Has anyone ever heard of a local LSA secrets file on a Windows workstation being compromised?

TheMSsForum.com: The Microsoft Software Forum

The MSS Forum ‹ Security
- Archive
  - Biz
  - MCSE
  - CRM
  - Drivers
  - Framework
  - ADO
  - ASP
  - Compact
  - Forms
  - Dotnet
  - C#
  - VB
  - FontpageGen
  - Excel
  - WorkSheet
  - Exchange
  - Setup
  - Fox
  - Fontpage
  - ASP
  - IIS
  - Entourage
  - Money
  - Messanger
  - PocketPC
  - Powerpoint
  - Project
  - Publisher
  - Excel
  - VB
  - Security
  - Portal
  - Services
  - SQLServerDev
  - SVCS
  - SQLServer
  - VB
  - VC
  - MFC
  - ExcelGen

- Previous
  - 1
    - How does your organizations manage the local administrator account on workstations? Gurus, How does your organizations manage the local administrator account on workstations? Typically the end-users do run with "administrative" privileges, but a local admin account is needed to access a machine offline. So how is this account typically named (i.e. renamed) and password secured (i.e., complex and only a few people know it)? Then you have the problem of having to change this password on every workstation if a member of the IT staff leaves. Just looking for quick thoughts here, no long treatise on the topic is necessary! -- Spin Tag: Has anyone ever heard of a local LSA secrets file on a Windows workstation being compromised? Tag: 99342
  - 2
    - Problems with opening a file There is a Access database on one of the computers in our network. It's in a shared folder so all 5 of our PC's can access it. We have no server. All worked fine till recently when we can't open that file anymore. It happened on all of the comuters at once. When clicking on it some sort of warning pops up saying that the file is on the Internet and it's not safe to open it because of an unknown publisher. When I click to open it anyway Access starts but it says it couldn't open the file as it is outside our local intranet and cannot be opened for security reasons. I disabled our Norton firewall and windows firewall is off but it didn't make any difference. Any idea what's going on? yaro Tag: Has anyone ever heard of a local LSA secrets file on a Windows workstation being compromised? Tag: 99318
  - 3
    - VPN Client Security I'm interested in client security from the VPN. For example if a VPN is established on a client (say either via a DLL or Microsoft VPN), how does the client configure their machine to keep the server side from using the VPN to browse or copy files from the client machine? Thanks David Tag: Has anyone ever heard of a local LSA secrets file on a Windows workstation being compromised? Tag: 99317
  - 4
    - Access is denied Error - Calling CIOMD.dll objects from ASP.NET1.1 Greetings, I am getting an "Access is denied" Error when calling objects from the AdminIndexServerClass from an ASP.NET application. I use this object to perform a simple rescan on a Catalog after file are save to the local disk. This only works if the users belongs to the local Admin group. The the web site is setup to use Integrated Windows Authentication and Web.Config is set to <authentication mode="Windows"/> <identity impersonate="true"/> I have this working on an additional site but I have no clue what I did 4 years ago to solve this problem. I have tried various DCOM security settings on mssearch and played with various WMI rights along with tweaking .NET ASM Trusts but I have had no positive results... I have also exhausted searches google and yahooâ?¦there is very little on security settings pertaining to Indexing Servicesâ?¦ Anything would help at this point... Thanks for your help! JB Anything would help at this point... Thanks for your help! JB Tag: Has anyone ever heard of a local LSA secrets file on a Windows workstation being compromised? Tag: 99316
  - 5
    - Source Code Here is an article about how the NT source code was leaked and apparently even DOS source code was leaked back in the day but no one cared because it was so old. I now ask Microsoft how long will it be before Microsoft has new operating systems with new source code. Wikipedia mentions Windows 7 will use the Windows NT source code much to my dismay. How about the successor to Windows 7 will people finally get an operating system with new source code that will be a relief from the tired out code that has caused so many security problems. http://news.bbc.co.uk/1/hi/technology/3485545.stm http://en.wikipedia.org/wiki/Windows_7 Tag: Has anyone ever heard of a local LSA secrets file on a Windows workstation being compromised? Tag: 99311
  - 6
    - Problems with encrypted folder One of my clients has encrypted a ~4GB folder where he keeps all his photos on his XP PC. Problem is he reinstalled the system, formatting the system partition first. Now he can't access his photos any more. Is there any way he could get access to them again? yaro Tag: Has anyone ever heard of a local LSA secrets file on a Windows workstation being compromised? Tag: 99309
  - 7
    - VPN error 718 timeout while server event viewer grants user access In the middle of the day the VPN from clients attaching to the SBS 2003 server stopped working. They are going through a cisco 1700 router and the IAS points to the Cisco with a shared password and then uses windows AD to authenticate. The event viewer shows the authentication has been approved (user name etc.) but the remote client has a timeout error saying error 718 when verifying user name and password no timely response by the server. The server is getting its DNS name resolution and email over a DSL line. When people RDP directly to the separate Terminal Server they have no issue. That is going over a cable line. We have rebooted the server and the router w/o change. This has happened to people whether they have changed their password or not. Has this issue been addressed by a SBS SP? Has this issue arisen for anyone. Thank you. -- SFeder Tag: Has anyone ever heard of a local LSA secrets file on a Windows workstation being compromised? Tag: 99300
  - 8
    - US-Cert Update on New Attacks on Computer Infrastructure http://www.us-cert.gov/current/index.html#red_hat_releases_openssh_security {Note: Web Link may be manipulated by others and smart web surfing is encouraged like reading in plain text and blocking remote code -- Disclaimer: Poster is not responsible if someone hacks post and web link is illegally changed} Here is the information from US-Cert.gov which is a part of DHS: all below should be considered a quote ". . ." SSH Key-based Attacks added August 26, 2008 at 03:41 pm | updated August 27, 2008 at 03:41 pm US-CERT is aware of active attacks against linux-based computing infrastructures using compromised SSH keys. The attack appears to initially use stolen SSH keys to gain access to a system, and then uses local kernel exploits to gain root access. Once root access has been obtained, a rootkit known as "phalanx2" is installed. Phalanx2 appears to be a derivative of an older rootkit named "phalanx". Phalanx2 and the support scripts within the rootkit, are configured to systematically steal SSH keys from the compromised system. These SSH keys are sent to the attackers, who then use them to try to compromise other sites and other systems of interest at the attacked site. Detection of phalanx2 as used in this attack may be performed as follows: "ls" does not show a directory "/etc/khubd.p2/", but it can be entered with "cd /etc/khubd.p2". "/dev/shm/" may contain files from the attack. Any directory named "khubd.p2" is hidden from "ls", but may be entered by using "cd". Changes in the configuration of the rootkit might change the attack indicators listed above. Other detection methods may include searching for hidden processes and checking the reference count in "/etc" against the number of directories shown by "ls". US-CERT encourages administrators to perform the following actions to help mitigate the risks: Proactively identify and examine systems where SSH keys are used as part of automated processes. These keys will typically do not have passphrases or passwords. Encourage users to use the keys with passphrase or passwords to reduce the risk if a key is compromised. Review access paths to internet facing systems and ensure that systems are fully patched. If a compromise is confirmed, US-CERT recommends the following actions: Disable key-based SSH authentication on the affected systems, where possible. Perform an audit of all SSH keys on the affected systems. Notify all key owners of the potential compromise of their keys. US-CERT will provide additional information as it becomes available. US-CERT credits DFN-CERT for their contributions regarding this issue. {Note: to Microsoft only users: The above is provided as a general service announcement and although it affects Linux systems is provided here publically to raise user's awareness of how serious computer attacks are getting --- thank you for any feedback and have a great day} Also please use Microsoft's own password tool to generate stronger passwords that are safe and secure. I hope Steve Riley, MSFT will ocmment for all of us to benefit on the issue of new security and safety measures and the new source code Microsoft is slowly but surely developing. That new source code is what I am super excited about for Microsoft's future. Tag: Has anyone ever heard of a local LSA secrets file on a Windows workstation being compromised? Tag: 99285
  - 9
    - RADIUS IAS CRL CHECK We revoked a computer certification, and published a new crl with this cert. in the revocation list. However, when the workstation is turned on, it can establish a connection to the network. It seems that the IAS ignores the CRL (or doesn't check CRL at all). We know that the IAS will ignore new CRL until, that old one has expired, so we waited until the old CRL expired, and then ran the check. Moreover, we added to registery the dword "IgnoreNoRevocationCheck" and set its value to 0. It still doesn't help. If we put the workstation's certification in the 'Untrusted certificates' in the DC, we do get an error of "The certificate is revoked", yet it was only a test and definitly not a solution. My question is, how we should tell the IAS to check the new CRL, and verify the workstations' certificates? We have the IAS installed on two Domain controller Tag: Has anyone ever heard of a local LSA secrets file on a Windows workstation being compromised? Tag: 99275
  - 10
    - Standalone CA's and CRL When setting up a standalone CA on Server 2003 Standard you can select the LDAP CRL publish location but since it is not an Enterprise CA does it still publish the CRL into Active directory? Reason I ask is I created a Root CA standlone on a Server 2003 standard domain member. Then created a standalone subordinate on Server 2003 standard domain member and it complained about not being able to check the CRL when I grabed the cert from the Root. I understood this meant either the CRL isnt publihsed or not reachable. Any ideas? Tag: Has anyone ever heard of a local LSA secrets file on a Windows workstation being compromised? Tag: 99271
  - 11
    - Unable to un-encrypt a folder using Windows encryption - access de I used Windows encryption to encrypt a folder 2 years ago. Now I am unable to decrypt (un-encrypt) the folder. It says "Access Denied". I clicked on Properties-Advanced and unchecked the box "Encrypt contents to secure data". I use Verisign PKI certs that are renewed annually. I see that the old ones are still available in IE. Any ideas of how to un-encrypt the folder and files. I need to move these to a new HDD. Tag: Has anyone ever heard of a local LSA secrets file on a Windows workstation being compromised? Tag: 99268
  - 12
    - When is it OK to disable IPSec on windows 2003? I have a bunch of servers in my environment that have IPSec enabled but not configured; some of theose servers are having serious performance issues, but if I stop and disable the IPSec service, the performance issues go away. I have read some articles that say that IPSec should only be enabled if it's going to be configured, but I'm not that familiar with IPSec. I have two questions: 1. Is the statement that IPSec should only be enabled if it's going to be configured and used a valid statement? 2. What's the easiest way - besides opening the IPSec Snap-In on every server and checking for policies - to know whether or not a server is actually using IPSec policies? Thanks in advance for your help! Tag: Has anyone ever heard of a local LSA secrets file on a Windows workstation being compromised? Tag: 99262
  - 13
    - Groups We have roughly 500 offices in a single forest, single domain with no trusts. Win2003R2 Native mode. Many of our security groups are mail enabled and we also have many distribution groups. I know in Exchange 2007 these DL's must be universal but I'm wondering if these groups should be universal or glocal given our environment with Exchange 2003. And lastly can membership slow logon depending on the type of group? -- Curious Tag: Has anyone ever heard of a local LSA secrets file on a Windows workstation being compromised? Tag: 99259
  - 14
    - Windows 2000 Certificate server---->2003 3Hi, I plan to migrate my existing Windows 2000 physical server running certificate services (subordinate CA in the forest) to a VM, and then upgrade the server to Windows 2003 R2. Are there any caveats to an in place upgrade of this type? I will have to change the ip address, but the name of the server will stay the same. Is there any problems with this? Also, when I do the in place upgrade does it automatically detect that certificate services is installed and upgrade the certificate database without having to do anything else? Currently, all of 3 DC's in this child domain are Windows 2003. Any help or advice would be greatly appreciated, as I haven't gone through an upgrade of this type. Thanks in advance. Tag: Has anyone ever heard of a local LSA secrets file on a Windows workstation being compromised? Tag: 99245
  - 15
    - What exactly is the "Logon GUID"? Gurus, In the event log detail below, what exactly is the "Logon GUID" referring to? The transaction below represents a user named "TestUser" who accessed a network share on "SQLServer", from a machine who's IP address was 192.168.1.24. Event Type: Success Audit Event Source: Security Event Category: Logon/Logoff Event ID: 540 Date: 8/26/2008 Time: 2:06:10 PM User: DOMAIN\TestUser Computer: SQLServer Description: Successful Network Logon: User Name: TestUser Domain: DOMAIN Logon ID: (0x0,0x55025) Logon Type: 3 Logon Process: Kerberos Authentication Package: Kerberos Workstation Name: Logon GUID: {34942986-0087-5999-249a-e218464f6320} Caller User Name: - Caller Domain: - Caller Logon ID: - Caller Process ID: - Transited Services: - Source Network Address: 192.168.1.24 Source Port: 0 -- Spin Tag: Has anyone ever heard of a local LSA secrets file on a Windows workstation being compromised? Tag: 99242
  - 16
    - corporate encryption/security for laptops Don't know if this is the right place. If not, sorry and please point me to the right forum. Need recommendations for laptop encryption and usb too. This is for about 300-400, even more laptops in the company. Any article for product comparison will be better. Thanks. Tag: Has anyone ever heard of a local LSA secrets file on a Windows workstation being compromised? Tag: 99238
  - 17
    - Worried So, about two weeks ago a user open a "gift card" email and installed a trojan. It was detected and cleaned. However, and maybe it is unrelated, but every morning when staff arrive to work every computer is frozen. Either the screen saver is on but moving a mouse or touching a button only displays the background image or all you see is a copy of their desktop with files and folders. However there is no start bar, clicking ctrl-alt-delete does nothing. We have waited hours for some machines to shows signs of life to no avail. The only way to get them to come back is a hard boot, and even then it can take 3 or 4 of them before it comes back to life. I am stumped and don't even know what tests to run anymore. Any / All help is appreciated. One other interesting note, I did remove one workstation from the DFS redirect of their folders and it appears that they no longer lock up. I have scanned the servers, and they appear clean and there are no errors in the event logs on the DFS servers. I am posting this in the DFS discussion group as well. Please help. Thank you. Tag: Has anyone ever heard of a local LSA secrets file on a Windows workstation being compromised? Tag: 99230
  - 18
    - Event ID 675 For workstations Event ID 529 indicated a failed attempt to login to or through a workstation. Does Event ID indicate the same but when attempting to login to a Windows 2003 Server? Tag: Has anyone ever heard of a local LSA secrets file on a Windows workstation being compromised? Tag: 99229
  - 19
    - Security vulnerability scanner We have one-place branch office and we'd like to create security analysis of our services, checking procedures and make new procedures and rules. As first step we'll run Microsoft Best Practices Analyzers (for Exchange, GPO, SharePoint, SystemStateAnalyzer, ...) and follow Microsoft Instrastructure Optimization to identify our currently position in IT software and hardware world. Can you please advice any other SW / procedure to follow formal procedure and any security vulnerability scanner to check our network? Thnx. Tag: Has anyone ever heard of a local LSA secrets file on a Windows workstation being compromised? Tag: 99215
  - 20
    - Microsoft's New Program --- MAPP Will the vulnerabilities be available to security researches 3 days or less in October as scheduled for MAPP or is this scheduling still all up in the air where Microsoft chooses one of 3 points in how a patch may affect a user and/or business. I imagine you want users that work in the electronics industry and are focused on external security and internal safety issues. Please Steve Riley can you go into any more detail(s) about the upcoming Microsoft program to better educate your users and I could find only limited information about it on the 'Net where say an example was given that a business might want to first patch vulnerability 3 which let us say is moderate given its exploitability of high vulnerability in the attack vector once the patch and associated information are sent out to the public compared to vulnerability 1 which is critical but has a low exploitability rating. Tag: Has anyone ever heard of a local LSA secrets file on a Windows workstation being compromised? Tag: 99214
  - 21
    - security certificate error All of a sudden I am getting "content was blocked because it was not signed by a valid security certificate"...I am having it happen on all sites I have used and trusted including this site. Can anyone help me w/this? I am using windows xp, IE7(dwnloaded 7 to see if that would help) I checked and lowered my sec. setting on comp. and use McAFee for security ...any sugestions? Tag: Has anyone ever heard of a local LSA secrets file on a Windows workstation being compromised? Tag: 99206
  - 22
    - Don't have create access in Windows 2003 server I've run into this problem on several (but not all) windows 2003 server: When I try to create a home folder for a new user, I'm told that I (as domain administrator) don't have create access to the server, and that the folder will not be created. If I manually create it, I've had issues where the user will only have read access to their files, even when they are the owner and permissions are reset. None of this occurs with any consistency. I can't find anything at Microsoft about this. Please help. -- %20--The Final Frontier Tag: Has anyone ever heard of a local LSA secrets file on a Windows workstation being compromised? Tag: 99195
  - 23
    - Is DNSSEC supported by Windows? Is the Windows XP DNS resolver able to check the validity of the DNS data using DNSSEC? Is this feature turned on by default? And does the Windows Server support DNSSEC for publishing the public DNS records? Tag: Has anyone ever heard of a local LSA secrets file on a Windows workstation being compromised? Tag: 99193
  - 24
    - email notification patches and security updates Hello All, Are there subscriptions from Microsoft for security related patches and updates which will notify you automatically through email? I know this may seem like a silly question. Thanks, Altria Tag: Has anyone ever heard of a local LSA secrets file on a Windows workstation being compromised? Tag: 99191
  - 25
    - Security discussion regarding hubs, firewalls, anti-virus and Vista Security discussion These are a very basic set of questions. Possibly there is an article on the web that someone can point me to that fully addresses each of these: What security protection should I expect from: a wireless hub/router a software firewall a software anti-virus, anti-trojan program the security built into Vista The reason I ask this is that I have a Linksys wireless hub with a WEP code activated and I also had Zonealarm with Windows XP. I had my files shared. I thought that the wireless hub should provide hardware based security from anyone being able to "look" at my files and anything behind the hub. I found that Zonealarm was giving me a lot of warnings of malware and other outside people finding me and trying to access my computer and that Zonealarm was stopping this. I don't understand the Linksys hub's capabilities well enough to not ask "why was the hub not keeping these outside intruders out?". I now have Vista and the security it provides is suffocating. I have a hard time accessing my own files on other computers on my network and you need an ADVANCED IT degree to work around it. I would think that you could provide a secure "knock'em dead" firewall with a Linksys hub that would allow you to be "naked" behind the firewall so you did not have to deal with security at all once you were safe behind the Linksys firewall. I think this shows why I need to learn all I can so I don't leave my UAC off (which it is right now). microsoft.public.security Tag: Has anyone ever heard of a local LSA secrets file on a Windows workstation being compromised? Tag: 99186
- Next
  - 1
    - Update on website attacks in Georgia and Russia It's very easy to think that this conflict is happening a long way away from our own countries, and doesn't affect us. But that's wrong. The denial-of-service attacks that are striking websites in the region are being relayed through innocent people's computers all around the world. Your Aunty Hilda's computer, which may normally be pumping out Viagra adverts, could today be engaged in a DDoS attack. In other words, you may unwittingly be taking part in a cyber war. So, make sure your computers are properly defended with anti-virus software, security patches and firewalls. And lets all hope that the current military conflict comes to a speedy and peaceful resolution. Posted on August 12th, 2008 by Graham Cluley, Sophos http://www.sophos.com/blogs/gc/g/2008/08/12/update-on-website-attacks-in-georgia-and-russia/ Tag: Has anyone ever heard of a local LSA secrets file on a Windows workstation being compromised? Tag: 99183
  - 2
    - Web attacks explained: SQL injection - the biggest threat on the web Sophos experts have produced a free podcast offering administrators and web surfers advice on how to safeguard themselves against becoming a victim from SQL injection, where malicious and automated code attacks poorly configured database-driven websites. Learn more from the experts and listen to this free podcast to understand the threat better. http://www.sophos.com/news/2008/08/sql-podcast.html Tag: Has anyone ever heard of a local LSA secrets file on a Windows workstation being compromised? Tag: 99182
  - 3
    - EZI_HTTP_NETDEV_DISCOVER Hi I have spent quite a bit of effort trying to get a handle on IIS log entries that contained this user agent signature EZI_HTTP_NETDEV_DISCOVER. They failed, since the server does not allow anon access, and generated security log entries of event = 529, with null user, and roving IP dresses. It looks like a nasty, but it's not, I'm posting here so as to save future searchers the hassle, hopefully google will pick it up soon. David L. www.rabboar.com www.rbqaeng.com From a post on the LinuxQuestions.org it turns out that it's: Hi, my name is Scot Zarkiewicz and I am the CEO of SingleClick Systems. We are the manufacturer of the tool that is in question in this thread. I wanted to quickly describe to people what they are seeing. Dell Network Assistant (AKA: HomeNet Manager, Network Now, Network Now Pro!) is a Home Networking tool that provides, as one of its capabilities, a Network Scan feature, to detect all the devices that are connected to the Home Network. When we find a device we do probe port 80 to see if that device is exposing a management interface. This actually provides for a very useful function to less technically savy customers who may not know how to open a management interface to a device such as a print server. Additionally we do probe the router to determine what type of device the user has, and provide one click access to this device as well. The URL that is mentioned above is used for Internet Health monitoring to determine when the user has lost their connection to the Internet (and take corrective action to resolve that problem.) I wanted to reassure the readers of this message board that the network traffic generated by our applications is not meant to be harmful in anyway, and is only taking place to give the more novice user a simpler way to setup and manage their Home Network. If there are additional questions or concerns about this topic please don't hesitate to contact me directly at: scotz@singleclicksystems.com Tag: Has anyone ever heard of a local LSA secrets file on a Windows workstation being compromised? Tag: 99177
  - 4
    - Windows 2003 Server R2 Std Edition - Get erro 619 when trying to V I have a Windows 2003 Server R2 Std Edition (fully patched). I created a VPN connection to a remote VPN server using L2TP and IPsec and it was working, however now, I always get error 619 when trying to connect. I've created this VPN connection on an XP Pro SP2 machine on the same LAN and it connects successfully. Where is Windows 2003 Server R2 preventing this and how can it be adjusted? Thanks, Hemmy Tag: Has anyone ever heard of a local LSA secrets file on a Windows workstation being compromised? Tag: 99159
  - 5
    - uebergroessen versand jeans in uebergroessen stiefel uebergroessen damenmode uebergroessen uebergroessen in berlin uebergroessen versand jeans in uebergroessen stiefel uebergroessen damenmode uebergroessen uebergroessen in berlin +++ UEBERGROESSEN KAUFEN +++ UEBERGROESSEN ONLINE BESTELLEN ++ http://WWW.UEBERGROESSEN-KAUFEN-24.INF http://WWW.UEBERGROESSEN-KAUFEN-24.INF http://WWW.UEBERGROESSEN-KAUFEN-24.INF http://WWW.UEBERGROESSEN-KAUFEN-24.INF http://WWW.UEBERGROESSEN-KAUFEN-24.INF http://WWW.UEBERGROESSEN-KAUFEN-24.INF +++ MAENNERKLEIDUNG KAUFEN +++ MAENNERKLEIDUNG ONLINE BESTELLEN ++ http://WWW.MAENNERKLEIDUNG-KAUFEN-24.INF http://WWW.MAENNERKLEIDUNG-KAUFEN-24.INF http://WWW.MAENNERKLEIDUNG-KAUFEN-24.INF http://WWW.MAENNERKLEIDUNG-KAUFEN-24.INF http://WWW.MAENNERKLEIDUNG-KAUFEN-24.INF http://WWW.MAENNERKLEIDUNG-KAUFEN-24.INF http://WWW.MAENNERKLEIDUNG-KAUFEN-24.INF +++ DAMENKLEIDUNG KAUFEN +++ DAMENKLEIDUNG ONLINE BESTELLEN ++ http://WWW.DAMENKLEIDUNG-KAUFEN-24.INF http://WWW.DAMENKLEIDUNG-KAUFEN-24.INF http://WWW.DAMENKLEIDUNG-KAUFEN-24.INF http://WWW.DAMENKLEIDUNG-KAUFEN-24.INF http://WWW.DAMENKLEIDUNG-KAUFEN-24.INF http://WWW.DAMENKLEIDUNG-KAUFEN-24.INF http://WWW.DAMENKLEIDUNG-KAUFEN-24.INF http://ibm-news.for-um.de/showthread.php?t=1493 http://www.gamesforum.ca/showthread.php?t=31174 http://viagra.learnerblogs.org uebergroessen mannheim bademoden uebergroessen uebergroessen koeln schuhe uebergroessen hamburg herrenmode in uebergroessen anzuege uebergroessen ballerinas in uebergroessen herrenschuhe uebergroessen damenmode uebergroessen mode uebergroessen herrenschuhe in uebergroessen uebergroessen kinder uebergroessen models bademoden uebergroessen high heels uebergroessen unterwaesche uebergroessen kleider in uebergroessen kindermode uebergroessen uebergroessen duesseldorf betten uebergroessen sicherheitsschuhe uebergroessen uebergroessen onlineshop uebergroessen models weingarten uebergroessen bekleidung in uebergroessen uebergroessen models uebergroessen hannover uebergroessen online uebergroessen kinder ballerinas uebergroessen abendkleider uebergroessen t shirts in uebergroessen uebergroessen nuernberg umstandsmode uebergroessen uebergroessen koeln maennermode uebergroessen Tag: Has anyone ever heard of a local LSA secrets file on a Windows workstation being compromised? Tag: 99111
  - 6
    - Preferred RootKit detection/removal tool? Gurus, I know Symantec offers RootKit detection tools, as does Panda Security, F-Secure, to name a few. However, this is addressed to those of you in this newsgroup, which of those do you prefer to use "out in the field"? -- Spin Tag: Has anyone ever heard of a local LSA secrets file on a Windows workstation being compromised? Tag: 99110
  - 7
    - Giving admins Local Admin to DC's not Domain Admins Hi guys I have a requirement to be able to let certain sets of administrators the ability to login to domain controllers with out permissions over the whole domain. Althought I can give the users PowerUser or LocalLogon rights via making a domain security group a member of the PowerUser or LocalLogon group there does not appear to be a local admin group on DCs. Can you with Server 2003 give a user just local admin to a DC without DA rights??? Tag: Has anyone ever heard of a local LSA secrets file on a Windows workstation being compromised? Tag: 99095
  - 8
    - PdhConnectMachine from a Service Hi, This has been posted before, but I could not find a proper resolution or explnantion for what I am seeing. I have an app that performs a PdhConnectMachine in order to monitor a remote machines performance counters. This app runs as scheduled task under the SYSTEM account. Prior to calling PdhConnectMachine, it calls WNetAddConnection2 in order to create a connection, which I think PdhConnectMachine uses to connect. WNetAddConnection2 has a user and password supplied to it externally. This works fine on a number of machines here at the office, but does not work on a remote site. PdhConnectMachine fails with PDH_CSTATUS_NO_MACHINE. However, WNetAddConnection2 always succeeds. Also, if the same app is run directly by a user (i.e. a login other than SYSTEM), the app succeeds. The fact that it works in some cases seems to imply that this is not some inherent issue with using the SYSTEM account to perform these actions. Are there some network security settings IT administrators can apply that would cause this? Or perhaps there are some other security settings which could cause this to fail for some machines, but not for others? Thanks! Tag: Has anyone ever heard of a local LSA secrets file on a Windows workstation being compromised? Tag: 99094
  - 9
    - Service accounts with password expiration The corporate auditing requires that all accounts' passwords expire, including service accounts. Questions: 1. Is it really a security recommendation? 2. Is there an easy way to automate this process (as a scheduled task, for example)? 2. If a modify the password in the service settings, will this one keep running with no disruption? 3. If I modify passwords for clustering service accounts, will those ones keep running with no disruption? Thanks, Felipe Tag: Has anyone ever heard of a local LSA secrets file on a Windows workstation being compromised? Tag: 99093
  - 10
    - IT auditing tool SC Magazine Review Secure Bytes audit and vulnerability assessment software Secure Auditor named =93Versatile tool=94 and earn =93Five Star Ratings=94 in SC Magazine Group Test Secure Bytes is really pleased to share this great news with its associates that Secure Auditor has been branded as a Five Star product by SC Magazine August 2008 edition. SC Magazine is among the world=92s most prestigious Information Security magazines. In the comparative review with current available products in today=92s market, Reviewers concluded the Secure Auditor evaluation with Verdict as a =93Versatile tool.=94 It is summed up as a tool that =93offers a great amount of flexibility and auditing capabilities for a broad range of different assets. We find this offering to be a good value for the money.=94 Reviewers commend Secure Auditor as intuitive to use and install. It is considered to offer great amount of flexibility and auditing capabilities for a broad range of different assets and a good value for the money. Secure Auditor earns highest star rating possible in overall rating category of a Comparative Review. It receives 5 out of 5 stars in Features, Performance, and Documentation categories which are being evaluated. Secure Auditor receives reviewers praising immediately in the product=92s published review as =93A suite comprised of several different pieces designed to audit vulnerabilities across a broad range of systems. Because of this thorough analysis of a range of systems, administrators can be sure that all the various components across the networks are secure and up to date.=94 The review continues, highlighting other areas in which the Secure Auditor excels. Flexibility & Performance: =93This product can scan many different platforms, and we found this flexibility to add greatly to the performance value of the product=94 Intuitive to Use: =93We found this product to be quite intuitive to install and use. Installation takes just a few minutes and is guided by an easy-to-follow setup wizard.=94 Management & User Interface: =93Management is done through a well organized user interface, which is also quite intuitive to navigate.=94 Secure Bytes appreciate SC Magazine's product review team for considering Secure Auditor in their recent group test for vulnerability assessment. It is a great recognition from a trusted industry leader like SC Magazine just within few months of Secure Auditor=92s launch. It validates Secure Auditor performance and features. You can find more information and detailed review about Secure Auditor from following link. http://www.scmagazineus.com/Secure-Auditor-20/Review/2526/ Tag: Has anyone ever heard of a local LSA secrets file on a Windows workstation being compromised? Tag: 99089
  - 11
    - Get information about signature from signed file Hello! I'm trying to get info from signed file in Visual Basic 2005. Although it's possible to get basic infos (eg. Version) I haven't found how to programically retrieve informations about signer and date of signing. Can you help me with that? (for signing I'm using CAPICOM) Thanks & Regards Tag: Has anyone ever heard of a local LSA secrets file on a Windows workstation being compromised? Tag: 99077
  - 12
    - Configuring a security policy to connect two servers via a LAN I have a Web Server and an SQL server both running under Windows 2003. I want to connect to the SQL Server database from the websites on the Web Server. There is a private LAN between the two servers. They are not on the same work group but I can access shared folders across the LAN using the syntax '\\<ipaddress>\<SharedFolder>' in the Explore address. (The servers are hired from a remote Host supplier and this is the way that I have to communicate between servers). To test this, I have set up on both servers a shared folder with Everyone permissions set to 'Allow full control'. Both the servers have the Windows Firewall active. The Web Server has a Security Policy set up using the Security Configuration Wizard. The SQL Server does not. From the SQL Server, I can access the shared folder on the Web Server using \\<ipaddress>\<SharedFolder> in Explore after entering the username and password of the latter when prompted. From the Web Server, I CANNOT access the shared folder on the SQL Server by the same method, getting the error 'Windows cannot find '\\<ipAddress>\<SharedFolder>'. Any ideas why? Is it to do with the Security Policy setup on the Web Server? If so, how do I update it to fix the problem? I've looked through the Security Configuration Wizard but can't see anything obvious. Turning both firewalls off does not fix the problem. Any help much appreciated. Thanking you in anticipation. Roger Tag: Has anyone ever heard of a local LSA secrets file on a Windows workstation being compromised? Tag: 99072
  - 13
    - Possible Unknown intruder.. Hi, My machine have XP pro SP3 and also have NOD32 antivirus Business Edition install both uptodate. I have firewall on. I don't have any network sharing folder open or any other program open, but when I reboot my pc, a notice dialog pops up saying something like this "another user is still connected to your computer. are you sure you want to turn off your computer?". My question, is there a way to tell whos connected? Thanks in advance! Mingo Tag: Has anyone ever heard of a local LSA secrets file on a Windows workstation being compromised? Tag: 99063
  - 14
    - svchost.exe hey there, I know there is few fourms out the on this files. But It wasnt quite helpful. My problem is this svchost.exe file Now shows up in my taskmanaher like 5 to 6 places. 2 files for - NETWORK SAERVICES 1 file for - LOCAL SERVICE 3 files for - SYSTEM What I mean is svchost.exe shows up in my TASKMANAGER 6 times. So its running in background or sumthing. How I do find out which is legit and which one is not. So we can get rid of it. Any input is appriciated. Thanks. Tag: Has anyone ever heard of a local LSA secrets file on a Windows workstation being compromised? Tag: 99050
  - 15
    - USB device Hello, How to disable USB device except keyboard and mouse? Thanks Tag: Has anyone ever heard of a local LSA secrets file on a Windows workstation being compromised? Tag: 99049
  - 16
    - Critical Updates I downloaded 9 Critical Updates for my WinXPsp3 desktop and saw one titled: KB 953838" which was Cumulative Security Update for Internet Explorer 6 for Windows XP." When I downloaded Critical Updates for my Vista sp1, I also noticed a "KB 953838" Cum Update for IE7. Is that possible? An update for IE6 and an update for IE7 with the same KB 953838? Tag: Has anyone ever heard of a local LSA secrets file on a Windows workstation being compromised? Tag: 99042
  - 17
    - Free Anti-Virus & Other Safety Software Every computer connected to the internet is vulnerable to fraud and computer vandalism. This leaves our pockets prey to the software protection industry's heavy charges to keep us safe. Yet it's possible to get legal, professional quality anti-virus and other protective software, absolutely free. Every computer connected to the internet is vulnerable to fraud and computer vandalism. This leaves our pockets prey to the software protection industry's heavy charges to keep us safe. Yet it's possible to get legal, professional quality anti-virus and other protective software, absolutely free. Please read here:- http://www.moneysavingexpert.com/shopping/free-anti-virus-software Tag: Has anyone ever heard of a local LSA secrets file on a Windows workstation being compromised? Tag: 99040
  - 18
    - CA in AD I have a certificate authority already registered in AD, unfortunately it has 2 problems. 1. it has a mis-leading name 2. I can't load certificate templates my questions are 1. can I rename it (I guess not) 2. why won't it let me load templates 3. should I give up on it, build a new root and subordinate CA tree, move the services to the new tree and then remove the old one ? 4. as I have a multi-tree AD forest should the root-CA go in the root domain ? many thanks James Tag: Has anyone ever heard of a local LSA secrets file on a Windows workstation being compromised? Tag: 99032
  - 19
    - Kaspersky - sudden interruption I was running Kas as usual when it suddenly said Firefox couldn't establish connection with a certain IP address.. then it went gray and said "Protection of your computer is disabled." I was able to restart Kaspersky as usual. This is the only time it's happened since I got Kas a few months ago. Do you know why it would say that?? Tag: Has anyone ever heard of a local LSA secrets file on a Windows workstation being compromised? Tag: 99026
  - 20
    - AD for testing Hi, I have to test one security application and I need to install a AD in my notebook to performance this task, someone in the past talk me about some AD "lite" normally use for development. Suggesting are appreciate, and thanks in advance. TekNET Tag: Has anyone ever heard of a local LSA secrets file on a Windows workstation being compromised? Tag: 99024
  - 21
    - Security Baselines Need help with security baselines. So far I have started on a member server and included security templates and security configuration and analysis. Now what is needed to analysis this server and what of the results? Please help. Tag: Has anyone ever heard of a local LSA secrets file on a Windows workstation being compromised? Tag: 99023
  - 22
    - August 12 is a Critical Patch Day Just an FYI for all Windows 2000 and later users out there that this is indeed a major patch day on Tuesday. Please see if interested: http://www.microsoft.com/technet/security/bulletin/ms08-aug.mspx Tag: Has anyone ever heard of a local LSA secrets file on a Windows workstation being compromised? Tag: 99013
  - 23
    - login domain Hello, 1. Where can I enable the log files to record the users copy, delete, move... files or folders? 2. If the user unplug the networking cable, can he login local computer with domain user right? Thanks Tag: Has anyone ever heard of a local LSA secrets file on a Windows workstation being compromised? Tag: 99009
  - 24
    - CertEnroll+ USBcryptoTokens - Getting an error while generating Hi all, I have to generate certificate request using CertEnroll on my Vista. It must be generated on the web page. To do this I use Javascript. I crteate X509EnrollmentWebClassFactory object (the basic one) and other objects with web enabled tag. My code works fine when I want to generate the request using for example 'Microsoft Strong Cryptographic Provider'. The problem appears when I use my token CSP - 'Charismathics Smart Security Interface CSP' (drivers You can download form www.charismathics.com). In this situation function CreateRequest() start working and throw na error: --------------------------- Windows Internet Explorer --------------------------- Error: CertEnroll::CX509Enrollment:Stick out tongue_CreateRequest: ASN1 - unexpected end of data. 0x80093102 (ASN: 258) --------------------------- OK --------------------------- Token works OK with Windows XP and mozilla and its behavior look fine on vista (before an error apprears the private and public keys are stored in token's memory). Does anybody have similar problem with tokens? Could you help me with this one?? Maybe I'm not set all privateKey Attributs or something like this? Any suggestions? This is my code my shows the problem: <html> <head> <SCRIPT LANGUAGE="JavaScript">  </SCRIPT> </head> <body onLoad='genReq()'> <H1>generate cert req.</H1> </body> </html> thanks in advance, miiiiichal Tag: Has anyone ever heard of a local LSA secrets file on a Windows workstation being compromised? Tag: 99004
  - 25
    - Accoutn being locked out repeatedly We havea corporate domain, and are experiencing an issue with one of the administrator accounts. It constantly locks/disables itself, and it takes less than 10-20 seconds from the time I go in (another admin) and unlock it. At first we thought it was a problem with his phone synching with Exchange, but we have eliminated that variable and it still occurs. Furthermore, when checking the security section of the event viewer on the domain controller, there4 are no associated login failures which would cause an account to be locked out. I have enabled the account, refreshed the event viewer, ... no failed attempts, then looked at the account again and it is locked out. All of this happens in 10 seconds or so. I am not sure what else I can check as the only policy we have in place to disable an account takes place when there are 3 failed logins. Any other suggestions I can look at or investigate? The DC is Server 2003 and the system the other admin uses is an XP machine (but I do not beleive that is relevant). I would love to hear from any of you, thanks in advance. Tag: Has anyone ever heard of a local LSA secrets file on a Windows workstation being compromised? Tag: 99001

Gurus,

Has anyone ever heard of a local LSA secrets file on a Windows workstation
being compromised?

--
Spin

Re: Has anyone ever heard of a local LSA secrets file on a Windows by S

S
Mon Sep 01 04:02:13 CDT 2008

LSA Secrets are not secured. It may take a while to brute force
individual entries though.

--
Svyatoslav Pidgorny, MS MVP - Security, MCSE
-= F1 is the key =-

* http://sl.mvps.org * http://msmvps.com/blogs/sp *

Spin wrote:
> Gurus,
>
> Has anyone ever heard of a local LSA secrets file on a Windows workstation
> being compromised?
>
> --
> Spin
>
>
>

Top

Re: Has anyone ever heard of a local LSA secrets file on a Windows workstation being compromised? by Spin

Spin
Mon Sep 01 06:34:10 CDT 2008

Understood. They exist in plain text inside the LSA Secrets memory process.
One would need to attack that to dump the entries. By default, one needs
SecDebugProcess right in order to do so, by default this is only granted to
Administrators. Which is why one needs to secure the local admin account
and all members of the Administrators to the best of their abilities.

Top