Re: Two new security flaws found in WinXP SP2

From: Bob (nottooslow_at_forevermail.com)
Date: 08/21/04 

Date: Sat, 21 Aug 2004 03:58:37 GMT

In article <myyVc.3720$v86.447@fe2.texas.rr.com>,
LESLIE@JRLVAX.HOUSTON.RR.COM says...
> Bob (nottooslow@forevermail.com) wrote:
> :
> : I've read the details on all three 'flaws' and they all require significant
> : manual intervention by the user to do any damage.
> :
> : The cmd 'flaw' has an equivalent on every operating system in use today,
> : including all flavors of Unix, Linux, MAC OS, VMS, ZOS, etc, simply because
> : it's not a flaw but rather social engineering.
> :
>
> You mean if I created an account on my VMS system for you with only
> NETMBX and TMPMBX privileges, you can 'root' my system ?
>
>
> Jerry
>
Jerry,

Nope. But we are talking about uneducated users who don't create accounts
with lesser privileges to use.

For example, with Windows XP Home/Pro, you get an account that
automatically has admin privs, just like when you install VMS, you get the
SYSTEM account with all privs.

In both cases, if you simply use the system as it is installed, you will be
running from an account with all privs and if you are silly enough to run
programs sent to you by strangers, your system can be compromised.

Is that a case of a flawed operating system?

BTW, did you see HP announce the end of the Alpha line?

Bob/Texas

Relevant Pages

  • Re: Speaking of promoting VMS
    ... Imagine trying to keep up with OpenVMS, NSK, HP-UX, Linux, ... How many times has a large account told HP "we're leaving VMS behind" and HP ... > marketing strategy is a much higher corp strategy than OpenVMS (and ...
    (comp.os.vms)
  • Re: Why arent more universities doing this?
    ... At a bank, I was, for long time, prevented from buying a $6000 C ... Reason being that since VMS was not strategic, ... they may have considered that customer safe even though the decisions ... You can't salvage an account the day the customer doesn't renew ...
    (comp.os.vms)
  • Re: Capturing and using NT login for security with Apache
    ... As far as I know this is not possible to do on VMS. ... windows username/password using basic authentication ... Writing modules for Apache is somewhat ... Of course if the clients also have a VMS account you can easily ...
    (comp.os.vms)
  • Re: Two new security flaws found in WinXP SP2
    ... But we are talking about uneducated users who don't create accounts ... automatically has admin privs, just like when you install VMS, you get the ... SYSTEM account with all privs. ...
    (sci.med.transcription)
  • Re: SWAT using Samba v3 on VMS8.2
    ... Can someone provide a shell account on an IA64 box running VMS 8.3, ... The last I checked, it did not have MMS, ...
    (comp.os.vms)