RE: [OT] Citibank worse at security than Sony
As a software engineer I would feel rather guilty to develop a system that was that poor. I used to have a Citi credit card. I had better check it is no long active. -Original Message- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: 15 June 2011 04:36 To: NT System Admin Issues Subject: [OT] Citibank worse at security than Sony So... 200,000 or so Citigroup customers have had their person info stolen. Someone logged in to one account properly, then changed the account number in the URL to someone else, and the site happily served up that account instead. I hesitate to even call the first party an attacker. Is it really an attack if the bank just leaves a pile of money sitting on the sidewalk and someone takes it? http://www.dailymail.co.uk/news/article-2003393/How-Citigroup-hackers-broke-door-using-banks-website.html Some banker fat cats need to go to jail for this. This is incompetence of the highest order. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin This email and any attachments to it may be confidential and are intended solely for the use of the individual to whom it is addressed. If you are not the intended recipient of this email, you must neither take any action based upon its contents, nor copy or show it to anyone. Please contact the sender if you believe you have received this email in error. QinetiQ may monitor email traffic data and also the content of email for the purposes of security. QinetiQ Limited (Registered in England Wales: Company Number: 3796233) Registered office: Cody Technology Park, Ively Road, Farnborough, Hampshire, GU14 0LX http://www.qinetiq.com. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Move virtual machines to a new physical host - VMWare Server for Windows
No that's right, I really need to have access to the snapshots...so I do not wish to remove them. -Original Message- From: Bill Humphries [mailto:nt...@hedgedigger.com] Sent: 15 June 2011 03:54 To: NT System Admin Issues Subject: Re: Move virtual machines to a new physical host - VMWare Server for Windows Yeah, not that I have tons of ESXi experience, but I have just removed the snapshots prior to the move. I'm guessing you don't want to do this in case you need to rollback the server to a previous snapshot? Stefan Jafs wrote: And you can not remove the snapshots? On Tue, Jun 14, 2011 at 5:50 PM, Mark Robinson mark.robin...@cips.org mailto:mark.robin...@cips.org wrote: Thanks Scott. Yes that's what I thought! However I've just fired up one of the VM's (with Snapshots) that I copied over to the new host and the VM is only utilizing the original virtual disks, not the data subsequently stored within the snapshots. So I have a running VM, just without half of the data I had previously. So I need to somehow encourage VMServer to acknowledge the snapshots. Has anyone successfully migrated VM's with snapshots to a new installation of VMWare Server before? *From:* Crawford, Scott [mailto:crawfo...@evangel.edu mailto:crawfo...@evangel.edu] *Sent:* 14 June 2011 22:24 *To:* NT System Admin Issues *Subject:* RE: Move virtual machines to a new physical host - VMWare Server for Windows I've not done this in particular, but I would expect that you could manually move the vmdk files along with the snapshot deltas by moving the whole folder to a new machine and it would work fine. *From:* Mark Robinson [mailto:mark.robin...@cips.org mailto:mark.robin...@cips.org] *Sent:* Tuesday, June 14, 2011 4:20 PM *To:* NT System Admin Issues *Subject:* Move virtual machines to a new physical host - VMWare Server for Windows Hi, I have VMWare Server for Windows (the free one) installed on a machine which hosts 3 VM's for test lab purposes. I want to move these VM's to a new machine and decommission the existing machine. I have migrated one machine successfully to the new host and this is running along merrily. However I suspect the remaining two VM's may be a different proposition altogether as they have had snapshots taken whereas the VM I have migrated already did not have any snapshots. Has anyone achieved this themselves and could give me any pointers? I have read a couple of articles around fixing the CID chain. Is this necessary? If so how did you do it? I am about to folllow this advice: http://sanbarrow.com/sickbay-lesson-fix-cid-chain-embedded.html Many Thanks, Mark IMPORTANT INFORMATION Internet communications are not secure and therefore CIPS does not accept legal responsibility for the contents of any e-mail message sent via this medium. The content of any e-mail communication is the view of the individual and CIPS does not accept legal liability for the contents. Although this message and any attachments are believed to be free of virus or other defect that might affect any computer system into which it is received and opened, it is the responsibility of the recipient to ensure that it is virus free and no responsibility is accepted by CIPS for any loss or damage in any way arising from its use. -- Scanned by iCritical. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com mailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com mailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- Scanned by iCritical. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com mailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- Stefan Jafs ~ Finally, powerful endpoint security that ISN'T a resource
RE: [OT] Citibank worse at security than Sony
What floors me is how sophisticated they are saying the attack is! Honestly, this article makes me so angry! http://www.nytimes.com/2011/06/14/technology/14security.html?_r=3 This is basic s**t! It's not APT. It's not sophisticated. It's complete lack of good governance and due diligence. It's a high profile web app with PII data that should be having significant PT work done at a MINIMUM of quarterly. As with Sony, one has to wonder where their priorities are with data protection .. a -Original Message- From: Matthew B Ames [mailto:matthew.a...@qinetiq.com] Sent: 15 June 2011 07:24 To: NT System Admin Issues Subject: RE: [OT] Citibank worse at security than Sony As a software engineer I would feel rather guilty to develop a system that was that poor. I used to have a Citi credit card. I had better check it is no long active. -Original Message- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: 15 June 2011 04:36 To: NT System Admin Issues Subject: [OT] Citibank worse at security than Sony So... 200,000 or so Citigroup customers have had their person info stolen. Someone logged in to one account properly, then changed the account number in the URL to someone else, and the site happily served up that account instead. I hesitate to even call the first party an attacker. Is it really an attack if the bank just leaves a pile of money sitting on the sidewalk and someone takes it? http://www.dailymail.co.uk/news/article-2003393/How-Citigroup-hackers-br oke-door-using-banks-website.html Some banker fat cats need to go to jail for this. This is incompetence of the highest order. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ WARNING: The information in this email and any attachments is confidential and may be legally privileged. If you are not the named addressee, you must not use, copy or disclose this email (including any attachments) or the information in it save to the named addressee nor take any action in reliance on it. If you receive this email or any attachments in error, please notify the sender immediately and then delete the same and any copies. CLS Services Ltd × Registered in England No 4132704 × Registered Office: Exchange Tower × One Harbour Exchange Square × London E14 9GE ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
OT: I.T. idiots
I work with a guy who just suddenly upped and went home without a word about half an hour ago. He has just telephoned me to let me know he has successfully verified our secure email delivery procedure, by riding all the way home on his bike, and confirming receipt of the email on his home PC. Considering the fact that he could have done this without leaving his desk by using a) a smartphone or b) our public access network, I am left wondering how he ever got to work on this team. -- On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question. *IMPORTANT: The information in this email is CONFIDENTIAL. If its contents are disclosed in any way my lawyers will swoop down from black helicopters like Seal Team Six and drag you away with a black bag over your head. They will then take you to a secret prison and make you fight to the death with other people who dared to share this email. You will be given a large bowie knife and a supply of methamphetamines while I watch the said deathmatch and wager vast sums of money on who will be the winner. If the fight becomes boring or there is a stalemate, I will release rabid dogs and my two-stone cat into the arena to liven things up a bit. If these animals become in any way docile, I will squirt them with water pistols until they become a bit more temperamental.* ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: [OT] Citibank worse at security than Sony
Quote from that article: The method is seemingly simple, but the fact that the thieves knew to focus on this particular vulnerability marks the Citigroup attack as especially ingenious, security experts said. One security expert familiar with the investigation wondered how the hackers could have known to breach security by focusing on the vulnerability in the browser. It would have been hard to prepare for this type of vulnerability, he said. The security expert insisted on anonymity because the inquiry was at an early stage. I like the use of the words *especially ingenious*. It is hardly a browser vulnerability, it a design and implementation issue. It should have been picked up at multiple levels (design, coding, testing, etc). The security expert did not want his name listed incase he sounded like a wally :-) -Original Message- From: Alan Davies [mailto:adav...@cls-services.com] Sent: 15 June 2011 10:31 To: NT System Admin Issues Subject: RE: [OT] Citibank worse at security than Sony What floors me is how sophisticated they are saying the attack is! Honestly, this article makes me so angry! http://www.nytimes.com/2011/06/14/technology/14security.html?_r=3 This is basic s**t! It's not APT. It's not sophisticated. It's complete lack of good governance and due diligence. It's a high profile web app with PII data that should be having significant PT work done at a MINIMUM of quarterly. As with Sony, one has to wonder where their priorities are with data protection .. a -Original Message- From: Matthew B Ames [mailto:matthew.a...@qinetiq.com] Sent: 15 June 2011 07:24 To: NT System Admin Issues Subject: RE: [OT] Citibank worse at security than Sony As a software engineer I would feel rather guilty to develop a system that was that poor. I used to have a Citi credit card. I had better check it is no long active. -Original Message- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: 15 June 2011 04:36 To: NT System Admin Issues Subject: [OT] Citibank worse at security than Sony So... 200,000 or so Citigroup customers have had their person info stolen. Someone logged in to one account properly, then changed the account number in the URL to someone else, and the site happily served up that account instead. I hesitate to even call the first party an attacker. Is it really an attack if the bank just leaves a pile of money sitting on the sidewalk and someone takes it? http://www.dailymail.co.uk/news/article-2003393/How-Citigroup-hackers-br oke-door-using-banks-website.html Some banker fat cats need to go to jail for this. This is incompetence of the highest order. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ WARNING: The information in this email and any attachments is confidential and may be legally privileged. If you are not the named addressee, you must not use, copy or disclose this email (including any attachments) or the information in it save to the named addressee nor take any action in reliance on it. If you receive this email or any attachments in error, please notify the sender immediately and then delete the same and any copies. CLS Services Ltd × Registered in England No 4132704 × Registered Office: Exchange Tower × One Harbour Exchange Square × London E14 9GE ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin This email and any attachments to it may be confidential and are intended solely for the use of the individual to whom it is addressed. If you are not the intended recipient of this email, you must neither take any action based upon its contents, nor copy or show it to anyone. Please contact the sender if you believe you have received this email in error. QinetiQ may monitor email traffic data and also the content of email for the purposes of security. QinetiQ Limited (Registered in England Wales: Company Number: 3796233) Registered office: Cody Technology Park, Ively Road, Farnborough, Hampshire, GU14 0LX http://www.qinetiq.com. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: [OT]: I.T. idiots
Depends if he then submits a mileage claim or not :) Bike = motorbike, or pedal? If the latter then double points to be awarded for getting exercise while on company time. From: James Rankin [mailto:kz2...@googlemail.com] Sent: 15 June 2011 11:17 To: NT System Admin Issues Subject: OT: I.T. idiots I work with a guy who just suddenly upped and went home without a word about half an hour ago. He has just telephoned me to let me know he has successfully verified our secure email delivery procedure, by riding all the way home on his bike, and confirming receipt of the email on his home PC. Considering the fact that he could have done this without leaving his desk by using a) a smartphone or b) our public access network, I am left wondering how he ever got to work on this team. -- On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question. IMPORTANT: The information in this email is CONFIDENTIAL. If its contents are disclosed in any way my lawyers will swoop down from black helicopters like Seal Team Six and drag you away with a black bag over your head. They will then take you to a secret prison and make you fight to the death with other people who dared to share this email. You will be given a large bowie knife and a supply of methamphetamines while I watch the said deathmatch and wager vast sums of money on who will be the winner. If the fight becomes boring or there is a stalemate, I will release rabid dogs and my two-stone cat into the arena to liven things up a bit. If these animals become in any way docile, I will squirt them with water pistols until they become a bit more temperamental. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin This email and any attachments to it may be confidential and are intended solely for the use of the individual to whom it is addressed. If you are not the intended recipient of this email, you must neither take any action based upon its contents, nor copy or show it to anyone. Please contact the sender if you believe you have received this email in error. QinetiQ may monitor email traffic data and also the content of email for the purposes of security. QinetiQ Limited (Registered in England Wales: Company Number: 3796233) Registered office: Cody Technology Park, Ively Road, Farnborough, Hampshire, GU14 0LX http://www.qinetiq.com. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: [OT]: I.T. idiots
Pedal bike. I wouldn't mind the chance to get away for a bit of exercise during work time as well! On 15 June 2011 11:27, Matthew B Ames matthew.a...@qinetiq.com wrote: Depends if he then submits a mileage claim or not…. J Bike = motorbike, or pedal? If the latter then double points to be awarded for getting exercise while on company time. *From:* James Rankin [mailto:kz2...@googlemail.com] *Sent:* 15 June 2011 11:17 *To:* NT System Admin Issues *Subject:* OT: I.T. idiots I work with a guy who just suddenly upped and went home without a word about half an hour ago. He has just telephoned me to let me know he has successfully verified our secure email delivery procedure, by riding all the way home on his bike, and confirming receipt of the email on his home PC. Considering the fact that he could have done this without leaving his desk by using a) a smartphone or b) our public access network, I am left wondering how he ever got to work on this team. -- On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question. *IMPORTANT: The information in this email is CONFIDENTIAL. If its contents are disclosed in any way my lawyers will swoop down from black helicopters like Seal Team Six and drag you away with a black bag over your head. They will then take you to a secret prison and make you fight to the death with other people who dared to share this email. You will be given a large bowie knife and a supply of methamphetamines while I watch the said deathmatch and wager vast sums of money on who will be the winner. If the fight becomes boring or there is a stalemate, I will release rabid dogs and my two-stone cat into the arena to liven things up a bit. If these animals become in any way docile, I will squirt them with water pistols until they become a bit more temperamental.* ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin This email and any attachments to it may be confidential and are intended solely for the use of the individual to whom it is addressed. If you are not the intended recipient of this email, you must neither take any action based upon its contents, nor copy or show it to anyone. Please contact the sender if you believe you have received this email in error. QinetiQ may monitor email traffic data and also the content of email for the purposes of security. QinetiQ Limited (Registered in England Wales: Company Number: 3796233) Registered office: Cody Technology Park, Ively Road, Farnborough, Hampshire, GU14 0LX http://www.qinetiq.com. http://www.qinetiq.com ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question. *IMPORTANT: The information in this email is CONFIDENTIAL. If its contents are disclosed in any way my lawyers will swoop down from black helicopters like Seal Team Six and drag you away with a black bag over your head. They will then take you to a secret prison and make you fight to the death with other people who dared to share this email. You will be given a large bowie knife and a supply of methamphetamines while I watch the said deathmatch and wager vast sums of money on who will be the winner. If the fight becomes boring or there is a stalemate, I will release rabid dogs and my two-stone cat into the arena to liven things up a bit. If these animals become in any way docile, I will squirt them with water pistols until they become a bit more temperamental.* ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: [OT]: I.T. idiots
I noticed that where I work we can claim money for mile for cycling - trouble is the 120 mile round trip to get to work by bike makes for rather a long day! I have to make do with a lunchtime run when I am onsite, or a 20 mile mountain bike when working from home in my lunch break. Maybe he has a bit-on-the-side and he popped home to do her while verifying the secure mail delivery :) From: James Rankin [mailto:kz2...@googlemail.com] Sent: 15 June 2011 11:30 To: NT System Admin Issues Subject: Re: [OT]: I.T. idiots Pedal bike. I wouldn't mind the chance to get away for a bit of exercise during work time as well! On 15 June 2011 11:27, Matthew B Ames matthew.a...@qinetiq.commailto:matthew.a...@qinetiq.com wrote: Depends if he then submits a mileage claim or not :) Bike = motorbike, or pedal? If the latter then double points to be awarded for getting exercise while on company time. From: James Rankin [mailto:kz2...@googlemail.commailto:kz2...@googlemail.com] Sent: 15 June 2011 11:17 To: NT System Admin Issues Subject: OT: I.T. idiots I work with a guy who just suddenly upped and went home without a word about half an hour ago. He has just telephoned me to let me know he has successfully verified our secure email delivery procedure, by riding all the way home on his bike, and confirming receipt of the email on his home PC. Considering the fact that he could have done this without leaving his desk by using a) a smartphone or b) our public access network, I am left wondering how he ever got to work on this team. -- On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question. IMPORTANT: The information in this email is CONFIDENTIAL. If its contents are disclosed in any way my lawyers will swoop down from black helicopters like Seal Team Six and drag you away with a black bag over your head. They will then take you to a secret prison and make you fight to the death with other people who dared to share this email. You will be given a large bowie knife and a supply of methamphetamines while I watch the said deathmatch and wager vast sums of money on who will be the winner. If the fight becomes boring or there is a stalemate, I will release rabid dogs and my two-stone cat into the arena to liven things up a bit. If these animals become in any way docile, I will squirt them with water pistols until they become a bit more temperamental. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin This email and any attachments to it may be confidential and are intended solely for the use of the individual to whom it is addressed. If you are not the intended recipient of this email, you must neither take any action based upon its contents, nor copy or show it to anyone. Please contact the sender if you believe you have received this email in error. QinetiQ may monitor email traffic data and also the content of email for the purposes of security. QinetiQ Limited (Registered in England Wales: Company Number: 3796233) Registered office: Cody Technology Park, Ively Road, Farnborough, Hampshire, GU14 0LX http://www.qinetiq.com. http://www.qinetiq.com ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question. IMPORTANT: The information in this email is CONFIDENTIAL. If its contents are disclosed in any way my lawyers will swoop down from black helicopters like Seal Team Six and drag you away with a black bag over your head. They will then take you to a secret prison and make you fight to the death with other people who dared to share this email. You will be given a large bowie knife and a supply of methamphetamines while I watch the said deathmatch and wager vast sums of money on who will be the winner. If the fight becomes boring or there is a stalemate, I will release rabid dogs and my two-stone cat into the arena to liven things up a bit. If these animals become in any way docile, I will squirt them with water pistols until they become a bit more
Re: [OT]: I.T. idiots
That would be a great excuse... 2011/6/15 Matthew B Ames matthew.a...@qinetiq.com I noticed that where I work we can claim money for mile for cycling – trouble is the 120 mile round trip to get to work by bike makes for rather a long day! I have to make do with a lunchtime run when I am onsite, or a 20 mile mountain bike when working from home in my lunch break. Maybe he has a bit-on-the-side and he popped home to do her while “verifying the secure mail delivery” J *From:* James Rankin [mailto:kz2...@googlemail.com] *Sent:* 15 June 2011 11:30 *To:* NT System Admin Issues *Subject:* Re: [OT]: I.T. idiots Pedal bike. I wouldn't mind the chance to get away for a bit of exercise during work time as well! On 15 June 2011 11:27, Matthew B Ames matthew.a...@qinetiq.com wrote: Depends if he then submits a mileage claim or not…. J Bike = motorbike, or pedal? If the latter then double points to be awarded for getting exercise while on company time. *From:* James Rankin [mailto:kz2...@googlemail.com] *Sent:* 15 June 2011 11:17 *To:* NT System Admin Issues *Subject:* OT: I.T. idiots I work with a guy who just suddenly upped and went home without a word about half an hour ago. He has just telephoned me to let me know he has successfully verified our secure email delivery procedure, by riding all the way home on his bike, and confirming receipt of the email on his home PC. Considering the fact that he could have done this without leaving his desk by using a) a smartphone or b) our public access network, I am left wondering how he ever got to work on this team. -- On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question. *IMPORTANT: The information in this email is CONFIDENTIAL. If its contents are disclosed in any way my lawyers will swoop down from black helicopters like Seal Team Six and drag you away with a black bag over your head. They will then take you to a secret prison and make you fight to the death with other people who dared to share this email. You will be given a large bowie knife and a supply of methamphetamines while I watch the said deathmatch and wager vast sums of money on who will be the winner. If the fight becomes boring or there is a stalemate, I will release rabid dogs and my two-stone cat into the arena to liven things up a bit. If these animals become in any way docile, I will squirt them with water pistols until they become a bit more temperamental.* ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin This email and any attachments to it may be confidential and are intended solely for the use of the individual to whom it is addressed. If you are not the intended recipient of this email, you must neither take any action based upon its contents, nor copy or show it to anyone. Please contact the sender if you believe you have received this email in error. QinetiQ may monitor email traffic data and also the content of email for the purposes of security. QinetiQ Limited (Registered in England Wales: Company Number: 3796233) Registered office: Cody Technology Park, Ively Road, Farnborough, Hampshire, GU14 0LX http://www.qinetiq.com. http://www.qinetiq.com ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question. *IMPORTANT: The information in this email is CONFIDENTIAL. If its contents are disclosed in any way my lawyers will swoop down from black helicopters like Seal Team Six and drag you away with a black bag over your head. They will then take you to a secret prison and make you fight to the death with other people who dared to share this email. You will be given a large bowie knife and a supply of methamphetamines while I watch the said deathmatch and wager vast sums of money on who will be the winner. If the fight becomes boring or there is a stalemate, I will release rabid dogs and my two-stone cat into the arena to liven things up a bit. If these animals become in any way docile, I will squirt them with water pistols until they become a bit more
Re: [OT] Citibank worse at security than Sony
*As with Sony, one has to wonder where their priorities are with data protection ..* It's all about shareholder value, and the shareholders value profits and dividends... Plus, no one expects to be caught, or exposed, so it's not a problem until it's a problem. Until they suffer some real penalties (huge SEC fine, real government oversight, significant loss of customers, jail time for someone in senior management), there will be little change. *ASB *(Professional Bio http://about.me/Andrew.S.Baker/bio) Harnessing the Advantages of Technology for the SMB market... On Wed, Jun 15, 2011 at 5:31 AM, Alan Davies adav...@cls-services.comwrote: What floors me is how sophisticated they are saying the attack is! Honestly, this article makes me so angry! http://www.nytimes.com/2011/06/14/technology/14security.html?_r=3 This is basic s**t! It's not APT. It's not sophisticated. It's complete lack of good governance and due diligence. It's a high profile web app with PII data that should be having significant PT work done at a MINIMUM of quarterly. As with Sony, one has to wonder where their priorities are with data protection .. a -Original Message- From: Matthew B Ames [mailto:matthew.a...@qinetiq.com] Sent: 15 June 2011 07:24 To: NT System Admin Issues Subject: RE: [OT] Citibank worse at security than Sony As a software engineer I would feel rather guilty to develop a system that was that poor. I used to have a Citi credit card. I had better check it is no long active. -Original Message- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: 15 June 2011 04:36 To: NT System Admin Issues Subject: [OT] Citibank worse at security than Sony So... 200,000 or so Citigroup customers have had their person info stolen. Someone logged in to one account properly, then changed the account number in the URL to someone else, and the site happily served up that account instead. I hesitate to even call the first party an attacker. Is it really an attack if the bank just leaves a pile of money sitting on the sidewalk and someone takes it? http://www.dailymail.co.uk/news/article-2003393/How-Citigroup-hackers-br oke-door-using-banks-website.html Some banker fat cats need to go to jail for this. This is incompetence of the highest order. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: [OT] Citibank worse at security than Sony
Hmm - at the individual application development level, in a large org, no one cares about shareholder value. The problem with large organisations is the huge amount of effort required to get anything implemented. The application development was probably outsourced, the infrastructure is handled by some other company, the security review was done at the architectural level, and the annual pen test might not have picked it up. And the auditors generally don't know how anything actually works, and just require ticks in the boxes (like hiding your server OS in the HTTP headers, rather than actually trying to attack your application) Cheers Ken From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Wednesday, 15 June 2011 7:31 PM To: NT System Admin Issues Subject: Re: [OT] Citibank worse at security than Sony As with Sony, one has to wonder where their priorities are with data protection .. It's all about shareholder value, and the shareholders value profits and dividends... Plus, no one expects to be caught, or exposed, so it's not a problem until it's a problem. Until they suffer some real penalties (huge SEC fine, real government oversight, significant loss of customers, jail time for someone in senior management), there will be little change. ASB (Professional Biohttp://about.me/Andrew.S.Baker/bio) Harnessing the Advantages of Technology for the SMB market... On Wed, Jun 15, 2011 at 5:31 AM, Alan Davies adav...@cls-services.commailto:adav...@cls-services.com wrote: What floors me is how sophisticated they are saying the attack is! Honestly, this article makes me so angry! http://www.nytimes.com/2011/06/14/technology/14security.html?_r=3 This is basic s**t! It's not APT. It's not sophisticated. It's complete lack of good governance and due diligence. It's a high profile web app with PII data that should be having significant PT work done at a MINIMUM of quarterly. As with Sony, one has to wonder where their priorities are with data protection .. a -Original Message- From: Matthew B Ames [mailto:matthew.a...@qinetiq.commailto:matthew.a...@qinetiq.com] Sent: 15 June 2011 07:24 To: NT System Admin Issues Subject: RE: [OT] Citibank worse at security than Sony As a software engineer I would feel rather guilty to develop a system that was that poor. I used to have a Citi credit card. I had better check it is no long active. -Original Message- From: Ben Scott [mailto:mailvor...@gmail.commailto:mailvor...@gmail.com] Sent: 15 June 2011 04:36 To: NT System Admin Issues Subject: [OT] Citibank worse at security than Sony So... 200,000 or so Citigroup customers have had their person info stolen. Someone logged in to one account properly, then changed the account number in the URL to someone else, and the site happily served up that account instead. I hesitate to even call the first party an attacker. Is it really an attack if the bank just leaves a pile of money sitting on the sidewalk and someone takes it? http://www.dailymail.co.uk/news/article-2003393/How-Citigroup-hackers-br oke-door-using-banks-website.htmlhttp://www.dailymail.co.uk/news/article-2003393/How-Citigroup-hackers-br%0d%0aoke-door-using-banks-website.html Some banker fat cats need to go to jail for this. This is incompetence of the highest order. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: [OT] Citibank worse at security than Sony
On Wed, Jun 15, 2011 at 12:19 AM, Ken Schaefer k...@adopenstatic.com wrote: I doubt any fat cat bankers signed off, knowingly, on an insecure site. I don't think they said make the site insecure, but they're the ones responsible[1] for the security of their systems, and they're the ones that set priorities for their IT efforts. Gross incompetence this extreme is a failure to supervise. Supposedly, that's why high-level managers make the big bucks -- responsibility and supervision. Until we start seeing some serious repercussions at a high level, this kind of thing will continue. [1] Note well: There is a difference between being responsible and being at fault. That said, do you know the ins and outs of every single system you've got control over? Nope. But they're still my responsibility. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: [OT] Citibank worse at security than Sony
On Wed, Jun 15, 2011 at 7:39 AM, Ken Schaefer k...@adopenstatic.com wrote: Hmm – at the individual application development level, in a large org, no one cares about shareholder value. That's why the people at the top need to be the ones pushing for security. It can't be driven from the bottom. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: OT: I.T. idiots
On Wed, Jun 15, 2011 at 6:16 AM, James Rankin kz2...@googlemail.com wrote: went home without a word about half an hour ago. He has just telephoned me to let me know he has successfully verified our secure email delivery procedure, by riding all the way home on his bike, and confirming receipt of the email on his home PC. ... You're still at work, while he gets to spend an hour off-duty riding his bike around outside. Are you sure he's that dumb? ;-) -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: [OT] Citibank worse at security than Sony
You can push all you like. But it's not your area of expertise. So you rely on other people to tell you that the app works well. Things will always still slip through the cracks. I'm not trying to excuse this - it looks pretty amateurish. But things always go wrong in large IT shops. -Original Message- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: Wednesday, 15 June 2011 7:55 PM To: NT System Admin Issues Subject: Re: [OT] Citibank worse at security than Sony On Wed, Jun 15, 2011 at 7:39 AM, Ken Schaefer k...@adopenstatic.com wrote: Hmm - at the individual application development level, in a large org, no one cares about shareholder value. That's why the people at the top need to be the ones pushing for security. It can't be driven from the bottom. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: [OT] Citibank worse at security than Sony
Whether someone goes to Jail or not is up to the courts to decide, and who is legally liable. I agree most don't know the in's and outs of every site and system they are supposed to be responsible for. As for the web application attack, it was a trivial input validation issue, which is covered on the OWASP TOP 10 web application vulnerabilities and underscores how bad web applications are still coded to these days, when a simple parameter attack which can be done quite easily with Burp Suite Professional to fuzz the web application and find its flaws. ( XSS, SQLI, Input validation) and the attackers have the time and the tools, to keep beating on the doors until they gain access. But putting the account numbers as part of a dynamic SQL string is a pretty poor practice ( no encoding etc etc), which leads me to believe there are probably other SQL injection attacks that are probably possible against the site to gain even more information, and possibly even the CC numbers and pins. OWASP Top 10: https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project I would say sections A1, A6, A7, A8 are a big problem with this web application. ( Again how this got past the IT Group, the Security Group which should have been responsible for reviewing and testing the web application before it was put to the public for these types of flaws) and the business that should have been advised of the issues and the risk and either agreed to take the risk ( with signatures) or the code should have been fixed). Again it happens a lot more than you see in the headlines, Z Edward E. Ziots CISSP, Network +, Security + Security Engineer Lifespan Organization Email:ezi...@lifespan.org Cell:401-639-3505 -Original Message- From: Ken Schaefer [mailto:k...@adopenstatic.com] Sent: Wednesday, June 15, 2011 12:20 AM To: NT System Admin Issues Subject: RE: [OT] Citibank worse at security than Sony I doubt any fat cat bankers signed off, knowingly, on an insecure site. People going to jail would be the IT folks who should have known better. That said, do you know the ins and outs of every single system you've got control over? Cheers Ken -Original Message- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: Wednesday, 15 June 2011 11:36 AM To: NT System Admin Issues Subject: [OT] Citibank worse at security than Sony So... 200,000 or so Citigroup customers have had their person info stolen. Someone logged in to one account properly, then changed the account number in the URL to someone else, and the site happily served up that account instead. I hesitate to even call the first party an attacker. Is it really an attack if the bank just leaves a pile of money sitting on the sidewalk and someone takes it? http://www.dailymail.co.uk/news/article-2003393/How-Citigroup-hackers-br oke-door-using-banks-website.html Some banker fat cats need to go to jail for this. This is incompetence of the highest order. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
[OT] SCOM cracks me up.
Sometimes these alerts just make me chuckle. Apparently I have a file server that is 8171 years behind on logging events. Last modified time: 6/15/2011 6:28:35 AM Alert description: The Windows Event Log Provider monitoring the Application Event Log is 4294967294 minutes behind in processing events. This can occur when the provider is restarted after being offline for some time, or there are too many events to be handled by the workflow. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: [OT] SCOM cracks me up.
I've had servers with uptimes measured in millennia, from time to time On 15 June 2011 14:41, Kennedy, Jim kennedy...@elyriaschools.org wrote: Sometimes these alerts just make me chuckle. Apparently I have a file server that is 8171 years behind on logging events. Last modified time: 6/15/2011 6:28:35 AM Alert description: The Windows Event Log Provider monitoring the Application Event Log is 4294967294 minutes behind in processing events. This can occur when the provider is restarted after being offline for some time, or there are too many events to be handled by the workflow. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question. *IMPORTANT: The information in this email is CONFIDENTIAL. If its contents are disclosed in any way my lawyers will swoop down from black helicopters like Seal Team Six and drag you away with a black bag over your head. They will then take you to a secret prison and make you fight to the death with other people who dared to share this email. You will be given a large bowie knife and a supply of methamphetamines while I watch the said deathmatch and wager vast sums of money on who will be the winner. If the fight becomes boring or there is a stalemate, I will release rabid dogs and my two-stone cat into the arena to liven things up a bit. If these animals become in any way docile, I will squirt them with water pistols until they become a bit more temperamental.* ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: [OT] Citibank worse at security than Sony
Thou speakest truth... My comment about shareholder value is aimed more at the fact that the people that should be concerned about whether or not these things are happening properly are not concerned enough to even ask those questions, relative to any questions that would result in revenue potentially going up... *ASB *(Professional Bio http://about.me/Andrew.S.Baker/bio) Harnessing the Advantages of Technology for the SMB market... On Wed, Jun 15, 2011 at 7:39 AM, Ken Schaefer k...@adopenstatic.com wrote: Hmm – at the individual application development level, in a large org, no one cares about shareholder value. The problem with large organisations is the huge amount of effort required to get anything implemented. The application development was probably outsourced, the infrastructure is handled by some other company, the security review was done at the architectural level, and the annual pen test might not have picked it up. And the auditors generally don’t know how anything actually works, and just require ticks in the boxes (like hiding your server OS in the HTTP headers, rather than actually trying to attack your application) Cheers Ken *From:* Andrew S. Baker [mailto:asbz...@gmail.com] *Sent:* Wednesday, 15 June 2011 7:31 PM *To:* NT System Admin Issues *Subject:* Re: [OT] Citibank worse at security than Sony ***As with Sony, one has to wonder where their priorities are with data protection ..* It's all about shareholder value, and the shareholders value profits and dividends... Plus, no one expects to be caught, or exposed, so it's not a problem until it's a problem. Until they suffer some real penalties (huge SEC fine, real government oversight, significant loss of customers, jail time for someone in senior management), there will be little change. *ASB *(Professional Bio http://about.me/Andrew.S.Baker/bio) *Harnessing the Advantages of Technology for the SMB market...* On Wed, Jun 15, 2011 at 5:31 AM, Alan Davies adav...@cls-services.com wrote: What floors me is how sophisticated they are saying the attack is! Honestly, this article makes me so angry! http://www.nytimes.com/2011/06/14/technology/14security.html?_r=3 This is basic s**t! It's not APT. It's not sophisticated. It's complete lack of good governance and due diligence. It's a high profile web app with PII data that should be having significant PT work done at a MINIMUM of quarterly. As with Sony, one has to wonder where their priorities are with data protection .. a -Original Message- From: Matthew B Ames [mailto:matthew.a...@qinetiq.com] Sent: 15 June 2011 07:24 To: NT System Admin Issues Subject: RE: [OT] Citibank worse at security than Sony As a software engineer I would feel rather guilty to develop a system that was that poor. I used to have a Citi credit card. I had better check it is no long active. -Original Message- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: 15 June 2011 04:36 To: NT System Admin Issues Subject: [OT] Citibank worse at security than Sony So... 200,000 or so Citigroup customers have had their person info stolen. Someone logged in to one account properly, then changed the account number in the URL to someone else, and the site happily served up that account instead. I hesitate to even call the first party an attacker. Is it really an attack if the bank just leaves a pile of money sitting on the sidewalk and someone takes it? http://www.dailymail.co.uk/news/article-2003393/How-Citigroup-hackers-br oke-door-using-banks-website.html Some banker fat cats need to go to jail for this. This is incompetence of the highest order. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: [OT] Citibank worse at security than Sony
Probably. But some executive sponsor will ask is it secure? Did it pass the security review? Some PM, who knows nothing about IT, will answer yes Some people, in the security group, who are expected to know everything about every app (even though they might be experts with FWs and SIEMs and AV, don't know anything about .NET / JSP etc) reviewed it and agreed And some poor shmuck developed this thing 10 years ago when this wasn't an issue. Or they needed to pass some data between disparate systems but couldn't find a good way to do it, so they went the easy way. Again, not excusing it - it's really poor form, and so easy to protect against. That said, maintaining session state out of process was expensive 10 years ago. If that's when the app was developed, the programmers probably didn't know better, and the solutions for scalability were expensive. Quoting OWASP is fine (well, even that wasn't really that well known 10 years ago), but unless you do App Dev in an enterprise, you just can't know how difficult it is to get anything done. What was state of the art in security 12 months ago when you started the project is obsolete by the time it's installed, and completely out-of-date by the time the next refresh project is entering kick-off meetings. Cheers Ken From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Wednesday, 15 June 2011 9:48 PM To: NT System Admin Issues Subject: Re: [OT] Citibank worse at security than Sony Thou speakest truth... My comment about shareholder value is aimed more at the fact that the people that should be concerned about whether or not these things are happening properly are not concerned enough to even ask those questions, relative to any questions that would result in revenue potentially going up... ASB (Professional Biohttp://about.me/Andrew.S.Baker/bio) Harnessing the Advantages of Technology for the SMB market... On Wed, Jun 15, 2011 at 7:39 AM, Ken Schaefer k...@adopenstatic.commailto:k...@adopenstatic.com wrote: Hmm - at the individual application development level, in a large org, no one cares about shareholder value. The problem with large organisations is the huge amount of effort required to get anything implemented. The application development was probably outsourced, the infrastructure is handled by some other company, the security review was done at the architectural level, and the annual pen test might not have picked it up. And the auditors generally don't know how anything actually works, and just require ticks in the boxes (like hiding your server OS in the HTTP headers, rather than actually trying to attack your application) Cheers Ken From: Andrew S. Baker [mailto:asbz...@gmail.commailto:asbz...@gmail.com] Sent: Wednesday, 15 June 2011 7:31 PM To: NT System Admin Issues Subject: Re: [OT] Citibank worse at security than Sony As with Sony, one has to wonder where their priorities are with data protection .. It's all about shareholder value, and the shareholders value profits and dividends... Plus, no one expects to be caught, or exposed, so it's not a problem until it's a problem. Until they suffer some real penalties (huge SEC fine, real government oversight, significant loss of customers, jail time for someone in senior management), there will be little change. ASB (Professional Biohttp://about.me/Andrew.S.Baker/bio) Harnessing the Advantages of Technology for the SMB market... On Wed, Jun 15, 2011 at 5:31 AM, Alan Davies adav...@cls-services.commailto:adav...@cls-services.com wrote: What floors me is how sophisticated they are saying the attack is! Honestly, this article makes me so angry! http://www.nytimes.com/2011/06/14/technology/14security.html?_r=3 This is basic s**t! It's not APT. It's not sophisticated. It's complete lack of good governance and due diligence. It's a high profile web app with PII data that should be having significant PT work done at a MINIMUM of quarterly. As with Sony, one has to wonder where their priorities are with data protection .. a -Original Message- From: Matthew B Ames [mailto:matthew.a...@qinetiq.commailto:matthew.a...@qinetiq.com] Sent: 15 June 2011 07:24 To: NT System Admin Issues Subject: RE: [OT] Citibank worse at security than Sony As a software engineer I would feel rather guilty to develop a system that was that poor. I used to have a Citi credit card. I had better check it is no long active. -Original Message- From: Ben Scott [mailto:mailvor...@gmail.commailto:mailvor...@gmail.com] Sent: 15 June 2011 04:36 To: NT System Admin Issues Subject: [OT] Citibank worse at security than Sony So... 200,000 or so Citigroup customers have had their person info stolen. Someone logged in to one account properly, then changed the account number in the URL to someone else, and the site happily served up that account instead. I hesitate to even call the first party an attacker. Is it really an attack if the bank just leaves a pile of
Re: [OT] Citibank worse at security than Sony
Well, we (collective we) have to stop giving them easy outs. They find ways to make sure that they can use hot-off-the-presses technology to get order entry or other more-direct-to-revenue projects done, and heads roll appropriately for not getting it done on time. That same approach can be applied to security. Everyone knows that it isn't, and so we see the results that we see... It's not an insurmountable problem by any means, especially when you look at the technical -- and sometimes political -- complexity of the things which *are* accomplished properly. *ASB *(Professional Bio http://about.me/Andrew.S.Baker/bio) Harnessing the Advantages of Technology for the SMB market... On Wed, Jun 15, 2011 at 10:46 AM, Ken Schaefer k...@adopenstatic.com wrote: Probably. But some executive sponsor will ask “is it secure? Did it pass the security review?” Some PM, who knows nothing about IT, will answer “yes” Some people, in the security group, who are expected to know everything about every app (even though they might be experts with FWs and SIEMs and AV, don’t know anything about .NET / JSP etc) reviewed it and agreed And some poor shmuck developed this thing 10 years ago when this wasn’t an issue. Or they needed to pass some data between disparate systems but couldn’t find a good way to do it, so they went the easy way. Again, not excusing it – it’s really poor form, and so easy to protect against. That said, maintaining session state “out of process” was expensive 10 years ago. If that’s when the app was developed, the programmers probably didn’t know better, and the solutions for scalability were expensive. Quoting OWASP is fine (well, even that wasn’t really that well known 10 years ago), but unless you do App Dev in an enterprise, you just can’t know how difficult it is to get anything done. What was “state of the art” in security 12 months ago when you started the project is obsolete by the time it’s installed, and completely out-of-date by the time the next refresh project is entering kick-off meetings. Cheers Ken *From:* Andrew S. Baker [mailto:asbz...@gmail.com] *Sent:* Wednesday, 15 June 2011 9:48 PM *To:* NT System Admin Issues *Subject:* Re: [OT] Citibank worse at security than Sony Thou speakest truth... My comment about shareholder value is aimed more at the fact that the people that should be concerned about whether or not these things are happening properly are not concerned enough to even ask those questions, relative to any questions that would result in revenue potentially going up... *ASB *(Professional Bio http://about.me/Andrew.S.Baker/bio) *Harnessing the Advantages of Technology for the SMB market...* On Wed, Jun 15, 2011 at 7:39 AM, Ken Schaefer k...@adopenstatic.com wrote: Hmm – at the individual application development level, in a large org, no one cares about shareholder value. The problem with large organisations is the huge amount of effort required to get anything implemented. The application development was probably outsourced, the infrastructure is handled by some other company, the security review was done at the architectural level, and the annual pen test might not have picked it up. And the auditors generally don’t know how anything actually works, and just require ticks in the boxes (like hiding your server OS in the HTTP headers, rather than actually trying to attack your application) Cheers Ken *From:* Andrew S. Baker [mailto:asbz...@gmail.com] *Sent:* Wednesday, 15 June 2011 7:31 PM *To:* NT System Admin Issues *Subject:* Re: [OT] Citibank worse at security than Sony ***As with Sony, one has to wonder where their priorities are with data protection ..* It's all about shareholder value, and the shareholders value profits and dividends... Plus, no one expects to be caught, or exposed, so it's not a problem until it's a problem. Until they suffer some real penalties (huge SEC fine, real government oversight, significant loss of customers, jail time for someone in senior management), there will be little change. *ASB *(Professional Bio http://about.me/Andrew.S.Baker/bio) *Harnessing the Advantages of Technology for the SMB market...* On Wed, Jun 15, 2011 at 5:31 AM, Alan Davies adav...@cls-services.com wrote: What floors me is how sophisticated they are saying the attack is! Honestly, this article makes me so angry! http://www.nytimes.com/2011/06/14/technology/14security.html?_r=3 This is basic s**t! It's not APT. It's not sophisticated. It's complete lack of good governance and due diligence. It's a high profile web app with PII data that should be having significant PT work done at a MINIMUM of quarterly. As with Sony, one has to wonder where their priorities are with data protection .. a -Original Message- From: Matthew B Ames [mailto:matthew.a...@qinetiq.com] Sent: 15 June 2011 07:24 To: NT System Admin
RE: [OT] Citibank worse at security than Sony
Plus, no one expects to be caught, or exposed, so it's not a problem until it's a problem. Indeed Until they suffer some real penalties (huge SEC fine, real government oversight, significant loss of customers, jail time for someone in senior management), there will be little change. If recent history is any indicator, they will get a big bailout for their malfeasance, any indiscretions will be ignored by regulators, they will pat themselves on the back with huge bonuses for weathering the storm, and the consumer will be left holding the bag. From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Wednesday, June 15, 2011 4:31 AM To: NT System Admin Issues Subject: Re: [OT] Citibank worse at security than Sony As with Sony, one has to wonder where their priorities are with data protection .. It's all about shareholder value, and the shareholders value profits and dividends... Plus, no one expects to be caught, or exposed, so it's not a problem until it's a problem. Until they suffer some real penalties (huge SEC fine, real government oversight, significant loss of customers, jail time for someone in senior management), there will be little change. ASB (Professional Biohttp://about.me/Andrew.S.Baker/bio) Harnessing the Advantages of Technology for the SMB market... On Wed, Jun 15, 2011 at 5:31 AM, Alan Davies adav...@cls-services.commailto:adav...@cls-services.com wrote: What floors me is how sophisticated they are saying the attack is! Honestly, this article makes me so angry! http://www.nytimes.com/2011/06/14/technology/14security.html?_r=3 This is basic s**t! It's not APT. It's not sophisticated. It's complete lack of good governance and due diligence. It's a high profile web app with PII data that should be having significant PT work done at a MINIMUM of quarterly. As with Sony, one has to wonder where their priorities are with data protection .. a -Original Message- From: Matthew B Ames [mailto:matthew.a...@qinetiq.commailto:matthew.a...@qinetiq.com] Sent: 15 June 2011 07:24 To: NT System Admin Issues Subject: RE: [OT] Citibank worse at security than Sony As a software engineer I would feel rather guilty to develop a system that was that poor. I used to have a Citi credit card. I had better check it is no long active. -Original Message- From: Ben Scott [mailto:mailvor...@gmail.commailto:mailvor...@gmail.com] Sent: 15 June 2011 04:36 To: NT System Admin Issues Subject: [OT] Citibank worse at security than Sony So... 200,000 or so Citigroup customers have had their person info stolen. Someone logged in to one account properly, then changed the account number in the URL to someone else, and the site happily served up that account instead. I hesitate to even call the first party an attacker. Is it really an attack if the bank just leaves a pile of money sitting on the sidewalk and someone takes it? http://www.dailymail.co.uk/news/article-2003393/How-Citigroup-hackers-br oke-door-using-banks-website.htmlhttp://www.dailymail.co.uk/news/article-2003393/How-Citigroup-hackers-br%0d%0aoke-door-using-banks-website.html Some banker fat cats need to go to jail for this. This is incompetence of the highest order. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: [OT] Citibank worse at security than Sony
Sadly, I concur. *ASB *(Professional Bio http://about.me/Andrew.S.Baker/bio) Harnessing the Advantages of Technology for the SMB market... On Wed, Jun 15, 2011 at 10:55 AM, Free, Bob r...@pge.com wrote: Plus, no one expects to be caught, or exposed, so it's not a problem until it's a problem. Indeed Until they suffer some real penalties (huge SEC fine, real government oversight, significant loss of customers, jail time for someone in senior management), there will be little change. If recent history is any indicator, they will get a big bailout for their malfeasance, any indiscretions will be ignored by regulators, they will pat themselves on the back with huge bonuses for weathering the storm, and the consumer will be left holding the bag. *From:* Andrew S. Baker [mailto:asbz...@gmail.com] *Sent:* Wednesday, June 15, 2011 4:31 AM *To:* NT System Admin Issues *Subject:* Re: [OT] Citibank worse at security than Sony ***As with Sony, one has to wonder where their priorities are with data protection ..* It's all about shareholder value, and the shareholders value profits and dividends... Plus, no one expects to be caught, or exposed, so it's not a problem until it's a problem. Until they suffer some real penalties (huge SEC fine, real government oversight, significant loss of customers, jail time for someone in senior management), there will be little change. *ASB *(Professional Bio http://about.me/Andrew.S.Baker/bio) *Harnessing the Advantages of Technology for the SMB market...* On Wed, Jun 15, 2011 at 5:31 AM, Alan Davies adav...@cls-services.com wrote: What floors me is how sophisticated they are saying the attack is! Honestly, this article makes me so angry! http://www.nytimes.com/2011/06/14/technology/14security.html?_r=3 This is basic s**t! It's not APT. It's not sophisticated. It's complete lack of good governance and due diligence. It's a high profile web app with PII data that should be having significant PT work done at a MINIMUM of quarterly. As with Sony, one has to wonder where their priorities are with data protection .. a -Original Message- From: Matthew B Ames [mailto:matthew.a...@qinetiq.com] Sent: 15 June 2011 07:24 To: NT System Admin Issues Subject: RE: [OT] Citibank worse at security than Sony As a software engineer I would feel rather guilty to develop a system that was that poor. I used to have a Citi credit card. I had better check it is no long active. -Original Message- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: 15 June 2011 04:36 To: NT System Admin Issues Subject: [OT] Citibank worse at security than Sony So... 200,000 or so Citigroup customers have had their person info stolen. Someone logged in to one account properly, then changed the account number in the URL to someone else, and the site happily served up that account instead. I hesitate to even call the first party an attacker. Is it really an attack if the bank just leaves a pile of money sitting on the sidewalk and someone takes it? http://www.dailymail.co.uk/news/article-2003393/How-Citigroup-hackers-br oke-door-using-banks-website.html Some banker fat cats need to go to jail for this. This is incompetence of the highest order. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: [OT]: I.T. idiots
If that were the case, I would rather not waste any time riding a bike home.. Don Guyer Windows Systems Engineer RIM Operations Engineering Distributed - A Team, Tier 2 Enterprise Technology Group Fiserv don.gu...@fiserv.com Office: 1-800-523-7282 x 1673 Fax: 610-233-0404 www.fiserv.com http://www.fiserv.com/ From: Matthew B Ames [mailto:matthew.a...@qinetiq.com] Sent: Wednesday, June 15, 2011 6:35 AM To: NT System Admin Issues Subject: RE: [OT]: I.T. idiots I noticed that where I work we can claim money for mile for cycling - trouble is the 120 mile round trip to get to work by bike makes for rather a long day! I have to make do with a lunchtime run when I am onsite, or a 20 mile mountain bike when working from home in my lunch break. Maybe he has a bit-on-the-side and he popped home to do her while verifying the secure mail delivery J From: James Rankin [mailto:kz2...@googlemail.com] Sent: 15 June 2011 11:30 To: NT System Admin Issues Subject: Re: [OT]: I.T. idiots Pedal bike. I wouldn't mind the chance to get away for a bit of exercise during work time as well! On 15 June 2011 11:27, Matthew B Ames matthew.a...@qinetiq.com wrote: Depends if he then submits a mileage claim or not J Bike = motorbike, or pedal? If the latter then double points to be awarded for getting exercise while on company time. From: James Rankin [mailto:kz2...@googlemail.com] Sent: 15 June 2011 11:17 To: NT System Admin Issues Subject: OT: I.T. idiots I work with a guy who just suddenly upped and went home without a word about half an hour ago. He has just telephoned me to let me know he has successfully verified our secure email delivery procedure, by riding all the way home on his bike, and confirming receipt of the email on his home PC. Considering the fact that he could have done this without leaving his desk by using a) a smartphone or b) our public access network, I am left wondering how he ever got to work on this team. -- On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question. IMPORTANT: The information in this email is CONFIDENTIAL. If its contents are disclosed in any way my lawyers will swoop down from black helicopters like Seal Team Six and drag you away with a black bag over your head. They will then take you to a secret prison and make you fight to the death with other people who dared to share this email. You will be given a large bowie knife and a supply of methamphetamines while I watch the said deathmatch and wager vast sums of money on who will be the winner. If the fight becomes boring or there is a stalemate, I will release rabid dogs and my two-stone cat into the arena to liven things up a bit. If these animals become in any way docile, I will squirt them with water pistols until they become a bit more temperamental. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin This email and any attachments to it may be confidential and are intended solely for the use of the individual to whom it is addressed. If you are not the intended recipient of this email, you must neither take any action based upon its contents, nor copy or show it to anyone. Please contact the sender if you believe you have received this email in error. QinetiQ may monitor email traffic data and also the content of email for the purposes of security. QinetiQ Limited (Registered in England Wales: Company Number: 3796233) Registered office: Cody Technology Park, Ively Road, Farnborough, Hampshire, GU14 0LX http://www.qinetiq.com. http://www.qinetiq.com http://www.qinetiq.com ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question. IMPORTANT: The information in this email is CONFIDENTIAL. If its contents are disclosed in any way my lawyers will swoop down from black helicopters like Seal Team Six and drag you away with a black bag over your head. They will then take you to a secret prison and make you fight to the death with other people who dared to share this email. You will be given a large bowie knife and a
Default C: drive permissions
I've just noticed that all of our 2008 R2 servers have a permissions set applied to users on an NTFS level that, as well as the standard * Read/Execute*, gives them a couple of Special permissions - *Create Files/Write Data* and *Create Folders/Append Data*. Is this normal? And if so what purpose does it serve? We've just found a user that has - somehow - installed an app into the C: drive of one of our Citrix XenApp servers, and we're trying to work out how it happened. -- On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question. ** IMPORTANT INFORMATION/DISCLAIMER * This document should be read only by those persons to whom it is addressed. If you have received this message it was obviously addressed to you and therefore you can read it, even it we didn't mean to send it to you. However, if the contents of this email make no sense whatsoever then you probably were not the intended recipient, or, alternatively, you are a mindless cretin; either way, you should immediately kill yourself and destroy your computer (not necessarily in that order). Once you have taken this action, please contact us.. no, sorry, you can't use your computer, because you just destroyed it, and possibly also committed suicide afterwards, but I am starting to digress.. * * The originator of this email is not liable for the transmission of the information contained in this communication. Or are they? Either way it's a pretty dull legal query and frankly one I'm not going to dwell on. But should you have nothing better to do, please feel free to ruminate on it, and please pass on any concrete conclusions should you find them. However, if you pass them on via email, be sure to include a disclaimer regarding liability for transmission. * * In the event that the originator did not send this email to you, then please return it to us and attach a scanned-in picture of your mother's brother's wife wearing nothing but a kangaroo suit, and we will immediately refund you exactly half of what you paid for the can of Whiskas you bought when you went to Pets** ** At Home yesterday. * * We take no responsibility for non-receipt of this email because we are running Exchange 5.5 and everyone knows how glitchy that can be. In the event that you do get this message then please note that we take no responsibility for that either. Nor will we accept any liability, tacit or implied, for any damage you may or may not incur as a result of receiving, or not, as the case may be, from time to time, notwithstanding all liabilities implied or otherwise, ummm, hell, where was I...umm, no matter what happens, it is NOT, and NEVER WILL BE, OUR FAULT! * * The comments and opinions expressed herein are my own and NOT those of my employer, who, if he knew I was sending emails and surfing the seamier side of the Internet, would cut off my manhood and feed it to me for afternoon tea. * ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: [OT]: I.T. idiots
Yeah. You wouldn't want to spend half an hour on a bike then just get on another one :-0 On 15 June 2011 16:16, Guyer, Don don.gu...@fiserv.com wrote: If that were the case, I would rather not waste any “time” riding a bike home.. *Don Guyer* Windows Systems Engineer RIM Operations Engineering Distributed – A Team, Tier 2 Enterprise Technology Group *Fiserv* don.gu...@fiserv.com Office: 1-800-523-7282 x 1673 Fax: 610-233-0404 www.fiserv.com *From:* Matthew B Ames [mailto:matthew.a...@qinetiq.com] *Sent:* Wednesday, June 15, 2011 6:35 AM *To:* NT System Admin Issues *Subject:* RE: [OT]: I.T. idiots I noticed that where I work we can claim money for mile for cycling – trouble is the 120 mile round trip to get to work by bike makes for rather a long day! I have to make do with a lunchtime run when I am onsite, or a 20 mile mountain bike when working from home in my lunch break. Maybe he has a bit-on-the-side and he popped home to do her while “verifying the secure mail delivery” J *From:* James Rankin [mailto:kz2...@googlemail.com] *Sent:* 15 June 2011 11:30 *To:* NT System Admin Issues *Subject:* Re: [OT]: I.T. idiots Pedal bike. I wouldn't mind the chance to get away for a bit of exercise during work time as well! On 15 June 2011 11:27, Matthew B Ames matthew.a...@qinetiq.com wrote: Depends if he then submits a mileage claim or not…. J Bike = motorbike, or pedal? If the latter then double points to be awarded for getting exercise while on company time. *From:* James Rankin [mailto:kz2...@googlemail.com] *Sent:* 15 June 2011 11:17 *To:* NT System Admin Issues *Subject:* OT: I.T. idiots I work with a guy who just suddenly upped and went home without a word about half an hour ago. He has just telephoned me to let me know he has successfully verified our secure email delivery procedure, by riding all the way home on his bike, and confirming receipt of the email on his home PC. Considering the fact that he could have done this without leaving his desk by using a) a smartphone or b) our public access network, I am left wondering how he ever got to work on this team. -- On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question. *IMPORTANT: The information in this email is CONFIDENTIAL. If its contents are disclosed in any way my lawyers will swoop down from black helicopters like Seal Team Six and drag you away with a black bag over your head. They will then take you to a secret prison and make you fight to the death with other people who dared to share this email. You will be given a large bowie knife and a supply of methamphetamines while I watch the said deathmatch and wager vast sums of money on who will be the winner. If the fight becomes boring or there is a stalemate, I will release rabid dogs and my two-stone cat into the arena to liven things up a bit. If these animals become in any way docile, I will squirt them with water pistols until they become a bit more temperamental.* ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin This email and any attachments to it may be confidential and are intended solely for the use of the individual to whom it is addressed. If you are not the intended recipient of this email, you must neither take any action based upon its contents, nor copy or show it to anyone. Please contact the sender if you believe you have received this email in error. QinetiQ may monitor email traffic data and also the content of email for the purposes of security. QinetiQ Limited (Registered in England Wales: Company Number: 3796233) Registered office: Cody Technology Park, Ively Road, Farnborough, Hampshire, GU14 0LX http://www.qinetiq.com. http://www.qinetiq.com ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question. *IMPORTANT: The information in this email is CONFIDENTIAL. If its contents are disclosed in any way my lawyers will swoop down from black helicopters like Seal Team Six and drag you away with a
RE: Default C: drive permissions
Not normal, to me. Don Guyer Windows Systems Engineer RIM Operations Engineering Distributed - A Team, Tier 2 Enterprise Technology Group Fiserv don.gu...@fiserv.com Office: 1-800-523-7282 x 1673 Fax: 610-233-0404 www.fiserv.com http://www.fiserv.com/ From: James Rankin [mailto:kz2...@googlemail.com] Sent: Wednesday, June 15, 2011 11:15 AM To: NT System Admin Issues Subject: Default C: drive permissions I've just noticed that all of our 2008 R2 servers have a permissions set applied to users on an NTFS level that, as well as the standard Read/Execute, gives them a couple of Special permissions - Create Files/Write Data and Create Folders/Append Data. Is this normal? And if so what purpose does it serve? We've just found a user that has - somehow - installed an app into the C: drive of one of our Citrix XenApp servers, and we're trying to work out how it happened. -- On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question. * IMPORTANT INFORMATION/DISCLAIMER * This document should be read only by those persons to whom it is addressed. If you have received this message it was obviously addressed to you and therefore you can read it, even it we didn't mean to send it to you. However, if the contents of this email make no sense whatsoever then you probably were not the intended recipient, or, alternatively, you are a mindless cretin; either way, you should immediately kill yourself and destroy your computer (not necessarily in that order). Once you have taken this action, please contact us.. no, sorry, you can't use your computer, because you just destroyed it, and possibly also committed suicide afterwards, but I am starting to digress.. The originator of this email is not liable for the transmission of the information contained in this communication. Or are they? Either way it's a pretty dull legal query and frankly one I'm not going to dwell on. But should you have nothing better to do, please feel free to ruminate on it, and please pass on any concrete conclusions should you find them. However, if you pass them on via email, be sure to include a disclaimer regarding liability for transmission. In the event that the originator did not send this email to you, then please return it to us and attach a scanned-in picture of your mother's brother's wife wearing nothing but a kangaroo suit, and we will immediately refund you exactly half of what you paid for the can of Whiskas you bought when you went to Pets At Home yesterday. We take no responsibility for non-receipt of this email because we are running Exchange 5.5 and everyone knows how glitchy that can be. In the event that you do get this message then please note that we take no responsibility for that either. Nor will we accept any liability, tacit or implied, for any damage you may or may not incur as a result of receiving, or not, as the case may be, from time to time, notwithstanding all liabilities implied or otherwise, ummm, hell, where was I...umm, no matter what happens, it is NOT, and NEVER WILL BE, OUR FAULT! The comments and opinions expressed herein are my own and NOT those of my employer, who, if he knew I was sending emails and surfing the seamier side of the Internet, would cut off my manhood and feed it to me for afternoon tea. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: [OT] Citibank worse at security than Sony
Just to point out the obvious - Citi are FS, ie. they are heavily regulated. This is not optional or something that an Exec might choose to bother with. It's absolutely mandatory and explicitly defined and they would have a large Information Security team, a governance and/or compliance team and an internal audit team, along with a regulator. On top of that, it may be in PCI scope for card data. In the UK, this would mean the FSA as the regulator, the ICO and Visa/Mastercard for PCI. In the US, the FRBNY, etc. ... the list goes on. It almost needs to be an act of sabotage to be this bad and slip through un-noticed for any period of time! a From: Ken Schaefer [mailto:k...@adopenstatic.com] Sent: 15 June 2011 15:46 To: NT System Admin Issues Subject: RE: [OT] Citibank worse at security than Sony Probably. But some executive sponsor will ask is it secure? Did it pass the security review? Some PM, who knows nothing about IT, will answer yes Some people, in the security group, who are expected to know everything about every app (even though they might be experts with FWs and SIEMs and AV, don't know anything about .NET / JSP etc) reviewed it and agreed And some poor shmuck developed this thing 10 years ago when this wasn't an issue. Or they needed to pass some data between disparate systems but couldn't find a good way to do it, so they went the easy way. Again, not excusing it - it's really poor form, and so easy to protect against. That said, maintaining session state out of process was expensive 10 years ago. If that's when the app was developed, the programmers probably didn't know better, and the solutions for scalability were expensive. Quoting OWASP is fine (well, even that wasn't really that well known 10 years ago), but unless you do App Dev in an enterprise, you just can't know how difficult it is to get anything done. What was state of the art in security 12 months ago when you started the project is obsolete by the time it's installed, and completely out-of-date by the time the next refresh project is entering kick-off meetings. Cheers Ken From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Wednesday, 15 June 2011 9:48 PM To: NT System Admin Issues Subject: Re: [OT] Citibank worse at security than Sony Thou speakest truth... My comment about shareholder value is aimed more at the fact that the people that should be concerned about whether or not these things are happening properly are not concerned enough to even ask those questions, relative to any questions that would result in revenue potentially going up... ASB (Professional Bio http://about.me/Andrew.S.Baker/bio ) Harnessing the Advantages of Technology for the SMB market... On Wed, Jun 15, 2011 at 7:39 AM, Ken Schaefer k...@adopenstatic.com wrote: Hmm - at the individual application development level, in a large org, no one cares about shareholder value. The problem with large organisations is the huge amount of effort required to get anything implemented. The application development was probably outsourced, the infrastructure is handled by some other company, the security review was done at the architectural level, and the annual pen test might not have picked it up. And the auditors generally don't know how anything actually works, and just require ticks in the boxes (like hiding your server OS in the HTTP headers, rather than actually trying to attack your application) Cheers Ken From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Wednesday, 15 June 2011 7:31 PM To: NT System Admin Issues Subject: Re: [OT] Citibank worse at security than Sony As with Sony, one has to wonder where their priorities are with data protection .. It's all about shareholder value, and the shareholders value profits and dividends... Plus, no one expects to be caught, or exposed, so it's not a problem until it's a problem. Until they suffer some real penalties (huge SEC fine, real government oversight, significant loss of customers, jail time for someone in senior management), there will be little change. ASB (Professional Bio http://about.me/Andrew.S.Baker/bio ) Harnessing the Advantages of Technology for the SMB market... On Wed, Jun 15, 2011 at 5:31 AM, Alan Davies adav...@cls-services.com wrote: What floors me is how sophisticated they are saying the attack is! Honestly, this article makes me so angry! http://www.nytimes.com/2011/06/14/technology/14security.html?_r=3 This is basic s**t! It's not APT. It's not sophisticated. It's complete lack of good governance and due diligence. It's a high profile web app with PII data that should be having significant PT work done at a MINIMUM of quarterly. As with Sony, one has to wonder where their priorities are with data protection .. a -Original Message- From: Matthew B Ames [mailto:matthew.a...@qinetiq.com] Sent: 15 June 2011 07:24 To: NT System Admin Issues Subject: RE: [OT]
Re: Default C: drive permissions
How's about I answer my own question (again) :-) *normal users are allowed, by default, to create subfolders and add content to these folders from the root of the system drive in Windows Server 2008. This functionality was provided to members of the users group on Windows Server 2008 because some third-party software assumes that these permissions are present, and Microsoft did not want to break app compatibility.* On 15 June 2011 16:15, James Rankin kz2...@googlemail.com wrote: I've just noticed that all of our 2008 R2 servers have a permissions set applied to users on an NTFS level that, as well as the standard * Read/Execute*, gives them a couple of Special permissions - *Create Files/Write Data* and *Create Folders/Append Data*. Is this normal? And if so what purpose does it serve? We've just found a user that has - somehow - installed an app into the C: drive of one of our Citrix XenApp servers, and we're trying to work out how it happened. -- On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question. ** IMPORTANT INFORMATION/DISCLAIMER * This document should be read only by those persons to whom it is addressed. If you have received this message it was obviously addressed to you and therefore you can read it, even it we didn't mean to send it to you. However, if the contents of this email make no sense whatsoever then you probably were not the intended recipient, or, alternatively, you are a mindless cretin; either way, you should immediately kill yourself and destroy your computer (not necessarily in that order). Once you have taken this action, please contact us.. no, sorry, you can't use your computer, because you just destroyed it, and possibly also committed suicide afterwards, but I am starting to digress.. * * The originator of this email is not liable for the transmission of the information contained in this communication. Or are they? Either way it's a pretty dull legal query and frankly one I'm not going to dwell on. But should you have nothing better to do, please feel free to ruminate on it, and please pass on any concrete conclusions should you find them. However, if you pass them on via email, be sure to include a disclaimer regarding liability for transmission. * * In the event that the originator did not send this email to you, then please return it to us and attach a scanned-in picture of your mother's brother's wife wearing nothing but a kangaroo suit, and we will immediately refund you exactly half of what you paid for the can of Whiskas you bought when you went to Pets** ** At Home yesterday. * * We take no responsibility for non-receipt of this email because we are running Exchange 5.5 and everyone knows how glitchy that can be. In the event that you do get this message then please note that we take no responsibility for that either. Nor will we accept any liability, tacit or implied, for any damage you may or may not incur as a result of receiving, or not, as the case may be, from time to time, notwithstanding all liabilities implied or otherwise, ummm, hell, where was I...umm, no matter what happens, it is NOT, and NEVER WILL BE, OUR FAULT! * * The comments and opinions expressed herein are my own and NOT those of my employer, who, if he knew I was sending emails and surfing the seamier side of the Internet, would cut off my manhood and feed it to me for afternoon tea. * ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question. ** IMPORTANT INFORMATION/DISCLAIMER * This document should be read only by those persons to whom it is addressed. If you have received this message it was obviously addressed to you and therefore you can read it, even it we didn't mean to send it to you. However, if the contents of this email make no sense whatsoever then you probably were not the intended recipient, or, alternatively, you are a mindless cretin; either way, you should immediately kill yourself and destroy your computer (not necessarily in that order). Once you have taken this action, please contact us.. no, sorry, you can't use your computer, because you just destroyed it, and possibly also committed suicide afterwards, but I am starting to digress.. * * The originator of this email is not liable for the transmission of the
RE: [OT]: I.T. idiots
I bow to your greater experience :) From: James Rankin [mailto:kz2...@googlemail.com] Sent: 15 June 2011 16:16 To: NT System Admin Issues Subject: Re: [OT]: I.T. idiots Yeah. You wouldn't want to spend half an hour on a bike then just get on another one :-0 On 15 June 2011 16:16, Guyer, Don don.gu...@fiserv.commailto:don.gu...@fiserv.com wrote: If that were the case, I would rather not waste any time riding a bike home.. Don Guyer Windows Systems Engineer RIM Operations Engineering Distributed - A Team, Tier 2 Enterprise Technology Group Fiserv don.gu...@fiserv.commailto:don.gu...@fiserv.com Office: 1-800-523-7282 x 1673 Fax: 610-233-0404 www.fiserv.comhttp://www.fiserv.com/ From: Matthew B Ames [mailto:matthew.a...@qinetiq.commailto:matthew.a...@qinetiq.com] Sent: Wednesday, June 15, 2011 6:35 AM To: NT System Admin Issues Subject: RE: [OT]: I.T. idiots I noticed that where I work we can claim money for mile for cycling - trouble is the 120 mile round trip to get to work by bike makes for rather a long day! I have to make do with a lunchtime run when I am onsite, or a 20 mile mountain bike when working from home in my lunch break. Maybe he has a bit-on-the-side and he popped home to do her while verifying the secure mail delivery :) From: James Rankin [mailto:kz2...@googlemail.commailto:kz2...@googlemail.com] Sent: 15 June 2011 11:30 To: NT System Admin Issues Subject: Re: [OT]: I.T. idiots Pedal bike. I wouldn't mind the chance to get away for a bit of exercise during work time as well! On 15 June 2011 11:27, Matthew B Ames matthew.a...@qinetiq.commailto:matthew.a...@qinetiq.com wrote: Depends if he then submits a mileage claim or not :) Bike = motorbike, or pedal? If the latter then double points to be awarded for getting exercise while on company time. From: James Rankin [mailto:kz2...@googlemail.commailto:kz2...@googlemail.com] Sent: 15 June 2011 11:17 To: NT System Admin Issues Subject: OT: I.T. idiots I work with a guy who just suddenly upped and went home without a word about half an hour ago. He has just telephoned me to let me know he has successfully verified our secure email delivery procedure, by riding all the way home on his bike, and confirming receipt of the email on his home PC. Considering the fact that he could have done this without leaving his desk by using a) a smartphone or b) our public access network, I am left wondering how he ever got to work on this team. -- On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question. IMPORTANT: The information in this email is CONFIDENTIAL. If its contents are disclosed in any way my lawyers will swoop down from black helicopters like Seal Team Six and drag you away with a black bag over your head. They will then take you to a secret prison and make you fight to the death with other people who dared to share this email. You will be given a large bowie knife and a supply of methamphetamines while I watch the said deathmatch and wager vast sums of money on who will be the winner. If the fight becomes boring or there is a stalemate, I will release rabid dogs and my two-stone cat into the arena to liven things up a bit. If these animals become in any way docile, I will squirt them with water pistols until they become a bit more temperamental. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin This email and any attachments to it may be confidential and are intended solely for the use of the individual to whom it is addressed. If you are not the intended recipient of this email, you must neither take any action based upon its contents, nor copy or show it to anyone. Please contact the sender if you believe you have received this email in error. QinetiQ may monitor email traffic data and also the content of email for the purposes of security. QinetiQ Limited (Registered in England Wales: Company Number: 3796233) Registered office: Cody Technology Park, Ively Road, Farnborough, Hampshire, GU14 0LX http://www.qinetiq.com. http://www.qinetiq.com ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- On two occasions...I have been asked, 'Pray, Mr Babbage, if you put
RE: [OT] Citibank worse at security than Sony
May be in scope for PCI Hell, our company is 100x smaller and we are well in scope. J Don Guyer Windows Systems Engineer RIM Operations Engineering Distributed - A Team, Tier 2 Enterprise Technology Group Fiserv don.gu...@fiserv.com Office: 1-800-523-7282 x 1673 Fax: 610-233-0404 www.fiserv.com http://www.fiserv.com/ From: Alan Davies [mailto:adav...@cls-services.com] Sent: Wednesday, June 15, 2011 11:19 AM To: NT System Admin Issues Subject: RE: [OT] Citibank worse at security than Sony Just to point out the obvious - Citi are FS, ie. they are heavily regulated. This is not optional or something that an Exec might choose to bother with. It's absolutely mandatory and explicitly defined and they would have a large Information Security team, a governance and/or compliance team and an internal audit team, along with a regulator. On top of that, it may be in PCI scope for card data. In the UK, this would mean the FSA as the regulator, the ICO and Visa/Mastercard for PCI. In the US, the FRBNY, etc. ... the list goes on. It almost needs to be an act of sabotage to be this bad and slip through un-noticed for any period of time! a From: Ken Schaefer [mailto:k...@adopenstatic.com] Sent: 15 June 2011 15:46 To: NT System Admin Issues Subject: RE: [OT] Citibank worse at security than Sony Probably. But some executive sponsor will ask is it secure? Did it pass the security review? Some PM, who knows nothing about IT, will answer yes Some people, in the security group, who are expected to know everything about every app (even though they might be experts with FWs and SIEMs and AV, don't know anything about .NET / JSP etc) reviewed it and agreed And some poor shmuck developed this thing 10 years ago when this wasn't an issue. Or they needed to pass some data between disparate systems but couldn't find a good way to do it, so they went the easy way. Again, not excusing it - it's really poor form, and so easy to protect against. That said, maintaining session state out of process was expensive 10 years ago. If that's when the app was developed, the programmers probably didn't know better, and the solutions for scalability were expensive. Quoting OWASP is fine (well, even that wasn't really that well known 10 years ago), but unless you do App Dev in an enterprise, you just can't know how difficult it is to get anything done. What was state of the art in security 12 months ago when you started the project is obsolete by the time it's installed, and completely out-of-date by the time the next refresh project is entering kick-off meetings. Cheers Ken From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Wednesday, 15 June 2011 9:48 PM To: NT System Admin Issues Subject: Re: [OT] Citibank worse at security than Sony Thou speakest truth... My comment about shareholder value is aimed more at the fact that the people that should be concerned about whether or not these things are happening properly are not concerned enough to even ask those questions, relative to any questions that would result in revenue potentially going up... ASB (Professional Bio http://about.me/Andrew.S.Baker/bio ) Harnessing the Advantages of Technology for the SMB market... On Wed, Jun 15, 2011 at 7:39 AM, Ken Schaefer k...@adopenstatic.com wrote: Hmm - at the individual application development level, in a large org, no one cares about shareholder value. The problem with large organisations is the huge amount of effort required to get anything implemented. The application development was probably outsourced, the infrastructure is handled by some other company, the security review was done at the architectural level, and the annual pen test might not have picked it up. And the auditors generally don't know how anything actually works, and just require ticks in the boxes (like hiding your server OS in the HTTP headers, rather than actually trying to attack your application) Cheers Ken From: Andrew S. Baker [mailto:asbz...@gmail.com] Sent: Wednesday, 15 June 2011 7:31 PM To: NT System Admin Issues Subject: Re: [OT] Citibank worse at security than Sony As with Sony, one has to wonder where their priorities are with data protection .. It's all about shareholder value, and the shareholders value profits and dividends... Plus, no one expects to be caught, or exposed, so it's not a problem until it's a problem. Until they suffer some real penalties (huge SEC fine, real government oversight, significant loss of customers, jail time for someone in senior management), there will be little change. ASB (Professional Bio http://about.me/Andrew.S.Baker/bio ) Harnessing the Advantages of Technology for the SMB market... On Wed, Jun 15, 2011 at 5:31 AM, Alan Davies adav...@cls-services.com wrote: What floors me is how sophisticated they are saying the attack is! Honestly, this article
RE: Default C: drive permissions
Might be default, but shouldn't stay configured that way. Don Guyer Windows Systems Engineer RIM Operations Engineering Distributed - A Team, Tier 2 Enterprise Technology Group Fiserv don.gu...@fiserv.com Office: 1-800-523-7282 x 1673 Fax: 610-233-0404 www.fiserv.com http://www.fiserv.com/ From: James Rankin [mailto:kz2...@googlemail.com] Sent: Wednesday, June 15, 2011 11:19 AM To: NT System Admin Issues Subject: Re: Default C: drive permissions How's about I answer my own question (again) :-) normal users are allowed, by default, to create subfolders and add content to these folders from the root of the system drive in Windows Server 2008. This functionality was provided to members of the users group on Windows Server 2008 because some third-party software assumes that these permissions are present, and Microsoft did not want to break app compatibility. On 15 June 2011 16:15, James Rankin kz2...@googlemail.com wrote: I've just noticed that all of our 2008 R2 servers have a permissions set applied to users on an NTFS level that, as well as the standard Read/Execute, gives them a couple of Special permissions - Create Files/Write Data and Create Folders/Append Data. Is this normal? And if so what purpose does it serve? We've just found a user that has - somehow - installed an app into the C: drive of one of our Citrix XenApp servers, and we're trying to work out how it happened. -- On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question. * IMPORTANT INFORMATION/DISCLAIMER * This document should be read only by those persons to whom it is addressed. If you have received this message it was obviously addressed to you and therefore you can read it, even it we didn't mean to send it to you. However, if the contents of this email make no sense whatsoever then you probably were not the intended recipient, or, alternatively, you are a mindless cretin; either way, you should immediately kill yourself and destroy your computer (not necessarily in that order). Once you have taken this action, please contact us.. no, sorry, you can't use your computer, because you just destroyed it, and possibly also committed suicide afterwards, but I am starting to digress.. The originator of this email is not liable for the transmission of the information contained in this communication. Or are they? Either way it's a pretty dull legal query and frankly one I'm not going to dwell on. But should you have nothing better to do, please feel free to ruminate on it, and please pass on any concrete conclusions should you find them. However, if you pass them on via email, be sure to include a disclaimer regarding liability for transmission. In the event that the originator did not send this email to you, then please return it to us and attach a scanned-in picture of your mother's brother's wife wearing nothing but a kangaroo suit, and we will immediately refund you exactly half of what you paid for the can of Whiskas you bought when you went to Pets At Home yesterday. We take no responsibility for non-receipt of this email because we are running Exchange 5.5 and everyone knows how glitchy that can be. In the event that you do get this message then please note that we take no responsibility for that either. Nor will we accept any liability, tacit or implied, for any damage you may or may not incur as a result of receiving, or not, as the case may be, from time to time, notwithstanding all liabilities implied or otherwise, ummm, hell, where was I...umm, no matter what happens, it is NOT, and NEVER WILL BE, OUR FAULT! The comments and opinions expressed herein are my own and NOT those of my employer, who, if he knew I was sending emails and surfing the seamier side of the Internet, would cut off my manhood and feed it to me for afternoon tea. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question. * IMPORTANT INFORMATION/DISCLAIMER * This document should be read only by those persons to whom it is addressed. If you have received this message it was obviously addressed to you and therefore you can read it, even it we didn't mean to send it to you. However, if the contents of this email make no sense whatsoever then you probably were not the intended recipient, or, alternatively, you are a mindless cretin;
Re: Default C: drive permissions
I agree, particularly in a Terminal Services environment. But I have just checked a 2003 R2 server and found the same thing. However - we are currently rolling out an Application whitelisting solution here (which is moving far slower than I would like) and I think this is the reason why I have not come across this issue before - every other place I've worked at has implemented a software restriction policy of some type, whereas here they are still coming into the light. On 15 June 2011 16:28, Guyer, Don don.gu...@fiserv.com wrote: Might be “default”, but shouldn’t stay configured that way. *Don Guyer* Windows Systems Engineer RIM Operations Engineering Distributed – A Team, Tier 2 Enterprise Technology Group *Fiserv* don.gu...@fiserv.com Office: 1-800-523-7282 x 1673 Fax: 610-233-0404 www.fiserv.com *From:* James Rankin [mailto:kz2...@googlemail.com] *Sent:* Wednesday, June 15, 2011 11:19 AM *To:* NT System Admin Issues *Subject:* Re: Default C: drive permissions How's about I answer my own question (again) :-) *normal users are allowed, by default, to create subfolders and add content to these folders from the root of the system drive in Windows Server 2008. This functionality was provided to members of the users group on Windows Server 2008 because some third-party software assumes that these permissions are present, and Microsoft did not want to break app compatibility.* On 15 June 2011 16:15, James Rankin kz2...@googlemail.com wrote: I've just noticed that all of our 2008 R2 servers have a permissions set applied to users on an NTFS level that, as well as the standard * Read/Execute*, gives them a couple of Special permissions - *Create Files/Write Data* and *Create Folders/Append Data*. Is this normal? And if so what purpose does it serve? We've just found a user that has - somehow - installed an app into the C: drive of one of our Citrix XenApp servers, and we're trying to work out how it happened. -- On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question. ** IMPORTANT INFORMATION/DISCLAIMER * This document should be read only by those persons to whom it is addressed. If you have received this message it was obviously addressed to you and therefore you can read it, even it we didn't mean to send it to you. However, if the contents of this email make no sense whatsoever then you probably were not the intended recipient, or, alternatively, you are a mindless cretin; either way, you should immediately kill yourself and destroy your computer (not necessarily in that order). Once you have taken this action, please contact us.. no, sorry, you can't use your computer, because you just destroyed it, and possibly also committed suicide afterwards, but I am starting to digress.. * *The originator of this email is not liable for the transmission of the information contained in this communication. Or are they? Either way it's a pretty dull legal query and frankly one I'm not going to dwell on. But should you have nothing better to do, please feel free to ruminate on it, and please pass on any concrete conclusions should you find them. However, if you pass them on via email, be sure to include a disclaimer regarding liability for transmission.* *In the event that the originator did not send this email to you, then please return it to us and attach a scanned-in picture of your mother's brother's wife wearing nothing but a kangaroo suit, and we will immediately refund you exactly half of what you paid for the can of Whiskas you bought when you went to Pets At Home yesterday. * *We take no responsibility for non-receipt of this email because we are running Exchange 5.5 and everyone knows how glitchy that can be. In the event that you do get this message then please note that we take no responsibility for that either. Nor will we accept any liability, tacit or implied, for any damage you may or may not incur as a result of receiving, or not, as the case may be, from time to time, notwithstanding all liabilities implied or otherwise, ummm, hell, where was I...umm, no matter what happens, it is NOT, and NEVER WILL BE, OUR FAULT! * *The comments and opinions expressed herein are my own and NOT those of my employer, who, if he knew I was sending emails and surfing the seamier side of the Internet, would cut off my manhood and feed it to me for afternoon tea. * ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- On two occasions...I have been asked,
RE: Move virtual machines to a new physical host - VMWare Server for Windows
Can't you collapse the snapshot chain? Snapshots are not meant to run for an extended time, but to simply provide a way of backing out of a change in case it goes horribly wrong. Mark Robinson mark.robin...@cips.org 6/14/2011 2:50 PM Thanks Scott. Yes that's what I thought! However I've just fired up one of the VM's (with Snapshots) that I copied over to the new host and the VM is only utilizing the original virtual disks, not the data subsequently stored within the snapshots. So I have a running VM, just without half of the data I had previously. So I need to somehow encourage VMServer to acknowledge the snapshots. Has anyone successfully migrated VM's with snapshots to a new installation of VMWare Server before? From: Crawford, Scott [mailto:crawfo...@evangel.edu] Sent: 14 June 2011 22:24 To: NT System Admin Issues Subject: RE: Move virtual machines to a new physical host - VMWare Server for Windows I've not done this in particular, but I would expect that you could manually move the vmdk files along with the snapshot deltas by moving the whole folder to a new machine and it would work fine. From: Mark Robinson [mailto:mark.robin...@cips.org] Sent: Tuesday, June 14, 2011 4:20 PM To: NT System Admin Issues Subject: Move virtual machines to a new physical host - VMWare Server for Windows Hi, I have VMWare Server for Windows (the free one) installed on a machine which hosts 3 VM's for test lab purposes. I want to move these VM's to a new machine and decommission the existing machine. I have migrated one machine successfully to the new host and this is running along merrily. However I suspect the remaining two VM's may be a different proposition altogether as they have had snapshots taken whereas the VM I have migrated already did not have any snapshots. Has anyone achieved this themselves and could give me any pointers? I have read a couple of articles around fixing the CID chain. Is this necessary? If so how did you do it? I am about to folllow this advice: http://sanbarrow.com/sickbay-lesson-fix-cid-chain-embedded.html Many Thanks, Mark IMPORTANT INFORMATION Internet communications are not secure and therefore CIPS does not accept legal responsibility for the contents of any e-mail message sent via this medium. The content of any e-mail communication is the view of the individual and CIPS does not accept legal liability for the contents. Although this message and any attachments are believed to be free of virus or other defect that might affect any computer system into which it is received and opened, it is the responsibility of the recipient to ensure that it is virus free and no responsibility is accepted by CIPS for any loss or damage in any way arising from its use. -- Scanned by iCritical. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- Scanned by iCritical. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: OT: Capturing video from YouTube?
Truck Masters I think it is….might need that. From: Daniel Rodriguez [mailto:drod...@gmail.com] Sent: Tuesday, June 14, 2011 4:14 PM To: NT System Admin Issues Subject: Re: OT: Capturing video from YouTube? Hey, Mav. Do you still have that business card for that Truck Driving School? On Jun 14, 2011 3:50 PM, Richard Stovall rich...@gmail.com wrote: Negative, Ghost Rider. The pattern is full. On Tue, Jun 14, 2011 at 3:32 PM, James Rankin kz2...@googlemail.com wrote: I'll try that! I am so sick of Top Gun (abridged) now On 13 June 2011 18:02, Daniel Rodriguez drod...@gmail.com wrote: If he likes F14's, a pretty good movie with a interesting dog fight is The Final Conflict. It has a good fight scene. On Jun 13, 2011 12:10 PM, James Rankin kz2...@googlemail.com wrote: Is there any way to snag a video from YouTube or other online site? I know there are various copyright issues attached to this, but it's just that one of my little lads is obsessed with planes (mostly the F14, for some reason) and loves to watch a particular video of it. It's just that booting up my laptop, attaching it to the TV, switching the TV to VGA mode, and then firing up the video for him is a bit of a chore, and I was just wondering if anyone knew any way it could be streamlined. TIA, JRR -- On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question. *IMPORTANT: The information in this email is CONFIDENTIAL. If its contents are disclosed in any way my lawyers will swoop down from black helicopters like Seal Team Six and drag you away with a black bag over your head. They will then take you to a secret prison and make you fight to the death with other people who dared to share this email. You will be given a large bowie knife and a supply of methamphetamines while I watch the said deathmatch and wager vast sums of money on who will be the winner. If the fight becomes boring or there is a stalemate, I will release rabid dogs and my two-stone cat into the arena to liven things up a bit. If these animals become in any way docile, I will squirt them with water pistols until they become a bit more temperamental.* ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question. *IMPORTANT: The information in this email is CONFIDENTIAL. If its contents are disclosed in any way my lawyers will swoop down from black helicopters like Seal Team Six and drag you away with a black bag over your head. They will then take you to a secret prison and make you fight to the death with other people who dared to share this email. You will be given a large bowie knife and a supply of methamphetamines while I watch the said deathmatch and wager vast sums of money on who will be the winner. If the fight becomes boring or there is a stalemate, I will release rabid dogs and my two-stone cat into the arena to liven things up a bit. If these animals become in any way docile, I will squirt them with water pistols until they become a bit more temperamental.* ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to
Re: Move virtual machines to a new physical host - VMWare Server for Windows
Ummm...? If you remove them, they get incorporated into the base image. You will generally need to do this before moving them. Maintaining snapshots for any length of time in a vmware environment really isn't a good practice. Steven Peck http://www.blkmtn.org On Wed, Jun 15, 2011 at 1:39 AM, Mark Robinson mark.robin...@cips.orgwrote: No that's right, I really need to have access to the snapshots...so I do not wish to remove them. -Original Message- From: Bill Humphries [mailto:nt...@hedgedigger.com] Sent: 15 June 2011 03:54 To: NT System Admin Issues Subject: Re: Move virtual machines to a new physical host - VMWare Server for Windows Yeah, not that I have tons of ESXi experience, but I have just removed the snapshots prior to the move. I'm guessing you don't want to do this in case you need to rollback the server to a previous snapshot? Stefan Jafs wrote: And you can not remove the snapshots? On Tue, Jun 14, 2011 at 5:50 PM, Mark Robinson mark.robin...@cips.org mailto:mark.robin...@cips.org wrote: Thanks Scott. Yes that's what I thought! However I've just fired up one of the VM's (with Snapshots) that I copied over to the new host and the VM is only utilizing the original virtual disks, not the data subsequently stored within the snapshots. So I have a running VM, just without half of the data I had previously. So I need to somehow encourage VMServer to acknowledge the snapshots. Has anyone successfully migrated VM's with snapshots to a new installation of VMWare Server before? *From:* Crawford, Scott [mailto:crawfo...@evangel.edu mailto:crawfo...@evangel.edu] *Sent:* 14 June 2011 22:24 *To:* NT System Admin Issues *Subject:* RE: Move virtual machines to a new physical host - VMWare Server for Windows I've not done this in particular, but I would expect that you could manually move the vmdk files along with the snapshot deltas by moving the whole folder to a new machine and it would work fine. *From:* Mark Robinson [mailto:mark.robin...@cips.org mailto:mark.robin...@cips.org] *Sent:* Tuesday, June 14, 2011 4:20 PM *To:* NT System Admin Issues *Subject:* Move virtual machines to a new physical host - VMWare Server for Windows Hi, I have VMWare Server for Windows (the free one) installed on a machine which hosts 3 VM's for test lab purposes. I want to move these VM's to a new machine and decommission the existing machine. I have migrated one machine successfully to the new host and this is running along merrily. However I suspect the remaining two VM's may be a different proposition altogether as they have had snapshots taken whereas the VM I have migrated already did not have any snapshots. Has anyone achieved this themselves and could give me any pointers? I have read a couple of articles around fixing the CID chain. Is this necessary? If so how did you do it? I am about to folllow this advice: http://sanbarrow.com/sickbay-lesson-fix-cid-chain-embedded.html Many Thanks, Mark IMPORTANT INFORMATION Internet communications are not secure and therefore CIPS does not accept legal responsibility for the contents of any e-mail message sent via this medium. The content of any e-mail communication is the view of the individual and CIPS does not accept legal liability for the contents. Although this message and any attachments are believed to be free of virus or other defect that might affect any computer system into which it is received and opened, it is the responsibility of the recipient to ensure that it is virus free and no responsibility is accepted by CIPS for any loss or damage in any way arising from its use. -- Scanned by iCritical. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com mailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com mailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- Scanned by iCritical. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
Re: Move virtual machines to a new physical host - VMWare Server for Windows
We keep snapshots for as little time as possible. Try restoring an old snapshot to anything that is AD-integrated, and watch the fun commence. On 15 June 2011 16:38, Steven Peck sep...@gmail.com wrote: Ummm...? If you remove them, they get incorporated into the base image. You will generally need to do this before moving them. Maintaining snapshots for any length of time in a vmware environment really isn't a good practice. Steven Peck http://www.blkmtn.org On Wed, Jun 15, 2011 at 1:39 AM, Mark Robinson mark.robin...@cips.orgwrote: No that's right, I really need to have access to the snapshots...so I do not wish to remove them. -Original Message- From: Bill Humphries [mailto:nt...@hedgedigger.com] Sent: 15 June 2011 03:54 To: NT System Admin Issues Subject: Re: Move virtual machines to a new physical host - VMWare Server for Windows Yeah, not that I have tons of ESXi experience, but I have just removed the snapshots prior to the move. I'm guessing you don't want to do this in case you need to rollback the server to a previous snapshot? Stefan Jafs wrote: And you can not remove the snapshots? On Tue, Jun 14, 2011 at 5:50 PM, Mark Robinson mark.robin...@cips.org mailto:mark.robin...@cips.org wrote: Thanks Scott. Yes that's what I thought! However I've just fired up one of the VM's (with Snapshots) that I copied over to the new host and the VM is only utilizing the original virtual disks, not the data subsequently stored within the snapshots. So I have a running VM, just without half of the data I had previously. So I need to somehow encourage VMServer to acknowledge the snapshots. Has anyone successfully migrated VM's with snapshots to a new installation of VMWare Server before? *From:* Crawford, Scott [mailto:crawfo...@evangel.edu mailto:crawfo...@evangel.edu] *Sent:* 14 June 2011 22:24 *To:* NT System Admin Issues *Subject:* RE: Move virtual machines to a new physical host - VMWare Server for Windows I've not done this in particular, but I would expect that you could manually move the vmdk files along with the snapshot deltas by moving the whole folder to a new machine and it would work fine. *From:* Mark Robinson [mailto:mark.robin...@cips.org mailto:mark.robin...@cips.org] *Sent:* Tuesday, June 14, 2011 4:20 PM *To:* NT System Admin Issues *Subject:* Move virtual machines to a new physical host - VMWare Server for Windows Hi, I have VMWare Server for Windows (the free one) installed on a machine which hosts 3 VM's for test lab purposes. I want to move these VM's to a new machine and decommission the existing machine. I have migrated one machine successfully to the new host and this is running along merrily. However I suspect the remaining two VM's may be a different proposition altogether as they have had snapshots taken whereas the VM I have migrated already did not have any snapshots. Has anyone achieved this themselves and could give me any pointers? I have read a couple of articles around fixing the CID chain. Is this necessary? If so how did you do it? I am about to folllow this advice: http://sanbarrow.com/sickbay-lesson-fix-cid-chain-embedded.html Many Thanks, Mark IMPORTANT INFORMATION Internet communications are not secure and therefore CIPS does not accept legal responsibility for the contents of any e-mail message sent via this medium. The content of any e-mail communication is the view of the individual and CIPS does not accept legal liability for the contents. Although this message and any attachments are believed to be free of virus or other defect that might affect any computer system into which it is received and opened, it is the responsibility of the recipient to ensure that it is virus free and no responsibility is accepted by CIPS for any loss or damage in any way arising from its use. -- Scanned by iCritical. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com mailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com
RE: Move virtual machines to a new physical host - VMWare Server for Windows
IIRC I was moving a VM to a different SAN recently and it balked because there was a snapshot of the server (which I had totally forgotten about) and it took a very long time to delete it. From: James Rankin [mailto:kz2...@googlemail.com] Sent: Wednesday, June 15, 2011 11:41 AM To: NT System Admin Issues Subject: Re: Move virtual machines to a new physical host - VMWare Server for Windows We keep snapshots for as little time as possible. Try restoring an old snapshot to anything that is AD-integrated, and watch the fun commence. On 15 June 2011 16:38, Steven Peck sep...@gmail.commailto:sep...@gmail.com wrote: Ummm...? If you remove them, they get incorporated into the base image. You will generally need to do this before moving them. Maintaining snapshots for any length of time in a vmware environment really isn't a good practice. Steven Peck http://www.blkmtn.org On Wed, Jun 15, 2011 at 1:39 AM, Mark Robinson mark.robin...@cips.orgmailto:mark.robin...@cips.org wrote: No that's right, I really need to have access to the snapshots...so I do not wish to remove them. -Original Message- From: Bill Humphries [mailto:nt...@hedgedigger.commailto:nt...@hedgedigger.com] Sent: 15 June 2011 03:54 To: NT System Admin Issues Subject: Re: Move virtual machines to a new physical host - VMWare Server for Windows Yeah, not that I have tons of ESXi experience, but I have just removed the snapshots prior to the move. I'm guessing you don't want to do this in case you need to rollback the server to a previous snapshot? Stefan Jafs wrote: And you can not remove the snapshots? On Tue, Jun 14, 2011 at 5:50 PM, Mark Robinson mark.robin...@cips.orgmailto:mark.robin...@cips.org mailto:mark.robin...@cips.orgmailto:mark.robin...@cips.org wrote: Thanks Scott. Yes that's what I thought! However I've just fired up one of the VM's (with Snapshots) that I copied over to the new host and the VM is only utilizing the original virtual disks, not the data subsequently stored within the snapshots. So I have a running VM, just without half of the data I had previously. So I need to somehow encourage VMServer to acknowledge the snapshots. Has anyone successfully migrated VM's with snapshots to a new installation of VMWare Server before? *From:* Crawford, Scott [mailto:crawfo...@evangel.edumailto:crawfo...@evangel.edu mailto:crawfo...@evangel.edumailto:crawfo...@evangel.edu] *Sent:* 14 June 2011 22:24 *To:* NT System Admin Issues *Subject:* RE: Move virtual machines to a new physical host - VMWare Server for Windows I've not done this in particular, but I would expect that you could manually move the vmdk files along with the snapshot deltas by moving the whole folder to a new machine and it would work fine. *From:* Mark Robinson [mailto:mark.robin...@cips.orgmailto:mark.robin...@cips.org mailto:mark.robin...@cips.orgmailto:mark.robin...@cips.org] *Sent:* Tuesday, June 14, 2011 4:20 PM *To:* NT System Admin Issues *Subject:* Move virtual machines to a new physical host - VMWare Server for Windows Hi, I have VMWare Server for Windows (the free one) installed on a machine which hosts 3 VM's for test lab purposes. I want to move these VM's to a new machine and decommission the existing machine. I have migrated one machine successfully to the new host and this is running along merrily. However I suspect the remaining two VM's may be a different proposition altogether as they have had snapshots taken whereas the VM I have migrated already did not have any snapshots. Has anyone achieved this themselves and could give me any pointers? I have read a couple of articles around fixing the CID chain. Is this necessary? If so how did you do it? I am about to folllow this advice: http://sanbarrow.com/sickbay-lesson-fix-cid-chain-embedded.html Many Thanks, Mark IMPORTANT INFORMATION Internet communications are not secure and therefore CIPS does not accept legal responsibility for the contents of any e-mail message sent via this medium. The content of any e-mail communication is the view of the individual and CIPS does not accept legal liability for the contents. Although this message and any attachments are believed to be free of virus or other defect that might affect any computer system into which it is received and opened, it is the responsibility of the recipient to ensure that it is virus free and no responsibility is accepted by CIPS for any loss or damage in any way arising from its use. -- Scanned by iCritical. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here:
RE: Move virtual machines to a new physical host - VMWare Server for Windows
Yep, that's because once you start the snapshot, all changes to the guest go into the snapshot, which can make them extremely huge. I bet there was a significant reduction in space used on your SAN when you collapsed the snapshot. John Cook john.c...@pfsf.org 6/15/2011 9:07 AM IIRC I was moving a VM to a different SAN recently and it balked because there was a snapshot of the server (which I had totally forgotten about) and it took a very long time to delete it. From: James Rankin [mailto:kz2...@googlemail.com] Sent: Wednesday, June 15, 2011 11:41 AM To: NT System Admin Issues Subject: Re: Move virtual machines to a new physical host - VMWare Server for Windows We keep snapshots for as little time as possible. Try restoring an old snapshot to anything that is AD-integrated, and watch the fun commence. On 15 June 2011 16:38, Steven Peck sep...@gmail.commailto:sep...@gmail.com wrote: Ummm...? If you remove them, they get incorporated into the base image. You will generally need to do this before moving them. Maintaining snapshots for any length of time in a vmware environment really isn't a good practice. Steven Peck http://www.blkmtn.org On Wed, Jun 15, 2011 at 1:39 AM, Mark Robinson mark.robin...@cips.orgmailto:mark.robin...@cips.org wrote: No that's right, I really need to have access to the snapshots...so I do not wish to remove them. -Original Message- From: Bill Humphries [mailto:nt...@hedgedigger.commailto:nt...@hedgedigger.com] Sent: 15 June 2011 03:54 To: NT System Admin Issues Subject: Re: Move virtual machines to a new physical host - VMWare Server for Windows Yeah, not that I have tons of ESXi experience, but I have just removed the snapshots prior to the move. I'm guessing you don't want to do this in case you need to rollback the server to a previous snapshot? Stefan Jafs wrote: And you can not remove the snapshots? On Tue, Jun 14, 2011 at 5:50 PM, Mark Robinson mark.robin...@cips.orgmailto:mark.robin...@cips.org mailto:mark.robin...@cips.orgmailto:mark.robin...@cips.org wrote: Thanks Scott. Yes that's what I thought! However I've just fired up one of the VM's (with Snapshots) that I copied over to the new host and the VM is only utilizing the original virtual disks, not the data subsequently stored within the snapshots. So I have a running VM, just without half of the data I had previously. So I need to somehow encourage VMServer to acknowledge the snapshots. Has anyone successfully migrated VM's with snapshots to a new installation of VMWare Server before? *From:* Crawford, Scott [mailto:crawfo...@evangel.edumailto:crawfo...@evangel.edu mailto:crawfo...@evangel.edumailto:crawfo...@evangel.edu] *Sent:* 14 June 2011 22:24 *To:* NT System Admin Issues *Subject:* RE: Move virtual machines to a new physical host - VMWare Server for Windows I've not done this in particular, but I would expect that you could manually move the vmdk files along with the snapshot deltas by moving the whole folder to a new machine and it would work fine. *From:* Mark Robinson [mailto:mark.robin...@cips.orgmailto:mark.robin...@cips.org mailto:mark.robin...@cips.orgmailto:mark.robin...@cips.org] *Sent:* Tuesday, June 14, 2011 4:20 PM *To:* NT System Admin Issues *Subject:* Move virtual machines to a new physical host - VMWare Server for Windows Hi, I have VMWare Server for Windows (the free one) installed on a machine which hosts 3 VM's for test lab purposes. I want to move these VM's to a new machine and decommission the existing machine. I have migrated one machine successfully to the new host and this is running along merrily. However I suspect the remaining two VM's may be a different proposition altogether as they have had snapshots taken whereas the VM I have migrated already did not have any snapshots. Has anyone achieved this themselves and could give me any pointers? I have read a couple of articles around fixing the CID chain. Is this necessary? If so how did you do it? I am about to folllow this advice: http://sanbarrow.com/sickbay-lesson-fix-cid-chain-embedded.html Many Thanks, Mark IMPORTANT INFORMATION Internet communications are not secure and therefore CIPS does not accept legal responsibility for the contents of any e-mail message sent via this medium. The content of any e-mail communication is the view of the individual and CIPS does not accept legal liability for the contents. Although this message and any attachments are believed to be free of virus or other defect that might affect any computer system into which it is received and opened, it is the responsibility of the recipient to ensure that it is virus free and no responsibility is accepted by CIPS for any loss or
Re: How to find a workstation
On 8 Jun 2011 at 9:53, Zvonimir Bilic wrote: Check out SysAid free edition. Supports up to two administrators, 100 assets, and 100 end users. http://www.ilient.com/free-edition.htm I was going to suggest Spiceworks, which but I also believe that the Angryziber IPSCAN program will scan the current network and give you a screen showing the computer name and the logged-in user's name (if you're in a domain environment). -- Angus Scott-Fleming GeoApps, Tucson, Arizona 1-520-290-5038 Security Blog: http://geoapps.com/ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: [OT] Citibank worse at security than Sony
Corporation, n. An ingenious device for obtaining individual profit without individual responsibility. -Ambrose Bierce On Wed, Jun 15, 2011 at 7:30 AM, Andrew S. Baker asbz...@gmail.com wrote: *As with Sony, one has to wonder where their priorities are with data protection ..* It's all about shareholder value, and the shareholders value profits and dividends... Plus, no one expects to be caught, or exposed, so it's not a problem until it's a problem. Until they suffer some real penalties (huge SEC fine, real government oversight, significant loss of customers, jail time for someone in senior management), there will be little change. *ASB *(Professional Bio http://about.me/Andrew.S.Baker/bio) Harnessing the Advantages of Technology for the SMB market... On Wed, Jun 15, 2011 at 5:31 AM, Alan Davies adav...@cls-services.comwrote: What floors me is how sophisticated they are saying the attack is! Honestly, this article makes me so angry! http://www.nytimes.com/2011/06/14/technology/14security.html?_r=3 This is basic s**t! It's not APT. It's not sophisticated. It's complete lack of good governance and due diligence. It's a high profile web app with PII data that should be having significant PT work done at a MINIMUM of quarterly. As with Sony, one has to wonder where their priorities are with data protection .. a -Original Message- From: Matthew B Ames [mailto:matthew.a...@qinetiq.com] Sent: 15 June 2011 07:24 To: NT System Admin Issues Subject: RE: [OT] Citibank worse at security than Sony As a software engineer I would feel rather guilty to develop a system that was that poor. I used to have a Citi credit card. I had better check it is no long active. -Original Message- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: 15 June 2011 04:36 To: NT System Admin Issues Subject: [OT] Citibank worse at security than Sony So... 200,000 or so Citigroup customers have had their person info stolen. Someone logged in to one account properly, then changed the account number in the URL to someone else, and the site happily served up that account instead. I hesitate to even call the first party an attacker. Is it really an attack if the bank just leaves a pile of money sitting on the sidewalk and someone takes it? http://www.dailymail.co.uk/news/article-2003393/How-Citigroup-hackers-br oke-door-using-banks-website.htmlhttp://www.dailymail.co.uk/news/article-2003393/How-Citigroup-hackers-broke-door-using-banks-website.html Some banker fat cats need to go to jail for this. This is incompetence of the highest order. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: windows 7 forensics
On 9 Jun 2011 at 18:42, Ben Scott wrote: If you want to use MS Windows, they sell these devices that plug between the hard drive and the host adapter, and block all write commands, making the drive effectively read-only. I think I would want to use one of these anyway. Got a link or a good Google string to tell us where we can get one of these? They might be very useful ... -- Angus Scott-Fleming GeoApps, Tucson, Arizona 1-520-290-5038 Security Blog: http://geoapps.com/ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: windows 7 forensics
If USB drives are all you need to examine, you can do it for free with a single registry entry. http://motersho.com/blog/index.php/2010/02/15/howto-set-usb-drive-to-read-only-windows-xpvista7/ On Wed, Jun 15, 2011 at 1:25 PM, Angus Scott-Fleming angu...@geoapps.comwrote: On 9 Jun 2011 at 18:42, Ben Scott wrote: If you want to use MS Windows, they sell these devices that plug between the hard drive and the host adapter, and block all write commands, making the drive effectively read-only. I think I would want to use one of these anyway. Got a link or a good Google string to tell us where we can get one of these? They might be very useful ... -- Angus Scott-Fleming GeoApps, Tucson, Arizona 1-520-290-5038 Security Blog: http://geoapps.com/ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
crash dump debugging
Have a VM (ESX3.5) that has begun to BSOD with a PAGE_FAULT_IN_NONPAGED_AREA that I'm trying to figure out. Every crash has been win32k.sys referencing memory that doesn't appear to be allocated to a process. 3 out of 4 crashes has been the same address, bda40b20 though the calling process had differed; net1.exe, cmd.exe, bash.exe (cygwin). The application runs a lot of scripts; I'm assuming that the crash is occurring while launching or running one of these. Is there anything more information that I can gather from these dumps? This is a heavily used production system, so I can't enable pool tagging or anything that will tax the system. OS is Win2003 SP2 Ent and is running McAfee 8.5i. McAfee On-Access Scanner is enabled, but not other features (access protection, buffer overflow protection). The first BSOD happened a month ago and have had 3 in the past two days. Nothing has changed on the OS I'm aware of. PAGE_FAULT_IN_NONPAGED_AREA (50) Invalid system memory was referenced. This cannot be protected by try-except, it must be protected by a Probe. Typically the address is just plain bad or it is pointing at freed memory. Arguments: Arg1: bda40b20, memory referenced. Arg2: , value 0 = read operation, 1 = write operation. Arg3: bf8b7fdf, If non-zero, the instruction address which referenced the bad memory address. Arg4: , (reserved) Debugging Details: -- Could not read faulting driver name READ_ADDRESS: bda40b20 FAULTING_IP: win32k!DestroyThreadsObjects+4f bf8b7fdf 8b01mov eax,dword ptr [ecx] MM_INTERNAL_CODE: 0 CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: DRIVER_FAULT_SERVER_MINIDUMP BUGCHECK_STR: 0x50 PROCESS_NAME: net1.exe CURRENT_IRQL: 1 TRAP_FRAME: 90f7fb98 -- (.trap 0x90f7fb98) ErrCode = eax=bda40af0 ebx=0187 ecx=bda40b20 edx=8002 esi=e1158a70 edi=1254 eip=bf8b7fdf esp=90f7fc0c ebp=90f7fc58 iopl=0 nv up ei pl zr na pe nc cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs= efl=00010246 win32k!DestroyThreadsObjects+0x4f: bf8b7fdf 8b01mov eax,dword ptr [ecx] ds:0023:bda40b20= Resetting default scope LAST_CONTROL_TRANSFER: from 8085ed47 to 80827c83 STACK_TEXT: 90f7fb08 8085ed47 0050 bda40b20 nt!KeBugCheckEx+0x1b 90f7fb80 8088c820 bda40b20 nt!MmAccessFault+0xb25 90f7fb80 bf8b7fdf bda40b20 nt!KiTrap0E+0xdc 90f7fc14 bf8b832c 8d35c500 win32k!DestroyThreadsObjects+0x4f 90f7fc58 bf8b6bd1 0001 90f7fc80 bf8b7a2e win32k!xxxDestroyThreadInfo+0x206 90f7fc64 bf8b7a2e 8d35c500 0001 win32k!UserThreadCallout+0x4b 90f7fc80 8094c3d2 8d35c500 0001 8d35c500 win32k!W32pThreadCallout+0x3a 90f7fd0c 8094c765 8d954458 nt!PspExitThread+0x3b2 90f7fd24 8094c95f 8d35c500 0001 nt!PspTerminateThreadByPointer+0x4b 90f7fd54 808897ec 0007fe3c nt!NtTerminateProcess+0x125 90f7fd54 7c82847c 0007fe3c nt!KiFastCallEntry+0xfc WARNING: Frame IP not in any known module. Following frames may be wrong. 0007fe3c 0x7c82847c STACK_COMMAND: kb FOLLOWUP_IP: win32k!DestroyThreadsObjects+4f bf8b7fdf 8b01mov eax,dword ptr [ecx] SYMBOL_STACK_INDEX: 3 SYMBOL_NAME: win32k!DestroyThreadsObjects+4f FOLLOWUP_NAME: MachineOwner MODULE_NAME: win32k IMAGE_NAME: win32k.sys DEBUG_FLR_IMAGE_TIMESTAMP: 4d6f9db6 FAILURE_BUCKET_ID: 0x50_win32k!DestroyThreadsObjects+4f BUCKET_ID: 0x50_win32k!DestroyThreadsObjects+4f Thanks, Jeff ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: crash dump debugging
Pool tagging won't help (it's actually enabled by default in 2003+), but, you'd probably want to have special pool enabled. You can enable it on a per driver basis, I'd do all 3rd party drivers. There is certainly a perf hit involved to some extent. If you're not going to do this, your chances of diagnosing this are going to be really slim. Thanks, Brian Desmond br...@briandesmond.com w - 312.625.1438 | c - 312.731.3132 From: Jeff Bunting [mailto:bunting.j...@gmail.com] Sent: Wednesday, June 15, 2011 2:13 PM To: NT System Admin Issues Subject: crash dump debugging Have a VM (ESX3.5) that has begun to BSOD with a PAGE_FAULT_IN_NONPAGED_AREA that I'm trying to figure out. Every crash has been win32k.sys referencing memory that doesn't appear to be allocated to a process. 3 out of 4 crashes has been the same address, bda40b20 though the calling process had differed; net1.exe, cmd.exe, bash.exe (cygwin). The application runs a lot of scripts; I'm assuming that the crash is occurring while launching or running one of these. Is there anything more information that I can gather from these dumps? This is a heavily used production system, so I can't enable pool tagging or anything that will tax the system. OS is Win2003 SP2 Ent and is running McAfee 8.5i. McAfee On-Access Scanner is enabled, but not other features (access protection, buffer overflow protection). The first BSOD happened a month ago and have had 3 in the past two days. Nothing has changed on the OS I'm aware of. PAGE_FAULT_IN_NONPAGED_AREA (50) Invalid system memory was referenced. This cannot be protected by try-except, it must be protected by a Probe. Typically the address is just plain bad or it is pointing at freed memory. Arguments: Arg1: bda40b20, memory referenced. Arg2: , value 0 = read operation, 1 = write operation. Arg3: bf8b7fdf, If non-zero, the instruction address which referenced the bad memory address. Arg4: , (reserved) Debugging Details: -- Could not read faulting driver name READ_ADDRESS: bda40b20 FAULTING_IP: win32k!DestroyThreadsObjects+4f bf8b7fdf 8b01mov eax,dword ptr [ecx] MM_INTERNAL_CODE: 0 CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: DRIVER_FAULT_SERVER_MINIDUMP BUGCHECK_STR: 0x50 PROCESS_NAME: net1.exe CURRENT_IRQL: 1 TRAP_FRAME: 90f7fb98 -- (.trap 0x90f7fb98) ErrCode = eax=bda40af0 ebx=0187 ecx=bda40b20 edx=8002 esi=e1158a70 edi=1254 eip=bf8b7fdf esp=90f7fc0c ebp=90f7fc58 iopl=0 nv up ei pl zr na pe nc cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs= efl=00010246 win32k!DestroyThreadsObjects+0x4f: bf8b7fdf 8b01mov eax,dword ptr [ecx] ds:0023:bda40b20= Resetting default scope LAST_CONTROL_TRANSFER: from 8085ed47 to 80827c83 STACK_TEXT: 90f7fb08 8085ed47 0050 bda40b20 nt!KeBugCheckEx+0x1b 90f7fb80 8088c820 bda40b20 nt!MmAccessFault+0xb25 90f7fb80 bf8b7fdf bda40b20 nt!KiTrap0E+0xdc 90f7fc14 bf8b832c 8d35c500 win32k!DestroyThreadsObjects+0x4f 90f7fc58 bf8b6bd1 0001 90f7fc80 bf8b7a2e win32k!xxxDestroyThreadInfo+0x206 90f7fc64 bf8b7a2e 8d35c500 0001 win32k!UserThreadCallout+0x4b 90f7fc80 8094c3d2 8d35c500 0001 8d35c500 win32k!W32pThreadCallout+0x3a 90f7fd0c 8094c765 8d954458 nt!PspExitThread+0x3b2 90f7fd24 8094c95f 8d35c500 0001 nt!PspTerminateThreadByPointer+0x4b 90f7fd54 808897ec 0007fe3c nt!NtTerminateProcess+0x125 90f7fd54 7c82847c 0007fe3c nt!KiFastCallEntry+0xfc WARNING: Frame IP not in any known module. Following frames may be wrong. 0007fe3c 0x7c82847c STACK_COMMAND: kb FOLLOWUP_IP: win32k!DestroyThreadsObjects+4f bf8b7fdf 8b01mov eax,dword ptr [ecx] SYMBOL_STACK_INDEX: 3 SYMBOL_NAME: win32k!DestroyThreadsObjects+4f FOLLOWUP_NAME: MachineOwner MODULE_NAME: win32k IMAGE_NAME: win32k.sys DEBUG_FLR_IMAGE_TIMESTAMP: 4d6f9db6 FAILURE_BUCKET_ID: 0x50_win32k!DestroyThreadsObjects+4f BUCKET_ID: 0x50_win32k!DestroyThreadsObjects+4f Thanks, Jeff ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: windows 7 forensics
This is true - there is a registry setting that will prevent USB writes from within Windows, but that CAN be unreliable. Also, it is an all or nothing setting for USB devices - not ideal. Besides,the OS isn't the only thing capable of writing to a drive I've learned a lot in the past week about this subject, largely in part to the answers and suggestions provided on this thread. If you want to be sure, you need a hardware write protector. Tableau makes such a device, called a Forensic Bridge. You can get them in multiple flavors - IDE, SATA USB, SCSI, SAS, Firewire... http://www.tableau.com/index.php?pageid=productsmodel=T35es http://www.tableau.com/index.php?pageid=productsmodel=T8-R2 The ones I have looked at are about $300 to $450 each. As for creating a forensically sound image, the best are supposedly FTK Imager, from Access Data Products, and EnCase (mentioned by Art DeKneef earlier in this thread) from Guidance Software: http://accessdata.com/support/adownloads#FTKImager http://www.guidancesoftware.com/ For either, you would need a tool to be able to read the raw image file created by EnCase or FTK Imager, as (from what I understand) it is not natively searchable in Windows. I want to play around with SIFT mentioned by Joe Tinney earlier in this thread, but haven't had a chance yet. Life, wife, kids, %work%you know the drill. Cheers, Jonathan, A+, MCSA, MCSE On Wed, Jun 15, 2011 at 1:52 PM, Richard Stovall rich...@gmail.com wrote: If USB drives are all you need to examine, you can do it for free with a single registry entry. http://motersho.com/blog/index.php/2010/02/15/howto-set-usb-drive-to-read-only-windows-xpvista7/ On Wed, Jun 15, 2011 at 1:25 PM, Angus Scott-Fleming angu...@geoapps.comwrote: On 9 Jun 2011 at 18:42, Ben Scott wrote: If you want to use MS Windows, they sell these devices that plug between the hard drive and the host adapter, and block all write commands, making the drive effectively read-only. I think I would want to use one of these anyway. Got a link or a good Google string to tell us where we can get one of these? They might be very useful ... -- Angus Scott-Fleming GeoApps, Tucson, Arizona 1-520-290-5038 Security Blog: http://geoapps.com/ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- Jonathan, A+, MCSA, MCSE ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Acrobat Standard Update BUG
Just an FYI, the latest Acrobat Standard 9.4.5 update broke the ability to select multiple pages for Insert/Delete/Extract. Affected all our users :( We rely on that ability heavily. FYI if you use these products. -Sam ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: Acrobat Standard Update BUG
Thanks, passed on to the powers that be... David On Wed, Jun 15, 2011 at 2:35 PM, Sam Cayze sca...@gmail.com wrote: Just an FYI, the latest Acrobat Standard 9.4.5 update broke the ability to select multiple pages for Insert/Delete/Extract. Affected all our users :( We rely on that ability heavily. FYI if you use these products. -Sam ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin -- David _ *We have no government armed with power capable of contending with human passions unbridled by morality and religion. Avarice, ambition, revenge, or gallantry, would break the strongest cords of our Constitution as a whale goes through a net. Our Constitution was made only for a moral and religious people. It is wholly inadequate to the government of any other.* --John Adams, Address to the Military , 1798 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
RE: Pacific NW folks: Office 365 presentation at WNUG meeting in July
I'm planning on being there. Those meetings are usually pretty good. ...Tim From: David Lum [mailto:david@nwea.org] Sent: Wednesday, June 15, 2011 7:12 AM To: NT System Admin Issues Subject: Pacific NW folks: Office 365 presentation at WNUG meeting in July Any Seattle-area folks going to this? From: WNUG Admin [mailto:winnetad...@winnetusergroup.com] Sent: Wednesday, June 15, 2011 7:01 AM To: winnetad...@winnetusergroup.com Subject: WNUG monthly meeting on July 6, 2011 Hello members, Our next monthly meeting is scheduled for Wednesday, July 6, 2011 at Lincoln Square Center in Bellevue at 6:00PM. Session Details Our guest speaker will be Jono Luk who is a Program Manager at Microsoft. The topic of his presentation is Office 365 Platform and Services: An Overview. Microsoft Office 365 for professionals and small businesses is a subscription service that combines Microsoft Office Web Apps with a set of Web-enabled tools that work with your existing hardware. Office 365, which is Office in the cloud, replaces the Business Productivity Online Suite (BPOS). The Office 365 service offerings enable you to work with e-mail, documents, and data from virtually anywhere and on nearly any device with a familiar productivity experience on PCs, phones, and in browsers. In his presentation Jono will walk through the Services that are offered as part of Office 365, as well as some of the new features available to customers, with a heavy focus on Identity and Directory Management solutions in the Enterprise space. Jono is the Program Manager owner for the Directory Synchronization and Hybrid Deployment features of the Office 365 Service. His complete bio is available herehttp://www.winnetusergroup.com/Speaker_Bios/Jono_Luk.aspx. New Members If you are a new member, directions to the Lincoln Center are available on our Web site, or you can click herehttp://www.winnetusergroup.com/SitePages/Directions.aspx. Meeting agenda and other details are available in the Announcementshttp://www.winnetusergroup.com/Lists/Announcements/AllItems.aspx link. Feel free to contact us if you have any questions. RSVP Please make sure that you RSVPhttp://www.winnetusergroup.com/Lists/RSVP/NewForm.aspx?Source=http://www.winnetusergroup.com/Shared%20Resources/ThankYouRSVP.aspx?PageView=SharedContentEditorPopUp=True so we can plan for the meeting accordingly. We look forward to seeing you at the meeting. Zubair Alexander WNUG Coordinator Windows Networking User Group www.winnetusergroup.comhttp://www.winnetusergroup.com/ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.commailto:listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin
Re: crash dump debugging
Thanks Brian, that's what I meant to say :-) I'd done this once before to troubleshoot a misbehaving driver, but forgot the correct term. Spent some time this afternoon re-reading Mark Russinovich's blog to refresh my memory on how Windows manages and realized that was probably the only way to determine the cause. Jeff On Wed, Jun 15, 2011 at 4:38 PM, Brian Desmond br...@briandesmond.comwrote: *Pool tagging won’t help (it’s actually enabled by default in 2003+), but, you’d probably want to have special pool enabled. You can enable it on a per driver basis, I’d do all 3rd party drivers. There is certainly a perf hit involved to some extent. If you’re not going to do this, your chances of diagnosing this are going to be really slim. * * * *Thanks,* *Brian Desmond* *br...@briandesmond.com* * * *w – 312.625.1438 | c – 312.731.3132* * * *From:* Jeff Bunting [mailto:bunting.j...@gmail.com] *Sent:* Wednesday, June 15, 2011 2:13 PM *To:* NT System Admin Issues *Subject:* crash dump debugging Have a VM (ESX3.5) that has begun to BSOD with a PAGE_FAULT_IN_NONPAGED_AREA that I'm trying to figure out. Every crash has been win32k.sys referencing memory that doesn't appear to be allocated to a process. 3 out of 4 crashes has been the same address, bda40b20 though the calling process had differed; net1.exe, cmd.exe, bash.exe (cygwin). The application runs a lot of scripts; I'm assuming that the crash is occurring while launching or running one of these. Is there anything more information that I can gather from these dumps? This is a heavily used production system, so I can't enable pool tagging or anything that will tax the system. OS is Win2003 SP2 Ent and is running McAfee 8.5i. McAfee On-Access Scanner is enabled, but not other features (access protection, buffer overflow protection). The first BSOD happened a month ago and have had 3 in the past two days. Nothing has changed on the OS I'm aware of. PAGE_FAULT_IN_NONPAGED_AREA (50) Invalid system memory was referenced. This cannot be protected by try-except, it must be protected by a Probe. Typically the address is just plain bad or it is pointing at freed memory. Arguments: Arg1: bda40b20, memory referenced. Arg2: , value 0 = read operation, 1 = write operation. Arg3: bf8b7fdf, If non-zero, the instruction address which referenced the bad memory address. Arg4: , (reserved) Debugging Details: -- Could not read faulting driver name READ_ADDRESS: bda40b20 FAULTING_IP: win32k!DestroyThreadsObjects+4f bf8b7fdf 8b01mov eax,dword ptr [ecx] MM_INTERNAL_CODE: 0 CUSTOMER_CRASH_COUNT: 1 DEFAULT_BUCKET_ID: DRIVER_FAULT_SERVER_MINIDUMP BUGCHECK_STR: 0x50 PROCESS_NAME: net1.exe CURRENT_IRQL: 1 TRAP_FRAME: 90f7fb98 -- (.trap 0x90f7fb98) ErrCode = eax=bda40af0 ebx=0187 ecx=bda40b20 edx=8002 esi=e1158a70 edi=1254 eip=bf8b7fdf esp=90f7fc0c ebp=90f7fc58 iopl=0 nv up ei pl zr na pe nc cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs= efl=00010246 win32k!DestroyThreadsObjects+0x4f: bf8b7fdf 8b01mov eax,dword ptr [ecx] ds:0023:bda40b20= Resetting default scope LAST_CONTROL_TRANSFER: from 8085ed47 to 80827c83 STACK_TEXT: 90f7fb08 8085ed47 0050 bda40b20 nt!KeBugCheckEx+0x1b 90f7fb80 8088c820 bda40b20 nt!MmAccessFault+0xb25 90f7fb80 bf8b7fdf bda40b20 nt!KiTrap0E+0xdc 90f7fc14 bf8b832c 8d35c500 win32k!DestroyThreadsObjects+0x4f 90f7fc58 bf8b6bd1 0001 90f7fc80 bf8b7a2e win32k!xxxDestroyThreadInfo+0x206 90f7fc64 bf8b7a2e 8d35c500 0001 win32k!UserThreadCallout+0x4b 90f7fc80 8094c3d2 8d35c500 0001 8d35c500 win32k!W32pThreadCallout+0x3a 90f7fd0c 8094c765 8d954458 nt!PspExitThread+0x3b2 90f7fd24 8094c95f 8d35c500 0001 nt!PspTerminateThreadByPointer+0x4b 90f7fd54 808897ec 0007fe3c nt!NtTerminateProcess+0x125 90f7fd54 7c82847c 0007fe3c nt!KiFastCallEntry+0xfc WARNING: Frame IP not in any known module. Following frames may be wrong. 0007fe3c 0x7c82847c STACK_COMMAND: kb FOLLOWUP_IP: win32k!DestroyThreadsObjects+4f bf8b7fdf 8b01mov eax,dword ptr [ecx] SYMBOL_STACK_INDEX: 3 SYMBOL_NAME: win32k!DestroyThreadsObjects+4f FOLLOWUP_NAME: MachineOwner MODULE_NAME: win32k IMAGE_NAME: win32k.sys DEBUG_FLR_IMAGE_TIMESTAMP: 4d6f9db6 FAILURE_BUCKET_ID: 0x50_win32k!DestroyThreadsObjects+4f BUCKET_ID: 0x50_win32k!DestroyThreadsObjects+4f Thanks, Jeff ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ --- To manage subscriptions click here:
