Vulnerability Development mailing list archives
Re: Novell Netware Copy
From: 11a () GMX NET (Bluefish)
Date: Sat, 25 Mar 2000 13:19:38 +0100
As I see it, "first Last" has a totally incorrect concept of the security problem. Yes, you don't want people to do whatever they like, so it is wrong that Novell Netware Copy netware in his case can. But it is not NNC which is the problem, is the fact that he's using Windows95 with "FoolProof". It has been established over and over again in various newsgroups and mailinglists that a singeluser operating system (in this case, Windows95) cannot be made secure with various small patches. I'm not saying this is a windows problem, the same is true for all singeluser operating systems. If you would be using NT or a unix clone (or whatever multiuser operatingsystem) you have a foundation for building a secure system, patches etc will bring you closer to a secure system. On singeluser operatingsystems you only obscure the fact there isn't any system. Redarding these singeluser patches, I remember a few things I've seen myself and things I've seen reported in emails: * passwords hashed into tiny keys, sometimes only 16 bits. * patches can be aborted by causing a reboot with scandisk, abort scandisk, you get DOS and can remove the entire security patch. * notepadding .ini (writeable) files removes the patches. etc. And now "first Last" adds to the list that installing a 3rd party product (Novell Netware Copy) breaks the security of yet another such patch. It seems obvious to me that an administrator must either be uninformed or insane if he believes he can run windows95 on workstations and believe that it is secure. Windows95 has it usages in environments concidered secure (alas, you trust your users), but if you concider the scenario of malicious users, you must swich to a multiuser operating system. ..:::::::::::::::::::::::::::::::::::::::::::::::::.. http://www.11a.nu || http://bluefish.11a.nu eleventh alliance development & security team
Current thread:
- Re: Intel Corporation, Express 550F Switch unlimited password attempts] Dustin D. Trammell (Mar 20)
- Re: Intel Corporation, Express 550F Switch unlimited password attempts] Juan M. Courcoul (Mar 23)
- Novell Netware Copy first Last (Mar 23)
- local security workaround through IE Knud Erik Højgaard (Feb 24)
- Re: local security workaround through IE thegreencow (Mar 24)
- Re: local security workaround through IE Blue Boar (Mar 24)
- Re: local security workaround through IE Knud Erik Højgaard (Feb 25)
- local security workaround through IE Knud Erik Højgaard (Feb 24)
- Re: Novell Netware Copy Richard Beels (Mar 24)
- Ehmm..in reagards to the con\con-problem, and ftp-servers Odd Arne Beck (Mar 24)
- Re: Novell Netware Copy Bob Fiero (Mar 24)
- Re: Novell Netware Copy Bluefish (Mar 25)
- <Possible follow-ups>
- Re: Intel Corporation, Express 550F Switch unlimited password attempts] Dustin D. Trammell (Mar 24)