Re: Re: Google Talk cleartext credentials in processmemory

[pagvac <unknown.pentester () gmail com>]

On 11/29/05, Andrew Simmons <asimmons () messagelabs com> wrote:
> pagvac wrote:
>
> > Again, my testing is based on today's reality which is that most
> > Windows users use administrative accounts for regular tasks such as
> > web browsing and using their email clients.
>
>
> er, not really. Home users, perhaps, but there are a lot more WIndows
> machines in corp environments than at home.

Even in corp environments you still see some users running admin
privileges. Yes, I agree, it doesn't happen as often as in home
environments, but it *does* happen.

Anyways, I don't have any statistics so I'm not going to argue this,
but if you talk to any company that offers pentesting services they
will surely tell you that they come across companies that gives admin
privileges to some of their employees in their Windows desktops (I'm
referring to employees that are *not* network administrators). This is
just for convenience so they can install whatever applications they
need.

It'd be interesting to find some online survey on what percentage of
business and home users use admin privileges for daily tasks.

If you look at Windows 2000/XP, it does it wrong from the very
beginning: the user is asked to add a user account from installation.
This account has admin privileges by default. Even worse, at that
point there is another default admin account ("administrator") on the
system, so by the time you're done installing your copy of Windows
there is two admin accounts on your system.

Wouldn't it make more sense that the second user account which is
created during installation has restricted privileges by default?
Maybe Windows XP could add one of those stupid balloons saying
something like "Problem installing an application? Now you can
right-click on the file and click on "run as" to install your software
with admin privileges..."

Well, these are just some ideas, of course I'm no authority nor guru,
I'm just a guy who enjoys learning.

> \a
>
> --
> Andrew Simmons
> Technical Security Consultant
> MessageLabs
>
> Mobile: +44 (7917) 178745
> asimmons () messagelabs com
>   www.messagelabs.com
>
> MessageLabs - Be certain
>
> ______________________________________________________________________
> This email has been scanned by the MessageLabs Email Security System.
> For more information please visit http://www.messagelabs.com/email
> ______________________________________________________________________


--
pagvac (Adrian Pastor)
www.ikwt.com - In Knowledge We Trust
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/