Re: [Nolug] Radius & Tacacs+

From: Ron Johnson <ron.l.johnson_at_cox.net>
Date: Thu, 15 Jan 2009 15:49:37 -0600
Message-ID: <496FAF71.80802@cox.net>

<Sigh>

Adware has *nothing* to do with AD.

But the man who *wrote* the adware discovered all sorts of flaws
*inherent* to Windows. And AD runs on Windows.

Spoken another way, the parable of the house built on sand:
Matthew 7.24-27
     The wise man built his house on stone
     Then a great flood came there, and winds blew there, and fell
     down upon the house, and it did not fall: truly, it was built on
     stone

     Then the foolish man built his house on sand Then it rained, and
     a flood came there, and winds blew, and fell down upon the
     house, and the house fell; and its fall was great

On 01/15/09 11:11, Dustin Puryear wrote:
> I'm still confused. Are you arguing that Windows desktops are insecure?
> If so, I generally agree. However, I don't get what adware has to do
> with AD.
>
> Ron Johnson wrote:
>> Did you read the article? The section "Can you tell me more about your
>> strategies for persistence?" shows that no matter what MSFT does, it
>> will always be a big security nightmare.
>>
>> We then made a bootstrapper, which was a tiny tiny piece of code
>> written in Assembler which would decrypt the executable in
>> memory, and then just run it. At the same time, we also made a
>> virtual process executable. I’ve never heard of anybody else
>> doing this before. Windows has this thing called Create Remote
>> Thread. Basically, the semantics of Create Remote Thread are:
>> You’re a process, I’m a different process. I call you and say
>> “Hey! I have this bit of code. I’d really like it if you’d run
>> this.” You’d say, “Sure,” because you’re a Windows process–
>> you’re all hippie-like and free love. Windows processes, by the
>> way, are insanely promiscuous. So! We would call a bunch of
>> processes, hand them all a gob of code, and they would all run
>> it. Each process would all know about two of the other ones.
>> This allowed them to set up a ring … mutual support, right?
>>
>>
>> On 01/15/09 10:24, Dustin Puryear wrote:
>>> I'm not sure what adware has to do with AD? That's like not running
>>> OpenLDAP because of the Morris worm.
>>>
>>> I would be interested in hearing Shannon's reasons why AD is bad. I'm
>>> always interested in hearing the pros and cons of various directory
>>> products.
>>>
>>> Ron Johnson wrote:
>>>> On 01/15/09 10:04, Shannon Roddy wrote:
>>>>> On Thu, Jan 15, 2009 at 9:45 AM, Dustin Puryear
>>>>> <dustin@puryear-it.com>wrote:
>>>>>
>>>>>> Normally, if a shop is just anti-AD, then I may see something like:
>>>>>>
>>>>>>
>>>>> There are more reasons not to use AD than just being anti-AD.
>>>>>
>>>> Being pro-security?
>>>>
>>>> (This, while focused on the desktop, is a pretty damning of Windows.)
>>>>
>>>> http://philosecurity.org/2009/01/12/interview-with-an-adware-author
>>>>
>>>> S: In your professional opinion, how can people avoid adware?
>>>>
>>>> M: Um, run UNIX.

-- 
Ron Johnson, Jr.
Jefferson LA  USA
"I am not surprised, for we live long and are celebrated poopers."
___________________
Nolug mailing list
nolug@nolug.org
Received on 01/15/09

This archive was generated by hypermail 2.2.0 : 02/17/09 EST