Re: Windows 2000 Run As... Feature

[dleblanc () MINDSPRING COM (David LeBlanc)]

At 06:31 AM 1/24/00 -0800, jdglaser wrote:
> That's a good point.
> I'd like to add that MS Secure Attention Sequence is not exactly so
> trusted.
> Nothing prevents another Gina from being put into play, nor prevents
> process code injection - DLL API hooking.

> One way to do this can be done by altering the reg key
> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
> to implement a Pass-Through Gina (one which grabs your password and then
> calls through to the real Gina)

However, in order to change that registry key, you have to be an
administrator or server operator.  Anyone in these groups are allowed to
modify the operating system in any way they like.  It would be more
effective for them to simply install a keystroke logger, as that way you'd
get passwords typed in at other times, and not just logons.

The trust in the secure attention sequence, or any other part of the
operating system, is only as good as your trust in the administrator.
Given the credentials needed to write the Winlogon values, the number of
things I could do to someone is only limited by my imagination and how much
code I want to write.  The mind boggles at the possibilities <g>.

David LeBlanc
dleblanc () mindspring com