It was quite helpful

1,095 registered users | 0 active users | 0 LpH | Statistics
Login | Create New User

Welcome to IWETHEY!

Post #198,834 by Arkadiy 3/15/05 4:54:15 PM 3/15/05 5:05:47 PM Reply	It was quite helpful And yes, I was _partly_ being intentionally obtuse. But, I still can't believe what you're saying. Are you saying that the DirectX APIs bypass all the security and let you have raw disk access? Update: checked DirectX docs - no mention of direct access to disk. Is it an undocumented backdoor? -- And what are we doing when the two most powerful nations on earth -- America and Israel -- stomp on the elementary rights of human beings? -- letter to the editor from W. Ostermeier, Liechtenstein Edited by Arkadiy March 15, 2005, 05:05:47 PM EST Expand All History
Post #198,880 by folkert 3/15/05 9:34:49 PM Reply	It isn't documneted the way you'd think. Direct Media can use the alternative Streams of NTFS. Umm, that would be direct DISK access. -- [link\|mailto:greg@gregfolkert.net\|greg], [link\|http://www.iwethey.org/ed_curry\|REMEMBER ED CURRY!] @ *i_wethey* [link\|http://it.slashdot.org/comments.pl?sid=134485&cid=11233230\|"Microsoft Security" is an even better oxymoron than "Military Intelligence"] No matter how much Microsoft supporters whine about how Linux and other operating systems have just as many bugs as their operating systems do, the bottom line is that the serious, gut-wrenching problems happen on Windows, not on Linux, not on Mac OS. -- [link\|http://www.eweek.com/article2/0,1759,1622086,00.asp\|source]
Post #198,957 by Arkadiy 3/16/05 9:52:25 AM Reply	Well, the only things that grant access to file system (that I found in the docs) are IFileSourceFilter, IFileSinkFilter and IFileSinkFIlter2. All of them take a filename. I did not test it, but I doubt that the access control on the file name is bypassed by any of these interfaces. -- And what are we doing when the two most powerful nations on earth -- America and Israel -- stomp on the elementary rights of human beings? -- letter to the editor from W. Ostermeier, Liechtenstein
Post #198,994 by folkert 3/16/05 11:31:08 AM 3/16/05 11:35:43 AM Reply	Then how do you explain the fact that it happens? Without escalation of Privs? And, the fact of the matter... not that they by-pass them, are they even checked? By assumption or by method something has to be getting around it. And the Local Policy over rides the others. So if the Citrix thinger you and andread are talking about, it doesn't amtter what DS groups memberships. It ain't supposed to be able to do that. But does. -- [link\|mailto:greg@gregfolkert.net\|greg], [link\|http://www.iwethey.org/ed_curry\|REMEMBER ED CURRY!] @ *i_wethey* [link\|http://it.slashdot.org/comments.pl?sid=134485&cid=11233230\|"Microsoft Security" is an even better oxymoron than "Military Intelligence"] No matter how much Microsoft supporters whine about how Linux and other operating systems have just as many bugs as their operating systems do, the bottom line is that the serious, gut-wrenching problems happen on Windows, not on Linux, not on Mac OS. -- [link\|http://www.eweek.com/article2/0,1759,1622086,00.asp\|source] Edited by folkert March 16, 2005, 11:35:43 AM EST Expand All History
Post #198,995 by Arkadiy 3/16/05 11:36:22 AM Reply	I have no explanation that I am sure of. I think you don't either. My guess is a security hole, a bug. Your guess is an inherent deficiency of architecture. Neither of us is in a position to prove our guesses. You are in a somewhat better position to investigate - you actually have logs and what not from your co-worker's breakage. But, unless you understand _exactly_ how the malware gained access to the protected areas of the system, we still don't know for sure. -- And what are we doing when the two most powerful nations on earth -- America and Israel -- stomp on the elementary rights of human beings? -- letter to the editor from W. Ostermeier, Liechtenstein
Post #199,001 by folkert 3/16/05 11:43:24 AM Reply	Thank you. (new thread) Created as new thread #199000 titled [link\|/forums/render/content/show?contentid=199000\|Thank you.] -- [link\|mailto:greg@gregfolkert.net\|greg], [link\|http://www.iwethey.org/ed_curry\|REMEMBER ED CURRY!] @ *i_wethey* [link\|http://it.slashdot.org/comments.pl?sid=134485&cid=11233230\|"Microsoft Security" is an even better oxymoron than "Military Intelligence"] No matter how much Microsoft supporters whine about how Linux and other operating systems have just as many bugs as their operating systems do, the bottom line is that the serious, gut-wrenching problems happen on Windows, not on Linux, not on Mac OS. -- [link\|http://www.eweek.com/article2/0,1759,1622086,00.asp\|source]

Undetectable VX2!!!!!! - (Andrew Grygus) - (39) - March 13, 2005, 12:25:13 PM EST

Maybe because it isn't the traditional one? - (folkert) - (3) - March 13, 2005, 05:07:21 PM EST

This one was real VX2 . . - (Andrew Grygus) - (2) - March 13, 2005, 05:32:16 PM EST

Is there even room to fit one more nail? ;-) -NT - (n3jja) - (1) - March 13, 2005, 05:33:05 PM EST

Depends on how many infections a given machine has. -NT - (ben_tilly) - March 13, 2005, 05:58:44 PM EST

Re: Undetectable VX2!!!!!! - (andread) - (3) - March 14, 2005, 09:39:16 AM EST

Of course. -NT - (Andrew Grygus) - (2) - March 14, 2005, 11:52:52 AM EST

Yeap, just like that. - (folkert) - (1) - March 14, 2005, 02:26:02 PM EST

My root post for this thread did refer to . . - (Andrew Grygus) - March 14, 2005, 03:30:07 PM EST

Assuming that I am a complete dolt, - (Arkadiy) - (29) - March 14, 2005, 04:29:37 PM EST

Rootkit worms for windows abound - (jake123) - March 14, 2005, 05:09:26 PM EST

Well, just for starters . . - (Andrew Grygus) - (8) - March 14, 2005, 05:18:45 PM EST

Apart from the first point - (Arkadiy) - (7) - March 14, 2005, 05:31:55 PM EST

Let's see, point #3 - (jake123) - (5) - March 14, 2005, 06:13:07 PM EST

Sounds like the OS/2 WPS (ducks, runs) -NT - (altmann) - (2) - March 14, 2005, 06:32:48 PM EST

Nah, Office has users. - (pwhysall) - March 14, 2005, 06:33:17 PM EST

:) - (jake123) - March 15, 2005, 01:45:00 PM EST

Sounds like Gnome - (Arkadiy) - (1) - March 14, 2005, 07:35:05 PM EST

No, another disagreement here. - (folkert) - March 14, 2005, 09:48:51 PM EST

On our network... - (Steven A S) - March 15, 2005, 04:18:20 PM EST

Win32 message service - (inthane-chan) - (18) - March 14, 2005, 05:23:59 PM EST

If you're not an admin, you don't have - (Arkadiy) - (17) - March 14, 2005, 05:34:23 PM EST

Nope. I have a machine at work. - (folkert) - (16) - March 14, 2005, 06:48:52 PM EST

I don't know :( - (Arkadiy) - (13) - March 14, 2005, 07:41:31 PM EST

I don't agree with your assessment. - (folkert) - (12) - March 14, 2005, 09:29:10 PM EST

That I don't understand - (Arkadiy) - (11) - March 15, 2005, 11:10:03 AM EST

That's where messaging comes in. - (inthane-chan) - March 15, 2005, 01:09:32 PM EST

Not like Windows... - (folkert) - (6) - March 15, 2005, 04:41:09 PM EST

It was quite helpful - (Arkadiy) - (5) - March 15, 2005, 05:05:47 PM EST

It isn't documneted the way you'd think. - (folkert) - (4) - March 15, 2005, 09:34:49 PM EST

Well, the only things that grant access to file system - (Arkadiy) - (3) - March 16, 2005, 09:52:25 AM EST

Then how do you explain the fact that it happens? - (folkert) - (2) - March 16, 2005, 11:35:43 AM EST

I have no explanation that I am sure of. - (Arkadiy) - (1) - March 16, 2005, 11:36:22 AM EST

Thank you. (new thread) - (folkert) - March 16, 2005, 11:43:24 AM EST

Re: That I don't understand - (andread) - (2) - March 16, 2005, 09:51:34 AM EST

Are they members of other groups? - (Arkadiy) - (1) - March 16, 2005, 09:53:35 AM EST

Domain Users -NT - (andread) - March 16, 2005, 03:35:33 PM EST

There is a way. - (static) - (1) - March 14, 2005, 08:54:09 PM EST

It's LocalSystem - (Arkadiy) - March 15, 2005, 11:26:57 AM EST

VX2 on 2 servers - (andread) - March 31, 2005, 12:31:50 PM EST

iwethey.org

Are you missing the point accidentally or strategically?
65 ms