> ----------
From: xxxxx@storagecraft.com[SMTP:xxxxx@storagecraft.com]
Reply To: xxxxx@lists.osr.com
Sent: Saturday, April 20, 2002 2:52 AM
To: xxxxx@lists.osr.com
Subject: [ntdev] Re: I want to retrieve Username ,Password ,Domain
tex t from GINA system.You cannot prohibit GINA filters installed from administrators. They can
load SoftICE (wow! SI is not necessary, MSVC IDE is enough
for this) and trace the LSASRV/MSV1_0 code to find a place where to apply
the hook, then inject a hook DLL to LSASS (using
CreateRemoteThread), which will write all passwords to a text file.
This is exactly the reason I stated it is kind of security by obscurity.
Yes, a secretary girl on a corporate desktop can find the pre-written
module for this on some website, load it, and then ask her
sysadmin for help due to “my computer does not work properly”.
Hopefully, no expericed NT developer is so silly to write something like
this and make it available. Script kiddies and young hackers aren’t
experienced enough to do it.
Sysadmin will log on, leaving his password in cleartext on the girl’s
disk. The only way to guard from this is administrative, not technical -
the sysadmin must never type his powerful password on any
desktops except his own.
Yes, this is good rule and probably used in more secure environments. But
try to apply it in practice of average windows network administrator…
This can be guarded from only by obscurity, and “security by obscurity” is
junk in modern world.
Still can protect against script kiddies… yes, this isn’t real security, I
know.
BTW - too bad the authorities do not pay attention to this, rolling DMCAs
instead. Spreading the information on how to break a copy
protection results in jail, while spreading the information on how to
break one another’s webserver or how to write a virus does
not.
Very bad idea, Max. You’d be the first jailed for this mail. And the effect
would be just opposite. No security because security issues can’t be
discussed in public. Do you think DMCA has any positive effect?
Best regards,
Michal Vodicka
STMicroelectronics Design and Application s.r.o.
[michal.vodicka@st.com, http:://www.st.com]
You are currently subscribed to ntdev as: michal.vodicka@st.com
To unsubscribe send a blank email to %%email.unsub%%