Penetration Testing mailing list archives
RE: EXAMPLE: Why OOO is *BAD* [WAS: Re: OOO FLAME]
From: "Alexandru Bradescu-Popa" <alexbp () alexbp ro>
Date: Tue, 16 Sep 2008 11:56:13 +0300
Not the right question in my opinion. The right one should be: Is necessary for a help-desk guy to have access in /etc? And, we are back at the beginning: "Interesting security procedures they have[...]" ______________________________________________________________ Frank, whatever it is, just write it down and put it on my desk where I can't find it. Henry Blake - M*A*S*H -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Michael Boman Sent: 15 septembrie 2008 22:33 To: Alexandru Bradescu-Popa Cc: pen-test () securityfocus com Subject: Re: EXAMPLE: Why OOO is *BAD* [WAS: Re: OOO FLAME] On Mon, Sep 15, 2008 at 4:53 PM, Alexandru Bradescu-Popa <alexbp () alexbp ro> wrote:
Interesting security procedures they have. Help-desk with access on /etc/shadows. No written request for high sensitive files. They'll pass
with
flying colors any security audit.
But was the helpdesk aware that /etc/shadow is a highly sensitive file to begin with? Best regards Michael Boman -- http://michaelboman.org - Security Blog & Wiki ------------------------------------------------------------------------ This list is sponsored by: Cenzic Top 5 Common Mistakes in Securing Web Applications Get 45 Min Video and PPT Slides www.cenzic.com/landing/securityfocus/hackinar ------------------------------------------------------------------------ ------------------------------------------------------------------------ This list is sponsored by: Cenzic Top 5 Common Mistakes in Securing Web Applications Get 45 Min Video and PPT Slides www.cenzic.com/landing/securityfocus/hackinar ------------------------------------------------------------------------
Current thread:
- Re: EXAMPLE: Why OOO is *BAD* [WAS: Re: OOO FLAME], (continued)
- Re: EXAMPLE: Why OOO is *BAD* [WAS: Re: OOO FLAME] Tim March (Sep 15)
- RE: EXAMPLE: Why OOO is *BAD* [WAS: Re: OOO FLAME] Ashvin Oogorah (Sep 16)
- Questionable Security Policy [WAS: EXAMPLE: Why OOO is *BAD* [WAS: Re: OOO FLAME]] Veal, Richard (Sep 16)
- RE: EXAMPLE: Why OOO is *BAD* [WAS: Re: OOO FLAME] Hill, Pete (Sep 16)
- Re: EXAMPLE: Why OOO is *BAD* [WAS: Re: OOO FLAME] Tim March (Sep 16)
- Re: EXAMPLE: Why OOO is *BAD* [WAS: Re: OOO FLAME] Pablo Cardoso (Sep 16)
- RE: EXAMPLE: Why OOO is *BAD* [WAS: Re: OOO FLAME] Oftedahl, Douglas (Sep 16)
- Re: EXAMPLE: Why OOO is *BAD* [WAS: Re: OOO FLAME] Pete Herzog (Sep 16)
- RE: EXAMPLE: Why OOO is *BAD* [WAS: Re: OOO FLAME] Alexandru Bradescu-Popa (Sep 15)
- Re: EXAMPLE: Why OOO is *BAD* [WAS: Re: OOO FLAME] Michael Boman (Sep 15)
- RE: EXAMPLE: Why OOO is *BAD* [WAS: Re: OOO FLAME] Alexandru Bradescu-Popa (Sep 16)
- Re: EXAMPLE: Why OOO is *BAD* [WAS: Re: OOO FLAME] David Howe (Sep 16)
- Re: EXAMPLE: Why OOO is *BAD* [WAS: Re: OOO FLAME] Micheal Cottingham (Sep 15)
- Re: EXAMPLE: Why OOO is *BAD* [WAS: Re: OOO FLAME] Jorge L. Vazquez (Sep 15)
- Re: EXAMPLE: Why OOO is *BAD* [WAS: Re: OOO FLAME] M.B.Jr. (Sep 17)
- Re: EXAMPLE: Why OOO is *BAD* [WAS: Re: OOO FLAME] Adam Thompson (Sep 18)
- Message not available
- Re: OOO FLAME natron (Sep 17)