Re: Removing the NIC cable = EoP?

["Greg" <full-disclosure3 () pchandyman com au>]

I don't really understand the fuss to be honest.

Eg, to do that you would have to be so lax in security that anyone who could
take an Ethernet cable out and put it in another computer would be able to
do that. This means that someone is bending over, unplugging, moving it the
required distance to another machine and plugging it in.

Hell, the well known and still existing Windows problem would be much
easier....you know the one yes? You have a networked machine that has a
password at keyboard level and a screen saver set to take it back to the
logon screen when inactive for "X" minutes. To get back in at keyboard level
for a non-hacker means knowing at least the password or possibly the
username and password depending on how it is set up. However, if the
keyboard user has already logged on then, say, gone to lunch and the machine
has defaulted to wanting you to logon, it retains its network capability.
Much easier for a pissed off employee to use that method to gain access than
being seen moving to that computer and back again. I have always maintained,
which some disagree with, that if the machine requires local user logon in
those circumstances, it also should be forced off the network. After all,
the machine that I discovered that had that problem was a payroll one and of
course anyone able to get in via the network could while normal users who
didn't know the password couldn't.

If anyone is interested, yes I sent that one in to MS quite some time back
just around when they released SP2 for XP. They said it would be an option
(you decide which way it behaves) next SP and/or Windows (eg, Vista). Don't
hold your breath on it happening.


> -----Original Message-----
> From: Jessica Hope [mailto:jessicasaulhope () googlemail com] 
> Sent: Friday, 6 October 2006 11:20 PM
> To: full-disclosure () lists grok org uk
> Subject: Re: [Full-disclosure] Removing the NIC cable = EoP?
>
>
> Lee Turner is correct, a default RM machine running Windows 98 (or
> 95...) will allow local admin if it can't reach the network. 
> Since such machines would be deployed in schools and 
> sometimes by people who do not know anything about what they 
> are doing, this attack can work rather well.
>
> However, RM's defaults are worse than that, as all 
> restrictions are stored in the registry, so you can just as 
> quickly unrestrict yourself with modification of a few keys...
>
> Jessica
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/