[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: another security story -- or an opportunity



Just as a note.  I do a bit of NT administration, and there are a few =
``hidden'' shares in the Win95, and WinNT operating system.  These =
shares include \\machinename\c$, and \\machinename\winnt$. =20

Yes, the person trying to mount these directories should be in the same =
trusted domain, but I know there is a magic key for everything.  If =
someone, Microsoft, or hacker writes the right tools for unlocking other =
peoples securities, they can start mounting entire user disks, and look =
around.

So neglecting those folks with no security, or wide open domains, the =
wide open public broadcasting of share information, without owners =
knowledge, is not a good thing.  UNIX could handle NFS (share) security =
a bit by authorizing users for usage via username, and giving others the =
``nobody'' rights.

In public environments, Administrators and users just need to be =
informed about what to enable, and what not to enable.  Also, what to =
protect, and what not to protect.

Justin


--
Open Systems Networking, Inc.  (http://www.osn.net) =20
voice: 301-866-0271 fax: 301-866-0272

----------
From: 	Rob Rodgers[SMTP:rsrodger@wam.umd.edu]
Sent: 	Saturday, February 01, 1997 7:21 PM
To: 	inferno@interstice.com
Subject: 	Re: another security story -- or an opportunity

> here's a problem that Inferno may be a ready made solution for

Are you saying that Inferno users *could not* manually enable file and
print sharing on the net for other users to peek at? =20

F&PS for Windows 95 isn't accidental or automatic.  It has to be turned =
on
_by the user_ _deliberately_ in two different places: first the shares =
have
to be created (non-password shares, at that) and then the F&PS has to be
bound to the TCP/IP stack (not the default, at least with MS's internet
installer).

Do some people not realize the consequences of what they've done?=20
Probably, but the same thing would happen with Inferno.  Built-in =
security
can't stop user-stupidity.

RSR