Live Messenger Servic
A relative wants me to install the new MSN Live Messenger:
http://get.live.com/messenger/overview
and to start using it to converse with her.
To say that I am reluctant is an understatement. I have always viewed the
messenger service as being an unnecessary risk that is too open and prone to
abuse by the bad guys.
Am I being over cautious?
--
Regards,
Sandy
In Perth, the ancient capital of Scotland
and the crowning place of kings
sandymann2@mailinator.com
Replace@mailinator.com with @tiscali.co.uk Tag: MSecurity Tag: 91666
How to Hook Programs to Explorer?
I have a program that is hooking onto explorer, so when that application is
executed it first executes some kind of installer then brings up explorer.
Is this done through anything in the registry and if yes which paths?
--
Will Tag: MSecurity Tag: 91661
Deny access to d drive by the guest
My computer has both c and d drives and i am trying to configure the d drive
so it is accessed by the administrator account and no the guest account.
when attempting to change the permission on it, it will not allow me to.
Anyone know how to fix this problem.
Running xp home Tag: MSecurity Tag: 91659
Window Defender Daily Scan Stop Running
Hi,
My daily scan just stopped running. I can do a manual scan with no problem.
I check the Task Scheduler service and it's running. I checked the Windows
Defender service and it's running. I tried changing the scan time and that
didn't work. The only thing I didn't do was remove Defender and reinstall.
Can anyone offer any other suggestion?
Thanks
--
Kurt Tag: MSecurity Tag: 91655
Need Help! How do I get rid of this?
I had a friend over, and he was trying to be nice by downloading a dvd player
because I did not have one. However in his quest, he ended up downloading
many a virus' and or spy/adware. When I next got on my computer I noticed 3
new dvd player programs and 3 or 4 anti virus/ad/spyware demo programs.
This told me that he knew he made a mistake, and tried to remedy it, and
didnt know what to do when the trials required money to fix the problems, so
he left.
This is the state I found my comp in when I next got on. I knew there were
going to be problems and sure enough....
The fist thing I noticed was several balloons popping up from the lower
right hand corner of the screen, informing me of what viruses/spyware there
are, and click on them to fix the problems. All this did is send me to
http://protectionband.com/ and all that does is try to get you to buy their
software.
I immediately uninstalled everything he downloaded, but the symptoms
persist.
I already had Spysweeper and Windows firewall running the whole time. So I
did a full system sweep with Spysweeper with antivirus, and it found like 3
things. Quarantined them to no avail.
Keep in mind these balloons are coming up like every 10 seconds.
I tried logging on the internet and all it takes me to is that
http://protectionband.com/ Which I know is a legal virus itself. I think it
was one of the anti- programs he download that all these problems are
remaining from. I think its this thats camoflaging itself to look like
windows and system alert balloons.
I beleive its the remnants from the anti-virus/spy/ad thats doing all of
this.
I was able to use the internet a little, so I went to norton 2007 and
downloaded their trial from them. I thought I should live update first, but
its so bad it inturrupts the live update. So I figured I scan the comp.
first, then live update then scan it again. Its scanning now, so I dont
know the outcome of it yet, Im expecting it to do nothing.
Im asking what I should do if norton 2007 cant fix it.
And on a side not on of those hundreds of pop up balloons said that the
system was 37% infected
Any help is appriciated thank you! Tag: MSecurity Tag: 91649
How to perform FULL CA backup
Hi ,
I have tried to backup using CA snap-in under
all task--> Backup CA--> I select Private key, CArtificate and
Certificate Database to be backup
When I use this backup, to restore on another new server(I'm moving
original Sub CA to another new server)
It prompted me a error saying "I can restore using incremental
backup"...
How should I do a Full CA backup...?
Please advise.
Thanks Tag: MSecurity Tag: 91644
WIRELESS INTRUSION
PLEASE HELP ME...MY EX BOYFRIEND HAS SOMEHOW HOOKED UP WITH HIS
WIRELESS.........THE COPS WERE EVEN LOOKING FOR A MAN RUNNING WITH A LAPTOP
FROM THE EMPTY HOUSE NEXTDOOR & RIGHT AFTER MY DAUGHTER SAID THAT SHE JUST
RETURN BACK TO OUR COMP & THE COMPUTER SHUTDOWN AS IF SHE WERE USING THE
MOUSE. IS THERE ANY HELP RESOURSES FOR THIS........HE ALREADY VANDALIZED MY
TRUCK & CAUSED $17,000 WORTH OF DAMAGE..........AND NOW I AM NOT RECEIVING MY
EMAILS.......I DONT KNOW IF THEY ARE GETTING INTERCEPTED Tag: MSecurity Tag: 91638
How to Take Back Control of Filetype Associations
Here is a new one (for me): on one machine a virus/trojan has changed file
associations to point at itself to re-infect the machine each time a known
filetype is invoked. The problem is that the virus also locked out the
ability for local administrator to even view what those associations are,
probably by changing the DACL. How do I take back control and view the
associations?
--
Will Tag: MSecurity Tag: 91637
Install domain certificate in an external machine
Hi, do you guys know how to install a domain certificate in a client
that login into the domain, using a valid domain credentials (i.e
"Mydomain\MyValiduser" ) but his machine is working in his local domain.
Thanks,
Nelson Tag: MSecurity Tag: 91629
Complex Security
Hi,
I have a client that just install a accounting software, and
everybody in the company have to use it but the manager wants to block
access to the datafiles that are .DBF and could be open with excel
which is largely used in the office, so i managed to block access to
the data folders and I created a special user to access the software
and give it the rights to the folders, I also created an invisible
share to map a drive because the software needs a mapped drive to
work. Some people have windows 2000 and everybody else have XP pro, I
started testing with 2000 and with the option "run as a different
user" in the icon of the shortcut it works, it asks for the username,
password and domain of the different user, but today when I started
testing with Windows XP, I got the error message "The system cannot
find the path specified" I found out that with windows XP as opposed
to windows 2000 uses the current session credential to connect to the
map drive, is ther a way to avoid that?
Thanks
Fugitif Tag: MSecurity Tag: 91628
Having issues printing from C:\WINNT\TEMP
Hi,
I'm no network admin but this one is hard to get for me. A lot of computer
Windows 2000 SP4 clients when printing from Outlook or Internet are getting
blank pages. Now I know that with administrator rights or by adding Domain
Users write access on the C:\WINN\Temp folder the problem is solved.
However I don't think this is standard behavior to add Domain Users on that
folder and we all know that making users part of the admin group is a
security issue. This is what the Default Permissions look like on all
computers including the ones having the issues. One last note to have is
that we did change the Windows Env. variable TEMP value to point to C:\TEMP
instead of C:\WINNT\TEMP. This allows a application to run without needing
admin rights.
Administrator (Computer\Administrators)
Creator Owner
Power Users (Computers\Power Users
System
Users (Computers\Users) Tag: MSecurity Tag: 91627
Windows XP certificate lost?
Hello,
I am running Windows XP with all updates.
I have 2 disks:
C: with the opetational system
D: with personal data
Some files at D: are encrypted with the NTFS system
Yesterday I setup a certificate for Acrobat professional 7 and, by
accident, deleted an existing certificate (digital ID) using the
Acrobat "Digital ID" management tool (under the menus Advanced ->
Security settings -> Digital IDs)...
Well... the deleted certificate was not from Acrobat, but from the
Windows XP and now I am unable to access the encrypted files.
Testing I found Windows XP maybe created a new certificate for encrypt/
decrypt files (and other functions need certificate).
I am not sure if the certificate was deleted or only removed from
certificates list.
Maybe is possible find the disk location of the certificates files and
restore it, but I have no idea where the certificates are located in
the disk.
Some one can help me with this problem?
Thank you very much,
Sukhoi Tag: MSecurity Tag: 91625
HELP - IE7 doesn't let me get to Windows Update; keeps saying I should add list of websites.
reposting this question:
Win2003 SP1, IE7.
I added the list of websites below.
However, I attempt to go to the Windows Update Website and I keep getting
annoying message in IE7 saying that I should add the sites below. What's
wrong?
What it is strange is that under "Security", allowed websites settings I
added the complete
http://.update.microsoft.com and all other two URL IE7 reports I should have
added. Tag: MSecurity Tag: 91624
Problem in Certificate Authority
Dear Friends,
While doing the enrollment for the user certificate of Smart card i am
getting for the following error.
*********************
Create and submit a request to this CA.
Error
An unexpected error has occurred:
A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file.
******************
while chekcking int he certificate authority issue status the Enrollment
Certificates are expired.
please help me as i do not know anything about certificate authority and all
my users are facing problem for the logon.
best regards
Sharad Tag: MSecurity Tag: 91610
error message
I keep getting a error message for the file name mqqmdisp.exe, and a send
error repot pop up after that. When i looked up what this file is, I found
that it was a mass dialer program. My antivirus doesnt recognize it as a
virus. Is this a virus, and if so how do i get rid of this program. Any help
will be appreciated. Thanks Tag: MSecurity Tag: 91609
Shares, Named Pipes, and Registry for Anonymous Remote Access
I have a trojan I am fighting that replicates by establishing a null
connection to IPC$ on any member server that has File & Printer Sharing
enabled. It then repeatedly tries to invoke one of several buffer
overloads in order to execute code in the SYSTEM context of the targeted
machine. I would like to know how can I safely prevent null connections on
IPC$. I have all five of the enable/disable settings in GPO security set
that forbid anonymous access. Setting those to forbid anonymous is NOT
preventing the trojan from successfully establishing the null connection.
I can see this quite clearly by following its progress in a sniffer on the
attacking machine, and then when the IPC$ connection is established, on the
Windows 2003 DC I quite clearly get an eventviewer message that shows
ANONYMOUS CONNECTION, and the IP of the eventviewer message matches the
attacker's IP.
Group Policy for Windows XP/2003 contains the following Security Settings
(these names are approximate):
Named Pipes that can be accessed anonymously
Remote access registry paths
Remote access registry paths and subpaths
Shares that can be accessed anonymously
I have the following questions regarding the above:
1) For a domain controller, is it required that any of these be enabled, and
what is the minimum subset of entities that must be exposed?
2) For a member server, same question
3) For Windows 2000 DCs, are most of these just enabled by default and you
cannot change the specific settings?
4) When you deselect the checkbox on this group policy, and simply fail to
define any entities, then what are the defaults that will be in effect?
When I ran RSOP.MSC on one Windows 2003 DC, it had none of these defined
even through its local policy and GPO did not select checkboxes for any of
these.
If the lack of any settings in RSOP.MSC means that nothing is being allowed
for anonymous access, then would I get the same result by enabling the
checkbox, and simply forcing the list of each GPO setting above to be empty?
I'm not clear on what steps if any I should take here to absolutely be sure
that there are no anonymous connections allowed to the member server / DC.
Any insights on this are appreciated.
--
Will Tag: MSecurity Tag: 91608
IE7 Critical Update
I just went to Critical Update page tonight and expected to see the usual "IE
7 Critical Update" download. I have been putting off downloading IE 7 for a
while as I am doing too many other things.
However, tonight I 'DO NOT' see the "IE 7 Critical Downlaod" listed any
longer. Would anyone know why not?
(There was just one download = KB 905474 (Genuine Advantage), which I did
download and it then checked my computer and said everything was okay.) Tag: MSecurity Tag: 91603
Password Changes remotely thru VPN
I have remote employees who connect to our network on a daily basis
using VPN. All the workstations that they use are members of our
domain. All users are domain users and authenicate against our DC's.
We currently have a password policy that requires users to change
their password every 90 days. I can always tell when that time frame
comes up because at least half of my remote users call stating that
they can't connect. Is it possible to prompt a user who is
authenicating to the domain to be prompted that their password is
going to expire or has expired. What is the best practice that others
use to control this in regards to remote users.
Thanks Tag: MSecurity Tag: 91599
Registry questions
We've been running a security application to scan some of our servers and it
flagged the below reg keys. Can someone explain what these reg keys are and
what they are used for. I've included the error msg flagged with the
HKEY_LOCAL_MACHINE reg... Thanks for any help
HKEY_USERS\\.Default\\Control Panel\\Desktop\\ScreenSaverIsSecure
HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\LSA\\Notification
Packages
(error msg received.)
Data: FPZECLQT RTTSTM SDCEEC scecli; expected data to match regular
expression: PAWWFGLT; comment: Palefilt Tag: MSecurity Tag: 91595
Purchase of a certificate
I am new at setting up security using a certificate.
Running 2003 server with exchange2003 on top. I want the Web access to be
secure so I am asssuming that I need a cerificate. If I do, is this a one
time purchase, or is it an annual thing?
Regards Tag: MSecurity Tag: 91591
Silent certificate installation
Hi guys, does anybody know how to install a certificate on the client
machine silently? I already set up the CA authority and it is issuing
certificates automatically. When I click to install the certificate I
receive 2 messages warning me about the installation of the certificate.
Is there any way to install the certificate without user intervention? I
mean, a script that I can do, a .NET app, what ever works .... I'll
appreciate any clue, cause I don't know where to start.
Thanks,
Nelson Tag: MSecurity Tag: 91581
CERTSRV_DCOM_ACCESS Group missing - suggested KB fix not working 4
Dear all,
Have just implemented a W2003 pki for our 3 domain forest, the issuing CA is
a w2003 enterprise box, not a dc but installed as part of one of the child
domains in the forest under an enterprise admins account.
pkiview tells me everything is fine, and domain controllers are
auto-enrolling just fine within the child domain hosting the CA, outside in
the other child domains they aren't but thats an issue with Cert Publishers
membership that i am confident i can resolve by changing the scope of the
groups.
The problem i have is referenced in http://support.microsoft.com/kb/927066
but the fix does not work in our situation. The fix i am referring to is to
run certutil -setreg SetupStatus -SETUP_DCOM_SECURITY_UPDATED_FLAG if the
CERTSRV_DCOM_ACCESS group is missing from the users container in the ad.
Which it is. Running this generates no errors, but does not create the
group....
I feel i should also mention that our root domain within the forest was
upgraded from w2000 to 2003, but due to an administrative oversight, the
schema was updated to R2 before sp1 was applied to the schema master. Not
sure if this is related.
Essentially i need to have the group so i can add the relevant groups so my
users are able to request certificates, at the moment only ent admins can,
everyone else receives the following message
The wizard cannot be started because of one or more of the following
conditions:
- There are no trusted certification authorities (CAs) available.
- You do not have the permissions to request certificates from the available
CAs.
- The available CAs issue certificates for which you do not have permissions.
Any ideas? Any advice welcomed!
Best,
Jim Bullock Tag: MSecurity Tag: 91576
Client Wireless Set To PEAP But Need Access To Public AP's Also
Hi,
I have setup a lab using MS IAS and PEAP autnentication for wireless users.
This all works great.
But the clients that have the group policy assigned for the WIFI policy cant
connect to public AP's.
Is there any thing I need to do to allow clients to access our secure PEAP
wireless network but also be able to connect to public or home AP's.
Thanks for any help. Tag: MSecurity Tag: 91574
SLL Certificate
hi,
Does anybody know a URL, where I can buy a secure SSL-certificate for our
Windows-Webserver, which one can buy for a low price?
The important thing is, that IE7 and other browsers shouldn't prompt the
certificate warnings anymore.
Thanks for your hint.
regards
Patrick Tag: MSecurity Tag: 91570
Browser Hijack?
When I select the Homepage on my internet explorer browser I am immediately
taken to the security centre with the following address
http://asafetynotice.com/ It advertises a number of security programs you can
download (at cost). Though I already have McAffee antivirus/firewall
installed which has not detected any problems. It is annoying but it only
happens when trying to open the 'Homepage'
Would appreciate any ideas. Thanks Tag: MSecurity Tag: 91567
"file audit"
Hello,
We have a Windows 2003 Server which has some folders shared. I have
to find a way to know what are doing users whith those files. Most of this
files are generated by MS Word, Excel. I tryed to audit those folders but
the information is not helping me too much. I would like to know the follwing:
- if the files are copied from server to local station
and from this to USB flash memory , flopy disk or send by email and so on.
- when the user is opening, changing, deleting or
closing a file.
Can you please tell me if is there a way to do this only with the option
from Windows 2003 or do I have to use another software ( is possible please
tell me what software should I use)? Tag: MSecurity Tag: 91565
Require Info on EAP extension development for windows mobile
Hi,
We are developing an EAP module for the Windows Mobile 5.0 as per
the documentation provided at the MSDN site for the EAP extension
development.
http://msdn2.microsoft.com/en-gb/library/aa363504.aspx
We succeeded in writing the whole EAP module. The whole EAP
authentication goes through well with the AAA server(RADIUS) with the
extension dll we wrote and we finally receive the outer EAP success,
sent as part of the Access-Accept from RADIUS, which indicates the EAP
authentication has succeeded. Now as per the documentation in MSDN, we
are supposed to pass the MPPE-Send key and MPPE-Recv Key from the
RasEapMakeMessage function using the pUserAttributes member of the
pEapOutput structure in the final step. These keys are supposed to be
used in the EAPOL module in the 4way handshake for the WPA MSK
derivation.
But its not much clear on how the pUserAttributes is to be filled with
these keys. We filled in the pUserAttributes pointer from what we can
make out from the following MSDN link in the Remarks section at
http://msdn2.microsoft.com/en-gb/library/aa363518.aspx .
and another section that appears in the EAP Host documentation for
Windows Vista and XP on how MPPE keys are to be handled at
http://msdn2.microsoft.com/en-us/library/aa363636.aspx, which we think
might also be relevant for the EAP extension development. But they
don't seem to work.
We tried a lot of combinations but nothing seems to work. When we
sniffed/traced on Access Point's logs the supplicant doesn't seem to
respond to the EAPOL key request at all as part of the 4 way handshake
for the WPA key(MSK) generation.
There isin't much help at the MSDN apart from the above. The following
is the code piece on how we filled in the fields, can anyone check if
the code and tell what is wrong with this and the correct way of doing
it
The excerpts from the code is as follows:
typedef unsigned char u8;
struct vsa
{
u8 attr_type;
u8 length;
u8 salt[2];
u8 lenofkey;
u8 value[32];
u8 padding[15];
};
struct vsa mppe_send_key, mppe_recv_key;
char *pos = NULL;
// 1-MPPE-Send Key, 1-MPPE-Recv Key, 1-raatMinimum(for
termination)
lenofuserattr = 3 * sizeof(RAS_AUTH_ATTRIBUTE);
pEapOutput->pUserAttributes = (RAS_AUTH_ATTRIBUTE *)
malloc(lenofuserattr);
pos = (u8 *) pEapOutput->pUserAttributes;
memset(pos, 0, lenofuserattr);
/*
As per MSDN
52 for the sub-attribute AVP which would hold the
MPPE keys
4 for Vendor-Id(311 for Microsoft)
*/
lenofvalue = 52 + 4;
//MPPE-RECV-KEY
pEapOutput->pUserAttributes[0].raaType = (raatVendorSpecific); //ras
auth attribute type (VSA)
pEapOutput->pUserAttributes[0].dwLength = (lenofvalue);
pEapOutput->pUserAttributes[0].Value = (u8 *) malloc( sizeof(u8) *
(lenofvalue) );
pos = (u8 *) pEapOutput->pUserAttributes[0].Value;
memset(pos, 0, lenofvalue);
vid= ntohl(311);
memcpy(pos, &vid, 4);
pos += 4;
mppe_recv_key.attr_type = 17;//Type MPPE-Recv-Key
mppe_recv_key.length = 52; //Total AVP length
mppe_recv_key.salt[0] = 0x00;
mppe_recv_key.salt[1] = 0x00;
mppe_recv_key.lenofkey = 32; // Key length only
// The second 32 bits of the buffer 'mppe_keys' is the
MPPE-Recv key
memcpy(mppe_recv_key.value, mppe_keys + 32, 32);//MPPE-Recv Key
memset(mppe_recv_key.padding, 0, 15); //padding
memcpy(pos, &mppe_recv_key, sizeof(struct vsa)); //sizeof(struct
vsa) is equal to 52
//MPPE-SEND-KEY
pEapOutput->pUserAttributes[1].raaType = (raatVendorSpecific); //ras
auth attribute type (VSA)
pEapOutput->pUserAttributes[1].dwLength = (lenofvalue);//4 - Vendor-
Id
pEapOutput->pUserAttributes[1].Value = (u8 *) malloc( sizeof(u8) *
(lenofvalue));
pos = (u8 *) pEapOutput->pUserAttributes[1].Value;
memset(pos, 0, lenofvalue);
vid= ntohl(311);
memcpy(pos, &vid, 4);
pos += 4;
mppe_send_key.attr_type = 16; //Type MPPE-Send-Key
mppe_send_key.length = 52; //Total AVP length
mppe_send_key.salt[0] = 0x00;
mppe_send_key.salt[1] = 0x00;
mppe_send_key.lenofkey = 32; // Key length only
// The first 32 bits of the buffer 'mppe_keys' is the
MPPE-Send key
memcpy(mppe_send_key.value, mppe_keys, 32); //MPPE-Send-Key
memset(mppe_send_key.padding, 0, 15); // Padding
memcpy(pos, &mppe_send_key, 52);
//Terminate with raat Minimum
pEapOutput->pUserAttributes[2].raaType = (raatMinimum);
pEapOutput->pUserAttributes[2].dwLength = (0);
pEapOutput->pUserAttributes[2].Value = NULL;
Thanks,
Vijay Tag: MSecurity Tag: 91564
Browser being hijacked?
After reading some book reviews I I thought I'd make a few purchases at
www.amazon.com. But every time I type in amazon.com into my browser I get
sent to this
http://www.amazon.com/gp/aw/h.html/103-0672385-5251043
It happens on both of my PCs and with firefox and explorer. I am running
Windows XP SP2, with
spyware doctor and antivir and they don't see to find any problem. Does
anyone else have this problem?
Best,
Rob Tag: MSecurity Tag: 91563
Windows XP Home Edition Password
My friends daughter set a password on there home pc and nopw can't remember
it. Anyway to unlock it? Tag: MSecurity Tag: 91558
Annoying "Restricted Sites" behavior, IE 7
From a certainServer, I attempt to go to www.microsoft.com/security. I get
there just fine, but when I click on "Windows Update" I notice a
'prohibited' signal on the top of the IE 7 page. From there I can't access
Windows Update.
What it is strange is that under "Security" settings I added the complete
http://update.microsoft.com/windowsupdate/v6/default.aspx
and also http://.update.microsoft.com*
However the problem persists.
What am I missing? How can I browse to the security update sites without
restrictions? Tag: MSecurity Tag: 91556
A twist to "Logon to domain"
Hi all,
just scanned the postings and i'm a little suprised. There seams to
be no way, to make a user logon/authenticate at a domain WITHOUT the
user making
his username AND PASSWORD available to the application initiating the
logon/
authentication process....
Is that right?
I'm refering to
CredUIPromptForCredentials function
which "publishes" the password of the application the invoking it.
Any hint how to initiate the authentication process in a way which
does
not make the password readable to the invoking application?
I really hope i'm just missing something, and it's not by design....
TIA
br
Radek Tag: MSecurity Tag: 91555
Password policie
Hello,
Is it possible that we have two password policies in one domain. ¿Can I
configure this GPO at site level?
Thank you. Tag: MSecurity Tag: 91549
public xp media edition
I maintain several laptops at our local library. With the Media Center
XP 2005 I can't seem to set up limited user accounts. I just want an
admin account for me and the librarians and a limited account that
doesn't allow any programs to be added or altered. I am pretty
computer savvy but not a programmer or expert. I also need to do this
on two XP Home laptops. Thank you, Carol M Tag: MSecurity Tag: 91547
Waking up from hibernate
If my computer hibernates, I move the mouse, or if that doesn't wake it up, I
hit the power button. The "User Screen" opens to allow me to chose which user
(me or my wife). It also lists the number of programs running, AND also
states that i have XXX new mail messages. I have to assume that this is
refering to mail in hotmail and not my actual e-mail account. Either way,
this must mean that Windows is going to Hotmail with out my permission and
checking for mail even though I didn't request this. To me this is an
invasion. If I want to check for mail on Hotmail, I'll log in and look.
Microsoft has no business checking to see if I have mail. It was quite a
while back that I opened the hotmail account, but I don't recall giving
permission for this invasion. I am forced to sign up for hotmail to allow
access to this site, where does Microsoft get off checking my mail when I'm
away from my computer?
Maybe I did agree somewhere, we all know how they hide things in their terms
of service/ privacy policies, and you have to accept to allow you to
continue, just like this page, accept or Poat is grayed out. But this still
isn't right. Tag: MSecurity Tag: 91541
shared files not accessible
I have two computers on the network and they are both running Windows XP.
The problem is with one of the computers on the network. I can access shared
files on one computer. When I try to access any of the shared files and
connect to the other computer I get the following error:
PC#1 is not accessible. You might not have permission to use this network
resource. Contact the administrator of this server to find out if you have
access permissions.
please help!!! Tag: MSecurity Tag: 91539
How to disable The Plug-and-play for new USB storage devises ?
I manage to disable old USB storage devices and new devices.
When there is a new storage devices connected the PnP open the
options
That enables the operation to browse the HD to locate the drivers.
Is there any option to disable all these dialogs?
My application does not allow the user to access the HD in any way.
Thanks Tag: MSecurity Tag: 91538
Blocking all not necessary ports for servers on Firewall
Blocking all not necessary ports for servers on Firewall (CISCO ASA)
The Problem looks as follows:
We have Servers in different network segment, between users and servers
there is an Firewall.
It is necessary on Firewall (CISCO ASA) to block all not needed incoming
ports for following servers and services and to leave only those which are
necessary for normal work with the client
1) Domain Controller (Windows Server 2003 SP1) - All Clients is Windows
XP/2000
I try to create table for some ports
88 UDP Kreberus
88 TCP Kreberus
123 UDP NTP
135 TCP RPC end.map/DCOM
137 UDP NetBIOS
137 TCP NetBIOS
138 UDP NetBIOS datagram
139 TCP NetBIOS session
389 UDP LDAP Discovery
389 TCP LDAP
445 TCP SMB
464 UDP Kerberus Password Change
464 TCP Kerberus Password Change
639 TCP LDAP over SSL
3268 TCP Global Catalog
3269 TCP Global Catalog over SSL
That's all necessary incoming ports for normal Active Directory
functionality witch clients?
2) Exchange Server (Back) (2003 SP2) - All Clients is Outlook XP/2003/2007
(MAPI, some users POP3/SMTP)
25 TCP SMTP
25 UDP SMTP
110 TCP POP3
How about MAPI Clients? Outllok 2003/XP/2007 what ports they need?
3) Exchange Server (Front) (2003 SP2) ActiveSync, Outlook RPC
443 TCP SSL (as I understand is only one needed port.)
4) Fileservers (Windows Server 2003 R2)
445 TCP (SMB) only one? Or I need also some netbios ports?
5) Database (SQL Server 2000 SP4) some users need access to sql db
1433 TCP
Someone or somewhere can I get that information what INCOMING ports do I
need to open on Firewall for normal client-server communication for listed
servers and service?
Of course I can Use Windows Security Configuration Wizard and do all it in
few minutes, but its must done on firewall :-(
Arman O.
Thanks Tag: MSecurity Tag: 91537
SSL & renegotiation in IE 6.0 SP1
Dear All,
Is there any known problems in IE 6.0 SP1 in SSL session renegotiation
scenarios initiated by a SSL aware server. I have been facing 'Page cannot be
displayed' problems on submitting form data (POST method). Actually the SSL
session renegotiation is initiated by the server on receiving the POST
request.
On checking with the ethereal dump, i found that the negotiation process
fails at the last hurdle. That is, after the client sends its Change Cipher
Spec and Send Finished (both in encrypted form, Change Cipher Spec with the
previous key while the Send Finished with the newly negotiated key), the
server is promptly sending its Change cipher spec and send finished in
encrypted fashion using appropriate keys. The server also follows up the send
finished with the response application data encrypted with the lastly
negotiated key.
However IE closes the connection on receiving the application data. I have
manually checked the SSL packets recieved on the client side using ethereal
and found all of them to be proper (even decrypted them with the appropriate
keys(viz, server private key) and found the application data to be proper)..
The whole problem is, this behaviour of IE is not consistent and happens
once in a while.
So for i have encountered this problem in the following machine
configurations.
1) Win 2000 5.00.2195 Professional SP4 with
IE 6.0.2800.1106 Update Versions:SP1,Q833989,Q823353
2) Win 2003 Enterprise Edition SP1 with
IE 6.0.3790.1830 Update Versions: SP1;
3) Win 98 SE 4.10.2222A with IE 6.0.2600
Any pointers on this problem is appreciated. Tag: MSecurity Tag: 91535
Enabling Anti-Virus Scan
I have Norton Anti-Virus and am unable to perform a virus scan because there
is a document in my computer that causes the scan to stop. It is a Microsoft
Word document that I cannot delete. When I try, my computer says, "Cannot
delete. The parameter is incorrect." How do I correct the parameter so that
the document will delete and the scan can be performed?
--
Thanks for helping me: Laura in MT Tag: MSecurity Tag: 91531
WARNING: Winfixer and Errorsafe [AKA Vundo] being distributed via WL/MSN Messenger banner ads
WARNING: Winfixer and Errorsafe [AKA Vundo] being distributed via MSN
Messenger banner advertisements
http://msmvps.com/blogs/spywaresucks/archive/2007/02/18/591493.aspx
<QP>
I strongly recommend that all users of MSN Messenger ensure that their
anti-virus and anti-spyware applications are up to date. Do not click on
any buttons in pop-up windows that you may see, and do not believe Web sites
that report that they have found a problem on your computer - seriously, how
the hell would they be able to tell?
Do not click on OK or Cancel buttons in the pop-up windows. Close the
window using the red x close button.
I also strongly recommend that MSN Messenger users download and install Mike
Burgess's HOSTS file to help block winfixer and other bad guys. You can
find Mike's famous HOSTS file here:
http://www.mvps.org/winhelp2002/hosts.htm
</QP>
How To Remove Winfixer (Vundo) variants
http://www.bleepingcomputer.com/forums/topic18610.html
When all else fails, HijackThis v1.99.1
(http://aumha.org/downloads/hijackthis.zip) is the preferred tool to use.
It will help you to both identify and remove any hijackware/spyware with
assistance from an expert. **Post your log to
http://forums.spybot.info/forumdisplay.php?f=22,
http://castlecops.com/forum67.html,
http://forums.subratam.org/index.php?showforum=7,
http://aumha.net/viewforum.php?f=30, or other appropriate forums for expert
analysis, not here.**
--
~Robear Dyer (PA Bear)
MS MVP-Windows (IE, OE, Security, Shell/User) Tag: MSecurity Tag: 91522
ActiveX Control To Read Certificate (ASP.Net app)
I need to be able to read a certificate from the currently logged on
user's PC and then check its validity against our certificate server.
C Ford Tag: MSecurity Tag: 91506
Change 2003 Domain Password over Internet (No outlook, no vpn)...
Is there a way short of using Outlook (rpc over http) or VPN to change
a users password via the internet?
IE: Perhaps a 3rd party web app which would allow this etc.
Thanks for any tips Tag: MSecurity Tag: 91496
Live One Care
How is the Live One Care program comparing as to what it does to the other
big programs
like McAfee and Norton?
Also, second question: Does it works well with Vista? Tag: MSecurity Tag: 91492
centralized event logging? centralized syslog... dumping event log?
I've read through a few whitepapers from SANS about centralizing log
files. One way was to install a syslog agent and forward it to a
centralized syslog server. Another was to dump the event log to a file,
and download it to a central box.
Both those papers are not ancient, but also not very recent.
Has anyone used splunk? I figure that would be a big time saver so i
don't have to create my own frontend. Tag: MSecurity Tag: 91490
open port 4567
When I run the online Symantec Security Check it shows an open port. It
says, "Security Status: At Risk! You are vulnerable to at least one form of
security threat." The details show all ports Stealth except for Port 4567.
It shows that one open. How do I close this port? Tag: MSecurity Tag: 91489
Where's my private key?
Hi,
1)
I used
makecert -n CN=AADI_SERVER -sk AADI_PK_CONT -sr LocalMachine -ss
AADI_TEST_STORE D:/aadi_cert1.cer
to create a certificate.
Now in the console root, i can see the AADI_TEST_STORE containing
certificate.
But i cant seem to locate the private key or the AADI_PK_CONT
container.
Where can i find it.
2)
Also, can you give me some idea as to how to load a private key from
a .pvk file? Tag: MSecurity Tag: 91486
ppcleandeleteatreboot???
i found this in my program files and was wondering if this is a program from
microsoft or from one of the many anti viras/spyware i downloaded and if it
is is it safe and is it going to remove spyware???? Tag: MSecurity Tag: 91482
Is working at msecurity (information security company)
www.msecurity.net
EggHeadCafe.com - .NET Developer Portal of Choice
http://www.eggheadcafe.com