Xato : Hardening

How to Guess an Admin’s Password Without Them Knowing You Are Trying

MB's Windows Security — Fri, 02 Mar 2007 04:30:38 GMT

Explains an old trick on how to guess someone else's password without anything getting logged in the domain controller's event logs Read More......(read more)

Two New Vista Papers by Symantec

MB's Windows Security — Thu, 01 Mar 2007 20:35:24 GMT

Today Symantec released two new whitepapers about security protections in Vista: Analysis of GS Protection in Windows Vista and Analysis of Address Space Layout Randomization on Windows Vista. Although my last blog post criticized Symantec for its hyped...(read more)

Really, Vista Security Isn’t Lame

MBs Windows Security — Sun, 25 Feb 2007 22:25:19 GMT

Recently a friend was complaining to me about the “screen flickering” that occurs whenever a User Account Control (UAC) prompt comes up in Vista and he wanted to know how to turn it off—not UAC, just the dimming and flickering effects. He...(read more)

Is UAC a Fence That Falls Short?

MBs Windows Security — Mon, 19 Feb 2007 19:50:55 GMT

When I was a teenager in California there was private oil pier near Rincon that we liked to jump off. It was great—you’d throw your surf board off first so there was no backing out, because it was scary looking down at the dark green ocean so far below...(read more)

More on Program.exe

MBs Windows Security — Sun, 18 Feb 2007 00:57:07 GMT

I thought I would add a bit more to my original post to clarify the problem. Half of the problem is the way Windows searches paths, and the other half is software developers who don’t quote their paths in the Registry or when calling CreateProcess...(read more)

The Program.exe Problem

MBs Windows Security — Sat, 17 Feb 2007 19:30:07 GMT

A couple years ago I mentioned in a SecurityFocus column that Windows has a problem when you put a file named “program.exe” in the system root directory. The problem is basically in how it deals with spaces in paths that don’t have quotes...(read more)

Time for a Windows Cleanup

MBs Windows Security — Mon, 12 Feb 2007 22:28:02 GMT

I have always been annoyed with the huge number of files under the Windows directory, but I was very surprised when I looked at my Windows directory under Vista: 39,609 files and 7,411 folders! Read More......(read more)

The Application Experience Lookup Service

MBs Windows Security — Mon, 05 Feb 2007 19:03:44 GMT

If you have ever locked down a Windows 2003 or Vista machine you have probably run across the Application Experience Lookup Service, also known as Application Experience or AeLookupSvc. The documentation on this service is pretty vague and sometimes contradictory...(read more)

Using Filescreens for Server Lockdowns

MBs Windows Security — Fri, 02 Feb 2007 00:42:59 GMT

I recently got a chance to play around with file screens feature in Windows Server 2003 R2 and found it to be very interesting. Although it appears to be designed to provide general content control on a file server, it has some features that allow you...(read more)

Does Windows Server 2003 Even Need Hardening?

MBs Windows Security — Thu, 01 Feb 2007 01:22:09 GMT

Many people tell me they are surprised with how much effort I put into hardening Windows Server 2003–the last hardening document I wrote for a client was 112 pages long. That’s not 112 pages of writing, policy, and how-to’s, that’s...(read more)

Windows Vista Security Guide

MBs Windows Security — Tue, 09 Jan 2007 04:22:11 GMT

Microsoft has released v1.2 of the Windows Vista Security Guide: http://go.microsoft.com/?linkid=5639874 Read More......(read more)

Pointless Permissions

MBs Windows Security — Thu, 04 Jan 2007 17:12:05 GMT

One thing I have always liked about NTFS security is the fine-grained control you have over file permissions. But this power comes at a price—you must understand a whole new world of acronyms, confusing metaphors, and expanded definition of words such...(read more)

Don’t forget the KB’s

MBs Windows Security — Thu, 14 Dec 2006 17:57:48 GMT

With Microsoft’s ongoing improvements to the patch management process, you may find yourself letting automation take over on patch Tuesday. I sat down at my PC this morning and saw that it had rebooted because it automatically installed new updates...(read more)

Audit the Start Menu

MBs Windows Security — Thu, 05 Oct 2006 23:09:02 GMT

Have you ever needed to audit which icons users click on the Start Menu? It makes quite an impressive forensics report when you can say exactly who clicked what and when. Well you can do it in Windows pretty easily. First, enable auditing on all files...(read more)

Article: How I Secured One Company’s Network

MBs Windows Security — Mon, 02 Oct 2006 00:53:33 GMT

Using Log Parser, virtualization, and a little psychology. The article is available here to subscribers of Windows IT Security. . Click abuse: http://click-abu.zers.net/ Read More......(read more)

What’s with this WMPUB directory?

MBs Windows Security — Tue, 26 Sep 2006 04:09:57 GMT

I was recently going through my windows lockdown procedure, cleaning up unnecessary files and noticed that every Windows 2003 Server I own has a wmpub directory in the root of my C drive. The only thing in the directory is an empty subdirectory named...(read more)