|
|
|
|
|
|
by justinclift
1277 days ago
|
|
|
Heh. Reminds of one of Symantec's "Enterprise" products. Turned out, if you're logged into the central (on prem) server it has the ability to run commands as root/superuser on any of the connected clients (generally servers themselves). The commands run this way are _not logged_ and don't show up in any system audit logging. After we pointed this out as a security problem in itself, they released a new version that _apparently_ had this functionality removed (was in the release notes). But digging into the new release, they'd just moved the functionality into different binaries and hoped no-one would notice. :( The mind boggles at what some of these places will try. |
|
|