search for: securityadvisor

...rom an issue whereby after changing a password, a user can login with both their old and their new password. Having done a bit of investigation, it appears that this is a 'feature' from Microsoft as described in http://support.microsoft.com/kb/906305/en-us and http://community.ca.com/blogs/securityadvisor/archive/2007/12/11/microsoft-ntlm-authentication-behavior-allows-using-of-old-passwords.aspx The systems that currently use pam_winbind are a combination of RHEL 4/5 and SLES 10/11 servers with the samba packages that are released with the distro. If anyone is aware of a way to address the issue...

...t makes sense or not. Since people make the same mistakes over-and-over, exploits for very different systems start to look very much like each other. Most exploits can be classified under major categories: buffer overflow, directory climbing, defaults, Denial of Service. (see http://www3.ca.com/securityadvisor/pest/pest.aspx?id=12665 for the entire document about this) Can someone here explain what's going on? I do no e-mailing on that particular PC, and have it set to block all pop-ups. --Helen