Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

RE: EXAMPLE: Why OOO is *BAD* [WAS: Re: OOO FLAME]

From: "Alexandru Bradescu-Popa" <alexbp () alexbp ro>
Date: Tue, 16 Sep 2008 11:56:13 +0300
Not the right question in my opinion. The right one should be: Is necessary
for a help-desk guy to have access in /etc?
And, we are back at the beginning: "Interesting security procedures they
have[...]"

______________________________________________________________
Frank, whatever it is, just write it down and put it on my desk where I
can't find it.
Henry Blake - M*A*S*H

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On
Behalf Of Michael Boman
Sent: 15 septembrie 2008 22:33
To: Alexandru Bradescu-Popa
Cc: pen-test () securityfocus com
Subject: Re: EXAMPLE: Why OOO is *BAD* [WAS: Re: OOO FLAME]

On Mon, Sep 15, 2008 at 4:53 PM, Alexandru Bradescu-Popa
<alexbp () alexbp ro> wrote:

Interesting security procedures they have. Help-desk with access on
/etc/shadows. No written request for high sensitive files. They'll pass

with

flying colors any security audit.


But was the helpdesk aware that /etc/shadow is a highly sensitive file
to begin with?

Best regards
Michael Boman

-- 
http://michaelboman.org - Security Blog & Wiki

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakes in 
Securing Web Applications
Get 45 Min Video and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------


------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakes in 
Securing Web Applications
Get 45 Min Video and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: