Virtual Task Force Nabs 565 Cyber Criminals

TheMSsForum.com: The Microsoft Software Forum

The MSS Forum ‹ Security
- Archive
  - Biz
  - MCSE
  - CRM
  - Drivers
  - Framework
  - ADO
  - ASP
  - Compact
  - Forms
  - Dotnet
  - C#
  - VB
  - FontpageGen
  - Excel
  - WorkSheet
  - Exchange
  - Setup
  - Fox
  - Fontpage
  - ASP
  - IIS
  - Entourage
  - Money
  - Messanger
  - PocketPC
  - Powerpoint
  - Project
  - Publisher
  - Excel
  - VB
  - Security
  - Portal
  - Services
  - SQLServerDev
  - SVCS
  - SQLServer
  - VB
  - VC
  - MFC
  - ExcelGen

- Previous
  - 1
    - Security: Network Admins vs. SQL Programmers I'm not 100% sure where I need to post this, but to me, this is a security question, so I'll start here. I have just started working for a new company and came in a huge scuffle between Network Admins and SQL Programmers. The problem is the programmers want full administrator control on the sql server, but the network admins refuse to give it to them stating they don't need it. My question for the group is, what (if any) kind of access do SQL programmers need on the SQL server? (Ie: do they need administrator priv, power users, std. user, etc) This question is not related to database access, that is a different issue. This is about thier domain account rights to the SQL server. Tag: Virtual Task Force Nabs 565 Cyber Criminals Tag: 84723
  - 2
    - Password Policy for remote users Hi experts I would like to get some clarification and advise. I have 2003 domain with 30 in office users and 10 remote users (VPN only, OWA, POP3). I'm trying to enforce a Password policy for office users only. What is the best way? I'm planning to to do the following steps: 1. Edit GPO to inforce password policy at user configuration level. 2. Check "password never expires" in the account property for remote users 3. Change remote users passowrd to more complex. Is it secure way to do it? how can I enforce to change password on next logon? will remote user password ever expire? I do not want those pepople to be effected... I prefer not to crate a separate OU for remote users because I have AD structured based on peoples roles. Thank you Tag: Virtual Task Force Nabs 565 Cyber Criminals Tag: 84722
  - 3
    - Share Creation Event ID I am trying to audit the creation of shares and I haven't been able to get the security log to notice this. Anyone know how to do this? Thanks. Tag: Virtual Task Force Nabs 565 Cyber Criminals Tag: 84718
  - 4
    - Security Center detects uninstalled McAfee software My Windows Security Center still thinks that I have McAfee Personal Firewall Plus and Virusscan installed on my machine despite the fact that I have already uninstalled them. It's giving me a huge headache too, because it prevents me from changing my firewall settings so I can connect an XBox 360 to my MCE PC. McAfee has removal tools, but they haven't helped, and I've even edited out all the registry keys, but Security Center still thinks they are there. Any way to reset my security center? Tag: Virtual Task Force Nabs 565 Cyber Criminals Tag: 84715
  - 5
    - Security Defects What are the threats posed by RPC (Remote Procedure Call) and by DCOM in XP SP2 ? (well if there are any !!) Tag: Virtual Task Force Nabs 565 Cyber Criminals Tag: 84714
  - 6
    - Null Sessions Hi groups, I was doing vulnerability testing on our windows systems and found out most of the systems have NULL sessions enabled on them. I want to get rid of them but the problem is that we have over 150 systems and can't go and disble these sessions manually. Since we have Windows 2003 infrastructure i want to know how to diable NULL sessions using group policies ? Any help will be appreciated. Thanks, Tornado. Tag: Virtual Task Force Nabs 565 Cyber Criminals Tag: 84713
  - 7
    - Microsoft Windows Impersonation Privilege Escalation Weakness "Microsoft Windows is susceptible to a weakness that may allow attackers to gain elevated privileges. This issue is due to the ability of services to impersonate clients after they have authenticated." http://www.securityfocus.com/bid/18008/discuss Im Tag: Virtual Task Force Nabs 565 Cyber Criminals Tag: 84711
  - 8
    - Veterans Affairs warns of massive privacy breach "The U.S. government warned on Monday that a database containing sensitive information about veterans and their families had been stolen, after an employee violated policy and brought the data home." http://www.securityfocus.com/news/11393 Imhotep Tag: Virtual Task Force Nabs 565 Cyber Criminals Tag: 84710
  - 9
    - Targeted trojan attacks via Word flaw "A U.S. company is among the apparently small number of victims specifically targeted by a malicious group using a previously unknown vulnerability in Microsoft Word." http://www.securityfocus.com/brief/213 Imhotep Tag: Virtual Task Force Nabs 565 Cyber Criminals Tag: 84709
  - 10
    - Please read on... Just wanted to let everyone know of this 'cool little tool (http://ipowl.com/). Ideas would be appreciated - eapr ----------------------------------------------------------------------- Posted via http://www.webservertalk.co ----------------------------------------------------------------------- View this thread: http://www.webservertalk.com/message1524923.htm Tag: Virtual Task Force Nabs 565 Cyber Criminals Tag: 84705
  - 11
    - possible system intruder XP I was at work and checked my e-mail on my laptop there was a new mail message to me from my home computers hard drive (the home computer was on, no one was home) the subject line read short joke and the text of the message read check it out and it had half of my password, next there was a hyperlink to a site. I dont know where to start protecting Tag: Virtual Task Force Nabs 565 Cyber Criminals Tag: 84704
  - 12
    - Windows applications aren't installing from Group Polcies? Hello: Just recently, I had setup another OU for computers, and I enabled loopback processing for machines. The machines are part of a SBS 2003 domain. All machine properly process the OU on the machine, but only install an application that I assigned (anti-virus), but they don't install other application, i.e., Outlook 2003 and Fax Transport Protocol. I don't see any suspect in the event logs, but the applications don't install anymore. Is there something different for machines when assigning applications? Thanks, --TJ Tag: Virtual Task Force Nabs 565 Cyber Criminals Tag: 84701
  - 13
    - network with bandwidth problems need help please. Thanks for any help here, i have a network with 2 Server 2000 and 60 workstation, Windows 2000 and windows XP Pro. we are running a database called Visual Fox Pro 9.0 , we have security cameras that monitor 25 places on the building , now the way to display this cameras are over the TCP/IP , so we have a computer setup with LCD monitor to display this cameras not all of them only 6 , the computer works for a few days some times but some times the software for the cameras called "network viewer" does not respond, i called tech support for the product and they say is not their software , well i now is not the computer so , may be a Bandwidth problems We have 10/100 MB network. Have you guy seen a problem like this ??/.how can i test my network bandwidth, do i need to purchase a software, I really need help here I have never seen a problems with the bandwidth .. Thanks for any help here. Ronald M. Tag: Virtual Task Force Nabs 565 Cyber Criminals Tag: 84697
  - 14
    - Windows Defender I can not get the Windows Defender application to successfully update ever. It says it is connecting to the internet to aquire new definitions but it always fails generating the following error message Defender was unable to complete the upload: 0x80072efd. I have followed the instructions provided by Microsoft to resolve the issue but the fix does not work any ideas? Tag: Virtual Task Force Nabs 565 Cyber Criminals Tag: 84689
  - 15
    - Certificate problem with Windows Server 2003 Hi all, I'm trying to set up a RADIUS authentication method using 802.1x in a test lab, although I'm having a problem with certificates I wondered if anyone could help please. I have : an IAS (Internet Authentication Service) server, an IIS (web) server, a Domain Controller and a test client. All the above are Win Server 2003 except the client which is XP Pro, and are all in a test domain. My problem is that I don't want to use the Domain Controller as the Certification Authority, so I've installed CA on the web server, and given it relevant permissions. Now when I request a certificate for the computer account of the IAS server, I get the error "There are no trusted certification authorities available, You do not have permissions to request certificates from the available CAs, or the available CAs issue certificates to which you do not have permissions." The IAS server which I'm trying to request a certificate for has the Trusted Root Certificate from the CA server (the web server) in it's Trusted Root Certificates store. Now I'm logging in as an Enterprise Admin everytime I log in to any computer, so I wouldn't have thought its permissions. I'd be most grateful if anyone could help Tag: Virtual Task Force Nabs 565 Cyber Criminals Tag: 84688
  - 16
    - Same name for workgroup and AD domain? We have some machines on our network that belong to a workgroup with the same name as our Windows AD domain. Are there any security issues that may affect our domain controllers if a workgroup with the same domain name exists? Thanks, Kurt Tag: Virtual Task Force Nabs 565 Cyber Criminals Tag: 84685
  - 17
    - Its all about my Antivirus Well it seem that my antivirus is responsible for blocking the windows of gathering my IP Address.... The story goes by installing SP2 of winXP.... When I havent yet installed my antivirus the windows and my lancard successfully gathers my IP address but when I installed my antivirus software the problem goes.. First I thought that the problem is my Lan Card but by doing a little experiment I figure out who the real problem or what is causing this problem.... Im using a Panda Internet Security 2005 as an AntiVirus Software.. My question is what should I do??? Should I replace my current antivirus or is there another step in solving this problem of mine.... I hope answering this question should help me and others who are experiencing the same type of scenario.... Thanks Tag: Virtual Task Force Nabs 565 Cyber Criminals Tag: 84684
  - 18
    - MS03-033 Hi, nach der Installation des Patches (http://support.microsoft.com/kb/823718/de) per SUS, erscheint nach jedem Neustart des Rechners erneut die Aufforderung, dass der Patch installiert werden soll. System: Windows XP Prof. SP1 Wei=DF jemand Rat? Tag: Virtual Task Force Nabs 565 Cyber Criminals Tag: 84680
  - 19
    - MS Antispyware Leftovers Hi All, Is MS Antispyware and Windows Defender two separate applications so that the newer version does not depend on any files from the older version. I have a folder and several subfolders for MS Antispyware still listed in my program files folder after upgrading to Windows Defender. Can it and all references to it be deleted? Defender seems to be working fine and I didn't want to mess up anything by deleting something it depends on in MS Antispyware. TIA Ron Bee Tag: Virtual Task Force Nabs 565 Cyber Criminals Tag: 84668
  - 20
    - Encryption for Powerpoint? Hi, Caveat: I have no idea how this cool stuff works. I have MS Powerpoint presentations I want to have someone show for me in my absence. However, I'm not willing to share! I can convert the PP into a .exe file, so my specific needs are: 1. Seperate user and administrator passwords 2. User password is only good for 1-2 file showings 3. File becomes unusable after a set amount of time. Any suggestions? Thanks, CR Tag: Virtual Task Force Nabs 565 Cyber Criminals Tag: 84659
  - 21
    - DNS security question Hi, Is it considered a good security practice to not allow DCs making direct DNS requests to Internet? I have read about different DNS responses attacks that can help an attacker to take control of the DC via an incorrect DNS response (buffer overflow etc.). Would it be more secure to use DNS forwarders? If yes, where we should place them? Into DMZ? Thank you Tag: Virtual Task Force Nabs 565 Cyber Criminals Tag: 84658
  - 22
    - IPSEC and ICMP I have a GPO that implements the Server (Request Security) IPSEC setting. Pretty much everything works except PING. When I try to PING from one server to the another, I get the 'Request Timed Out' message. My understanding is that this policy has a setting that allows ICMP packets to be sent unsecured so I don't understand why the PING is failing. TIA Tag: Virtual Task Force Nabs 565 Cyber Criminals Tag: 84652
  - 23
    - Constant Ping From Domain Controller I help administer a small network with 3 windows 2003 domain controllers, each in a different subnet connected by T1 frame relay. The problem I am seeing is there is a constant ping from the Master Domain controller in the main office too the other domain controllers in the two remote offices. I have gone through the task manager and cannot locate what may be the source of these pings. Does anyone know if this is part of the 2003 active directory sync or keepalive? The pings have me worried there may be something on the server. Any help or direction provided will be greatly appreciated. Tag: Virtual Task Force Nabs 565 Cyber Criminals Tag: 84650
  - 24
    - CryptoAPI CSP Availability I recently set up a new system with WinXP Pro SP2 and discovered that algorithms under Outlook didn't include SHA1 or 3DES... which I'm required to use under for a customer. I'm pretty sure the set of suported algorithms is from the CryptoAPI, and so the theory is that I can install additional CSPs. I recall doing this under prior versions of Windows with the "High Encryption Pack". However, I can't seem to find any MS download or product that will do this for XP. I found a list of the MS CSPs defined for the CryptoAPI at the following: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/seccrypto/security/microsoft_cryptographic_service_providers.asp Any suggestions or pointers? Chris B. sends/ Tag: Virtual Task Force Nabs 565 Cyber Criminals Tag: 84644
  - 25
    - Record of when last login occurred on an XP workstation I have a computer in our office that was already logged in when the user came in. I am trying to find out when the computer was logged ini to see if someone was using it at night to read the person's email. Does anyone know where I can find a log of when it was logged in last? Tag: Virtual Task Force Nabs 565 Cyber Criminals Tag: 84643
- Next
  - 1
    - In windows domain,if 'domain user' group has been remove from the what is the impact? Tag: Virtual Task Force Nabs 565 Cyber Criminals Tag: 84637
  - 2
    - SMAC 2.0 MAC Address Changer is released! =============================== SMAC 2.0 - MAC Address Spoofer =============================== SMAC 2.0 URL: http://www.klcconsulting.net/smac SMAC 2.0 is released! SMAC is a powerful, yet an easy-to-use and intuitive Windows MAC Address Changer which allows users to spoof MAC address for almost any Network Interface Cards (NIC) on the Windows 2000, XP, and 2003 Server systems, regardless of whether the manufacturers allow this option or not. ================== SMAC 2.0 Features: ================== - Change MAC Address with 3 clicks: --- Click to select a network adapter --- Click "Random" to generate a MAC Address to spoof --- Click "Update MAC" to change and activate new MAC Address - Protect your personal privacy by hiding the real MAC Address of your Network Adapters - Easy, intuitive, and user-friendly GUI for viewing and changing MAC addresses - Allow users the option to set the network adapter to automatically restart after MAC Address spoofing, or manually restart - Displays the following information of your Network Interface Card (NIC) o Device ID o Active Status o NIC description o NIC Manufacturer o Spoofed status (Yes/No) o IP Address o Active MAC addresses o Spoofed MAC Address o NIC Hardware ID o NIC Configuration ID - Displays the Network Adapter manufacturer associated with the New Spoofed MAC Address - Allow users to generate random MAC Addresses for spoofing - Allow users the option to display detailed information of all available adapters, or ONLY the active network adapters - Allow users to display Network and IP Configuration (IPConfig) information with 1 button click - Allow users to view up to 10 Most Recently Used (MRU) MAC Addresses and select a new Spoofed MAC Address directly from the MRU list - Allow users to load a MAC Address List and choose New Spoofed MAC Address directly from the list (Professional Edition only) - Allow users to create comprehensive reports on Network Adapter details (Professional Edition only) - Built-in logging capability allows users to track MAC address change activities (Professional Edition has the option to turn-on or turn-off this option) - Remove spoofed MAC Address to restore original MAC Address SMAC URL: http://www.klcconsulting.net/smac ====================== Why use SMAC? ====================== -Protect Personal and Individual Privacy by cloning a different MAC Address. Many organizations track wired or wireless network users via their MAC Addresses... In addition, there are more and more wifi Wireless connections available these days, and Wireless network is all based on the MAC Addresses, therefore, wireless network security and privacy is all about MAC Addresses! -Perform Security Vulnerability Testing. Penetration Testing on MAC Address based Authentication and Authorization Systems, i.e. Wireless Access Points. (Disclaimer: Authorization to perform these tests must be obtained from the system owner(s).) -Build "TRUE" Stand-by (offline) systems with the EXACTLY THE SAME ComputerName, IP, and MAC ADDRESSES as the Primary Systems. If Stand-by systems should be put online, NO ARP table refresh is necessary, which eliminates any possible ARP related issues that could cause extra downtime. -Some online Game Players (Gamers) require changing the MAC addresses to fix IP problems for some reasons... -Build High-Availability solutions. For example, some firewalls that run on multi-port NIC's (i.e. quad port NIC) require the same MAC address for every port to achieve fail-over. -Troubleshoot Network problems. ARP Tables, Routering, Switching, ... -Troubleshoot system problems -Test network management tools -Test incident response procedures on simulated network problems -Test Intrusion Detection Systems (IDS), whether they are Host and Network Based IDS. -If for whatever reason you need to keep the same MAC address as your old NIC, but your old NIC failed... -Some software can ONLY be installed and run on the systems with pre-defined MAC address in the license file. If you need to install one of these software to another system with a different Network Interface Card (NIC) because your system or NIC is broken, SMAC will come handy. However, you are responsible to comply with the software vendor's licensing agreement. -Some Cable Modem ISP's assign users the IP addresses base on the PC's MAC addresses. For whatever reason, if you need to swap 2 PC's regularly to connect to the cable modem, it would be a lot easier to change the MAC addresses rather than to change Network Interface Card (NIC). (You need to check with your ISP and make sure you are not violating any service agreements.) ==================== SMAC URL: http://www.klcconsulting.net/smac Tag: Virtual Task Force Nabs 565 Cyber Criminals Tag: 84616
  - 3
    - Publishing a Certificate Authority Enrollment site using SSL + ISA 2004 Hi. I am trying to publish a CA enrollment web site to external users using SSL and ISA 2004. I know that my site can be access through the internet if I just use HTTP, but I need to secure my site. Is there something I can look at to help me in this? TIA Tag: Virtual Task Force Nabs 565 Cyber Criminals Tag: 84615
  - 4
    - NO_CLIENT_SITE I recently started having problems with one of my servers. It keeps recording the error message NO_CLIENT_SITE in netlogon.log. The funny thing is the IP address is the machine's PUBLIC IP address, not it's private address. The machine itself has been assigned a private IP address (NAT is done in the router). The machine is on a seperate subnet from my DCs, but the subnets are routed appropriately. I can ping my internal servers IP and I can trace directly to my internal servers. Any ideas? Tag: Virtual Task Force Nabs 565 Cyber Criminals Tag: 84610
  - 5
    - Windows Defender (Beta 2): Definitions Update Problem Hi, I am using Windows Defender (Beta 2) and when I open it I see following message on home screen. â??Your definitions havenâ??t been updated in 16 days. Definitions allow Windows Defender to detect the latest harmful or unwanted software and prevent it from running on your computer.â?? There is a button in front of message â??Check Nowâ?? and I always click it. The software connects to Microsoft site and after some time displays that the definitions are updated. But I keep getting the same message. I am facing this for last 3 days and the day count started with 14. Kindly suggest a solution Thanks and Regards Vishal Kaushik Tag: Virtual Task Force Nabs 565 Cyber Criminals Tag: 84609
  - 6
    - Failure Audits in Security Log I'm getting the following warning every 2 minutes in the security log on my W2000 DC. I'm pretty sure the warning is being generated by a connection on of my users is making to a remote server to access email for another company he works for. How can I get this warning to stop? I currently have GP set to audit account logon events pass/failure and audit logon events pass/failure (I'd like to keep these settings if possible). Here is the warning message being generated: Event Type: Failure Audit Event Source: Security Event Category: Account Logon Event ID: 676 Date: 5/18/2006 Time: 11:04:25 AM User: NT AUTHORITY\SYSTEM Computer: (SERVER NAME) Description: Authentication Ticket Request Failed: User Name: username@remotedomain.com Supplied Realm Name: OUR DOMAIN.COM Service Name: krbtgt/OUR DOMAIN.COM Ticket Options: 0x40810010 Failure Code: 0x6 Client Address: 192.168.221.17 Tag: Virtual Task Force Nabs 565 Cyber Criminals Tag: 84601
  - 7
    - Remote User "Quarantine" and access control I was at a Microsoft seminar a year or two ago that covered laptop or remote user access security and how Windows Server and other Micorosoft technologies could be used to control remote user access to business LAN. They talked about being able to set up VPN access to LAN and being able to scan remote user laptop/desktop to verify whether it's patches and updates were up to date and if they were the remote user was allowed into LAN if if they were not up to date then the remote user was "quarantined" and not allowed access to the LAN until it was updated and then allowed into LAN. What is required to do this and is there any documentation on how to set this up? Thanks, Jose Tag: Virtual Task Force Nabs 565 Cyber Criminals Tag: 84600
  - 8
    - Set DCOM Permissions via Command Line Hi all ... I'm wonderring if anyone has any idea about how to (or if possible) set DCOM permissions via command line? I'm trying to script some permissions set up for new server Win 2003 OS installs and haven't had much luck finding a possible solution. Any help would be greatly appreciated. Thanks. Tag: Virtual Task Force Nabs 565 Cyber Criminals Tag: 84598
  - 9
    - "Run AS" but with restrictions Hi there, I am playing around with the "Run As" option for allowing my "limited users" access to applications that require privileges of an admin. Instead of giving them the actual Administrator password, ive created another admin "BF2" user so they can use those credentials. What I am trying to do is: Restrict the local user down to a couple applications that he can use the "run as" command on as the "BF2" user, but I can still be able to use the run as option on all applications as the "administrator" user (for when I need to run admin programs) Ill give you an example... Local User (with limited privs) called JoeBlog Administrator User used for running programs called BF2 And local administrator is Administrator. Ok, so JoeBlog wants to play Battlefield2 (for instance) but punkbuster requires the program be run with admin provileges, so Ive created a BF2 user and added it to the administrator group, and they can now run BattleField 2 as the BF2 user and all is good. I have disabled the ability to log in (to the desktop) on the BF2 user, but I would like to restrict the "Run As BF2 user" down to just the Battlefield executable and nothing else. But still be able to "Run As Administrator" on everything else (for my management). Does anyone know of a way to lock this down? Would it be something that needs to be set on JoeBlog's account or the BF2 account? I can disable the Run As command all together but then I lose the option to run Battlefield as an admin user... Cheers :) Spyro Tag: Virtual Task Force Nabs 565 Cyber Criminals Tag: 84589
  - 10
    - Flaws In XP Hi, can any one tell me why business or comapnies dnt use(or not that much) Windows XP as part of their server. Is there is any security issues, or are there some other flaws ? Thanks Tag: Virtual Task Force Nabs 565 Cyber Criminals Tag: 84576
  - 11
    - Cable ISP Hi, I'm getting cable internet access for one home computer. Will the XP Firewall be sufficient? Do i need a router for security purposes? I currently have random IP with dial-up. Is the IP static with cable? What other security issues should i be concerned about? Thanks in advance :) Tag: Virtual Task Force Nabs 565 Cyber Criminals Tag: 84575
  - 12
    - IPsec Over Tunnel I am trying to encrypt my wireless traffic with IPsec. My configuration is as follows: OpenBSD 3.8 gateway (192.168.100.20) connected to Linksys accesspoint via crossover cable. Macintosh OS X 10.4 (192.168.100.200) AirPort Windows XP SP2 (192.168.100.120) Intel PRO/Wireless 2200BG I am using isakmpd on the OpenBSD computer, racoon on OS X and ipseccmd on Windows. If I configure transport policies the setup works correctly. However, if I use tunnel, the Macintosh works correctly, but the Windows computer does not. Below are the ipseccmd commands I am using for Windows. Transport mode: ipseccmd -u ipseccmd -f 192.168.100.120=192.168.100.0/255.255.255.0 -n ESP[3DES,MD5]1800s -a cert:"C=US, S=Missouri, L=Saint Louis, O=Home LAN" -1s 3DES-SHA-2 -1k 1800s ipseccmd -f 192.168.100.0/255.255.255.0=192.168.100.120 -n ESP[3DES,MD5]1800s -a cert:"C=US, S=Missouri, L=Saint Louis, O=Home LAN" -1s 3DES-SHA-2 -1k 1800s After executing these commands, I can ping 192.168.100.20. After several "Negotiating IP Security" messages, I receive replies from the remote computer. I can ping from the OpenBSD computer to the Windows computer as well. Tunnel mode: ipseccmd -u ipseccmd -f 192.168.100.120=0.0.0.0/0.0.0.0 -t 192.168.100.20 -n ESP[3DES,SHA]1800s -a cert:"C=US, S=Missouri, L=Saint Louis, O=Home LAN" -1s 3DES-SHA-2 -1k 1800s ipseccmd -f 0.0.0.0/0.0.0.0=192.168.100.120 -t 192.168.100.120 -n ESP[3DES,SHA]1800s -a cert:"C=US, S=Missouri, L=Saint Louis, O=Home LAN" -1s 3DES-SHA-2 -1k 1800s After executing these commands and pinging 192.168.100.20 I receive several "Negotiating IP Security" messages again. However, instead of receiving replies, I now get "Request timed out". If I examine the Oakley.log file, I can see that SA is successfuly netotiated. I would expect that if firewalls or some other ICMP block was in place, that it would affect both transport and tunnel mode. Any suggestions? thanks, Michael Tag: Virtual Task Force Nabs 565 Cyber Criminals Tag: 84562
  - 13
    - Printers dont assign after GPO Security changes... Hi guys, Got a bit of a complicated one so put your thinking caps on. We've gone through recently and tightened down our Win2k3 domain (with only WinXP clients) using Group Policy. Since we have made some changes, most of which are recommended or required, clients are no longer having their printers mapped via logon script. These are the Security GPO changes made: - Domain controller: LDAP server signing requirements (Require signing ) - Domain member: Digitally encrypt or sign secure channel data (always) (Enabled) - Domain member: Require strong (Windows 2000 or later) session key (Enabled) - Network access: Allow anonymous SID/Name translation (Disabled) - Network access: Do not allow anonymous enumeration of SAM accounts (Enabled) - Network access: Do not allow anonymous enumeration of SAM accounts and shares (Enabled) - Network access: Let Everyone permissions apply to anonymous users (Disabled) As for the printers users were getting their access via the EVERYONE group. I have confirmed that as far as the Printer groups go, everyone is a member of their associated groups. The logon script says that if you are a member of that group, then map that specific printer. Since the groups arent assigned to the printers, they were naturally getting their access (previously) via the EVERYONE group. Since the above security changes, users seem to have lost their access to the EVERYONE group and the logon script is no longer installing the printers for them. I can confirm that the logon script has not changed since no one here knows VB :o) It was definitely one of the above changes. Can anyone think of which one? Thankyou Hutchy Tag: Virtual Task Force Nabs 565 Cyber Criminals Tag: 84561
  - 14
    - Backup utility I would like to use the Backup Utility in Windows XP Home. It is not preinstalled and does not appear to be included in the Installation Disc provided by Dell along with my computer. I have tried emailing Dell but each reply sends me round in circles from one "support" site to another. Can anyone tell me how I can download Backup............please? Tag: Virtual Task Force Nabs 565 Cyber Criminals Tag: 84557
  - 15
    - Microsoft Certification Authority Hi All, Just curious about something in the Microsoft Certification authority; I have a number of issued certificates that are expired or are nearing expiration, is it possible to renew the issued certificates (and how do i go about doing this? Any good articles/walkthroughs?). What I want to avoid is having to reissue the certificates to each of the clients. Is this possible? or will I have to generate new certificates and distribute them to my end users again? TIA J Brown Tag: Virtual Task Force Nabs 565 Cyber Criminals Tag: 84552
  - 16
    - Networking problem I have set up a home network between my main comp and my laptop but my laptop is saying I do not have permission to view my network path...anyone know how to alter this? -- CJB Tag: Virtual Task Force Nabs 565 Cyber Criminals Tag: 84537
  - 17
    - systemprocess locks port 21 Hi, everyone, I have to following problem: After starting the remotedesktopserver on an win2000-system the port 21 ist locked by process System:8 (found with tcpview.) The IIS runs on that machine, but the FTP-component is not installed. There is no suspicious process (other then windows) running, there is no traffic on port 21 and a telnet-login on port 21 is not possible. Any idea? Thanks in progress. Tag: Virtual Task Force Nabs 565 Cyber Criminals Tag: 84535
  - 18
    - Security feature in Microsoft's new Windows (Vista) could drive users nuts "SEATTLE - An annoying surprise awaits 2 million consumers expected to enthusiastically step forward in the next few weeks to help Microsoft test its new Windows Vista PC operating system. Volunteers will test Vista Beta 2, a near-final version of the much-hyped upgrade of Windows. The testing is the last step leading up to Vista's broad consumer release, scheduled for January. Beta 2 testers can expect to encounter an obtrusive security feature, called User Account Control (UAC). Designed to prevent intruders from performing harmful tasks, the feature grays out the computer screen, then prods you to confirm that you really want to do certain functions. In early test versions, the queries crop up so often that they interrupt routine tasks, such as changing the time clock or deleting shortcuts. And UAC sometimes triggers an endless loop of dialogue boxes that can be curtailed only by rebooting, says Paul Thurrott, news editor of Windows IT Pro magazine." http://www.usatoday.com/tech/products/2006-05-15-vista-security_x.htm?csp=34 -- Imhotep Tag: Virtual Task Force Nabs 565 Cyber Criminals Tag: 84526
  - 19
    - SBS FTP service getting slammed. We have a low IT budget. I am using FTP to backup remote computers. Someone discovered my FTP service was opened and has been hitting me with 10's of thousands break-in attempts. Usually trying the administrator user. They will probably not figure out the user name, because I have changed the admin username, but it is almost everyday. Yesterday they tried the username of "Julian" Go figure. The police here won't do anything. Neither will my ISP. Any ideas? Thanks! Tag: Virtual Task Force Nabs 565 Cyber Criminals Tag: 84512
  - 20
    - server 2000 i think some one is connecting...help..please thanks. Hi, every one, thanks for any help in advance, I have windows 2000 server, with a Juniper hardware firewall, for some reason on the last 2 weeks very strange thing has been happening, some user passwords has been changed, some new user has been created, I would like to know what kind of software I can use to protect and monitor my server for this kind of attacks. Thanks for any help here. R.M> Tag: Virtual Task Force Nabs 565 Cyber Criminals Tag: 84506
  - 21
    - Cannot login to Administrative Shares but can enumerate Hi: wk3 with xp2 clients. I can enumerate the administrative shares on all machines by giving my admin credentials. But when I try to login through \\machinename\c$, my password is not accepted. What might be the issue here? Tag: Virtual Task Force Nabs 565 Cyber Criminals Tag: 84504
  - 22
    - File permissions screwed up Hello all, I copied a data structure from folder on my server to another, using the xcopy /t command. Example "xcopy /t c:\data c:\share". Now it seems that whenever I try to assign permissions to those folders (c:\share), it tells me "access is denied". I'm trying to assign 3 different user groups access to the folder. 2 user groups need Full Access, the last group is read-only. As long as I'm the administrator on the server, I can create a file within the folder. Once I go to the workstation, no joy. Even if I sign on as Administrator, I can't create a file on that directory. It's like it killed all network access to the folder. Any ideas would be greatly appreciated... Tag: Virtual Task Force Nabs 565 Cyber Criminals Tag: 84502
  - 23
    - Remote Windows User List Disclosure Vulnerability Hi everybody, We use a tool that audit our servers in order to avoid vulnerabilities.I=B4ve a DC w2003 with the following vulnerability: Remote Windows User List Disclosure Vulnerability. That means that a null session connection to the IPC$ share was successful and NetBIOS access can be obtained with any authenticated account on that host. Therefore unauthorized users can steal the remote user list. This kind of attack is commonly exploited by users with weak passwords, such as the GUEST account. Microsoft has published this article: http://support.microsoft.com/default.aspx?scid=3Dkb;en-us;246261 The values for w2000 and w2003 are different. I=B4ve read that in w2003 in order to restrict anonymous you can only use 0 for disable and 1 for enable it. Meanwhile, in windows 2000 you have one more possible value, 2. Anyway, I=B4ve try to set it to 1 or 2 without success. I=B4ve also disabled the posibility of enumerate sam accounts and shares trought the domain controller security policy. After restarting the server I obtain again the vulnerability in that server. Any idea about this issue? Your help would be much appreciated, Regards. Victor Fdez-Pe=F1aranda Tag: Virtual Task Force Nabs 565 Cyber Criminals Tag: 84501
  - 24
    - Assign PID can i assign a PID to a process? Thank you Tag: Virtual Task Force Nabs 565 Cyber Criminals Tag: 84499
  - 25
    - signcode via proxy is there a way to get signcode go thru a proxy ? Tag: Virtual Task Force Nabs 565 Cyber Criminals Tag: 84495

565 arrested in several countries by an international "Virtual Task
Force:"

http://fraudwar.blogspot.com/2006/05/virtual-task-force-nets-565-cyber.html

Top