Radius Enabled Application
When the process starts, it requests authentication and authorization from a Radius server. The Radius server has to be configured to recognize the system the process is running on as a Network Authorization Server. This way, any start/stop/unexpected event can be logged separately from the application, and the process's authorization (by system) can be revoked as necessary.
Do some research. The testing and certification is done by companies selected and paid by the equipment vendor. In addition, the results are only provided to the equipment vendor, since they are the client.
The government, since it is not the client, is not guaranteed access to the raw data, so it cannot independently verify any claims of accuracy.
I have been reading this (and previous). We already use scoring machines four times a year in just about every school for NCLB We cannot reuse these machines for three times max per year for voting? If not, do the voters or the schoolchildren lose???
If you are as obsessive about the news as I am, you might have seen the following (paraphrased)
There is one race in which a candidate did not receive even one vote
Presumably, he (or his wife) thought he should win
I have been involved in disaster management for 15 years. As a ham radio operator (and appointed emergency coordinator) we perform emergency drills. My crew goes out of it's way to throw monkey wrenches into the drill. While FEMA (under DHS) and some of the local agencies are not up to the task, there are people who are there.
Todd Bordeaux
N7TWF
Cell phone sales will not save the company and they cannot compete with Walmart, BestBuy, Comp USA and Fry's etc. Least wise not directly but they turned their back on the "do it your self" crowd and that was their market at one time.
I don't know about other areas, but in the SoCal and AZ markets I would much rather go to Fry's than RS. I can (and do) find anything (including individual transistors and resistors) there.
OpenBSD was a fork() of netbsd. Is there any chance they could reunite to make a single stronger OS? How difficult would reconciling the politics and the codebase be?
I used to be a System Administrator in classified labs for a large DOD contractor. During the time I was there, I not only saw DSS and NISPOM regulations being violated, but actively evaded.
On one occaision, there were four attempts to install equipment which compromised separation of classification. This was because the equipment had already been purchased prior to DSS approval.
It got to the point that three of us (the ones who actively enforced NISPOM) were actually told by management that we were not to report concerns to Information Security.
At the same time, our team of three was able to obtain provisional authority from DSS for a prototype RED to BLACK automated interface by demonstrating that all concerns and NISPOM requirements were addressed. Management was amazed that we were able to do in 2 weeks (with
This demonstrates the contractors view as to what is important.
I currently work for a company that does statement processing (the bills you receive). One of our suppliers does the programming that converts the raw data that our customer sends to what is needed to print the bill (or statement).
In one example, the statement remains the same each month, except for an 8 line message that will say that "It's summer - snakes are out...". Our customer pays us (who pay our supplier) for a programming change. I recommended that the message be recorded in a text file, so that there are no programming charges incurred for this. Our supplier said that it would be too difficult.
In another example, we do some processing for companies which require statement detail (stored in an Access database in first normal form with no indexing). I recommended that the data should be indexed (if not normalized) and was told that the change would be too difficult.
The last example: We recently had a form to print which was printing the WingDing font on part of the form. I contacted the supplier to determine which font was supposed to print (so I could track down the offending font file) and was informed that they did not know, it was whatever VB had selected.
Talk about vendor lock-in.
My thoughts (take them as you will)
1: "Enter your four digit id number and press the pound (#) key - This is an intelligent system that cannot recognize 4 digits being entered?
2: AVR: "Please say why you are calling"; response "Operator"; "Please say what this is about"; response "OPERATOR"; please give you pin number/password. The first time an automatic voice response system is told that it CANNOT handle the request, it should pass the request to a human attendant. This leads to my number 3 (and biggest pet peave - SPRINT ARE YOU LISTENING??)
3: After navigating 3+ menus, the response is Our office is closed, please call between 8 and 5 pm (choose your time zone)
Monday through Friday. This, after entering telephone number, pin, etc. If the call is not going to be accepted, while at the same time asking customers to input a variety of personal data in the open, TELL THEM UP FRONT that their information is not going do do them any good.
A long time ago, I was a contractor for an establishment whose headquarters was over 4 city blocks and >10 stories above. The building was constructed entirely as a Faraday Cage (nothing inside got outside, checked on a regular basis). When the building was first constructed, the contractor adhered the wire mesh (windows were already shielded) with standard galvanized nails (inside receptor/conductor through shielding/outside transmitter). Go figure...
Recently, I had occaision to explain to someone how to accomplish a particular task. I found the user manual online and downloaded it to my computer. I then looked up the information in the manual, noting the exact page the relevant information was on.
Next, I sent an e-mail to the person saying "This information is on page XX of the manual", with the MANUAL ATTACHED.
The response was "Where do I find the manual?"
"You can lead a horse to water..."
Windows
Step 1: Install Windows with normal user ID of Samantha
Step 2: Patch Windows
Step 3: Logoff and logon as Administrator
Step 4: Try to change Samantha to a "Power User" instead of "Administrator"
*NIX and Mac
Rinse and repeat steps 1-3
Is Samantha a superuser/administrator?
nuff said??
I have been watching this post. There are a few things I disagree with.
When my daughter was growing up, there were *several* things she would not eat, and some things she wanted all the time. My (now ex) wife and I talked to the doctor about this. He told us that "her body would tell her what she needed" (she was 4-6 at the time). She turned out all right (In the Nat'l Guard with one of the highest entry scores they had ever seen).
I lived with a woman for many years. She had four kids. One day, the oldest (13 at the time) did the predictable "You are not my daddy, you can't tell me what to do" routine. We had gone through this before, but this time, I told her the following:
1) I pay for the roof over your head.
2) I pay for your clothes.
3) I pay for your food.
4) Your mother and I make the rules.
The following changed the situation to where we never had the argument again:
Kids can be reasonable, if you give them the chance. They can be stunningly UNREASONABLE if you don't.
5) If you do not agree with the rules, tell me why. I will tell you why the rule is there. We can discuss this rather than "I told you so..."
"Windows, by default allows you to press twice to get to the legacy logon screen (if you did not know to change the administrator password, simply type "Administrator" as the user name and press enter - BAM - You have the whole system."
Nice FUD. During Windows setup, Windows asks you for the "administrator" password. It is not blank unless you tell it to be blank. But that is besides the point. You just described how someone could take over a box if they have physical access. Linux by default is easy to own with physical access to. Every hear of single user mode?
Which works if you are the person installing the system!!. If you buy the system from a distributor, the Administrator password is PHYSICAL ACCESS I can take over any system. With Remote Desktop> on Windows I do not need physical access.
>i>"Configuration information is stored in a single repository, the "System Registry". All applications, by default, can write to this file. For my money, the only information that should be stored there is a path to MY CONFIGURATION FILE Windows, by default, allows install procedures (running as Administrator) to overwrite any file in the system without enforcing a rollback mechanism."
>i>You have no clue what you are talking about. The windows registry is composed of multiple transactional databases. There are system portions of the registry, which only admins have write access too, and user portions. Each user in Windows has their own registry hive which only they (and admins) can write to for storing individual program settings and preferences. As for the system enforced rollback feature, there is system restore, which does work. What kind of systemn enforced rollback mechanism in linux are you talking about anyway? Are you talking about how most text editors will keep a backup~ copy of files you edit?
ny:
These are not transactional databases. They are stored as tables in one database, which is open for modification from amy installation program.
>>"The OS protects the OS files from non-root users."
>As does Windows. What makes linux special in this regard?
Windows, by default makes the FIRST user (and others unless told differently) Administrator.
Windows, by default does not allow the FIRST (ONLY??) user to be demoted to a Power User (You must have at least one administrator is the message - note that Administrator exists).
Windows, by default allows you to press twice to get to the legacy logon screen (if you did not know to change the administrator password, simply type "Administrator" as the user name and press enter - BAM - You have the whole system.
Windows, by default does not show "Administrator" (or whatever you have changed that ID to) on the User ID maintenance screens that a general user has access to.
Programs are generally stored in the system directory [$WINDOWS\SYSTEM32]or [$PROGRAM_FILES] (forgive me if I got the environment variable names wrong), rather than being stored in their own directories. This allows multiple programs whose programmers decided to use the same "DLL" name to overwrite a previous vendors files (ever seen the message that no other program was using a file when uninstalling an application??)
Configuration information is stored in a single repository, the "System Registry". All applications, by default, can write to this file. For my money, the only information that should be stored there is a path to MY CONFIGURATION FILE
Windows, by default, allows install procedures (running as Administrator) to overwrite any file in the system without enforcing a rollback mechanism.
I have no problem with programs residing in [$Program]/... Each program installed should follow the same protocol as most MATURE operatin systems (*NIX, OS/MVS, VMS, OS/360, VM/370 et al) and store it's files accordingly, under it's own identification:
Basic executables in./bin
Libraries needed to execute in./lib
Configuration files in./etc
If an application needs to use a function residing in a system library, simply call include a stub in your $LIB file that calls the appropriate system library. DO NOT REPLACE AN EXISTING LIBRARY.
However, the trend is that "shareware" or "freeware" (exhibit AV or optimization software) will tell you that "I found these problems... to fix them you must buy my product instead of giving you a one-time fix to ensure that your program will not tank my machine.
If I am going to buy a product, I want to be damn sure it will work or that I can get my money back!!!
Any thoughts?
As a network security specialist, I was dumfounded to (on my new machine) find that, in addition to the basic administrator account (no default password), there had to be at least one more administrator added.Are you equally "dumfounded" (sic) that you can't configure a typical unix machine without a root user ?
Only in that, since I was logged in as "Administrator", I was unable to demote my regular user account to "Power User". M$ Windows Media Center told me that I had to have at least one administrator account (the one I was logged in as --- I thought).
For an example of the reason Microsoft *should* restrict their employee's (especially development/useability staff), look at the following exchange:
Me:
It was not a question. If an application requests access far in excess
of what it needs, is denied and continues on without problem, the
request for access is by definition a LUA bug (it did not need the
authorization in able to proceed). If, for example, my application
never reads or writes to COM1 but attempts to open it for read/write
access, the least I should be guilty of is sloppy coding. However, if
I am writing a trojan masquerading as an otherwise useful utility, I
would do this to see if I was able to do so. Possible responses:
Request denied: Continue with what the user wanted me to do.
Request permitted: Deploy destructive payload, then continue with
what the user wanted me to do.
This scenario is the same whether the request is a registry write, an
update/change of system files (libraries, executables, configuration
files) or writing to memory (RAM or DISK).
Therefore, by definition, any request for services that are not needed
to perform the operation is an LUA Bug
Answer:
Developer from Microsoft (as a result of my comment to his blog):
You can choose to define it that way if you want, but it's not a
useful
definition, and frankly doesn't make any sense to me. For most people,
"bug" implies that the object under consideration does not work as
designed/desired. For my purposes, I'll stick with my description as
posted here:http://blogs.msdn.com/aaron_margosis/archive/2006/ 02/06/525455.aspx
Is there some reason that a "security conscious company" would feel that widespread requests for unneeded access should be permitted? If I came to you and said "I want a key to your house, not because I need it, but because I want it", would you feel comfortable giving me one? Better yet, would you feel comfortable if I went down to the local locksmith asking for a key to 1313 Mockingbird Lane and they gave it to me without any questions??? This is what an employee of Microsoft is describing as working as designed/desired!!!
Political...Nah,,,couldn't be.
I once applied as a Senior Unix Admin, responsible for the rollout of 70+ Linux boxes. After an interview which included the following exchange...:
Interviewer: Would you write the policy regarding installation of software?
Me: No, I will help you, as manager, to write the policy. Otherwise, any requests for deviation would only have to be decided by non-management personnel. In addition, if Bob comes to me with a reasonable request (and justification - approved) and Jane comes to me with an unreasonable request (no justification - denied), I would have to spend time defending my decisions, rather than telling each "Make your case to management - if they tell me to make these changes, I wlll.
Interviewer: How would you structure a backup system, when some systems might me running Windows?
Me: All user data would be stored on a central server (running some *NIX flavor with Samba). There would be an additional server class machine (configured to run as both server and workstation) to test backup/restore procedures on a regular basis.
The upshot was that they found someone in Southern Arizona who had more than 25 years working in IT (started at IBM out of high school in 1977 working on 360/370/3000/3090 class equipment, 20 years in data communications, 15 years in UNIX, 10 years in network and data security). I was only told that they had found "someone more qualified" to fill the position (the above was my resume at the time).
Go Figure...
This *may* be the way for Microsoft to finally solve some of their security problems. When their employees constantly are yelling "G*dD#@mn IT", the company might buy a clue-by-four to figure out their *basic* failure in the current security model. As a network security specialist, I was dumfounded to (on my new machine) find that, in addition to the basic administrator account (no default password), there had to be at least one more administrator added. My issue was simple - my user ID should be a "Power User" not "Administrator". Yet, when I attempted to change my usual logon to a PU (I am the only one who uses this machine), I was greeted with a message that "You MUST have at least one administrator". This while logged on to the ACTUAL Administrator account (that name had already been changed). I suppose I could have done the work to logon as "Local Service", but.
More importantly, why does Microsoft ship all Windows products with a password of $NULL?!?. Any self-respecting cracker (THEY ARE NOT HACKERS) knows this. At least use a password generated by the product key entered upon installation. The product key is printed on the documentation along with an admonition not to lose it. It would be TRIVIAL to add an administrator password to the sticker, along with the key.
Slashdot Mirror
Radius Enabled Application When the process starts, it requests authentication and authorization from a Radius server. The Radius server has to be configured to recognize the system the process is running on as a Network Authorization Server. This way, any start/stop/unexpected event can be logged separately from the application, and the process's authorization (by system) can be revoked as necessary.
Do some research. The testing and certification is done by companies selected and paid by the equipment vendor. In addition, the results are only provided to the equipment vendor, since they are the client. The government, since it is not the client, is not guaranteed access to the raw data, so it cannot independently verify any claims of accuracy.
Actually, in the 2006 votes, one candidate got 0 votes (guess not even he or his wife felt he was qualified
I have been reading this (and previous). We already use scoring machines four times a year in just about every school for NCLB We cannot reuse these machines for three times max per year for voting? If not, do the voters or the schoolchildren lose???
I have been involved in disaster management for 15 years. As a ham radio operator (and appointed emergency coordinator) we perform emergency drills. My crew goes out of it's way to throw monkey wrenches into the drill. While FEMA (under DHS) and some of the local agencies are not up to the task, there are people who are there. Todd Bordeaux N7TWF
I used to be a System Administrator in classified labs for a large DOD contractor. During the time I was there, I not only saw DSS and NISPOM regulations being violated, but actively evaded. On one occaision, there were four attempts to install equipment which compromised separation of classification. This was because the equipment had already been purchased prior to DSS approval. It got to the point that three of us (the ones who actively enforced NISPOM) were actually told by management that we were not to report concerns to Information Security. At the same time, our team of three was able to obtain provisional authority from DSS for a prototype RED to BLACK automated interface by demonstrating that all concerns and NISPOM requirements were addressed. Management was amazed that we were able to do in 2 weeks (with This demonstrates the contractors view as to what is important.
I currently work for a company that does statement processing (the bills you receive). One of our suppliers does the programming that converts the raw data that our customer sends to what is needed to print the bill (or statement). In one example, the statement remains the same each month, except for an 8 line message that will say that "It's summer - snakes are out...". Our customer pays us (who pay our supplier) for a programming change. I recommended that the message be recorded in a text file, so that there are no programming charges incurred for this. Our supplier said that it would be too difficult. In another example, we do some processing for companies which require statement detail (stored in an Access database in first normal form with no indexing). I recommended that the data should be indexed (if not normalized) and was told that the change would be too difficult. The last example: We recently had a form to print which was printing the WingDing font on part of the form. I contacted the supplier to determine which font was supposed to print (so I could track down the offending font file) and was informed that they did not know, it was whatever VB had selected. Talk about vendor lock-in.
My thoughts (take them as you will) 1: "Enter your four digit id number and press the pound (#) key - This is an intelligent system that cannot recognize 4 digits being entered? 2: AVR: "Please say why you are calling"; response "Operator"; "Please say what this is about"; response "OPERATOR"; please give you pin number/password. The first time an automatic voice response system is told that it CANNOT handle the request, it should pass the request to a human attendant. This leads to my number 3 (and biggest pet peave - SPRINT ARE YOU LISTENING??) 3: After navigating 3+ menus, the response is Our office is closed, please call between 8 and 5 pm (choose your time zone) Monday through Friday. This, after entering telephone number, pin, etc. If the call is not going to be accepted, while at the same time asking customers to input a variety of personal data in the open, TELL THEM UP FRONT that their information is not going do do them any good.
A long time ago, I was a contractor for an establishment whose headquarters was over 4 city blocks and >10 stories above. The building was constructed entirely as a Faraday Cage (nothing inside got outside, checked on a regular basis). When the building was first constructed, the contractor adhered the wire mesh (windows were already shielded) with standard galvanized nails (inside receptor/conductor through shielding/outside transmitter). Go figure...
Recently, I had occaision to explain to someone how to accomplish a particular task. I found the user manual online and downloaded it to my computer. I then looked up the information in the manual, noting the exact page the relevant information was on. Next, I sent an e-mail to the person saying "This information is on page XX of the manual", with the MANUAL ATTACHED. The response was "Where do I find the manual?" "You can lead a horse to water..."
No, the higher end versions are equipped with one of two versions LEO (Law Enforcement Officer) -or- PSO (Protective Services Officer)
Windows Step 1: Install Windows with normal user ID of Samantha Step 2: Patch Windows Step 3: Logoff and logon as Administrator Step 4: Try to change Samantha to a "Power User" instead of "Administrator" *NIX and Mac Rinse and repeat steps 1-3 Is Samantha a superuser/administrator? nuff said??
I have been watching this post. There are a few things I disagree with. When my daughter was growing up, there were *several* things she would not eat, and some things she wanted all the time. My (now ex) wife and I talked to the doctor about this. He told us that "her body would tell her what she needed" (she was 4-6 at the time). She turned out all right (In the Nat'l Guard with one of the highest entry scores they had ever seen). I lived with a woman for many years. She had four kids. One day, the oldest (13 at the time) did the predictable "You are not my daddy, you can't tell me what to do" routine. We had gone through this before, but this time, I told her the following: 1) I pay for the roof over your head. 2) I pay for your clothes. 3) I pay for your food. 4) Your mother and I make the rules. The following changed the situation to where we never had the argument again: Kids can be reasonable, if you give them the chance. They can be stunningly UNREASONABLE if you don't. 5) If you do not agree with the rules, tell me why. I will tell you why the rule is there. We can discuss this rather than "I told you so..."
"Windows, by default allows you to press twice to get to the legacy logon screen (if you did not know to change the administrator password, simply type "Administrator" as the user name and press enter - BAM - You have the whole system." Nice FUD. During Windows setup, Windows asks you for the "administrator" password. It is not blank unless you tell it to be blank. But that is besides the point. You just described how someone could take over a box if they have physical access. Linux by default is easy to own with physical access to. Every hear of single user mode? Which works if you are the person installing the system!!. If you buy the system from a distributor, the Administrator password is PHYSICAL ACCESS I can take over any system. With Remote Desktop> on Windows I do not need physical access. >i>"Configuration information is stored in a single repository, the "System Registry". All applications, by default, can write to this file. For my money, the only information that should be stored there is a path to MY CONFIGURATION FILE Windows, by default, allows install procedures (running as Administrator) to overwrite any file in the system without enforcing a rollback mechanism." >i>You have no clue what you are talking about. The windows registry is composed of multiple transactional databases. There are system portions of the registry, which only admins have write access too, and user portions. Each user in Windows has their own registry hive which only they (and admins) can write to for storing individual program settings and preferences. As for the system enforced rollback feature, there is system restore, which does work. What kind of systemn enforced rollback mechanism in linux are you talking about anyway? Are you talking about how most text editors will keep a backup~ copy of files you edit? ny: These are not transactional databases. They are stored as tables in one database, which is open for modification from amy installation program.
The post dropped the Ctrl-Alt-Del sequence, sorry
>>"The OS protects the OS files from non-root users." >As does Windows. What makes linux special in this regard? Windows, by default makes the FIRST user (and others unless told differently) Administrator. Windows, by default does not allow the FIRST (ONLY??) user to be demoted to a Power User (You must have at least one administrator is the message - note that Administrator exists). Windows, by default allows you to press twice to get to the legacy logon screen (if you did not know to change the administrator password, simply type "Administrator" as the user name and press enter - BAM - You have the whole system. Windows, by default does not show "Administrator" (or whatever you have changed that ID to) on the User ID maintenance screens that a general user has access to. Programs are generally stored in the system directory [$WINDOWS\SYSTEM32]or [$PROGRAM_FILES] (forgive me if I got the environment variable names wrong), rather than being stored in their own directories. This allows multiple programs whose programmers decided to use the same "DLL" name to overwrite a previous vendors files (ever seen the message that no other program was using a file when uninstalling an application??) Configuration information is stored in a single repository, the "System Registry". All applications, by default, can write to this file. For my money, the only information that should be stored there is a path to MY CONFIGURATION FILE Windows, by default, allows install procedures (running as Administrator) to overwrite any file in the system without enforcing a rollback mechanism. I have no problem with programs residing in [$Program]/... Each program installed should follow the same protocol as most MATURE operatin systems (*NIX, OS/MVS, VMS, OS/360, VM/370 et al) and store it's files accordingly, under it's own identification: Basic executables in ./bin
Libraries needed to execute in ./lib
Configuration files in ./etc
If an application needs to use a function residing in a system library, simply call include a stub in your $LIB file that calls the appropriate system library. DO NOT REPLACE AN EXISTING LIBRARY.
However, the trend is that "shareware" or "freeware" (exhibit AV or optimization software) will tell you that "I found these problems... to fix them you must buy my product instead of giving you a one-time fix to ensure that your program will not tank my machine. If I am going to buy a product, I want to be damn sure it will work or that I can get my money back!!! Any thoughts?
As a network security specialist, I was dumfounded to (on my new machine) find that, in addition to the basic administrator account (no default password), there had to be at least one more administrator added. Are you equally "dumfounded" (sic) that you can't configure a typical unix machine without a root user ? Only in that, since I was logged in as "Administrator", I was unable to demote my regular user account to "Power User". M$ Windows Media Center told me that I had to have at least one administrator account (the one I was logged in as --- I thought).
For an example of the reason Microsoft *should* restrict their employee's (especially development/useability staff), look at the following exchange: Me: It was not a question. If an application requests access far in excess of what it needs, is denied and continues on without problem, the request for access is by definition a LUA bug (it did not need the authorization in able to proceed). If, for example, my application never reads or writes to COM1 but attempts to open it for read/write access, the least I should be guilty of is sloppy coding. However, if I am writing a trojan masquerading as an otherwise useful utility, I would do this to see if I was able to do so. Possible responses: Request denied: Continue with what the user wanted me to do. Request permitted: Deploy destructive payload, then continue with what the user wanted me to do. This scenario is the same whether the request is a registry write, an update/change of system files (libraries, executables, configuration files) or writing to memory (RAM or DISK). Therefore, by definition, any request for services that are not needed to perform the operation is an LUA Bug Answer: Developer from Microsoft (as a result of my comment to his blog): You can choose to define it that way if you want, but it's not a useful definition, and frankly doesn't make any sense to me. For most people, "bug" implies that the object under consideration does not work as designed/desired. For my purposes, I'll stick with my description as posted here: http://blogs.msdn.com/aaron_margosis/archive/2006/ 02/06/525455.aspx
Is there some reason that a "security conscious company" would feel that widespread requests for unneeded access should be permitted? If I came to you and said "I want a key to your house, not because I need it, but because I want it", would you feel comfortable giving me one? Better yet, would you feel comfortable if I went down to the local locksmith asking for a key to 1313 Mockingbird Lane and they gave it to me without any questions??? This is what an employee of Microsoft is describing as working as designed/desired!!!
Political...Nah,,,couldn't be. I once applied as a Senior Unix Admin, responsible for the rollout of 70+ Linux boxes. After an interview which included the following exchange...: Interviewer: Would you write the policy regarding installation of software? Me: No, I will help you, as manager, to write the policy. Otherwise, any requests for deviation would only have to be decided by non-management personnel. In addition, if Bob comes to me with a reasonable request (and justification - approved) and Jane comes to me with an unreasonable request (no justification - denied), I would have to spend time defending my decisions, rather than telling each "Make your case to management - if they tell me to make these changes, I wlll. Interviewer: How would you structure a backup system, when some systems might me running Windows? Me: All user data would be stored on a central server (running some *NIX flavor with Samba). There would be an additional server class machine (configured to run as both server and workstation) to test backup/restore procedures on a regular basis. The upshot was that they found someone in Southern Arizona who had more than 25 years working in IT (started at IBM out of high school in 1977 working on 360/370/3000/3090 class equipment, 20 years in data communications, 15 years in UNIX, 10 years in network and data security). I was only told that they had found "someone more qualified" to fill the position (the above was my resume at the time). Go Figure...
This *may* be the way for Microsoft to finally solve some of their security problems. When their employees constantly are yelling "G*dD#@mn IT", the company might buy a clue-by-four to figure out their *basic* failure in the current security model. As a network security specialist, I was dumfounded to (on my new machine) find that, in addition to the basic administrator account (no default password), there had to be at least one more administrator added. My issue was simple - my user ID should be a "Power User" not "Administrator". Yet, when I attempted to change my usual logon to a PU (I am the only one who uses this machine), I was greeted with a message that "You MUST have at least one administrator". This while logged on to the ACTUAL Administrator account (that name had already been changed). I suppose I could have done the work to logon as "Local Service", but .
More importantly, why does Microsoft ship all Windows products with a password of $NULL?!?. Any self-respecting cracker (THEY ARE NOT HACKERS) knows this. At least use a password generated by the product key entered upon installation. The product key is printed on the documentation along with an admonition not to lose it. It would be TRIVIAL to add an administrator password to the sticker, along with the key.