Just one? I prefer the on|off bit to be flipped. What was your method? :)
On 1/8/07, Michael B Allen <[EMAIL PROTECTED]> wrote:
On Mon, 8 Jan 2007 15:33:01 -0500 "joe" <[EMAIL PROTECTED]> wrote: > A dirty trick I have used in the > past to disprove how secure an environment was was to set up a web site on a > workstation, enable basic auth only, write a little perl cgi script to write > the creds sent to the website to a log file and throw up a website > unavailable screen and then tell admins that I have a web site that doens't > seem to authenticate users properly could they try to logon to see if it is > just my test IDs or a permission problem. I would say at least 50%-60% of > the time the admins will go to the page and type in their creds. Alternately > try to get an admin to log into a workstation I control. In far too many > cases I think you will find admins are user's too... :) If you already own a machine with an FQDN and you can send email to people as someone internal then it would be pretty hard to keep you out since you're already somewhat trusted. You can't treat everyone inside your network like criminals or you'll never get anything done. And if you do have a criminal inside you should take it up with HR not IT. But I can add an improved permutation to your dirty trick. Send out an email with a link to your site but use NTLM SSO pass-through to create a bogus account with a predefined password. If someone with domain admin privs so much as stumbles across your site they will create the said account and not even know they did it. No credentials necessary and no SSO account necessary. Just a website with an FQDN. There is one simple security setting that will thwart this attack though. For bonus points, does anyone know what it is? :-> Mike -- Michael B Allen PHP Active Directory SSO http://www.ioplex.com/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ma/default.aspx