RE: [Full-disclosure] Support_388945a0 account in Win XP/2003
Or more appropriately for the Windows security model, DISABLE the account. That way you're not messing with default permissions, and the account (and its associated SID) are there if you need them in the future. Or not. Chris -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Aditya Deshmukh Sent: Thursday, December 01, 2005 10:09 PM To: 'Raoul Nakhmanson-Kulish' Cc: full-disclosure@lists.grok.org.uk Subject: RE: [Full-disclosure] Support_388945a0 account in Win XP/2003 > > > That is a "help and support account" that you should disable. > > Also set very long random password and forget it. > I prefer simply delete it. Good choice? > > But I heard a rumours that this account can be activated remotely > without user's aware decision and used for Remote Assistance (e.g. > capturing a screen and even controlling input). I would not know about this unless I test it out, but from the top of my mind : you have to start the service for something like this Deleting it might cause problems "help and support" just deny the account all kinds of privs and it would no longer matter. Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Support_388945a0 account in Win XP/2003
> > > That is a "help and support account" that you should disable. > > Also set very long random password and forget it. > I prefer simply delete it. Good choice? > > But I heard a rumours that this account can be activated remotely > without user's aware decision and used for Remote Assistance (e.g. > capturing a screen and even controlling input). I would not know about this unless I test it out, but from the top of my mind : you have to start the service for something like this Deleting it might cause problems "help and support" just deny the account all kinds of privs and it would no longer matter. Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Support_388945a0 account in Win XP/2003
Hello, James Tucker! On 01.12.2005 11:27 you wrote: Someone is actually spreading rumors of a service being abused that isn't even listening at the time? RA requires the RA server to be launched. Don't leave un-closed tickets or RA support connection scripts hanging around. Of course :) but the habit to shut unnecessary gaps and cut unnecessary ends is not the worst of habits. -- Regards, Raoul Nakhmanson-Kulish, Elfor Soft Ltd., IT Department ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Support_388945a0 account in Win XP/2003
Hello, Aditya Deshmukh! On 01.12.2005 8:14 you wrote: That is a "help and support account" that you should disable. Also set very long random password and forget it. I prefer simply delete it. Good choice? But I heard a rumours that this account can be activated remotely without user's aware decision and used for Remote Assistance (e.g. capturing a screen and even controlling input). -- Regards, Raoul Nakhmanson-Kulish, Elfor Soft Ltd., IT Department ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Support_388945a0 account in Win XP/2003
> I has wondered the meaning of "support_388945a0" too, > but not the meaning of the account, but the meaning of "388945a0". > > As you may know, it can be interpreted as 4 Bytes hexadecimal > number... It's a randomly generated number that generated for this account name Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Support_388945a0 account in Win XP/2003
> Hello full-disclosurers, > > Does anyone know anything interesting about Support_388945a0 account > which is created by default during Windows XP/2003 installation? > > I have seen MS technet links, maybe someone knows more about? That is a "help and support account" that you should disable. Also set very long random password and forget it. Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Support_388945a0 account in Win XP/2003
Hello, everybody. I has wondered the meaning of "support_388945a0" too, but not the meaning of the account, but the meaning of "388945a0". As you may know, it can be interpreted as 4 Bytes hexadecimal number... So I thought that it may be some kind of IPv4 address... But if you do whois query, you will find that the address is irrelevant to MS. Then... Is there anyone who knows what the meaning of this string sequence is? Best Regards, YH Lee. - Original Message - From: "Raoul Nakhmanson-Kulish (en)" <[EMAIL PROTECTED]> To: "Adi Pircalabu" <[EMAIL PROTECTED]>; Sent: Thursday, December 01, 2005 12:48 AM Subject: Re: [Full-disclosure] Support_388945a0 account in Win XP/2003 > Hello, Adi Pircalabu! > > On 30.11.2005 18:39 you wrote: > >> http://www.toggit.com/290/290kguide6.asp > Thanks, yes, Google was the first place where I had looked for :) > > I am interested mainly in security treats connected with %subj. > > -- > Regards, > Raoul Nakhmanson-Kulish, > Elfor Soft Ltd., > IT Department > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Support_388945a0 account in Win XP/2003
Hello, Adi Pircalabu! On 30.11.2005 18:39 you wrote: http://www.toggit.com/290/290kguide6.asp Thanks, yes, Google was the first place where I had looked for :) I am interested mainly in security treats connected with %subj. -- Regards, Raoul Nakhmanson-Kulish, Elfor Soft Ltd., IT Department ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
RE: [Full-disclosure] Support_388945a0 account in Win XP/2003
A simple google search yields the following... Support_388945a0 The Support_388945a0 account is primarily used to control access to signed scripts that are accessible from within Help and Support Services. Administrators can use this account to delegate the ability for an ordinary user, who does not have administrative access over a computer, to run signed scripts from links embedded within Help and Support Services. These scripts can be programmed to use the Support_388945a0 account credentials instead of the users credentials to perform specific administrative operations on the local computer that otherwise would not be supported by the ordinary users account. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Raoul Nakhmanson-Kulish (en) Sent: Wednesday, November 30, 2005 10:30 AM To: full-disclosure@lists.grok.org.uk Subject: [Full-disclosure] Support_388945a0 account in Win XP/2003 Hello full-disclosurers, Does anyone know anything interesting about Support_388945a0 account which is created by default during Windows XP/2003 installation? I have seen MS technet links, maybe someone knows more about? -- Regards, Raoul Nakhmanson-Kulish, Elfor Soft Ltd., IT Department ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/