SSL Security

TheMSsForum.com: The Microsoft Software Forum

The MSS Forum ‹ Security
- Archive
  - Biz
  - MCSE
  - CRM
  - Drivers
  - Framework
  - ADO
  - ASP
  - Compact
  - Forms
  - Dotnet
  - C#
  - VB
  - FontpageGen
  - Excel
  - WorkSheet
  - Exchange
  - Setup
  - Fox
  - Fontpage
  - ASP
  - IIS
  - Entourage
  - Money
  - Messanger
  - PocketPC
  - Powerpoint
  - Project
  - Publisher
  - Excel
  - VB
  - Security
  - Portal
  - Services
  - SQLServerDev
  - SVCS
  - SQLServer
  - VB
  - VC
  - MFC
  - ExcelGen

- Previous
  - 1
    - Stack smashing/buffer overflow research Hi, let me start by apologising if these are the wrong groups to post these kinds of messages to (I've cross-posted) but after searching the web and not finding any good material I thought there might be someone here who know. I'm a student and I'm currently working on a small project dealing with stack smashing/buffer overflows and protection mechanisms in modern OSes, the idea is to make a survey of the different techniques that can be used to protect an application against these kinds of attacks. On the Windows side I have identified three mechanisms that I'm focusing on, the /GS flag in Visual Studio 2005, ASLR (Address Space Layout Randomization) and DEP (Data Execution Prevention). Since I'm not a security expert I can't see any way that I might be able to circumvent any of those (even less so all of them together) but I know there are people working with these kinds of things (whatever their intentions are) so what I'm asking is, if there are any known and published stack smashing/buffer overflow attacks that can successfully circumvent the techniques mentioned above (either just one of them or a combination). Any information will be greatly appreciated. PS: Mind the cross-posting when replying -- Erik Wikstr=F6m Tag: SSL Security Tag: 93112
  - 2
    - bios password security I have heard, and want to know if any truth to it, that removing the cmos battery will allow access to a laptop that was protected by a bios password?? Tag: SSL Security Tag: 93110
  - 3
    - track netbios to ip addres hi, is there an easy way to track down a rouge netbios broadbaster on our subnet? for example, our clients are all set to workgroup "ABCD". and someone bring in their home computer set to "MSHOME" or "Workgroup". It there an easier way to trace what ip address of that workstation is other than sniffing and looking at packets? Tag: SSL Security Tag: 93108
  - 4
    - PC Pitstop does anyone have experience with PC Pitstop optimizing software? good or bad? useful and worth $30 or is there something better? mark gill Tag: SSL Security Tag: 93106
  - 5
    - Free PKI Smart Cards & CSP for Microsoft Newsgroup Participants Hello In response to the growing interest in Smart Cards & PKI in Windows, the company I work for, SCsquare Ltd. is willing to ship FREE-OF-CHARGE CSP Sample kits, each including 3 PKI Smart Cards and 1 CSP Installation CD. To obtain the package, send your precise shipment & company details to support@scsquare.com Please note in the body of the message that you are responding to the "Microsoft newsgroup participants special offer". I hope this helps bring smart card technologies to prominence. Eyal W. Tag: SSL Security Tag: 93101
  - 6
    - unwelcome website I keep having an http website popping onto my screen every couple of minutes and a scipt error at about the same frequency, they appear to be linked , it is a chinese site and very irritating, any help much appreciated. Tag: SSL Security Tag: 93100
  - 7
    - Access to a specific IP for only 2 users Hello. I have a specific IP address and I want that only 2 users may access to it. It's it possible? Regards, Marco Tag: SSL Security Tag: 93099
  - 8
    - NTFS Encryption Hi, I am trying to store the certificates for NTFS Encryption on the smartcards of my user. It took me quite long to find a CSP which is capable of doing so. So far it is working now but now I have some questions regarding NTFS encryption. Im am still experimenting around. First I create an encrypted folder, then I export the encryption certificate and import it into the smartcard and delete the certificate from the windows store. If I now log off and on I can only access the encrypted folder if the smartcard is inserted into the reader. The problem here is that as soon I create a new encrypted folder windows does not use the existing encryption certificate but generates a new one. So I would require to have for every encrypted folder a seperate smart card. Any thoughts how I can optimize this? As I mentioned above I currently move the windows generated encryption certificate from the windows store to the card. It would be much more elegant if I could generate my own certificates and windows uses them for encryption. I know that the certificate requires the "File System Encryption" Attribute. In fact some of the certificates I generated do work fine and other are just ignored by windows. Is there somewhere a document about the requirements of an encryption certificate available? Kind Regards Your M&M Tag: SSL Security Tag: 93092
  - 9
    - avg versus avast is it a good idea to have both avg and avast running on xp? is one better than the other? i have both, but avast causes startup to be soooo slow. mark gill Tag: SSL Security Tag: 93087
  - 10
    - Ntbackup stopped working The whole back bone of security is your ability to back up important files, etc.. before you need to. But if the ntbackup utility does not work, then what is the point of using it... It should be an embarrassment to someone at MS. It worked flawlessly for the dozen or so times I have used it over the last year. Now, it suddenly stopped working. I tap on the shortcut icon and it just sits there...sputters and fizzles a bit...then goes silent. I have uninstalled and reinstalled it about 10 times, with a registry clean out between each install. I have loaded it fresh from the i386 folder on my hard drive and the install CD. I have done a sfc /scannow cmd a few times to see if that might be the problem. I have snooped around the Administrative tool services for some clue...to see if there was the "usual" box with or without a tick mark, where there wasn't or was one before...no clues. I have gone down the list of services to see which have been arbitrarily enabled or disabled... Nothing has worked...and now I have a pile of previously saved files, I can no longer use and must delete to save space... Why must we go begging on these fora when perfectly good, well paid, MS technicians should be able to solve the problem and post a solution in the usual place! We are constantly paying to clean up after someone else's issue... Tag: SSL Security Tag: 93085
  - 11
    - New ISS Forum Hey all. Taurus here with a new forum called "Spread the Word!" Come check it out. Its all about Information Systems Security. Sharing of knowledge is encouraged. New and upcoming so join and Spread the Word! Chat, Games, PM's and contest to come along with the following. Even if you don't register now, start posting and lets get the site growing. Pass on the URL to a friend. Thanx! http://www.freepowerboards.com/isstoday/portal.php "The greatest weapon against attack is unity in numbers. Train and fight together." P.S. Moderators needed...check the site for info Hope I'm not intruding on your group. If I am please let me know and I will remove my post. Tag: SSL Security Tag: 93081
  - 12
    - New Information Systems Security Forum Hey all. Taurus here with a new forum called "Spread the Word!" Come check it out. Its all about Information Systems Security. Sharing of knowledge is encouraged. New and upcoming so join and Spread the Word! Chat, Games, PM's and contest to come along with the following. Even if you don't register now, start posting and lets get the site growing. Pass on the URL to a friend. Thanx! http://www.freepowerboards.com/isstoday/portal.php "The greatest weapon against attack is unity in numbers. Train and fight together." P.S. Moderators needed...check the site for info Tag: SSL Security Tag: 93080
  - 13
    - wireless key stored in Windows Hi, Anyone knows where does windows stores the wireless key. I know tools such as wirelesskeyview can retrieve stored key. Is there any way i can find out where are those keys stored on the machine thanks Tag: SSL Security Tag: 93076
  - 14
    - Cost Effective Privacy Solutions x-no-archive:yes Web and Usenet Surfing Best Cost Effective Solution? Having looked at www.findnot.com service $295-00 Usd per year once they have got your money you have no control over the customer service you get or chance of refund too They offer a New service Privacy at Broadband speeds? Is it worth it they do keep logs for 5 days so they say. The best way is to use "Onion" peeling method Tor this is extremely slow then there is "Clouds" by Att& T research Not sure on this one seems extremely complicated. Secursurf by Securestar for 80 Euros a year I am told this can be slow. Firefox Browser have also introduced an Add On Privacy Extension Usenetserver for Usenet encryted. Anyone know whats the best solution without tremedous complication and expense? SSelfPity Tag: SSL Security Tag: 93072
  - 15
    - Security Setting Hi, I'm getting the following error message when I trried to compile my c program in using MS Visual C++ .Net IDE. "The user's security settings prevent the process from being created." "These settings are required for building" I guess there must be security setting that must be done in Windows XP Pro (in which I'm running). I tried many ways, but nothing seems to be helping. Tag: SSL Security Tag: 93071
  - 16
    - Windows Firewall/Norton IS removal I uninstalled Norton IS 2005 with their removal tool from the Symantec site. It seemed to do a good job and all was well.However, my "Windows Security Center" still says "NortonInternet Security is currenlty ON." I've deleted all the residueSymantec/Norton folders left on my drive by the removal tool and haveremoved almost all of the Norton/Symantec registry items. Any help, please? Thanks! Tag: SSL Security Tag: 93070
  - 17
    - Masses of 529 Errors! I have often seen these errors in the security log at the rate of up to hundreds in a 24 hour period, but in the last 24 hours I had 107,710 of them. Is this something I should be worrying about? Obviously the fact that I know about it means that who/whatever is doing this is unsuccessful. Below is pasted one of the events: Event Type: Failure Audit Event Source: Security Event Category: Logon/Logoff Event ID: 529 Date: 11/05/2007 Time: 10:20:37 PM User: NT AUTHORITY\SYSTEM Computer: <my sbs server> Description: Logon Failure: Reason: Unknown user name or bad password User Name: anonymous Domain: Logon Type: 3 Logon Process: Advapi Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 Workstation Name: <my sbs server> User Name: <my sbs server> Caller Domain: <my domain> Caller Logon ID: (0x0,0x3E7) Caller Process ID: 1216 Transited Services: - Source Network Address: - Source Port: - Advice most welcome, please. Bill Tag: SSL Security Tag: 93064
  - 18
    - Network Connection Constantly Sending and Recieving Hi, I have a client machine that is constantly transmitting and recieving bytes. In the past day and a half it has sent 32 billion bytes and recieved 23 billion bytes. I have run Symantec Antivirus full scan with no results. I have run the lates Microsoft Malicious Software removal tool with no results. I ran Windows Defender with no results. I did a netstat on the machine and it has an open port to all of our client machines on our LAN. For some of the machines 2 or 3 ports. I am going to run a couple of rootkit detectors as well. Can I close the ports on the one client machine manually? If so how? Thanks, Steve -- Steve Systems Administrator PSI Tag: SSL Security Tag: 93062
  - 19
    - Migrating from single enterprise root CA to different root CA Hi all, due to extended cooperation with other companies we now have to set up a shared PKI with our business partners. Currently, we have got a single enterprise root CA for our Active Directory (single domain) in place. It has been running for about two years now and there is quite a number of certificates issued (>1000). The challenge we are facing now is migrating from our local root CA to the shared public root CA without the current certificates becoming invalid. Public root CA (offline) is already in place. The responsible administration team will provide an intermediate CA for our company, and we would like to keep that one offline, too, and set up an issuing enterprise CA for our AD. I thougt about that some time and determined that there is no need to keep the current enterprise root CA running once all certificates have been replaced by new ones. Because of that I would like to avoid cross-certification and migrate in the following way: - Publish new public root CA and intermediate CA to AD - Set up issuing CA as enterprise subordinate - re-issue certificates when suitable I have now encountered some points which are not clear to me: - Is this a valid migration path from a technical perspective? - Is it possible to publish multiple root CAs to AD? - Will the issued certificates stay valid with the new PKI in place until they are replaced? - How can I achieve that new certificates from our customized V2 templates are issued by the new issuing CA instead of our old enterprise root CA? Thanks in advance for your help! Tag: SSL Security Tag: 93059
  - 20
    - DoS? First post here. I've attached a snippet from my Kiwi Syslog from a customer's server. Take a look at the times any you'll see I'm getting bombarded with SMTP -- over 40 in half a minute, but sometimes as many as fifteen a second -- from IP addresses in the 72.34.1xx.xxx range. I've Googled some of them at random and the only connection is that they are all from the same ISP in Texas. I first noticed the problem when the Exchange server crashed. I blocked the ISP entire block at the router, but obviously this volume of traffic is still affecting things. Does anyone have an idea where to start with this? Any help will be much appreciated. Thanks, Mark 05-10-2007 11:47:11 Local0.Warning 192.168.0.1 IP: Packet discarded from 63.170.10.91 port 60668 to xxx.xxx.xxx.xxx port 25 (TCP) (incorrect state) @2007-05-10-12:47:12 05-10-2007 11:47:11 Local0.Warning 192.168.0.1 IP: entry duplicated 3 times @2007-05-10-12:47:10 05-10-2007 11:47:09 Local0.Warning 192.168.0.1 IP: Packet discarded from 63.170.10.91 port 60679 to xxx.xxx.xxx.xxx port 25 (TCP) (incorrect state) @2007-05-10-12:47:10 05-10-2007 11:47:09 Local0.Warning 192.168.0.1 IP: Packet discarded from 72.34.174.68 port 51646 to xxx.xxx.xxx.xxx port 25 (TCP)(discard rule) @2007-05-10-12:47:10 05-10-2007 11:47:08 Local0.Warning 192.168.0.1 IP: Packet discarded from 72.34.166.120 port 44576 to xxx.xxx.xxx.xxx port 25 (TCP)(discard rule) @2007-05-10-12:47:09 05-10-2007 11:47:08 Local0.Warning 192.168.0.1 IP: Packet discarded from 72.34.163.226 port 44466 to xxx.xxx.xxx.xxx port 25 (TCP)(discard rule) @2007-05-10-12:47:09 05-10-2007 11:47:07 Local0.Warning 192.168.0.1 IP: Packet discarded from 72.34.169.197 port 44372 to xxx.xxx.xxx.xxx port 25 (TCP)(discard rule) @2007-05-10-12:47:09 05-10-2007 11:47:07 Local0.Warning 192.168.0.1 IP: Packet discarded from 72.34.168.216 port 44319 to xxx.xxx.xxx.xxx port 25 (TCP)(discard rule) @2007-05-10-12:47:09 05-10-2007 11:47:07 Local0.Warning 192.168.0.1 IP: Packet discarded from 72.34.168.170 port 44183 to xxx.xxx.xxx.xxx port 25 (TCP)(discard rule) @2007-05-10-12:47:09 05-10-2007 11:47:07 Local0.Warning 192.168.0.1 IP: Packet discarded from 72.34.162.135 port 43779 to xxx.xxx.xxx.xxx port 25 (TCP)(discard rule) @2007-05-10-12:47:09 05-10-2007 11:47:07 Local0.Warning 192.168.0.1 IP: Packet discarded from 72.34.164.25 port 43671 to xxx.xxx.xxx.xxx port 25 (TCP)(discard rule) @2007-05-10-12:47:09 05-10-2007 11:47:05 Local0.Warning 192.168.0.1 IP: Packet discarded from 72.34.166.120 port 44576 to xxx.xxx.xxx.xxx port 25 (TCP)(discard rule) @2007-05-10-12:47:06 05-10-2007 11:47:05 Local0.Warning 192.168.0.1 IP: Packet discarded from 72.34.163.226 port 44466 to xxx.xxx.xxx.xxx port 25 (TCP)(discard rule) @2007-05-10-12:47:06 05-10-2007 11:47:05 Local0.Warning 192.168.0.1 IP: Packet discarded from 72.34.169.197 port 44372 to xxx.xxx.xxx.xxx port 25 (TCP)(discard rule) @2007-05-10-12:47:06 05-10-2007 11:47:05 Local0.Warning 192.168.0.1 IP: Packet discarded from 72.34.168.216 port 44319 to xxx.xxx.xxx.xxx port 25 (TCP)(discard rule) @2007-05-10-12:47:06 05-10-2007 11:47:05 Local0.Warning 192.168.0.1 IP: Packet discarded from 72.34.168.170 port 44183 to xxx.xxx.xxx.xxx port 25 (TCP)(discard rule) @2007-05-10-12:47:06 05-10-2007 11:47:05 Local0.Warning 192.168.0.1 IP: Packet discarded from 72.34.162.135 port 43779 to xxx.xxx.xxx.xxx port 25 (TCP)(discard rule) @2007-05-10-12:47:06 05-10-2007 11:47:05 Local0.Warning 192.168.0.1 IP: Packet discarded from 72.34.164.25 port 43671 to xxx.xxx.xxx.xxx port 25 (TCP)(discard rule) @2007-05-10-12:47:06 05-10-2007 11:47:01 Local0.Warning 192.168.0.1 IP: Packet discarded from 72.34.165.187 port 52717 to xxx.xxx.xxx.xxx port 25 (TCP)(discard rule) @2007-05-10-12:47:03 05-10-2007 11:46:57 Local0.Info 192.168.0.1 IP: Packet allowed from 130.13.100.122 port 2492 to xxx.xxx.xxx.xxx port 443 (TCP)(allow by HTTPS) @2007-05-10-12:46:59 05-10-2007 11:46:52 Local0.Warning 192.168.0.1 IP: Packet discarded from 72.34.166.70 port 42172 to xxx.xxx.xxx.xxx port 25 (TCP)(discard rule) @2007-05-10-12:46:54 05-10-2007 11:46:52 Local0.Warning 192.168.0.1 IP: Packet discarded from 72.34.163.240 port 41907 to xxx.xxx.xxx.xxx port 25 (TCP)(discard rule) @2007-05-10-12:46:54 05-10-2007 11:46:52 Local0.Warning 192.168.0.1 IP: Packet discarded from 72.34.169.108 port 50974 to xxx.xxx.xxx.xxx port 25 (TCP)(discard rule) @2007-05-10-12:46:54 05-10-2007 11:46:52 Local0.Warning 192.168.0.1 IP: Packet discarded from 72.34.166.133 port 50915 to xxx.xxx.xxx.xxx port 25 (TCP)(discard rule) @2007-05-10-12:46:54 05-10-2007 11:46:52 Local0.Warning 192.168.0.1 IP: Packet discarded from 72.34.169.202 port 42518 to xxx.xxx.xxx.xxx port 25 (TCP)(discard rule) @2007-05-10-12:46:54 05-10-2007 11:46:52 Local0.Warning 192.168.0.1 IP: Packet discarded from 72.34.168.223 port 42407 to xxx.xxx.xxx.xxx port 25 (TCP)(discard rule) @2007-05-10-12:46:54 05-10-2007 11:46:52 Local0.Warning 192.168.0.1 IP: Packet discarded from 72.34.168.178 port 42107 to xxx.xxx.xxx.xxx port 25 (TCP)(discard rule) @2007-05-10-12:46:54 05-10-2007 11:46:52 Local0.Warning 192.168.0.1 IP: Packet discarded from 219.148.119.6 port 6000 to xxx.xxx.xxx.xxx port 7212 (TCP)(no NAT port) @2007-05-10-12:46:54 05-10-2007 11:46:52 Local0.Warning 192.168.0.1 IP: Packet discarded from 72.34.167.199 port 50697 to xxx.xxx.xxx.xxx port 25 (TCP)(discard rule) @2007-05-10-12:46:54 05-10-2007 11:46:52 Local0.Warning 192.168.0.1 IP: Packet discarded from 72.34.162.151 port 41557 to xxx.xxx.xxx.xxx port 25 (TCP)(discard rule) @2007-05-10-12:46:54 05-10-2007 11:46:52 Local0.Warning 192.168.0.1 IP: Packet discarded from 72.34.164.35 port 41449 to xxx.xxx.xxx.xxx port 25 (TCP)(discard rule) @2007-05-10-12:46:54 05-10-2007 11:46:51 Local0.Info 192.168.0.1 IP: Packet allowed from 63.170.10.91 port 60995 to xxx.xxx.xxx.xxx port 25 (TCP)(allow by SMTP) @2007-05-10-12:46:53 05-10-2007 11:46:50 Local0.Warning 192.168.0.1 IP: Packet discarded from 72.34.175.8 port 48881 to xxx.xxx.xxx.xxx port 25 (TCP)(discard rule) @2007-05-10-12:46:51 05-10-2007 11:46:49 Local0.Warning 192.168.0.1 IP: Packet discarded from 72.34.165.187 port 52717 to xxx.xxx.xxx.xxx port 25 (TCP)(discard rule) @2007-05-10-12:46:51 05-10-2007 11:46:49 Local0.Warning 192.168.0.1 IP: Packet discarded from 192.168.0.21 port 1805 to 62.231.74.10 port 6667 (TCP)(outbound rule) @2007-05-10-12:46:50 05-10-2007 11:46:45 Local0.Info 192.168.0.1 IP: Packet allowed from 63.170.10.91 port 60820 to xxx.xxx.xxx.xxx port 25 (TCP)(allow by SMTP) @2007-05-10-12:46:47 05-10-2007 11:46:45 Local0.Info 192.168.0.1 IP: Packet allowed from 63.170.10.91 port 60819 to xxx.xxx.xxx.xxx port 25 (TCP)(allow by SMTP) @2007-05-10-12:46:47 05-10-2007 11:46:44 Local0.Info 192.168.0.1 IP: Packet allowed from 63.170.10.91 port 60779 to xxx.xxx.xxx.xxx port 25 (TCP)(allow by SMTP) @2007-05-10-12:46:45 05-10-2007 11:46:44 Local0.Warning 192.168.0.1 IP: Packet discarded from 72.34.165.187 port 52717 to xxx.xxx.xxx.xxx port 25 (TCP)(discard rule) @2007-05-10-12:46:45 05-10-2007 11:46:43 Local0.Warning 192.168.0.1 IP: Packet discarded from 192.168.0.21 port 1805 to 62.231.74.10 port 6667 (TCP)(outbound rule) @2007-05-10-12:46:44 Tag: SSL Security Tag: 93052
  - 21
    - MSSecure.XML file will EXPIRE after October 9, 2007 On October 9, 2007, the MSSecure.XML file used by MBSA 1.2.1 will no longer be updated. After this date, no new security updates will be added to the MSSecure.XML file used by MBSA 1.2.1 and no new versions of the Enterprise Scan Tool will be released for standalone use. Customers who require a free standalone security update and VA assessment tool are strongly encouraged to upgrade to MBSA 2.0.1 or the MBSA 2.1 beta. Based on Microsoft Update technologies, MBSA 2.0.1 and MBSA 2.1 beta provide consistent results across all Microsoft update technologies (SMS, WSUS Server and Microsoft Update) and provide the most comprehensive security update detection available from Microsoft. Aside from Microsoft SMS 2.0 / 2003 and MBSA 1.2.1, non-Microsoft products, scripts or tools based on the Microsoft MSSecure.XML file are not supported and should have already moved to updated or newer technologies that do not rely on the MSSecure.XML file. For more details, please visit the MBSA home page at www.microsoft.com/mbsa. -- -- Doug Neal [MSFT] dugn@online.microsoft.com This posting is provided "AS IS" with no warranties, and confers no rights. If newsgroup discussion with experts and MVPs is unable to solve a problem to your satisfaction, feel free to contact PSS for support on the Microsoft Baseline Security Analyzer (MBSA). Information is available at the following link: http://support.microsoft.com/default.aspx This e-mail address does not receive e-mail, but is used for newsgroup postings only. Tag: SSL Security Tag: 93051
  - 22
    - Restricting interactive login only to terminal services Hello, I want to set up my win 2003 server (with Terminal Server (TS) role) so that all users (non-admin, or speciafied exceptions) have the right to log in interactively only via TS, but not via console login. This restriction should not be domain-wide, but only on the TS/DC itself. Knowing the flexibility of Windows I am sure this can be done. I am totally comfortable with messing with something like scripting or wmi filtering if there's no "user-friendly" way of achieving this. Thank you. Tag: SSL Security Tag: 93042
  - 23
    - MBSA 2.1 Beta 2 Now Available A revised beta 2 version of the upcoming Microsoft Baseline Security Analyzer 2.1 scan tool has been released for immediate download. Microsoft Baseline Security Analyzer (MBSA) is a free, standalone scan tool designed for the IT professional that helps small- and medium-sized businesses determine their security state in accordance with Microsoft security recommendations and offers specific remediation guidance. Improve your security management process by using MBSA to detect common security misconfigurations and missing security updates on your computer systems. MBSA 2.1 Beta 2 is now available from the MBSA home page (www.microsoft.com/mbsa) and includes full support for Vista and Windows Server code-named 'Longhorn' in addition to Windows 2000, Windows XP and Windows Server 2003. MBSA 2.1 Beta 2 includes full support for Vista, WSUS 3.0 compatibility, an updated UI and revised vulnerability assessment (VA) checks for x64 platforms. All versions are available from the MBSA 2.1 landing page (http://www.microsoft.com/technet/security/tools/mbsa2_1/default.mspx) or you can download the x86 and x64 versions directly from the Microsoft Download Center at the following locations: x86 version http://www.microsoft.com/downloads/details.aspx?FamilyId=F32921AF-9DBE-4DCE-889E-ECF997EB18E9x64 version http://www.microsoft.com/downloads/details.aspx?FamilyId=0F90BCDB-9A6F-49D9-9FDC-4BC70BB31BF2Please feel free to post questions, bug reports or suggestions to the MBSApublic newsgroup at Microsoft.public.security.baseline_analyzer----Doug Neal [MSFT]dugn@online.microsoft.comThis posting is provided "AS IS" with no warranties, and confers no rights.If newsgroup discussion with experts and MVPs is unable to solve a problemto your satisfaction, feel free to contact PSS for support on the MicrosoftBaseline Security Analyzer (MBSA). Information is available at the followinglink:http://support.microsoft.com/default.aspxThis e-mail address does not receive e-mail, but is used for newsgrouppostings only. Tag: SSL Security Tag: 93035
  - 24
    - NAC? How/where do I get NAC? I want to set it up in my lab and learn it a bit before i deploy to my clients. Tag: SSL Security Tag: 93031
  - 25
    - cpv.feed.com Ugghhh! Okay, I have tried all the spyware, anti-virus, etc. that I have access to, but we keep getting a pop up for cpv.feed.com. Has anyone else ever dealt with this? Know what it is? How to get rid of it? I have my pop-up blocker on and I am not completely computer illiterate, but I just can't seem to get this dumb thing to stop. I have run avg, spybot, microsoft malicious software removal tool. Can anyone help? Thanks, Diane Tag: SSL Security Tag: 93029
- Next
  - 1
    - Running .exe Hello all, I am having an issue running .exe on my 2003 server. They will run under the administrator all the time and one other profile but no more. It gives me : Windows cannot access the specified device, path or file. You may not have the appropriate permissions to access the item. I 'm logging on with domain administrator accounts and they all have full control of the folder and everything in them. I have three servers that will let one admin run it and not the other and vice-versa on the others. Has anyone seen this. I thought it was sp.2 issue, then a sp.1, but it does not seem to be. If anyone has any clue I would greatly appreciate any help. Thanks, David Tag: SSL Security Tag: 93028
  - 2
    - Is complete access in a win 2003 domain a possibility? I am an IT administrator of a very small company and was wondering if it was possible to create a security group to add my username to that has access to anything and everything. Just being a member of the administrators group still seems to have denies for certain permissions. And if I create a security group and set grants for everything in adsiedit it then allows for some permissions that the administrators group is denied but then denies other permissions. Being 1 of the 2 people that administrate this company I figured it would be easier for us to have access to everything rather than delegating specific permissions to each person. Tag: SSL Security Tag: 93027
  - 3
    - How encryption keys should be distributed? Several software applications needs to encrypt and decrypt data, requiring either a single key in symmetrical encryption algorithms or public/private keys in asymmetrical algorithms, but how these keys should be distributed? Embed the key(s) within the application executable is a very vulnerable approach, since an attacker may trace API calls, or run the application under a debugger and simply halt the program when the keys has been reconstructed. And what about the risk to distribute the key in every exeucutable copy embedded within, if some attacker gets this key it can make it public, and every user of this application may use it to break its own installation. Can anyone give me any suggestion? Or point me in the correct direction to avoid these problems? Tag: SSL Security Tag: 93025
  - 4
    - What SIDS need permisions to start my service? Here is the short version. I have an application which has a service component. It is a requirement that the service component be running only when the application is running, so AutoStart is not an option. I want to grant the following permissions on my service READ_CONTROL | SERVICE_QUERY_CONFIG | SERVICE_QUERY_STATUS | SERVICE_ENUMERATE_DEPENDENTS | SERVICE_START | SERVICE_STOP | SERVICE_PAUSE_CONTINUE | SERVICE_INTERROGATE to all users on the local machine. Currently I am granting this access to Everyone, Users, and Guest. This approach definitely gives permisions to the accounts i need.. but is this a securty risk (I am only concerned about security risks involving remote attacks, not ones that originate from the local machine). Should i be granting access to just "Guest and Users" or maybe "Guests and Authenticated Users"? Also note, the machines may or may not be on a domain.. the target os is 2k,xp,vista(32/64). This may be deployed on a large number of laptops (and i mean laaarrrggge). Can anyone shed some light on this issue? Tag: SSL Security Tag: 93020
  - 5
    - BUILTIN\\Administrators question Our security s/w is flagging the below error... Does anyone know what the "QVSENDC" is indicating? --------------------------------------------------------------------------------------------- Account: BUILTIN\\Administrators; permissions: PC; expected: QVSENDC; comment: none Tag: SSL Security Tag: 93019
  - 6
    - microbillsys / MBS Account Manager I write with reference to the above & your recent correspondence with alister28.I have managered to stop the pop ups but due to my previous correspondence via e mail they say i have an outstanding bill to pay which is causing grave concern. I think i may be being scammed & wondered if there was anything else i could do. Am i legally bound to pay. Tag: SSL Security Tag: 93016
  - 7
    - Microsoft Takes on Google and Yahoo with Microsoft Adcenter and Adlabs Learn how can gain up to 20% ROI http://blog.yourseoconsulting.com/labels/case-studies.html by switching to Microsoft Adcenter and take advantage of their keyword forcasting tools and professional attitude to online advertising. Tag: SSL Security Tag: 93010
  - 8
    - 128 bit password Hi, If a password is for example 128bit, how long is it in characters (a-z & A-Z)? How can i calculate this? If the password is "THISisMYpassword". How many bit password is it? Tag: SSL Security Tag: 93005
  - 9
    - password can anyone tell me why my password...which i know is correct....is not recognised by various sites....keeps saying...invalid and not recognised....is it to do with my setting on computer cos i cant find it if it is thank you -- si Tag: SSL Security Tag: 93001
  - 10
    - password error I cannot access accounts with my password..ie hotmail a/c and others...its always saying password not recognised...other people have tried using their own on different sites and it still doesnt recognise them....I must have a block on my computer but i cant find it...please help -- si Tag: SSL Security Tag: 92998
  - 11
    - Installing & deploying multiple Windows updates.... Hello.....Kenneth here.\ How do I install multiple offline updates at once on Windows XP Professional SP2? I do not have a internet connection, therefore I download the updates from my friends PC and bring it to my house and install it one after the other. It takes a long time. Please anyone...help me!! Thanking you in advance. Tag: SSL Security Tag: 92997
  - 12
    - application monitoring Hello, I am informing you people about a free program that makes you tension free through checking processes in your system comparing their signatures continuously with a signature file that you have generated first. It will alert whenever they change and when a new program runs. This is meant for knowledgeable people. Download it only if you know what you are doing. Thanks. http://bapuli.reflectionsindia.org/wssecure.htm Tag: SSL Security Tag: 92994
  - 13
    - Service and profile settings Hi to all! We have a service at our company which our developers had developed. As part of the work of the service, it connects to mapped folder at another computer to read some files from there. We need to configure the service to run as custom application user, which is a user from our domain with sufficient permissions. We can't set in code of the service to connect to UNC address, instead we have to map the UNC address to network drive and afterwards to connect. Now the problem is that I don't know how to "say" to the service to load user's profile when the service starts. For instance, when I run something with "run as" utility, I can specify /profile option, and I just don't know what to do in order to specify something similar to the service. Any help would be appreciated. Regards, Simon Zeltser. Tag: SSL Security Tag: 92991
  - 14
    - Logon Message Error When I turn on my computer I get an error with a yellor triange that says "The system could not log you on. Make sure your User name and domain are correct then type your password again. Letters in passwords must be typed using the correct case." I have been able to continue by hitting "enter" but this has prevented me from doing many things administratively. I tried to fix this with a CompRule back in April of 2006 (I could give you a case # if it would help)but it lasted a month until I turned my computer off and rebooted and it started all over again. I don't know what I did, I am virtually afraid to do anything to my computer and it seems when I do I seem to mess it up pretty well. I have Widows XPSP2, NortonSecurity&AntiVirus. One husband and one 14 year old and they think I'm the one who is the best to fix the problems when something goes wrong - I'm the mom-this is way over what I want to do or understand and I am way over frustrated with it always giving me error messages and not letting me logon and telling me this isn't my computer, it has been in this same spot for five years This problem has been the same for over a year but a friend said that maybe it is why I can't do things like download the Adobe Flash Player and some other files that my son sends me that I can't see on my email. I don't know but I would really like some help with this so that I can use my computer properly. If anyone can help let me know. Thank you in advance. Ginny. -- ginnyduemler Tag: SSL Security Tag: 92983
  - 15
    - Disabling Proxy Settings in IE6 through Group Policies I would like to know if there is a way I can disable users for entering in any proxy information within IE6. I know that I can remove the connections tab but I just would like to grey out all fields in the proxy area. Hope this makes sense. Any help would be great Thanks, Rollinwest Tag: SSL Security Tag: 92977
  - 16
    - PKI - invalid policy When I try to get a certificate I get the following error message: The certificate has invalid policy. Error construction or publishing certiviface invalid application policies: 1.3.6.1.4.1311.10.3.4 This happes with all of my certificates just different OIDs. Thanks, Ed Tag: SSL Security Tag: 92976
  - 17
    - Moving Certificate Services Hello I have an issue where i need to move my Certificate Services to another computer as the one that it is currently on is going to be de-commisioned / reinstalled. I can only find information on the moving of the certificates when keeping the same server name as the one that is curently there. Unfortunately, i do not have this. I am moving from SERVER01 to SERVER02 SERVER02 needs to remain named this for other purposes and SERVER01 is going to be renamed SERVER03 and going to be in another physical location with a different operating system installed. Can anyone point me in the direction of a useful document etc for this Regards Gareth Collins Tag: SSL Security Tag: 92975
  - 18
    - is this Hexi-, Deci- or IS4v adresses http://0000000000330.211 I have received several email messages (showing free (gmail) return addresses). I got no response from the OL group. They have an odd looking http address in the body of the email. I do not click on such things, But I actually do not know what this kind of link is, or what it might do. There are a couple of variations, such as this: <A href="http://0000000000330.211.0x0000000009E. 000000000000000000174"> or <a href="http:// 0x00000000000D8.00000000000323.0x000000000000000000000009E. 124"> or <a href="http://0000000000330.211.0x0000000009E. 000000000000000000174"> It looks like a loopback, a physical memory address, or some port, an executable. Or is this Hexi-, Deci- X n base IP address. I am not sure where else to post this type of question. Thanks for your assistance. -- Respectfully, Roger Howland RogerH@theJobDr.com.(noSPAM) Tag: SSL Security Tag: 92962
  - 19
    - How to have system service to access network I have a VB app that i runs from a LocalSystem service with CreateProcessAsUser: The app gets the token of the service so it runs under LocalSystem too. When i call in my app that as said run from the Localsystem service to: WNetAddConnection2, i get error 1312 (ERROR_NO_SUCH_LOGON_SESSION) In my opinion since a LocalSystem service does not have access to network. Can i make the app that run from the LocalSystem service to access Network so that WNetAddConnection2 will work? I run it on XP pro and Vista - same problem. (The app and The service must keep running under LocalSystem - i do not want to change that) Thanks! Tag: SSL Security Tag: 92961
  - 20
    - Disable Proxy settings in Internet explorer through Group Policies I would like to know if there is a setting within Group policy that will allow me to disable the LAN settings so users cannot change our proxy server in order to bypass. Any help would be great! Thanks! Tag: SSL Security Tag: 92955
  - 21
    - Infection via Website There's a website I know of... as soon as you visit it, your anti- virus (AVG in my case) starts setting off warnings. The site is clearly trying to install spyware/viruses (apparently it is well known for doing this). As someone studying to become an MCSE I am curious in the specifics of how the site is trying to infect computers. IE: is it using java to do this? Active x? applets? scripts? I know it manages to get a few files onto my harddrive (the files being on my harddrive are what actually triggers the AVG warnings). How does it activate those files and get them running in memory/startup? Can Active X/Java/etc/etc make changes to your registry? Do you fully need to turn off these IE settings to be truly safe? etc etc... If anyone could give me some very basic info, or point me to some good (brief & to the point) links, it would be much appeciated. Thanks in advance Tag: SSL Security Tag: 92953
  - 22
    - DRA certificate on smartcard - vista I configured a gpo to allow efs exclusively with smartcards on a vista box in a windows 2003 domain with a single domain running win2k3 sp1. The DRA is also using an EFS recovery certificate that is on a smartcard. I use the same box both for the user encrypting the file and the DRA trying to recover/restore the file. When I try recovering the file with the DRA designated user I'm prompted to insert a smartcard but when I inset the DRA smartcard I get a error message stating that the "wrong card is inserted." When I insert the user's card everything works fine. Checking the file encryption properties lists the designated DRA certificate as the recovery certificate (certificate thumbprint) as detailed in the appropriate admx file Any Ideas? -- Yariv Bashan MSecurity Tag: SSL Security Tag: 92952
  - 23
    - Password Protect Hard Drives Hi, last year i was doing something and i somehow managed to put a password on each of my installed hard drives and every time i wanted to access one it would ask me for a password before opening the drive. it was perfect but at the time i didn't really have a use for it. i do now but i don't have a clue now how i did it. i'm wondering if anyone knows what i'm referring to and where i may get information on how to do this again. what's happening now is i am sharing my wireless router and users are able to see my files because i myself share between my laptop and desktop and i want to prevent others from being able to access my files without killing their connection to the internet. thanks everyone. eric6556 Tag: SSL Security Tag: 92949
  - 24
    - 560 Errors I've applied a GPO with locked down NTFS permissions. I'm receiving 560 failure log events on numerous .dll files located in the Windows\System32 folder. I grant full access to the accounts having problems (network service, local service, and domain service account) and verify through the effective permissions tab that the accounts have full access to the dlls. I keep receiving the 560 errors, but it appears my application (WSS 3.0) works properly despite the dozens of 560 object access errors. Am I missing something? Tag: SSL Security Tag: 92946
  - 25
    - AVS and Firefox in hidden mode? A scan with Gmer last version of a machine running genuine Windows XP Home Edition with SP2 installed showed two ***hidden*** processes belonging to Active Virus Shield and Firefox. Here are the pictures: http://img363.imageshack.us/img363/3492/gmer01lg8.jpg http://img117.imageshack.us/img117/7841/gmer02ib2.jpg Is that normal or should we worry? Thank you very much. Giulio - Rome Tag: SSL Security Tag: 92943

IS x.509 certificate the same as Public/private key pair?
--
Arne Garvander
Certified .Net Geek
Professional Data Dude

Re: SSL Security by jwgoerlich

jwgoerlich
Wed May 16 13:32:37 CDT 2007

> IS x.509 certificate the same as Public/private key pair?

Almost yes. There are many ways to do public-private key exchange, of
which x.509 is one. An x.509 certificate contains the public key and
associated metadata. Unless explicitly created as such, the
certificates do not contain private keys.

Regards,

J Wolfgang Goerlich

Top

Re: SSL Security by Anne

Anne
Wed May 16 13:44:59 CDT 2007

Arne <Arne@discussions.microsoft.com> writes:
> IS x.509 certificate the same as Public/private key pair?

identity x.509 digital certificates from the early 90s were frequently
overloaded with personal information and eventually realized to
represent a significant privacy and liability hazard.

digital certificates were introduced to solve a problem in the OFFLINE,
electronic world ... somewhat analogous to the letters of
credit/introduction from the sailing ship days (and before) where the
relying party had no prior information about the party they were dealing
with and no way of directly contacting any responsible party.

an example of the offline, electronic scenario is the email environment
from the early 80s ... where there would be a dial-up to local
electronic post-office, exchange email, and then hang-up. then when
dealing with first time email from total stranger, the recipient had no
way of determining what they were dealing with. digital certificates
could provide trusted distribution of information about the stranger.

one of the pieces of trusted information distributed in this offline
environment could be the stranger's public key ... allowing the
recipient to verify any digital signature generated by the stranger
(with their private key).

another proposal from the early 80s for means of (real-time) trusted
distribution of public key can be found in this old email:
http://www.garlic.com/~lynn/2006w.html#email810515

other discussions about real-time distribution of public key (and
other information) can be found in these collected posts referencing
a "catch-22" situation for the SSL digital certificate certification
authority industry (something they need to improve their integrity,
but at the same time could result in obsoleting the need for them)
http://www.garlic.com/~lynn/subpubkey.html#catch22

and other collected past posts about SSL digital certificates
http://www.garlic.com/~lynn/subpubkey.html#sslcert

Top

Re: SSL Security by S

S
Thu May 17 03:51:26 CDT 2007

X.509 certificate is the public key signed by a CA.

--
Svyatoslav Pidgorny, MS MVP - Security, MCSE
-= F1 is the key =-

* http://sl.mvps.org * http://msmvps.com/blogs/sp *

"Arne" <Arne@discussions.microsoft.com> wrote in message
news:B63B1595-6D62-404C-83FD-5787413C6FA5@microsoft.com...
> IS x.509 certificate the same as Public/private key pair?
> --
> Arne Garvander
> Certified .Net Geek
> Professional Data Dude

Top