spread the dot jenett.radio.randomizer - click to visit a random Radio weblog - for information, contact randomizer@coolstop.com


 Friday, August 23, 2002

Privilege Escalation, or what do with a bug once you've found it

Obviously, the Shatter Attack isn't the real problem. The problem is the email virus that could deliver the attack or any other delivery vehicle that gives an attacker remote or physical access to a user's system. Thus, the details of the attack matter little. [links added]
Paul Thurrott, Windows and .NET Magazine

They are both problems, if your security model doesn't allow for the possiblity that an end-user system will be compromised. It is not wise to ignore the potential of privilege escalation. You can limit the avenues of attack, but as long as the computer is on there will be an opportunity.

I am so sure that TCPA/Palladium will fix privilege escalation problems.

8:28:39 AM # Google It!
categories: Security