say all PC-based systems have the same underlying problem? That
it's a broader problem needing a broader solution, instead of picking on one OS
vendor to get headlines?
[Disclaimer: I'm a full-time Microsoft employee.]
Roger
******
ers, regardless of the OS, are ready as ever to click
on interesting content, malicious or not. We've got to design our
defenses to pay more attention to client-side attacks, but it is the
weak point now, not in the future.
Roger
***********
it is a security threat to any environment.
Roger
*********
*Roger A. Grimes, InfoWorld, Security Columnist
*CPA, CISSP, CISA, MCSE: Security (2000/2003), CEH, yada...yada...
*email: [EMAIL PROTECTED] or [EMAIL PROTECTED]
*Author of Windows Vista Security: Secu
It is interesting. I've even confirmed the behavior with IE 7 in Vista.
Although the real concern is if it could be used in an exploitation?
The examples below aren't exploitable...just interesting outcomes.
Roger
****
Thanks again.
Roger
*************
*Roger A. Grimes, InfoWorld, Security Columnist
*CPA, CISSP, CISA, MCSE: Security (2000/2003), CEH, yada...yada...
*email: [EMAIL PROTECTED] or [EMAIL PROTECTED]
*Author of Windows Vista Security: Securing Vista Against Malicious
Attacks (Wiley)
*http://www.amaz
ution you envision, to solve the larger problem?
Roger
*********
*Roger A. Grimes, InfoWorld, Security Columnist
*CPA, CISSP, CISA, MCSE: Security (2000/2003), CEH, yada...yada...
*email: [EMAIL PROTECTED] or [EMAIL PROTECTED]
*Author of Windows Vista Security:
licy. You can control
exactly which gadgets are allowed, or disallow them all together.
Roger
***********
*Roger A. Grimes, Senior Security Consultant
*Microsoft Application Consulting and Engineering (ACE) Services
*http://blogs.msdn.co
nt using Active Directory group
policies to a granular level.
Roger
*******
*Roger A. Grimes, Senior Security Consultant
*Microsoft Application Consulting and Engineering (ACE) Services
*http://blogs.msdn.com/ace_team/default.aspx
*CPA, C
I'm tired of the 0-day argument. I say forget the confusing acronym and
use something else, like:
Unpatched exploit
Previously undisclosed vulnerability
Or something like that.
Roger
*****
*Roger A. Grimes, InfoWorld, Sec
ave been updated to prevent casual MitM
attacks, even without the newer authentication options enabled.
Has anyone successfully captured useful RDP MitM traffic lately?
Roger
***********
*Roger A. Grimes, Senior Security Consultant
*Mi
I appreciate you replying, but I understand the Windows DNS attack well.
I'm just wondering how and if BIND protects against the same attack, and
if yes, how?
Roger
*****
*Roger A. Grimes, InfoWorld, Security Columnist
*CPA,
Roger
*****
*Roger A. Grimes, InfoWorld, Security Columnist
*CPA, CISSP, MCSE: Security (2000/2003/MVP), CEH, yada...yada...
*email: [EMAIL PROTECTED] or [EMAIL PROTECTED]
*Author of Professional Windows Desktop and Server Hardening (Wrox)
How does BIND stop this sort of attack?
Can a BIND expert respond?
Roger
*
*Roger A. Grimes, InfoWorld, Security Columnist
*CPA, CISSP, MCSE: Security (2000/2003/MVP), CEH, yada...yada...
*email: [EMAIL PROTECTED] or [EMAIL
One question. Is BIND any better at preventing this type of attack?
Roger
*
*Roger A. Grimes, InfoWorld, Security Columnist
*CPA, CISSP, MCSE: Security (2000/2003/MVP), CEH, yada...yada...
*email: [EMAIL PROTECTED] or [EMAIL
subfolders permission.
c. Change the Creator Owner SID's default permissions for that
folder.
d. Make them separate folders.
Roger
*
*Roger A. Grimes, InfoWorld, Security Columnist
*CPA, CISSP, MCSE: Security (2000
realistic scenarios with more real-world use?
There's plenty of them for us to focus on and to try and solve.
Roger
*********
*Roger A. Grimes, InfoWorld, Security Columnist
*CPA, CISSP, MCSE: Security (2000/2003/MVP), CEH, yada...yad
ke
it more secure, but I can't do the same in Windows...and that makes it a
Windows problem??
--See my other replies below.
Roger
***********
*Roger A. Grimes, Senior Security Consultant
*Microsoft Application Consulting and Engineerin
e it isn't news.
With that said, you have something valid to say, but so far it just isn't a
"security vulnerability" that people need to be aware of.
You're a smart person, concentrate on issues that will really give us bang for
the buck discussions and issues.
Roger
issue?
Sounds like a developer issue to me.
Roger
-Original Message-
From: Tim [mailto:[EMAIL PROTECTED]
Sent: Friday, March 09, 2007 11:20 AM
To: Roger A. Grimes
Cc: bugtraq@securityfocus.com; full-disclosure@lists.grok.org.uk
Subject: Re: [Full-disclosure] Microsoft Windows Vista/2003/XP
buy software or be a security genius. I just have to not place
a "secure" folder in an insecure folder.
Roger
*************
*Roger A. Grimes, InfoWorld, Security Columnist
*CPA, CISSP, MCSE: Security (2000/2003/MVP), CEH, yada...yad
your other commonsense attestations.
But my main beef isn't with this particular exploit, it's with Palm's
policy of not fixing a security vulnerability in millions of phones.
Roger
*******
*Roger A. Grimes, Banneret Computer S
back
out of telnet, and get back in, to begin again.
Roger
***********
*Roger A. Grimes, Senior Security Consultant
*Microsoft Application Consulting and Engineering (ACE) Services
*http://blogs.msdn.com/ace_team/default.aspx
*CPA, CISSP,
ut this will absolutely be on my mind as I look
at competitor devices.
Roger
***********
*Roger A. Grimes, Banneret Computer Security, Consultant
*CPA, CISSP, MCSE: Security (2000/2003/MVP), CEH, yada...yada...
*email: [EMAIL PROTECTED]
*Author of
A public, false assertation of malice is called libel.
The great and needed social role that the glaring light of the public
gets to weld to hold others accountable require that public allegations
have at least some reasonable basis, backed by evidence, for their
postulation.
The American
-
icole news updates.
Roger A. Grimes
-Original Message-
From: Thierry Zoller [mailto:[EMAIL PROTECTED]
Sent: Tuesday, February 13, 2007 7:32 PM
To: bugtraq@securityfocus.com
Subject: Re[2]: Solaris telnet vulnberability - how many on your
network?
Dear Casper Dik,
I wasn't cryi
I can't verify it. But $50K for an exploit against an OS that will not
be widely deployed for many months seems to be excessive. Who in their
right mind would want to pay $50K to exploit 10 machines before the
exploit is captured, sent to MS, and patched, all before the general
population really st
Internet Explorer 7 - Still Spyware Writers' Heaven
On 11/2/06, Roger A. Grimes wrote:
> So, if you're statement is accurate that malware would need to be
> placed in a directory identified by the PATH statement, we can relax
> because that would require Administrator access to p
exploit (or social
engineering attack) to copy up and place the malicious dll. And if the
exploit requires another exploit and admin access to be successful, why
stop there? Anything can be accomplished.
Roger
*********
*Roger A. Grimes, InfoW
Just to correct, versions up to 3.3.03.053 are vulnerable. The poster
correctly said so in the subject, but then puts the wrong ending version
in the details.
Roger
*
*Roger A. Grimes, InfoWorld, Security Columnist
*CPA, CISSP
e there as well, [EMAIL PROTECTED]
I assure you I already have the plaintext equivalents.
Roger
-Original Message-
From: Michael Scheidell [mailto:[EMAIL PROTECTED]
Sent: Tuesday, July 18, 2006 7:58 PM
To: Roger A. Grimes; bugtraq@securityfocus.com
Subject: RE: $100 plus several of my b
exity, and enjoy stronger protection.
Then all you have to do is convince your users not to give away their
password to a complete stranger for a $2 chocolate bar.
-Original Message-
From: mikeiscool [mailto:[EMAIL PROTECTED]
Sent: Tuesday, July 18, 2006 8:04 PM
To: Roger A. Grimes
Cc:
ard
this would be to do even if you had all the clues a real cracker would
need to begin the attack.
This is proof of concept of password length over complexity. If someone
breaks Challenges #2 or #3 before #1, I'll know I'm wrong.
Have fun and enjoy.
Roger
*********
This has been publically known and disclosed for many years, since XP
Pro was first released.
-Original Message-
From: 3APA3A [mailto:[EMAIL PROTECTED]
Sent: Friday, June 09, 2006 4:05 AM
To: bugtraq@securityfocus.com; full-disclosure@lists.grok.org.uk
Subject: Windows Software Restricti
l access to
the computer with admin credentials', you can't just mention one
scenario as what we should be afraid of. The problem isn't the pwdump
threat, it's the unmonitored physical access to a machine with admin
credentials.
Roger
*******
w to configure NAQC, just send me an email and I'll send
you step-by-step slides.
Roger
*********
*Roger A. Grimes, InfoWorld, Security Columnist
*CPA, CISSP, MCSE: Security (2000/2003/MVP), CEH, yada...yada...
*email: [EMAIL PROTECTED
the hping2 example, you'll need the -k parameter to
make sure the source port stays at port 80, else it will increment up
(80, 81, 82, etc.)
Roger
*******
*Roger A. Grimes, Banneret Computer Security, Consultant
*CPA, CISSP, MCSE: Secu
36 matches
Mail list logo
