Archives
  Columns
  Features
  Print Archives
1994-1998
  Special
  BYTE Digest
  Michael Abrash's Graphics Programming Black Book
  101 Perl Articles
  About Us
  How to Access BYTE.com
  Write to BYTE.com
  Advertise with BYTE.com

Newsletter
Free E-mail Newsletter from BYTE.com
 
    
  HOME   ABOUT US   ARCHIVES   CONTACT US   ADVERTISE   REGISTER
Visit the home page Browse the four-year online archive Download platform-neutral CPU/FPU benchmarks Find information for advertisers, authors, vendors, subscribers

ArticlesA Déjà Vu Nightmare

February 1998 / Inbox / A Déjà Vu Nightmare

What a relief to find that someone else has come to the realization that Windows NT security is not secure. "Déjà Vu All Over Again" (November 1997) was fantastic! It was really nice to see someone else also note that the NT security bugs were discovered and patched in Unix long ago.

But one thing was missing from the article. A very large number of holes exist that obviate the need for password-cracking programs, ActiveX, and other tricks: Anyone who logs onto an NT machine with the default configuration has potentially hundreds of ways of gaining access as an administrator.

F irst, the SYSTEMROOT directory is full control for the group Everyone. This allows the replacement of Notepad.exe and other programs with a trojan horse. You don't even need a compiler, since you can rename it Notepad1.exe and create a batch script that adds your user to the Domain Admins group when an administrator starts Notepad from the Start menu. In addition, there are dozens of DLLs and other executables that are at least changeable by Everyone, again allowing easy creation of a trojan horse.

File associations can be changed by a user and are then effective for the administrator. Thus, the next time an administrator double-clicks on a .txt, .doc, or other file on this system, the user becomes a member of the Domain Admins group.

The worst is that this is the default state, and you need no special programming skills or tools. The holes are just there.


Jim Mohr
Author, Linux User's Resource
jimmo@blitz.de

Up to the Inbox section contentsGo to previous article: Who's Out in the Cold?Go to next article: Same Nightmare, Different Bed
Flexible C++
Matthew Wilson
My approach to software engineering is far more pragmatic than it is theoretical--and no language better exemplifies this than C++.

more...

BYTE Digest

BYTE Digest editors every month analyze and evaluate the best articles from Information Week, EE Times, Dr. Dobb's Journal, Network Computing, Sys Admin, and dozens of other CMP publications—bringing you critical news and information about wireless communication, computer security, software development, embedded systems, and more!

Find out more
BYTE.com Store

BYTE CD-ROM
NOW, on one CD-ROM, you can instantly access more than 8 years of BYTE.
 
The Best of BYTE Volume 1: Programming Languages
The Best of BYTE
Volume 1: Programming Languages
In this issue of Best of BYTE, we bring together some of the leading programming language designers and implementors...

Copyright © 2005 CMP Media LLC, Privacy Policy, Your California Privacy rights, Terms of Service
Site comments: webmaster@byte.com
SDMG Web Sites: BYTE.com, C/C++ Users Journal, Dr. Dobb's Journal, MSDN Magazine, New Architect, SD Expo, SD Magazine, Sys Admin, The Perl Journal, UnixReview.com, Windows Developer Network