Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Security

+ - Should security firms sandbox their executives?

Submitted by
Giorgio Maone
Giorgio Maone writes "Brian Krebs of the Security Fix Washington Post blog is attending the RSA Conference 2007 in San Francisco and noticed that "the kiosks of Microsoft Windows XP machines set up for attendees to freely access e-mail were running under the all-powerful Administrator account". More amusing, he's been watching executives from the major security firms which happily used those insecure Windows boxes to check their messages or even access their remote desktops. "Had I spent a bit more than 10 seconds at the terminals", he says, "I could have downloaded software that would let me steal user names and passwords from important companies in the information security community". Brrrr..."

Stinginess with privileges is kindness in disguise. -- Guide to VAX/VMS Security, Sep. 1984

Working...