Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Microsoft
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: disclosure the administrative password

from [Thor] Network Security [Permanent Link]
Subject: Re: disclosure the administrative password
Date: Tue, 1 Feb 2005 13:58:36 -0800
This sounds like one of those "loaded" questions... This is a security list, so we will want to know "why." Why is a smart card and all other hardware not applicable? Why can't the operations be delegated? And so what if it is a custom logger- it's still a driver. Is it a root kit logger? If so, how do you know that? What actions does the admin have to perform that require RunAs in the first place, exactly? Answering these will help us give you better answers.

Wipe the machine and prevent non-admin loading of drivers. User SAFER restrictions to only allow designated software to run. Initiate corporate policy to fire and or prosecute offending users. Use Remote Desktop on XP to initiate administrative tasks which bypass the hardware keystroke logger (until Blue Boar and I write our Terminal Services Keystroke Logger, that is. We're calling it Terminal Stroke.) Worse case, change the admin password after you have to do whatever it is you have to do as an admin on the box.

T

----- Original Message ----- From: "Boris Skoblo" <borsk@techunix.technion.ac.il>
To: <focus-ms@securityfocus.com>
Sent: Tuesday, February 01, 2005 4:50 AM
Subject: disclosure the administrative password


Hi All,

There is a usual situation: on normal users computers ( W2k and Winxp ) an administrator should perform an administrative actions
(for example, with help RunAs) thus the administrative password is entered. Do exist a potential possibility that on the user's computer
there is keylogger.


What ways to perform administrative operations exist, thus not endangering disclosure the administrative password? There are some limitations:

1. usage of smarts-cards and others hardvare devices are not applicable .

2. performed operations cannot be delegated for various reasons

3. keylogger is custom designed and any of existing protective software yet does not find out it

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Regards,

Boris Skoblo

---------------------------------------------------------------------------
---------------------------------------------------------------------------





---------------------------------------------------------------------------
---------------------------------------------------------------------------

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Wireless GPO, John Madden
Next by Date:  Re: disclosure the administrative password, Tom Stowell
Previous by Thread:  disclosure the administrative password, Boris Skoblo
Next by Thread:  Re: disclosure the administrative password, Boris Skoblo
Indexes:  [Date] [Thread] [Top] [All Lists]