Microsoft Windows Impersonation Privilege Escalation Weakness

"Microsoft Windows is susceptible to a weakness that may allow attackers to
gain elevated privileges. This issue is due to the ability of services to
impersonate clients after they have authenticated."

http://www.securityfocus.com/bid/18008/discuss

Im

Imhotep

Imhotep wrote:
> "Microsoft Windows is susceptible to a weakness that may allow
> attackers to gain elevated privileges. This issue is due to the
> ability of services to impersonate clients after they have
> authenticated."
>
> http://www.securityfocus.com/bid/18008/discuss

I read this a while back. It basically says "if you give your username and
password to a service that pretends to be you, that service can pretend to
be you".

The same "weakness" exists in every other operating system.

You can do better than this, surely - an outdated article that describes as
a weakness a basic, known, issue with handing your authentication
credentials over to another party for delegation.

Come on, where's the insightful Imhotep, the guy who's ahead of the game,
who's predicting where Windows will take a tumble next, and unflinchingly
provides advice designed to protect users, rather than merely scare them?

I've yet to see that Imhotep, but I'd like to believe that if you try really
hard, you can squeeze one such posting out.

Alun.
~~~~
[Please don't email posters, if a Usenet response is appropriate.]
--
Texas Imperial Software | Find us at http://www.wftpd.com or email
23921 57th Ave SE | .
Washington WA 98072-8661 | WFTPD, WFTPD Pro are Windows FTP servers.
Fax/Voice +1(425)807-1787 | Try our NEW client software, WFTPD Explorer.

Alun Jones

Alun Jones wrote:

> Imhotep wrote:
>> "Microsoft Windows is susceptible to a weakness that may allow
>> attackers to gain elevated privileges. This issue is due to the
>> ability of services to impersonate clients after they have
>> authenticated."
>>
>> http://www.securityfocus.com/bid/18008/discuss
>
> I read this a while back. It basically says "if you give your username
> and password to a service that pretends to be you, that service can
> pretend to be you".
>
> The same "weakness" exists in every other operating system.
>
> You can do better than this, surely - an outdated article that describes
> as a weakness a basic, known, issue with handing your authentication
> credentials over to another party for delegation.
>
> Come on, where's the insightful Imhotep, the guy who's ahead of the game,
> who's predicting where Windows will take a tumble next, and unflinchingly
> provides advice designed to protect users, rather than merely scare them?
>
> I've yet to see that Imhotep, but I'd like to believe that if you try
> really hard, you can squeeze one such posting out.
>
> Alun.
> ~~~~
> [Please don't email posters, if a Usenet response is appropriate.]


Warning! Warning! Alun "spanky" Jones Idiot alert!!!

Still waiting on you stepping up and being a man. You made a comment, got
caught lying, and ran away like a weeping foolish troll you are...come on
are you better than that?

What about the users here? Don't you want to provide honest data? Are you
better than that?

<guess not, you're just another meatball>

Imhotep

Imhotep