Fwd: [funsec] Third-party application developers and the WMF flaw
Col
colweb at gmail.com
Mon Jan 16 10:18:45 CST 2006
On 16/01/06, Richard M. Smith <rms at computerbytesman.com> wrote:
<snip>
> Are there other security issues in the Windows
> operating system that need the attention of application developers that
> Microsoft is not informing developers about?
I would have to say theres quite a few things MS know about and arent
telling. I have had a consultant brag about being able to compromise
our whole root AD domain using basic techniques and no tools. All he
needed was phyisical or RDP access to a DC (in the child domain) using
a non-privilaged account. He commented "how else do we support a
customer that has locked themselves out of their domains?"
Makes you worry.
Col.
More information about the funsec
mailing list