The Old New Thing

How do I log on using a dial-up connection on Windows Vista?

Mike Stephens from the Group Policy Team Blog explains how to get "Log on using dial-up connections" working on Windows Vista. But I'm posting to respond to a comment on that page, since that falls under the category of "When people ask for security holes as features." The only problem is all users need to have access to an account with ...

When people ask for security holes as features: Silent install of uncertified drivers

Probably the single greatest source of bluescreen crashes in Windows XP is buggy device drivers. Since drivers run in kernel mode, there is no higher authority checking what they're doing. If some user-mode code runs amok and corrupts memory, it's just corrupting its own memory. The process eventually crashes, but the system stays up. On ...

When people ask for security holes as features: Stealing passwords

Sometimes people ask for features that are such blatant security holes I don't know what they were thinking. Is there a way to get the current user's password? I have a program that does some stuff, then reboots the system, and I want to have the current user's password so I can log that user back in when I'm done, then my program can resume ...

When people ask for security holes as features: Hiding files from Explorer

By default, Explorer does not show files that have the flag, since somebody went out of their way to hide those files from view. You can, of course, ask that such files be shown anyway by going to Folder Options and selecting "Show hidden files and folders". This shows files and folders even if they are marked as . On the other hand, files ...

When people ask for security holes as features: World-writable files

If I had a nickel each time somebody asked for a feature that was a security hole... I'd have a lot of nickels. For example, "I want a file that all users can write to. My program will use it as a common database of goodies." This is a security hole. For a start, there's an obvious denial of service attack by having a user open the ...