ATTENTION: You are viewing a page formatted for mobile devices; to view the full web page, click HERE.

Main Area and Open Discussion > General Software Discussion

Windows 7 — first impressions

<< < (10/18) > >>

MilesAhead:
You can do that in Windows too - just right click on the shortcut and click on the Advanced button and you can choose to run it with a different user credentials - so you could run with an Admin account if you want.
-Carol Haynes (December 01, 2009, 07:03 PM)
--- End quote ---

Yup. I think the only advantage would be the encrypted password in the shortcut.  I 'spose you could always use a macro to get around typing in a pw but it would kind of defeat the securty.

That and the fact that it likely works on about 1/2 flavors of windows.

f0dder:
Yup. I think the only advantage would be the encrypted password in the shortcut.  I 'spose you could always use a macro to get around typing in a pw but it would kind of defeat the securty.-MilesAhead (December 01, 2009, 11:31 PM)
--- End quote ---
Encryption doesn't help a lot when it's automated...

MilesAhead:
Yup. I think the only advantage would be the encrypted password in the shortcut.  I 'spose you could always use a macro to get around typing in a pw but it would kind of defeat the securty.-MilesAhead (December 01, 2009, 11:31 PM)
--- End quote ---
Encryption doesn't help a lot when it's automated...
-f0dder (December 02, 2009, 01:55 AM)
--- End quote ---

I think I made that point already.  With the su port you put your password through an encryption tool so that the clear text password isn't in the shortcut. Once you have the shortcut set up it saves you from typing it in every time your run a common house-keeping chore. Just double-click.

SKA:
Microsoft mucks up Windows 7 licensing
http://windowssecrets.com/comp/091203#story1

f0dder:
MilesAhead: you might not be able to directly read the password in plaintext, but since it's an automated method, what stops you from simply copying the encrypted password and using the sudo tool to launch other stuff?

And since it's automated, it's not going to be very hard to get the plaintext password... memory dump of the sudo process, or knowledge of the encryption method and simply decrypting it yourself.

Of course it's not something that's going to be exploited by malware because it's not a widespread tool, and it's probably only meant for single-user environments. I'd still call it a gaping security hole though :)

Navigation

[0] Message Index

[#] Next page

[*] Previous page

Go to full version