Near my mole
Some old pre-Blogspot.com posts, recycled.
3 Wednesday, December 31, 2003
Redmond's Latest Security Stumble?
Hey this is SECURITY with a capital U - "You Dickheads!!!"-
I quote from one of the manuals, the Sybex one (Mastering WindowsServer 2003):
.........With Server 2003 you can take a backup of your AD domain database with you to the remote site, and DCPROMO then lets you start a new DC out from the backup of the AD, rather than forcing a complete initial replication over the WAN. From there, you connect the new DC up to that unreliable phone line, and all the DC must do is to replicate whatever̢۪s changed in AD between when the backup occurred and now, which usually isn̢۪t much.
... so it now appears I can, if I get access to an open DC somewhere, take a copy of the catalog, I can then run up a new DC in my bedroom and join the domain? It may not get me full access right away but it's a loophole I could use to access stuff, maybe change passwords, whatever.
Also, (and more importantly) it lets me, as a determined system breaker, maybe get my hands on the DVD which that system admin is carrying around and reverse engineer it for ALL the passwords and other stuff like where the cream of the files are stored?
Damnit, it breaks every security rule I can think of... Am I stupidly not seeing something here, or is it Redmond that have done YAST?
These are random blog posts I recently rescued from a text dump of my earliest recorded blog posts from Ye Good Ole Days of writing stuff in Notepad and using some weird software that basically uploaded your entire blog every time you added a new article or edited an old one.
I'm shamelessly adding that little mini-banner graphic with links for you to donate, check my newsletter site, and generally get more entangled in my weird world.
No comments:
Post a Comment