Re: [Nolug] Radius & Tacacs+

From: Ron Johnson <ron.l.johnson_at_cox.net>
Date: Thu, 15 Jan 2009 10:32:03 -0600
Message-ID: <496F6503.6010803@cox.net>

Did you read the article? The section "Can you tell me more about
your strategies for persistence?" shows that no matter what MSFT
does, it will always be a big security nightmare.

     We then made a bootstrapper, which was a tiny tiny piece of code
     written in Assembler which would decrypt the executable in
     memory, and then just run it. At the same time, we also made a
     virtual process executable. I’ve never heard of anybody else
     doing this before. Windows has this thing called Create Remote
     Thread. Basically, the semantics of Create Remote Thread are:
     You’re a process, I’m a different process. I call you and say
     “Hey! I have this bit of code. I’d really like it if you’d run
     this.” You’d say, “Sure,” because you’re a Windows process–
     you’re all hippie-like and free love. Windows processes, by the
     way, are insanely promiscuous. So! We would call a bunch of
     processes, hand them all a gob of code, and they would all run
     it. Each process would all know about two of the other ones.
     This allowed them to set up a ring … mutual support, right?

On 01/15/09 10:24, Dustin Puryear wrote:
> I'm not sure what adware has to do with AD? That's like not running
> OpenLDAP because of the Morris worm.
>
> I would be interested in hearing Shannon's reasons why AD is bad. I'm
> always interested in hearing the pros and cons of various directory
> products.
>
> Ron Johnson wrote:
>> On 01/15/09 10:04, Shannon Roddy wrote:
>>> On Thu, Jan 15, 2009 at 9:45 AM, Dustin Puryear
>>> <dustin@puryear-it.com>wrote:
>>>
>>>> Normally, if a shop is just anti-AD, then I may see something like:
>>>>
>>>>
>>> There are more reasons not to use AD than just being anti-AD.
>>>
>> Being pro-security?
>>
>> (This, while focused on the desktop, is a pretty damning of Windows.)
>>
>> http://philosecurity.org/2009/01/12/interview-with-an-adware-author
>>
>> S: In your professional opinion, how can people avoid adware?
>>
>> M: Um, run UNIX.
>>
> 

-- 
Ron Johnson, Jr.
Jefferson LA  USA
"I am not surprised, for we live long and are celebrated poopers."
___________________
Nolug mailing list
nolug@nolug.org
Received on 01/15/09

This archive was generated by hypermail 2.2.0 : 02/17/09 EST