Policy Changes and there effects

TheMSsForum.com: The Microsoft Software Forum

The MSS Forum ‹ Security
- Archive
  - Biz
  - MCSE
  - CRM
  - Drivers
  - Framework
  - ADO
  - ASP
  - Compact
  - Forms
  - Dotnet
  - C#
  - VB
  - FontpageGen
  - Excel
  - WorkSheet
  - Exchange
  - Setup
  - Fox
  - Fontpage
  - ASP
  - IIS
  - Entourage
  - Money
  - Messanger
  - PocketPC
  - Powerpoint
  - Project
  - Publisher
  - Excel
  - VB
  - Security
  - Portal
  - Services
  - SQLServerDev
  - SVCS
  - SQLServer
  - VB
  - VC
  - MFC
  - ExcelGen

- Previous
  - 1
    - Spyware/Adware took over my desktop background The other day because of some confusion between Norton Internet Security and AOL, I very mistakenly turned off my Personal Firewall for a minute so I could get logged on. Well, a spyware or adware virus entered my computer. I believe that through either Norton or PestPatrol, I got rid of most of the virus, since my computer seems to be working fine. But what wouldn't go away was an ad that apparently lies on top of my normal background. The ad is the usual "Warning! You're in Danger . . ." and at the bottom of the ad is the phrase "Removal Instruction." Despite running Norton and PestPatrol several times, the ad remained. So I check out it's Properties and found that it was saved as AOL picture in the Windows Desktop. I went into the Desktop file and found an AOL picture that was created at the time the virus entered my computer. Figuring that was the ad, I deleted it. After re-booting, the ad was gone, but in its place was blank white screen. I can still see my icons, and they all seem to work, but the background is a glowing white, which isn't easy on the eyes and may be something that's hurting my computer. The company that caused the ad, I believe, is called SmartSecurity and claims to be a software that erases images and documents from your C drive so that no one knows what you're doing. Has anybody ever seen this before, and more importantly, does anybody know how to return my screen to normal? Thanks for any help, Mark Tag: Policy Changes and there effects Tag: 64188
  - 2
    - Problem with IPHLPAPI.DLL I renewal my Norton Antivirus, to the new version Norton Antivirus 2005. Ever since I've been getting the following errors: "Symantec Email Proxy cannot scan your email messages because your network is not properly configured: (1003.13)" "Error starting Program the IPHLPAPI.DLL file cannot start. Check the file to determined the problem". I've check with the Norton people after some checking, they concluded the problem with the email scanning has to do with the IPHLPAPI.DLL file and when this get resolves/fix the email scanning will work properly. I've check to see if the IPHLPAPI.DLL is in my hard drive, it is. There are 4 copies; 1. C:\WINDOWS 2. C:\WINDOWS\SYSTEM 3. C:\WINDOWS\TEMP\Q312339 4. C"\America Online I've checked your website for a solution: I found Document ID#2003103013462254. it said the problem might an incompatible iphlpapi.dll file, I just the version and it is the most recent version 5.00.1717.2. I can't open the file, just view it, how do I determined the problem and fix it, so that my new Norton Antivirus 2005 will work properly??? How do I check the file to determine the problem??? Please help!!!! my email: mundybring@bellsouth.net Tag: Policy Changes and there effects Tag: 64187
  - 3
    - silicone virus varient ? On a frends computer with win xp instaled had a reocuring problem in that the pc would shut down without warning we scaned the pc with up to date anti virus software and spybot and lavasoft all ok the problem continued at iregular intervals with no set patern we then tryed reparing win xp (home edition) still the same problem we tryed this again still the same problem Next we fermated the hard drive and did a clean install all went fine till we got to about 75% of installing componants a screen flashed up please insert cd silicone .com we had to abort the instilation and then repeated the process and the same thing ocurd I then inserted a drive scruber to scrub the hard drive which took several hours and cleared the cmos and then formated and reinstaled win xp home edition no problem and all apears to be ok now has any one come across this before, the only referance to a silicone virus i could find was on the symantic web site but the syimptoms were slightly diferent and their was no fix Tag: Policy Changes and there effects Tag: 64181
  - 4
    - Automatic update disables anti-virus software I have the icon for an automatic update, but when I used it it, it disabled my anti-virus software. Also, the update didn't seem to have worked as the icon is still there. I am using XP and Macafee anti-virus. Any suggestions? Tag: Policy Changes and there effects Tag: 64179
  - 5
    - Automatic update disabling anti-virus software I have the automatic update icon on my PC(running on XP), but when I used it, it disabled my Macafee anti-virus software which I had to reinstall. Also, the update didn't seem to work as the icon is still there. Any suggestions? Tag: Policy Changes and there effects Tag: 64178
  - 6
    - reset my password i forget my password and the secret answear bcz iam not use it for along time and iam not open it by email . bu i know well the info i put it in my informaition when i creat my email so i need help with link or online support to back my email by the info thanks tarek Tag: Policy Changes and there effects Tag: 64176
  - 7
    - Automatic deployment of Certificate Hello, I would like to know if there is a way to automatic deploy certificate (to 15,000 computers). Maybe you know windows API's or something else to do it. Thanks, Yaron Paryanty Cyber-Ark company Tag: Policy Changes and there effects Tag: 64174
  - 8
    - IE/IIS and Integrated Windows Authentication I have searched the groups and wasn't able to find an answer. I have a standalone Windows XP machine, not on a domain or active directory. I have IIS running on the system. When I setup and web application to Integrated Windows Authentication and access it via IE6 it works fine. In IE ,if I change the User Authentication Logon to Prompt for user name and password. And try the site again I get a login prompt but nothing I enter seems to authenticate me to the site. I'm not sure if I'm missing something or if this is how it's supposed to work? Thanks Tag: Policy Changes and there effects Tag: 64173
  - 9
    - Can I use the Microsoft Security Update CD on a Windows98 SE Thai I have two IBM 586 233 mhz computers, one is running Win98 US version and the second is running Win98 Thai version. I have used the Microsoft Security CD that came out in Feb of this year on the US version and it ran ok. My question is: Can I use the same CD to run on the Win98 Thai version? The Thai version was purchased in Thailand and comes from Microsoft Thailand. I am concerned that the US Microsoft Security CD could cause problems, can someone give me some advise as I want my Thai children to be able to use the computer on the Internet. I have tried going to the Windows Update site with the Thai version and it fails the check for current update software, will not load current version and will not let me install any updates where as the US version works ok. Please, any assistance would be appreciated. Tag: Policy Changes and there effects Tag: 64169
  - 10
    - Anti-keylogger? What is the best anti-keylogger utility out there for win2K? Best free one? Thanks! Tag: Policy Changes and there effects Tag: 64166
  - 11
    - Three suspicious looking url's Hi folks, Does anyone having experience with the three, in my opinion, suspicious looking url's? http://www.1securepc.com/portal.htm http://www.1securepc.com/ http://www.docsdownloads.com/ Best regards, Hadrian it's Hadrian hadrian.spam-not@40whyspamxs.com Tag: Policy Changes and there effects Tag: 64157
  - 12
    - Three suspicious looking url's Hi folks, Does anyone having experience with the three, in my opinion, suspicious looking url's? http://www.1securepc.com/portal.htm http://www.1securepc.com/ http://www.docsdownloads.com/ Best regards, Hadrian it's Hadrian hadrian.spam-not@40whyspamxs.com Tag: Policy Changes and there effects Tag: 64156
  - 13
    - using personal signatures for remote authentication I have a personal signature from a national authority which I can use to sign e-mail etc. As a software consultant I run my own web+exchange 2003 server (actually SBS2003) and often want to use e.g. OWA, remote desktop and maybe even VPN from remote sites. I would like to implement more security than just username/password, and a neat solution would be to utilize my personal certificate, which I could install on the computer I use at the client site. Can someone refer me to articles on how to do this? Not using smart cards but where the cert is installed on a client PC. Tag: Policy Changes and there effects Tag: 64153
  - 14
    - different protocols thru double firewall My client develops software in-house, and is using a double-firewall where internet browsers talk to webserver 1 on port 80, which forwards the http request to webserver 2 on a different port via a firewall. Webserver 2 contains the application logic (webserver 1 is essentially just a proxy). Webserver 2 may talk to application servers on the "LAN" through another firewall. Both these web servers are in DMZ and not part of a domain. There is a perception that it is less secure for webserver 2 to communicate with an application server on the LAN via HTTP (e.g. a web service), as opposed to a different protocol from the one that the original request comes in from the browser. Is there any justification for this concern, or is this just "security by obscurity"? There is a tendency to prefer e.g. .NET remoting between the web server and the app server instead of a web service - and I would to hear some opinions if that preference is justified. Tag: Policy Changes and there effects Tag: 64151
  - 15
    - Bios Serial Number - unique system identifiers Can I trust on ( Bios Serial Number + MAC ) to identify a machine? (I want to use it as my hashvalue in a public/private key mechanism) I know that it is possible to disable the processor serial number, so I can´t use it. Idon´t know if it is possible to disable the Bios Serial Number. Thanks Gaby Tag: Policy Changes and there effects Tag: 64143
  - 16
    - question on computer access I don`t know if this can be done....I would like to be able to tell if anyone has accessed my PC at home in my absence, I am not looking for key loggers just a basic something or other that lets me know someone has used it or that they may have installed a programme. I currently use Spybot and AVG for antivirus stuff and have a firewall and run ocassional `other` virus checks. I am sure computer is being used as some settings have changed and a couple of things haven`t worked when I have returned, when I ask no one used it. I don`t want to stop them using it but if I can prove they have then maybe they will be more careful and stop mucking around with it. My next step would be do deny them access which I am reluctant to do,I just want to get it under control. any help appreciated. thanks Tag: Policy Changes and there effects Tag: 64140
  - 17
    - Cumulative Patch Listings? Is there a place on Microsoft's site or any other location that is a good resource to find what MSxx-xxx number covers for other MS numbers? In other words: MS04-004 is a cumulative patch, I can see it covers MS03-048 but can't find a list of all prior patches it would cover... I hope this makes sense... Thanks! Tag: Policy Changes and there effects Tag: 64136
  - 18
    - need hardware based spyware blocker Does anyone know of a piece of hardware that I can use to put on networks to block all incomming spyware from reaching my computers. I have serveral dicconnected neteworks in verious locations that I want to use it on. Tag: Policy Changes and there effects Tag: 64134
  - 19
    - spyware problem, please help Hi, I have ran ad aware and spybot s&d and both have found some spyware on my pc (win xp). i had these programs fix the selected problems. after i did that i connect(dial up) to the internet ok, but internet explorer wont load any webpage or allow me to send/recieve email via Microsoft Outlook. so i restored the spyware and I.E. and my email worked. i have it now narrowed down that if i remove the SAH spyware on my pc I.E. or email wont work. WHY?? and How do i fix this? Tag: Policy Changes and there effects Tag: 64126
  - 20
    - Kernel32.dll causing shutdown I am running Win98 and I occasionally get the familiar message 'illegal operation - windows will be shutdown etc..' when I look at the details, it shows me the problem file as 'Kernel32.dll'. I recently downloaded Spybot, Ad-Aware, ETrust (I have been trying to clean my pc of malware). Does anyone know what this dll is? Any comments would be greatly appreciated. Bryan Tag: Policy Changes and there effects Tag: 64122
  - 21
    - Password history Hi, I want to have strong password restriction in AD but i don't know how to prevent changing a password like this: old: Asdfg_01 new: Asdfg_02 I remember that somewhere (AS400 or UNIX) there is additional restriction - number on characters which could be repeated during password change - is there something like this in AD? Regards, Radek Tag: Policy Changes and there effects Tag: 64117
  - 22
    - what is a DSO exploit? As Above Tag: Policy Changes and there effects Tag: 64116
  - 23
    - how do I remove cookies completely I use adaware and everytime I run it there are about 10 cookies that keep appearing, I check them and have them removed but when I run adaware again, they are back. How do I get rid of cookies completely, never having them return again? Tag: Policy Changes and there effects Tag: 64112
  - 24
    - Hardware box to block spy programs on entire network Does anyone know of a piece of hardware I can put on the network that will block spy programs from being down loaded onto my network. Thanks jess Tag: Policy Changes and there effects Tag: 64091
  - 25
    - Certificates for non-windows machines. I have a CA running on a Windows 2003 Enterprise box. I have a few apache servers that need certificates (they are internal, and the CA is a trusted source on every computer). After I get OpenSSL to generate a request and submit the request on the box running CA, it fails and complains that I don't have a certificate template. How would I go about remedying this issue? The requests are valid requests (at least the file looks that way) Tag: Policy Changes and there effects Tag: 64081
- Next
  - 1
    - Certificates for non-windows machines. I have a CA running on a Windows 2003 Enterprise box. I have a few apache servers that need certificates (they are internal, and the CA is a trusted source on every computer). After I get OpenSSL to generate a request and submit the request on the box running CA, it fails and complains that I don't have a certificate template. How would I go about remedying this issue? The requests are valid requests (at least the file looks that way) Tag: Policy Changes and there effects Tag: 64080
  - 2
    - Certificate for non-windows machines I am trying to generate certificates for some apache servers running on linux. After the OpenSSL request generation, when I attempt to validate the certificate in the CA tool, it complains saying that it failed because the certificate doesn't have a template. How do I fix this? Or, how do you sign certificates made on non-windows machines? Tag: Policy Changes and there effects Tag: 64079
  - 3
    - OH BOY - NEED SOME INPUT 11/2/04, 3:21:37, 111.111.111.11, 198.41.0.4, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:37, 111.111.111.11, 198.41.0.4, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:38, 111.111.111.11, 128.9.0.107, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:38, 111.111.111.11, 128.9.0.107, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:39, 111.111.111.11, 198.41.0.4, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:39, 111.111.111.11, 128.9.0.107, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:41, 111.111.111.11, 128.9.0.107, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:41, 111.111.111.11, 192.33.4.12, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:41, 111.111.111.11, 192.33.4.12, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:42, 111.111.111.11, 192.33.4.12, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:43, 111.111.111.11, 198.41.0.4, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:44, 111.111.111.11, 192.33.4.12, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:44, 111.111.111.11, 128.8.10.90, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:44, 111.111.111.11, 128.8.10.90, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:45, 111.111.111.11, 128.8.10.90, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:45, 111.111.111.11, 128.9.0.107, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:47, 111.111.111.11, 128.8.10.90, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:47, 111.111.111.11, 192.203.230.10, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:47, 111.111.111.11, 192.203.230.10, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:48, 111.111.111.11, 192.203.230.10, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:48, 111.111.111.11, 192.33.4.12, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:50, 111.111.111.11, 192.203.230.10, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:50, 111.111.111.11, 39.13.229.241, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:50, 111.111.111.11, 39.13.229.241, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:51, 111.111.111.11, 39.13.229.241, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:51, 111.111.111.11, 128.8.10.90, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:53, 111.111.111.11, 39.13.229.241, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:53, 111.111.111.11, 192.112.36.4, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:54, 111.111.111.11, 192.112.36.4, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:54, 111.111.111.11, 192.203.230.10, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:56, 111.111.111.11, 192.112.36.4, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:56, 111.111.111.11, 128.63.2.53, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:56, 111.111.111.11, 128.63.2.53, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:57, 111.111.111.11, 128.63.2.53, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:57, 111.111.111.11, 39.13.229.241, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:59, 111.111.111.11, 128.63.2.53, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:59, 111.111.111.11, 192.36.148.17, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:59, 111.111.111.11, 192.36.148.17, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:22:00, 111.111.111.11, 192.36.148.17, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:22:00, 111.111.111.11, 192.112.36.4, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:22:02, 111.111.111.11, 192.36.148.17, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:22:03, 111.111.111.11, 128.63.2.53, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:22:06, 111.111.111.11, 192.36.148.17, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:37, 111.111.111.11, 198.41.0.4, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:38, 111.111.111.11, 198.41.0.4, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:39, 111.111.111.11, 128.9.0.107, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:40, 111.111.111.11, 198.41.0.4, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:40, 111.111.111.11, 128.9.0.107, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:42, 111.111.111.11, 192.33.4.12, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:42, 111.111.111.11, 128.9.0.107, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:43, 111.111.111.11, 192.33.4.12, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:44, 111.111.111.11, 198.41.0.4, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:45, 111.111.111.11, 128.8.10.90, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:45, 111.111.111.11, 192.33.4.12, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:46, 111.111.111.11, 128.8.10.90, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:46, 111.111.111.11, 128.9.0.107, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:48, 111.111.111.11, 192.203.230.10, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:48, 111.111.111.11, 128.8.10.90, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:49, 111.111.111.11, 192.203.230.10, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:49, 111.111.111.11, 192.33.4.12, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:51, 111.111.111.11, 39.13.229.241, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:51, 111.111.111.11, 192.203.230.10, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:52, 111.111.111.11, 39.13.229.241, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:52, 111.111.111.11, 128.8.10.90, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:54, 111.111.111.11, 192.112.36.4, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:54, 111.111.111.11, 39.13.229.241, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:55, 111.111.111.11, 192.112.36.4, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:55, 111.111.111.11, 192.203.230.10, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:57, 111.111.111.11, 128.63.2.53, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:57, 111.111.111.11, 192.112.36.4, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:58, 111.111.111.11, 128.63.2.53, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:58, 111.111.111.11, 39.13.229.241, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:25:00, 111.111.111.11, 192.36.148.17, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:25:00, 111.111.111.11, 128.63.2.53, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:25:01, 111.111.111.11, 192.36.148.17, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:25:01, 111.111.111.11, 192.112.36.4, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:25:03, 111.111.111.11, 192.36.148.17, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:25:04, 111.111.111.11, 128.63.2.53, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:25:07, 111.111.111.11, 192.36.148.17, Udp, 53, 53, -, 0, 100.100.100.10, -, -, Tag: Policy Changes and there effects Tag: 64077
  - 4
    - New MSSecure.XML Version 2004.11.09.0 Now Available MSSECURE.XML Data Version 2004.11.09.0 (for use by MBSA 1.2 and SMS SUS Feature Pack) was last modified today, November 9, 2004, and is now available for all supported languages (English, French, German and Japanese). This XML contains necessary updates for the MS04-039 bulletin for ISA Server released today, although MBSA does NOTsupport this product for detection (see KB306460 for for information on supported MBSA products). This release also includes a number of minor bug fixes reported by customers and PSS to resolve 'invalid checksum' and 'greater than expected' warnings. Please post issues where MBSA reports errors or warnings for cases you may feel are incorrect. -- Doug Neal [MSFT] dugn@online.microsoft.com This posting is provided "AS IS" with no warranties, and confers no rights. If newsgroup discussion with experts and MVPs is unable to solve a problem to your satisfaction, feel free to contact PSS for the Microsoft Baseline Security Analyzer (MBSA) at the following link: http://support.microsoft.com/default.aspx?scid=fh;en-us;Prodoffer20a This e-mail address does not receive e-mail, but is used for newsgroup postings only. Tag: Policy Changes and there effects Tag: 64076
  - 5
    - VBS Security Vunrulbility Has anyone heard of thido you know if its true and weather to disable what it says? > Opening the wrong E-mail may soon be enough to empty your bank account. In an effort to woo security-conscious computer users, "phishers" have come up with a new technique to harvest online banking details without requiring users to click on a Web link and enter personal information on a submission form. This new form of attack, directed specifically at users of online banking, runs a script when a phishing E-mail message is opened, according to E-mail and virus security company MessageLabs Ltd. The script tries to rewrite the host files on the machine of the recipient. On subsequent attempts to access online banking services, victims will unknowingly be redirected to a fraudulent Web site designed to capture their log-in details. Alex Shipp, senior antivirus technologist at MessageLabs, says such developments only make it harder to defend against phishing. Traditional phishing attacks rely on tricking the user into following a Web link and then entering personal information. "This one is much more insidious," he says. Some 3% of those targeted by phishers reveal personal information, according to a study released in April by research firm Gartner. Shipp adds that this new technique, which has only been detected in Brazil, is probably being tested for wider deployment. That's what happened with first-generation phishing attacks that were tested in Australia before being directed at users in the United States. Only systems that have enabled Windows Script Host are vulnerable to this attack. WSH lets users run VBScript and JScript scripts within the Windows operating system. Sophos plc, an antivirus company, offers instructions on how to disable WSH <http://www.sophos.com/support/wsh.html>. "Most businesses these days probably have this disabled," Shipp says. "But home users are more vulnerable." Tag: Policy Changes and there effects Tag: 64074
  - 6
    - OH BOY - NEED SOME HELP! Can any one tell me what this looks like? Are you thinking what I am thinking? Any thoughts are appreciated? ENVIROMENT SERVER:NT 4.0 6A PROXY 2.0 Exhange 5.5 SP4 Antigen Virus Software Here is a snapshot from a PF proxy log. I have changed the internal and gateway ip addresses for security reasons. Just imaging tat 111.111.111.11 is the internal address of the NT server in question, and 100.100.100.10 is internet gateway address. I am seeing this occur periodically. Also, our proxy suddenly crashes, and brings down all the services, thus preventing any Internet Access. I have to start the services again. My servers have all MS Updates. 11/2/04, 3:21:37, 111.111.111.11, 198.41.0.4, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:37, 111.111.111.11, 198.41.0.4, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:38, 111.111.111.11, 128.9.0.107, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:38, 111.111.111.11, 128.9.0.107, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:39, 111.111.111.11, 198.41.0.4, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:39, 111.111.111.11, 128.9.0.107, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:41, 111.111.111.11, 128.9.0.107, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:41, 111.111.111.11, 192.33.4.12, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:41, 111.111.111.11, 192.33.4.12, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:42, 111.111.111.11, 192.33.4.12, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:43, 111.111.111.11, 198.41.0.4, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:44, 111.111.111.11, 192.33.4.12, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:44, 111.111.111.11, 128.8.10.90, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:44, 111.111.111.11, 128.8.10.90, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:45, 111.111.111.11, 128.8.10.90, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:45, 111.111.111.11, 128.9.0.107, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:47, 111.111.111.11, 128.8.10.90, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:47, 111.111.111.11, 192.203.230.10, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:47, 111.111.111.11, 192.203.230.10, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:48, 111.111.111.11, 192.203.230.10, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:48, 111.111.111.11, 192.33.4.12, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:50, 111.111.111.11, 192.203.230.10, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:50, 111.111.111.11, 39.13.229.241, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:50, 111.111.111.11, 39.13.229.241, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:51, 111.111.111.11, 39.13.229.241, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:51, 111.111.111.11, 128.8.10.90, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:53, 111.111.111.11, 39.13.229.241, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:53, 111.111.111.11, 192.112.36.4, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:54, 111.111.111.11, 192.112.36.4, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:54, 111.111.111.11, 192.203.230.10, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:56, 111.111.111.11, 192.112.36.4, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:56, 111.111.111.11, 128.63.2.53, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:56, 111.111.111.11, 128.63.2.53, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:57, 111.111.111.11, 128.63.2.53, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:57, 111.111.111.11, 39.13.229.241, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:59, 111.111.111.11, 128.63.2.53, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:59, 111.111.111.11, 192.36.148.17, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:21:59, 111.111.111.11, 192.36.148.17, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:22:00, 111.111.111.11, 192.36.148.17, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:22:00, 111.111.111.11, 192.112.36.4, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:22:02, 111.111.111.11, 192.36.148.17, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:22:03, 111.111.111.11, 128.63.2.53, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:22:06, 111.111.111.11, 192.36.148.17, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:37, 111.111.111.11, 198.41.0.4, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:38, 111.111.111.11, 198.41.0.4, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:39, 111.111.111.11, 128.9.0.107, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:40, 111.111.111.11, 198.41.0.4, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:40, 111.111.111.11, 128.9.0.107, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:42, 111.111.111.11, 192.33.4.12, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:42, 111.111.111.11, 128.9.0.107, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:43, 111.111.111.11, 192.33.4.12, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:44, 111.111.111.11, 198.41.0.4, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:45, 111.111.111.11, 128.8.10.90, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:45, 111.111.111.11, 192.33.4.12, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:46, 111.111.111.11, 128.8.10.90, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:46, 111.111.111.11, 128.9.0.107, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:48, 111.111.111.11, 192.203.230.10, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:48, 111.111.111.11, 128.8.10.90, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:49, 111.111.111.11, 192.203.230.10, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:49, 111.111.111.11, 192.33.4.12, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:51, 111.111.111.11, 39.13.229.241, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:51, 111.111.111.11, 192.203.230.10, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:52, 111.111.111.11, 39.13.229.241, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:52, 111.111.111.11, 128.8.10.90, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:54, 111.111.111.11, 192.112.36.4, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:54, 111.111.111.11, 39.13.229.241, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:55, 111.111.111.11, 192.112.36.4, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:55, 111.111.111.11, 192.203.230.10, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:57, 111.111.111.11, 128.63.2.53, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:57, 111.111.111.11, 192.112.36.4, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:58, 111.111.111.11, 128.63.2.53, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:24:58, 111.111.111.11, 39.13.229.241, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:25:00, 111.111.111.11, 192.36.148.17, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:25:00, 111.111.111.11, 128.63.2.53, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:25:01, 111.111.111.11, 192.36.148.17, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:25:01, 111.111.111.11, 192.112.36.4, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:25:03, 111.111.111.11, 192.36.148.17, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:25:04, 111.111.111.11, 128.63.2.53, Udp, 53, 53, -, 0, 100.100.100.10, -, -, 11/2/04, 3:25:07, 111.111.111.11, 192.36.148.17, Udp, 53, 53, -, 0, 100.100.100.10, -, -, Tag: Policy Changes and there effects Tag: 64073
  - 7
    - OH BOY! Can anyone tell me what this looks like??? Is it perhaps what i think it is? 11/2/04, 3:21:37, 192.168.151.16, 198.41.0.4, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:21:37, 192.168.151.16, 198.41.0.4, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:21:38, 192.168.151.16, 128.9.0.107, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:21:38, 192.168.151.16, 128.9.0.107, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:21:39, 192.168.151.16, 198.41.0.4, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:21:39, 192.168.151.16, 128.9.0.107, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:21:41, 192.168.151.16, 128.9.0.107, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:21:41, 192.168.151.16, 192.33.4.12, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:21:41, 192.168.151.16, 192.33.4.12, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:21:42, 192.168.151.16, 192.33.4.12, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:21:43, 192.168.151.16, 198.41.0.4, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:21:44, 192.168.151.16, 192.33.4.12, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:21:44, 192.168.151.16, 128.8.10.90, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:21:44, 192.168.151.16, 128.8.10.90, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:21:45, 192.168.151.16, 128.8.10.90, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:21:45, 192.168.151.16, 128.9.0.107, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:21:47, 192.168.151.16, 128.8.10.90, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:21:47, 192.168.151.16, 192.203.230.10, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:21:47, 192.168.151.16, 192.203.230.10, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:21:48, 192.168.151.16, 192.203.230.10, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:21:48, 192.168.151.16, 192.33.4.12, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:21:50, 192.168.151.16, 192.203.230.10, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:21:50, 192.168.151.16, 39.13.229.241, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:21:50, 192.168.151.16, 39.13.229.241, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:21:51, 192.168.151.16, 39.13.229.241, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:21:51, 192.168.151.16, 128.8.10.90, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:21:53, 192.168.151.16, 39.13.229.241, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:21:53, 192.168.151.16, 192.112.36.4, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:21:54, 192.168.151.16, 192.112.36.4, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:21:54, 192.168.151.16, 192.203.230.10, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:21:56, 192.168.151.16, 192.112.36.4, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:21:56, 192.168.151.16, 128.63.2.53, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:21:56, 192.168.151.16, 128.63.2.53, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:21:57, 209.202.125.58, 209.202.125.63, Udp, 138, 138, -, 0, 209.202.125.58, -, -, 11/2/04, 3:21:57, 192.168.151.16, 128.63.2.53, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:21:57, 192.168.151.16, 39.13.229.241, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:21:59, 192.168.151.16, 128.63.2.53, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:21:59, 192.168.151.16, 192.36.148.17, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:21:59, 192.168.151.16, 192.36.148.17, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:22:00, 192.168.151.16, 192.36.148.17, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:22:00, 192.168.151.16, 192.112.36.4, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:22:02, 192.168.151.16, 192.36.148.17, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:22:03, 192.168.151.16, 128.63.2.53, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:22:06, 192.168.151.16, 192.36.148.17, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:24:37, 192.168.151.16, 198.41.0.4, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:24:38, 192.168.151.16, 198.41.0.4, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:24:39, 192.168.151.16, 128.9.0.107, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:24:40, 192.168.151.16, 198.41.0.4, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:24:40, 192.168.151.16, 128.9.0.107, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:24:42, 192.168.151.16, 192.33.4.12, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:24:42, 192.168.151.16, 128.9.0.107, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:24:43, 192.168.151.16, 192.33.4.12, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:24:44, 192.168.151.16, 198.41.0.4, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:24:45, 192.168.151.16, 128.8.10.90, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:24:45, 192.168.151.16, 192.33.4.12, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:24:46, 192.168.151.16, 128.8.10.90, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:24:46, 192.168.151.16, 128.9.0.107, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:24:48, 192.168.151.16, 192.203.230.10, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:24:48, 192.168.151.16, 128.8.10.90, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:24:49, 192.168.151.16, 192.203.230.10, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:24:49, 192.168.151.16, 192.33.4.12, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:24:51, 192.168.151.16, 39.13.229.241, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:24:51, 192.168.151.16, 192.203.230.10, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:24:52, 192.168.151.16, 39.13.229.241, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:24:52, 192.168.151.16, 128.8.10.90, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:24:54, 192.168.151.16, 192.112.36.4, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:24:54, 192.168.151.16, 39.13.229.241, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:24:55, 192.168.151.16, 192.112.36.4, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:24:55, 192.168.151.16, 192.203.230.10, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:24:57, 192.168.151.16, 128.63.2.53, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:24:57, 192.168.151.16, 192.112.36.4, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:24:58, 192.168.151.16, 128.63.2.53, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:24:58, 192.168.151.16, 39.13.229.241, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:25:00, 192.168.151.16, 192.36.148.17, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:25:00, 192.168.151.16, 128.63.2.53, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:25:01, 192.168.151.16, 192.36.148.17, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:25:01, 192.168.151.16, 192.112.36.4, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:25:03, 192.168.151.16, 192.36.148.17, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:25:04, 192.168.151.16, 128.63.2.53, Udp, 53, 53, -, 0, 209.202.125.58, -, -, 11/2/04, 3:25:07, 192.168.151.16, 192.36.148.17, Udp, 53, 53, -, 0, 209.202.125.58, -, -, Tag: Policy Changes and there effects Tag: 64072
  - 8
    - Microsoft Security Bulletin(s) for November 9, 2004 November 9, 2004 Today Microsoft released the following Security Bulletin(s). Note: www.microsoft.com/technet/security and www.microsoft.com/security are authoritative in all matters concerning Microsoft Security Bulletins! ANY e-mail, web board or newsgroup posting (including this one) should be verified by visiting these sites for official information. Microsoft never sends security or other updates as attachments. These updates must be downloaded from the microsoft.com download center or Windows Update. See the individual bulletins for details. Because some malicious messages attempt to masquerade as official Microsoft security notices, it is recommended that you physically type the URLs into your web browser and not click on the hyperlinks provided. Bulletin Summaries: October Summary http://www.microsoft.com/technet/security/Bulletin/ms04-nov.mspx Important Bulletins: MS04-039 - Vulnerability in ISA Server 2000 and Proxy Server 2.0 Could Allow Internet Content Spoofing (888258) http://www.microsoft.com/technet/security/Bulletin/ms04-039.mspx This represents our regularly scheduled monthly bulletin release (second Tuesday of each month). Please note that Microsoft may release bulletins out side of this schedule if we determine the need to do so. If you have any questions regarding the patch or its implementation after reading the above listed bulletin you should contact Product Support Services in the United States at 1-866-PCSafety (1-866-727-2338). International customers should contact their local subsidiary. -- Regards, Jerry Bryant - MCSE, MCDBA Microsoft IT Communities Get Secure! www.microsoft.com/security This posting is provided "AS IS" with no warranties, and confers no rights. Tag: Policy Changes and there effects Tag: 64071
  - 9
    - backup security event viewer I want backup my security event log on event viewer on a Dc (windows 2003). If I use a script I obtain a evt file. But If I open that evt file on a pc that isn't in domain, I see the SID no the Users name of the users. So if I want made a good backup on my dc how Have I do? Thanks Tag: Policy Changes and there effects Tag: 64070
  - 10
    - Deleting messenger How do I disable MSGR 4.7 from my system at work? I try to in the 'control panel' - delete 'windows programs'; however, it seems to not work. I try to delete the actual file program icon; but it won't let me delete the file there either? I have a feeling that it is connected to another program - possibly outlook? I'm not sure. My concern is this: I will be leaving from the office soon, and want to ensure that nobody will have access to msgr/my inbox. when I open messenger, someone can click '___@hotmail.com' - 'click here to sign in' and anyone can have access to my email. Tag: Policy Changes and there effects Tag: 64068
  - 11
    - Warning: flawed security on webhostin server ehosting.ca (same as mecca.ca) Hi NG, Anybody of users having a web site on ehosting.ca (mecca.ca) server can read anybody else's source code, asp files, connectionstrings and all. I could. I tried to warn the administration of this flaw but they not only don't understand their problem but belligerently defend their incompetence. No wonder they don't warn their customers about it. Because, first, they didn't even realize it and, when I told them about it, they blamed me for having tried to hack. They think security means only preventing script execution rights on user account folders and have been giving "Read" access to "Everyone" in order that their system could get directory listings!! Later on they said that they have made a typo, and that they're giving read rights not to "Everyone" but to "IIS-User" system user-account. It doesn't change the fact that the users can read each others' files. After my warnings, they might have improved the security level on the host, but from their record, you can't be very secure. So be warned. After all I felt forced to cancel my membership (on Nov 06, 2004 see below). When I created the FSO page back in 2000 the idea looked pretty new to me; you write down the virtual path to a dummy folder on my site and can read the directory listings. Then you double-click on a subfolder and get its listings. Double-click on a filename and (if ASCII) it opens in another page, where you can edit and save (in theory). And I put it on my free site at brinkster.com as a demo (www11.brinkster.cm/Nersessian/, registration is needed to see some files and their sources; only English part is more or less functional. I'm trying to set up a new site). Now this type of application is being used on many servers. Brinkster.com gives the warning that the free sites are insecure, so does 1asphost.com where the FSO doesn't exist at all on free sites. All is done to encourage paid membership. Here, on ehosting.ca, with paid membership, users have same or less security as on brinkster.com for free hosting. So when I uploaded this file, I was 100% sure it would not allow me to go above my own folder, but it did, successfully. Below I include my response to one of the administrator's message to me (after I also got a "Hello there" message from the biling@mecca.ca informing me that full refund in that company means less than 40% of the membership fee!!): //*********************************************************** What you're doing endangers your clients' and their users' private information. I suggest you to read Microsoft's public web server security guidelines again. Your interpretation of those guidelines is very peculiar, to say the least. 1. Absolutely non-important that other users cannot execute scripts in my account. If "Everyone" can read in my account, the real hackers will be "executing" my users' identities and their credit card numbers on their bank accounts, not scripts on my account. I hope you can figure out how they get that information, once they can read in your clients' files 2. Even if the system has to read in account folders, there is a user called SYSTEM. You could give it read rights. Not to Everyone. 3. I don't think that you even have a 'Clients' (or whatever) user group for clients, or know how and for what to apply it, if you give Everyone read rights. 4. You are not warning your clients about the security hazards their and their users subject themselves accepting your hosting services. Although this email will efficiently help you improve security on your hosting server, I don't expect to receive apologies or gratitude from you. But I will think it over, if I will warn your clients about your incompetence regarding their accounts' security and if to take further action. Regards, AN Mecca Administration <admin@mecca.ca> wrote: Hello, Well "Everyone" write access is disabled on c:\clients folder and you cannot use a web based script to write data to other clients' folders. We must enable "Everyone" read access so that other server components can read the directories and files listng. Keep in mind that we had followed Microsoft's public web server security guideline closely when we implemented the security structure few years ago. If you want to have a very secured server environement, please consider our dedicated server hosting. Also keep in mind that according to TOS, no subscribers are not allowed to hack into our systems: 3.1 The Subscriber will not hack, break into, access or use or attempt to hack, break into, access or use any part of the Services, its content and/or any data areas on Mecca's server(s) for which the Subscriber has not been authorized by Mecca. However, should you decide to call off our hosting service, please confirm your decision before November 08, 2004 (Note that you can only request the refund within 14 days of purchase). Cancellation request submitted after this day will not be counted within our 14 day money back guarantee period and thus, no full refund MINUS $15 administration fee (plus any applicable cheque handling charge) will be issued. Best regards, Systems Operations /*************************************************************************** ***** Tag: Policy Changes and there effects Tag: 64067
  - 12
    - US - CERT Vulnerability Note VU#842160 Microsoft has not responded to this potential issue. Does anyone know the status or if Microsoft has responded in any way. TIA Tag: Policy Changes and there effects Tag: 64064
  - 13
    - Twain Tech removal I finally got rid of one instance of Twain Tech on an XP machine after days of fighting it. 1. I deleted everything in \documents & settings\*username*\local settings\temp folder. 2. I deleted the key: HKLM\software\microsoft\windows NT\currentversion\winlogon\notify\WPAEvents. It was pointing to the "2ldsrch.dll" file in system32 folder that kept coming back. 3. I ran the Giant software that finds and deletes the "2dlsrch.dll" file that shows up as 'TwainTech'. 4. Reboot If you update to Windows XP service pack 2 and run the "critical updates" for XP, you can prevent programs like this one from coming back. I just wanted to see if I could get rid of this one manually before updating to SP2. Hope this helps someone! - Jim http://www.wwwdothttpdotdotcom.com Tag: Policy Changes and there effects Tag: 64062
  - 14
    - spyweeper keeps popping up asking to keep/remove startup items Hi On my windows XP Professional PC I have spysweeper installed. While I am working away it keeps popping up asking to keep or remove various startup items. Its a different startup item name each time. These are the details of the item: Startup Item: egFHY9Ex (This name changes each time) inetkw CommonName Location: C:\PROGRA~1\vowpuqt\qpwostw.exe Registry or startup Folder: HKLM:Run Any ideas of what it can be? Ive turned off spysweeper for the monent. Tag: Policy Changes and there effects Tag: 64060
  - 15
    - svhost.exe and bgthye.exe I had had problems with a users notebook using up all the bandwith when it was connected to the LAN in the office. Ending Process "bgthye.exe" in Task Manager fixed the problem. After installing XP SP2 on the machine, Windows asked me if I wanted to block svhost.exe and bgthye.exe from accessing the Internet. I found some user group chats that highlighted svhost.exe as a virus and described how to get rid of it. Fine! My problem is that I can find nothing about "bgthye.exe". Does anyone know if this is a virus too? And should I be following the same sort of process to getrid of it as I did with svhost? Tag: Policy Changes and there effects Tag: 64059
  - 16
    - XP doesn't recognize VCOM virus protection Is this common? It's definitely in there... The computer in question had a virus, so put in a larger hard drive, reloaded everything and installed VCOM Fix-It Utilities. After doing all that, a little cartoon bubble popped up that said it didn't see any virus protection software. I figured out how to stop it from continually asking about it and sent the computer on its way. *that is the question I have* NOW for a little background and longer story... Here it is, one week later, and they've got a virus again. They have MSN and have many attachments in their hotmail email inboxes. I am thinking that there is a virus in one of them, and when launched it infects the PC. I have the same VCOM Fix-It Utilities on my PC with Windows98 and use Outlook Express for email. If I am sent a virus, I get an alert as soon as it shows up in the inbox. Using MSN Hotmail, it seems to me that the virus wouldn't be detected by VCOM Fix-It Utilities until it was too late - AFTER the infected file has been launched. Am I thinking wrong? I read that MSN Hotmail accounts are supposed to protected by McAfee, but if I find my theory about this to be true (I'm picking up the diseased PC tomorrow to check it out), Hotmail's going to be hearing from me. Thanks for listening, and if you have any ideas or random thoughts feel free to reply, Bill Tag: Policy Changes and there effects Tag: 64055
  - 17
    - SUS Problem The SUS 2.0 SP1 administration screen on Windows 2003 Server comes up blank using http://<servername>/SUSAdmin I found no knowledgebase articles on this. What can I do to fix this? Thank you! Tag: Policy Changes and there effects Tag: 64054
  - 18
    - SUS problem The SUS SP1 administration screen on Windows 2003 server comes up blank using http://<servername>/SUSAdmin I found nothing in the Knowledgebase about this. What can I do to fix this? Thank you! Tag: Policy Changes and there effects Tag: 64053
  - 19
    - svchost and awm removal Please advise if you know how to remove svchost and awm .exe files from a server using win 2000 server Tag: Policy Changes and there effects Tag: 64051
  - 20
    - svchost and awm .exe file removal Please advise if you know how to remove svchost and awm from a server using win2000 server Tag: Policy Changes and there effects Tag: 64050
  - 21
    - W32/Mydoom.ag@MM - Heads Up! From: http://forums.mcafeehelp.com/viewtopic.php?t=34893 <quote> This brand new version of MyDoom is HTML based and does not contain attachments. It also exploits a critical IE vulnerability, so AV protection plus best practices are needed -- as this one has some potential. W32/Mydoom.ag@MM - Zero Day IE I-FRAME Attack http://secunia.com/virus_information/13213/mydoom.ag/ http://vil.nai.com/vil/content/v_129630.htm This W32/Mydoom@MM variant makes use of a zero day attack targeting a Microsoft Internet Explorer IFRAME buffer overflow vulnerability. The virus spreads by sending email messages to addresses found on the local system. The message appears as follows: From: Spoofed address Subject: may vary * funny photos :) * hello * hey! * blank There is no attachment to the message. The homepage hyperlink points to the infected system which sent the email message. Clicking on the link, accesses a web server running on the compromised system. The web server serves HTML that contains IFRAME buffer overflow code to automatically execute the virus. </quote> -- ~Robear Dyer (PA Bear) MS MVP-Windows (IE/OE) Tag: Policy Changes and there effects Tag: 64045
  - 22
    - Free adware removal products for Win95 Does anyone know of any free adware removal products for Win95? (I know, I know...but we are a non-profit agency, and every penny counts!) We have a computer that is badly infected, but I can only get Spyware Blaster to work in it. Adaware doesn't even load, and Spybot S&D states on the website that you need at least Win98. Thanks for any help! Tag: Policy Changes and there effects Tag: 64043
  - 23
    - IPSec experience in internal networks I have been reading documentation on enabling IPSec on AD environment via group policies (client-to-client, server-to-client, server-to-server). In general, for a 3,500+ PCs environment, with 120 Win2000/Win2003 servers, what would be the maintenance involved when enabling IPSec ? Do you think that encrypting data internally with IPSec is that something organizations are really doing successfully these days ? Tag: Policy Changes and there effects Tag: 64040
  - 24
    - Accessing resources on a Domain from a Workgroup on a different su Our PDC is an NT Server with an IP of x.x.x.* We have remote PC's not joined to this domain, but are just in their own peer to peer workgroup, and the have a different subnet of x.x.y.* Through the "search for computers" option, and entering the IP of the PDC, I can see all the shared resources within the domain from a PC in the workgroup, but cannot access any folders. All the remote PC's are Windows 2000. Is there ANY way to access the shares that exist within the domain from a non-domain PC without joining the domain and/or changing the subnet to match the PDC? Thanks. Tag: Policy Changes and there effects Tag: 64039
  - 25
    - problem with e-mail when i open my e-mail i want to open another window from my e-mail and nothing will open. this happens all the time and some e-mails are important to me.When i get personal mail i can open up pics and stuff, but when a group of mine mails me i cant even go to the home page from my mail. I hope you can help me with this. I have Norton 2004 firewall and antivirus Thxs -- randyman Tag: Policy Changes and there effects Tag: 64031

If you change a password length requirement from 5 to 8, will this force
changes for anyone who's password is currently under 8. Or if you change the
time from of password changes from 90 days to 60 days, will this expire
passwords.

I don't believe it will force anything until they expire or they change them
themselves, but i cannot find any sort of docs on this matter.

Thanks for any help or direction.

Top

RE: Policy Changes and there effects by SPidgornyMVP

SPidgornyMVP
Thu Nov 11 11:59:05 CST 2004

I think you're right: password complexity is enforced at time of password
input (at all other times password is securely stored and the system cannot
get the clear text password); password expiry date is stored as a user
attribute at time of password change.

Regards

S.

"Tom" wrote:

> If you change a password length requirement from 5 to 8, will this force
> changes for anyone who's password is currently under 8. Or if you change the
> time from of password changes from 90 days to 60 days, will this expire
> passwords.
>
> I don't believe it will force anything until they expire or they change them
> themselves, but i cannot find any sort of docs on this matter.
>
> Thanks for any help or direction.

Top