|
Penetration Testing
mailing list archives
RE: EXAMPLE: Why OOO is *BAD* [WAS: Re: OOO FLAME]
From: "Alexandru Bradescu-Popa" <alexbp () alexbp ro>
Date: Tue, 16 Sep 2008 11:56:13 +0300
Not the right question in my opinion. The right one should be: Is necessary
for a help-desk guy to have access in /etc?
And, we are back at the beginning: "Interesting security procedures they
have[...]"
______________________________________________________________
Frank, whatever it is, just write it down and put it on my desk where I
can't find it.
Henry Blake - M*A*S*H
-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On
Behalf Of Michael Boman
Sent: 15 septembrie 2008 22:33
To: Alexandru Bradescu-Popa
Cc: pen-test () securityfocus com
Subject: Re: EXAMPLE: Why OOO is *BAD* [WAS: Re: OOO FLAME]
On Mon, Sep 15, 2008 at 4:53 PM, Alexandru Bradescu-Popa
<alexbp () alexbp ro> wrote:
Interesting security procedures they have. Help-desk with access on
/etc/shadows. No written request for high sensitive files. They'll pass
with
flying colors any security audit.
But was the helpdesk aware that /etc/shadow is a highly sensitive file
to begin with?
Best regards
Michael Boman
--
http://michaelboman.org - Security Blog & Wiki
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Top 5 Common Mistakes in
Securing Web Applications
Get 45 Min Video and PPT Slides
www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Top 5 Common Mistakes in
Securing Web Applications
Get 45 Min Video and PPT Slides
www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------
 By Date 
By Thread
Current thread:
| 
Intro
