| TIP: Click on subject to list as thread! | ANSI |
| echo: | |
|---|---|
| to: | |
| from: | |
| date: | |
| subject: | Re: Virtual PC network problem |
David Eckard wrote: >In , on 09/05/2004 > at 11:53 PM, Franklin said: > >>THANK YOU VERY MUCH! Such a simple problem so easily overlooked. And a >>possible major security problem. >> >> >It's not really a security problem. You need something as the default. >After you create accounts, at least one that is admin, then you are >supposed to delete it. This is no different than something Kevin Mitnick >used years ago on unix machines. They too had a default account of some >sort. Kevin managed to knock out over 6000 machines at a time when that >was significant by making use of that default account/email address. The >admins were supposed to delete it once they had the machine setup. Too >many didn't. > >Where the security hole is in our case is that if you overwrite certain >files (net.acc I think, not looking it up) with the default from an >install CD, for example, all accounts get deleted and userid/password is >recreated. There is nothing that prevents this from happening. > >In truth, as much as we all laugh at MS for security holes, eCS has a >large security gap in it when it comes to account management. I can't >create a new user with a different desktop, so far as I know. We do need >a signon screen, account management etc and to use them by default. > >David Eckard > Hi David, Have you tried out the following? From the tail of the readme from Security/2 [recently latest was "sses-alpha-0.2.4.zip"] 19. Supporting the project __________________________ If you want to support Security/2 project, please, make your donation on BMT Micro site at https://secure.bmtmicro.com/ECommerce-OffSite/11980001.html or on Mensys at http://shop.mensys.nl/uk/security2. Also, visit the Security/2 homepage at http://os2.kiev.ua/en/sses.php 20. Author __________ nickk, dev.nul{at}mail.ru Big thanks for big help to : ---------------------------- sunlover zuko Sergey I. Yevtushenko, es{at}os2.ru all those brave guys, who run this software and send me bugreports. I have it downloaded, but not yet installed, so can't comment on it, but from the readme seems powerful, even if not completely customised indvidual desktops - just restricted access to features that may be still "visible". -- Regards, Mike Failed the exam for -------------------- MCSE - Minesweeper Consultant and Solitaire Expert -------------------- [ISP blocks *.exe, *.cmd, *.bat, *.reg attachments] [Please use zipped versions of above] ------------------------ Yahoo! Groups Sponsor --------------------~--> $9.95 domain names from Yahoo!. Register anything. http://us.click.yahoo.com/J8kdrA/y20IAA/yQLSAA/9rHolB/TM --------------------------------------------------------------------~-> Yahoo! Groups Links To visit your group on the web, go to: http://groups.yahoo.com/group/os2hardware/ To unsubscribe from this group, send an email to: os2hardware-unsubscribe{at}yahoogroups.com Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/ ---* Origin: Waldo's Place USA Internet Gateway (1:3634/1000) SEEN-BY: 633/267 270 @PATH: 3634/1000 12 106/2000 633/267 |
|
| SOURCE: echomail via fidonet.ozzmosis.com | |
Email questions or comments to sysop@ipingthereforeiam.com
All parts of this website painstakingly hand-crafted in the U.S.A.!
IPTIA BBS/MUD/Terminal/Game Server List, © 2025 IPTIA Consulting™.