE - Minesweeper Consultant and Solitaire Expert
--------------------
[ISP blocks *.exe, *.cmd, *.bat, *.reg attachments]
[Please use zipped versions of above]




------------------------ Yahoo! Groups Sponsor --------------------~--> 
$9.95 domain names from Yahoo!. Register anything.
http://us.click.yahoo.com/J8kdrA/y20IAA/yQLSAA/9rHolB/TM
--------------------------------------------------------------------~-> 

 
Yahoo! Groups Links

 To visit your group on the web, go to:
    http://groups.yahoo.com/group/os2hardware/

 To unsubscribe from this group, send an email to:
    os2hardware-unsubscribe{at}yahoogroups.com

 Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.com/info/terms/
 


---