Hi, I have made a Snort rule to detect the words "top secret" alert tcp any any -> any 80 (msg: "top secret"; content: "top secret";...
If you have UPnP enabled, then malware/hacker tools can use it to open ports as there is no whitelist of apps that is allowed to use that feature....
Hi Everyone, I am trying out Ossec HIDS, the host intrusion detection program. It can report on what files were changed. After a Windows Update...
BYOD is better renamed Buy Your Own Malware, for Android devices anyways.
Or that this outside 'device' could be a hacker's PC who could be hacking your work's network thru the VPN.
Hi Everyone, I am wondering if Sandboxie can stop an attacker from attacking one's partition table.
I too got a notification from Secunia for my MSXML 4.0. I googled and found MSXML 4.0 SP3 (KB2721691). Installed that. And Secunia is happy again....
I have tried the Software Restriction Policy registry settings from Vista on a Windows 7 machine, and they don't work.
Hi Everyone, Does anyone know if MS has switched from MD5 to SHA1 for Windows Update? And did they remove MD5 and re-do all pervious old...
I believe Windows Steady State never reuses an account except the admin. But Steady State is no longer available.
Guess I should have done the Windows Update using my standard account. I've read somewhere that rootkits need admin rights to install properly....
Hi, I was installing Vista the other day. And when I reached the step to do Windows Update, I started Windows Update, clicked on the install...
NETBIOS is still needed for File and Printer Sharing. Also, it allows finding things by NETBIOS name, and some router manufacturers use that to...
Hi Everyone, I get the following event and can't understand what it is saying: ------------------------- An account failed to log on....
I want to determnie this too. But I don't know how.
Noone particular, No, I stopped looking for more after seeing the deny permissions on that file. I concluded that the attacker gained admin...
noone particular, I think maybe the attacker wants to disrupt normal operation: stop the user from viewer photos. ---------------- MrBrian,...
There must be something to do for investigating. How else would we know how to prevent a similar attack in the future?
Ok I will be more specific. One time, several months ago, I ran sfc /scannow during a regular system check and found a shimgvw.dll with deny...
Hi, What do you guys do for incident response? I see everyone is interested in hardening procedures. But what do you do when you suspect some...
Do you have a switch or a router ? Most people use routers, because they hide the PCs connected with an internal non-internet routable ip address....
Thanks FanJ
Windows has only 1 thing remotely similar to SELinux, and thats integrity levels. Files are labeled as low, medium or high integrity, and programs...
Hi, Anyone notice that Adobe is now making users use their own downloader instead of giving you the flash download directly ? Also they...
downloader programs are evil. bundling another app is even more so.
Separate names with a comma.
