Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Removing the NIC cable = EoP?
From: Tim <tim-security () sentinelchicken org>
Date: Tue, 3 Oct 2006 08:32:39 -0400

List members: please pardon the vocab lesson I'm about to give... it's
just a pet peeve of mine.  (However, if you're one of those that also
butchers this word, please take note.)

The hack seems to be the defaulting. You authentify as a user, but you
do not let the system to get the full user profile from its domain
controller. The bug suggested there is that, if the OS can authentify,
but cannot setup the profile after succesfully authentifying, it would
incorrectly place you as a local admin. Presumably because that's the
only local account.

Vincent, please note:

  http://www.google.com/search?q=define%3Aauthentify

returns no results.  Yet:

  http://www.google.com/search?q=define%3Aauthenticate

returns 12+.

"authentify" is not a word (in English at least).

thanks,
tim

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]