Its not that ISS doesn't feel like its a problem, its just when you let an attacker get to the point where they could run a local attack its game over. ISS's goal is to stop the attacker from getting close enogh to execute a local attack.
On Wed, 13 Oct 2004 10:30:27 -0400, KF_lists <[EMAIL PROTECTED]> wrote: > ISS would like to have you believe otherwise... when I contacted them > about the Local SYSTEM escalation in BlackICE we went in circles over > the fact that I feel that taking local SYSTEM on a win32 box IS a > problem and they don't. They tryed to say some crap like "in all our > years in the industry we have never had a customer state that local > windows security was a concern... blah blah (paraphrasing)". And > something along the lines of "Windows is not a true multi-user system > (like unix) so local escalation means nothing." > > -KF > > > > > Also, at least in MS Windows, it's my personal feeling that local > > privilege escalation issues (particularly escalation to kernel or system > > status) should be critical issues. Whether people can run arbitrary > > code on MS Windows systems these days isn't an exercise for the mind > > anymore, it's an exercise of "go look at your neighbors computer and see > > that it's done regularly". > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
