I want to retrieve Username ,Password ,Domain text from GINA system.

Gregory_G_Dyess · April 22, 2002, 8:37am

I’ve heard this argument from many people now. Every one of you that puts
forward this argument misses the point entirely. Granted, any machine can
be compromised by someone with AUTHORIZED privileged access to THAT machine.
There is no stopping that under any OS. The problem comes into play when
you can CAPTURE someone ELSES username and password that are then used to
compromise OTHER systems which the user has no legitimate access.

You have to keep your eye on the real picture and not get distracted by
details. Even though I am a programmer and sometimes system manager, I am
DAMN GLAD programmers don’t generally manage the sensitive corporate
servers.

Greg

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Krishna Pawar
Sent: Monday, April 22, 2002 12:22 AM
To: NT Developers Interest List
Subject: [ntdev] RE:I want to retrieve Username ,Password ,Domain text
from GINA system.

Hello All ,
I found many peoples discussing about security voilation because of GINA
replacement.
How this is voilation ?? if it is then I think a programmer can replace
almost each part of Windows. right ?? then you see it’s worst case
voilation.I think this security issues are only for end user. A programmer
do not have this limitation at any time. And no OS can resist a programmer
from doing such things ,On any platform if I can replace some part of OS
then who can resist me from getting the user privacy.
And if somebody want wants to protect his OS from such programmers ,he
need to keep OS in ROM or some Read Only Hardware … and it’s not
affordable ,and updateble…

Long live the programmers…

You are currently subscribed to ntdev as: xxxxx@pdq.net
To unsubscribe send a blank email to %%email.unsub%%

OSR_Community_User · April 22, 2002, 9:09am

> There is no stopping that under any OS. The problem comes into play when

you can CAPTURE someone ELSES username and password that are then used to

So what? The protection against this must be administrative and not technical.
Sysadmin must never type his powerful password on any non-trustworthy desktop. That’s all.

Max

OSR_Community_User · April 22, 2002, 9:13am

Well Satish ,
I got your point ,there are such streams of thinkins…no probs ,you seems
logical ,Actually I was thinking that it’s possible but I was not thinking
“for whom ?” . Well For me it’s not easily possible as I am not damm
profi. with NT ,but there will be some peoples who have best understanding
of NT as a project ,dont you think so. Ok still I agree that it’s not at
all easy.

I have hopes with that.
:}

Gregory_G_Dyess · April 22, 2002, 9:22am

Nice, if you say it fast enough. Impossible in real world. Admins must be
able to log into any machine in the domain simply because Microsoft failed
to provide reasonable remote CLI support in NT. They had (IMHO) the best OS
ever conceived (VMS) as the pattern and they even had its chief architect,
but they F’ed up and left the best parts out: True load-sharing clustering,
remote CLI, Logical names (instead of the pitiful environment variables),
security, stability, …

BTW, even knowing someone else’s username/password at some facilities is an
offense that could lead to termination of employment!

Greg

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Maxim S. Shatskih
Sent: Monday, April 22, 2002 8:07 AM
To: NT Developers Interest List
Subject: [ntdev] RE:I want to retrieve Username ,Password ,Domain text
from GINA system.

There is no stopping that under any OS. The problem comes into play when
you can CAPTURE someone ELSES username and password that are then used to

So what? The protection against this must be administrative and not
technical.
Sysadmin must never type his powerful password on any non-trustworthy
desktop. That’s all.

Max

You are currently subscribed to ntdev as: xxxxx@pdq.net
To unsubscribe send a blank email to %%email.unsub%%

Gregory_G_Dyess · April 22, 2002, 10:04am

Bullshit. Domain admins must be able to log into any machine in the domain
with privs to fix local problems.

Oh well, it looks like this thread has reached the point at which we must
all agree to respectfully disagree on the topic of security and how much of
a threat it is to be able to capture another user’s username/password. I’ll
say no more on the topic.

Next topic???

Have fun,
Greg

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of PeterB
Sent: Monday, April 22, 2002 8:49 AM
To: NT Developers Interest List
Subject: [ntdev] RE:I want to retrieve Username ,Password ,Domain text
from GINA system.

On Mon, 22 Apr 2002, Gregory G. Dyess wrote:

Nice, if you say it fast enough. Impossible in real world.
Claptrap. It’s a simple enough restriction – if you let people
compromise machines, to retain the integrity of your credentials, you
mustn’t use the compromised machines. This is just good practice. This
is true of pretty much any OS, too.

Admins must be
able to log into any machine in the domain simply because Microsoft failed
to provide reasonable remote CLI support in NT.
That would suffer the same problem. The remote CLI would still be
running a process on_the_compromised_machine, and hence would still be
able to grab passwords and such.

The same rule – don’t run processes on compromised machines – holds
true.

–
Peter xxxxx@inkvine.fluff.org
http://www.inkvine.fluff.org/~peter/

logic kicks ass:
(1) Horses have an even number of legs.
(2) They have two legs in back and fore legs in front.
(3) This makes a total of six legs, which certainly is an odd number of
legs for a horse.
(4) But the only number that is both odd and even is infinity.
(5) Therefore, horses must have an infinite number of legs.

You are currently subscribed to ntdev as: xxxxx@pdq.net
To unsubscribe send a blank email to %%email.unsub%%