l (352) 215-6944
MCSE, MCP+I, MCTS, CompTIA A+, N+, VSP4, VTSP4
-Original Message-----
From: Ziots, Edward [mailto:ezi...@lifespan.org]
Sent: Wednesday, November 30, 2011 10:04 AM
To: NT System Admin Issues
Subject: RE: Moving on, leaving the list for a bit
Don't worry if I am close in t
ystem Administrator
Partnership For Strong Families
5950 NW 1st Place
Gainesville, Fl 32607
Office (352) 244-1610
Cell (352) 215-6944
MCSE, MCP+I, MCTS, CompTIA A+, N+, VSP4, VTSP4
-Original Message-
From: Ziots, Edward [mailto:ezi...@lifespan.org]
Sent: Monday, November 28, 2011 4:19 PM
T
: RE: Moving on, leaving the list for a bit
You can get this all from Symantec. If you run into specific issues,
give me a holler
Cheers
Ken
From: Ziots, Edward [mailto:ezi...@lifespan.org]
Sent: Tuesday, 29 November 2011 9:26 PM
To: NT System Admin Issues
Subject: RE: Moving on
Anyone using WINMTR from Sourceforge to check the latency on their
networks. Been using the tool, which comes in 32/64bit version seems to
work well, that with a packet sniffer (wireshark) sounds like a nice
combo to troubleshoot issues.
Z
Edward E. Ziots, CISSP, Security +, Network +
Sec
each print job... that much network traffic (on the
outbound wire) would surely be noticed as latency... and that would
raise attention, yes?
On Tue, Nov 29, 2011 at 12:48 PM, Ziots, Edward
wrote:
Honestly,
I would possibly expect that any network device that takes
unaut
ns in
http://support.microsoft.com/kb/940184
<http://support.microsoft.com/kb/940184>
On Wed, Nov 30, 2011 at 2:26 AM, Ziots, Edward
wrote:
Yes Symantec's SEP.. so if you got some information, users/admin guides
and links, please send me them, because I am going to be doing an
. At least that has been my experience.
Jon
On Tue, Nov 29, 2011 at 8:26 AM, Ziots, Edward
wrote:
Yes Symantec's SEP.. so if you got some information, users/admin guides
and links, please send me them, because I am going to be doing an
in-fusion of SEP into my cranium over the next
Honestly,
I would possibly expect that any network device that takes unauthenticated and
unsolicited input could be vulnerable to these type of attacks. Also give the
“less than secure” web interfaces they wrap around these printers.
/Evil hacker hat on.
Now basically think if the
that for now. We'll see about later...
Kurt
On Tue, Nov 29, 2011 at 05:28, Ziots, Edward wrote:
> I know what you mean Kurt, the mobility does come at a price ( longer
> drive, which means a bit less time with my wife) but its something I
> have to do for my career if I am goi
Still doesn't excuse the major player from not responding to your son
via his request under the responsible disclosure process which a lot of
security researchers go through with companies. If they don't then open
disclosure is the next level. This also speaks to the major players
inability to kee
ne:401-639-3505
From: Jonathan Link [mailto:jonathan.l...@gmail.com]
Sent: Tuesday, November 29, 2011 8:53 AM
To: NT System Admin Issues
Subject: Re: Moving on, leaving the list for a bit
Are you a glutton for punishment or something?
On Tue, Nov 29, 2011 at 8:26 AM, Ziots, Edward
w
: NT System Admin Issues
Subject: RE: Moving on, leaving the list for a bit
I thought you were leaving... J
From: Ziots, Edward [mailto:ezi...@lifespan.org]
Sent: Tuesday, November 29, 2011 8:26 AM
To: NT System Admin Issues
Subject: RE: Moving on, leaving the list for a bit
Yes
: NT System Admin Issues
Subject: Re: Moving on, leaving the list for a bit
Good luck in your new job!
Very nice to hear someone has some mobility.
Kurt
On Mon, Nov 28, 2011 at 12:30, Ziots, Edward wrote:
> I just wanted to reach out to the list, that I am going to be moving
> on from my Se
Yes Symantec's SEP.. so if you got some information, users/admin guides
and links, please send me them, because I am going to be doing an
in-fusion of SEP into my cranium over the next 1-2 weeks.
Sincerely,
EZ
Edward E. Ziots, CISSP, Security +, Network +
Security Engineer
Lifespan Orga
rity
' Security is an ongoing process, not a one time event ! '
-Original Message-
From: Ziots, Edward [mailto:ezi...@lifespan.org]
Sent: Monday, November 28, 2011 3:31 PM
To: NT System Admin Issues
Subject: Moving on, leaving the list for a bit
I just wanted to reach out
...@pfsf.org]
Sent: Monday, November 28, 2011 3:57 PM
To: NT System Admin Issues
Subject: Re: Moving on, leaving the list for a bit
Congrats Z!
John W. Cook
Systems Administrator
Partnership for Strong Families
- Original Message -
From: Ziots, Edward [mailto:ezi...@lifespan.org]
Sent: Monday
I just wanted to reach out to the list, that I am going to be moving on
from my Security Engineer position in two weeks, to a senior security
engineer position with another company. I am going to be leaving the
list for a little bit, but I would like to let you know that a few of my
present co-work
Can use nping to do this also, its apart of NMAP 5.51 version.
Max rtt: 16.000ms | Min rtt: 0.000ms | Avg rtt: 5.396ms
Raw packets sent: 20 (840B) | Rcvd: 20 (920B) | Lost: 0 (0.00%)
Tx time: 19.34400s | Tx bytes/s: 43.42 | Tx pkts/s: 1.03
Rx time: 20.35800s | Rx bytes/s: 45.19 | Rx pkts/s:
I will be watching this thread, if any SEP users out there would like to
talk with me offline about your experiences please let me know.
Z
Edward E. Ziots, CISSP, Security +, Network +
Security Engineer
Lifespan Organization
email:ezi...@lifespan.org
phone:401-639-3505
From: De
Why not just revoke, the rights on the DA group for Helpdesk to modify
passwords or change them? I see where the auditors want clear separation
from Helpdesk and DA, and other privileged accounts.
/Auditor hat on..
Basically they want to make sure that there is no "privileged"
escalation to
This might work for you, but I would probably look at using the built in
features ( limit to certain workstation) in AD
http://technet.microsoft.com/en-us/magazine/2005.05.utilityspotlight.asp
x
Z
From: Matt Plahtinsky [mailto:cbusitl...@gmail.com]
Sent: Friday, November 18, 2011 3:59
Can also drop Proccess Monitor or ProCmon on the service executable and watch
the file and registry setup and see if that is a problem. You could also use
subinacl.exe to see if the DACL on the service is hosed.
Z
From: Bourque Daniel [mailto:daniel.bour...@loto-quebec.com]
Sent: Friday
ly on, and there are no surprises at audit time.
ASB
http://XeeMe.com/AndrewBaker
Harnessing the Advantages of Technology for the SMB market...
On Tue, Nov 15, 2011 at 3:09 PM, Ziots, Edward
wrote:
Some have taken that stance, but I have also heard the other side, is
they need to keep
Some have taken that stance, but I have also heard the other side, is
they need to keep AV on workstations, Servers due to compliance issues.
( which I don't really take as a valid argument, especially if
compensating controls are taking effect)
Z
Edward E. Ziots
CISSP, Network +, Security
Vulnerability in TCP/IP Could Allow Remote Code Execution (2588516)
Just so you know now with the POC, and probably exploits running around,
probably best to get this patch on your Windows 2008,R2 Windows Vista
and Windows 7 systems sooner than laters.
http://pastebin.com/fjZ1k0fi
Now the
+1 for Bit9 parity, I will give a negative for the Mcafee Solidcore..
Z
Edward E. Ziots
CISSP, Network +, Security +
Security Engineer
Lifespan Organization
Email:ezi...@lifespan.org
Cell:401-639-3505
From: Stu Sjouwerman [mailto:s...@sunbelt-software.com]
Sent: Monday, Novembe
Too bad its retired now...
CSA was defintely good when it was setup, but the amount of rules you
needed to write to allow crap software to run, basically turns a lot of
HIPS into swiss cheese after a while. ( But it also shows you how bad
code is written)
Z
Edward E. Ziots
CISSP, Netwo
I can comment offline for you Stu... feel free to email me accordingly.
Z
Edward E. Ziots
CISSP, Network +, Security +
Security Engineer
Lifespan Organization
Email:ezi...@lifespan.org
Cell:401-639-3505
From: Stu Sjouwerman [mailto:s...@sunbelt-software.com]
Sent: Monday, Nove
For some strange reason, I am having a problem with getting the Event
Filter for Windows 2008 Security log to show just my actions.
I have auditing for File System ( Success and Failure) I have auditing
turn on for success of file and folder delete. When I filter the
following Way I get a lot
" switch does not
get one into the "Console" session. For up through Win 2003 R2, "mstsc
/admin" does get me into the console session (no opportunity to play
with RDP connections to Win 2008 systems yet).
"Ziots, Edward" wrote on 11/10/2011 11:51:42 AM:
&g
This might help you out. There has been changes to RDP in Windows 2008
and later.
Changes to remote administration in Windows Server 2008
http://support.microsoft.com/kb/947723
also you can use NMAP to verify that RDP is open
nmap -sS -P0 -p 3389 IP_ADDRESS_OF_SERVER.
Z
E
We are evaluating Nitro Security right now... works pretty decent, would
like to jump into it more.
Z
Edward E. Ziots
CISSP, Network +, Security +
Security Engineer
Lifespan Organization
Email:ezi...@lifespan.org
Cell:401-639-3505
From: David Lum [mailto:david@nwea.org]
Se
That is a short day for me, its usually 7:15am to 6:00pm at the least...
Z
Edward E. Ziots
CISSP, Network +, Security +
Security Engineer
Lifespan Organization
Email:ezi...@lifespan.org
Cell:401-639-3505
From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us]
Sent: Friday,
ltant and Citrix Technology Professional
http://www.CarlWebster.com <http://www.carlwebster.com/>
From: Ziots, Edward [mailto:ezi...@lifespan.org]
Sent: Friday, November 04, 2011 6:46 AM
To: NT System Admin Issues
Subject: RE: [OT] Stats about IT
I was beginning to wonder wh
--Hacker Tool Launches DoS Attack Against SSL Server With One Laptop
(October 25, 2011) A group called The Hackers Choice has released a tool
that can launch a denial-of-service attack against an HTTPS web server
with just one laptop over a DSL connection. The tool exploits the SSL
renegotiation fe
on the GPO.
From: Ziots, Edward [mailto:ezi...@lifespan.org]
Sent: Tuesday, October 25, 2011 9:06 AM
To: NT System Admin Issues
Subject: RE: WMI filter for GPO's for WIndows 2003 Servers,
I was meaning to exclude DC's since all my DC's are Windows 2008 R2 SP1.
This was more
Exchange MVP
http://TheEssentialExchange.com
From: Ziots, Edward [mailto:ezi...@lifespan.org]
Sent: Monday, October 24, 2011 3:52 PM
To: NT System Admin Issues
Subject: WMI filter for GPO's for WIndows 2003 Servers,
Just a quick question, for those filtering with WMI filters. I am u
Just a quick question, for those filtering with WMI filters. I am using
the following for a Windows 2003 Filter, does anyone else have anything
else that works a bit better or know that its valid.
select * from Win32_OperatingSystem where Version like "5.%" and
ProductType = "3"
TIA
EZ
E
I would assume that you would get the DNS settings from the DHCP scope,
and there is a dedicated DHCP scope for those coming in via the Cisco
VPN.
When you say DNS drops, do you not see it on an IPconfig /all or when
you try and ping the DNS servers they are not responding?
I got 5.0.01.
Ok,
I agree the 0 days are not the norm that folks are getting hit by,
although process procedures, patching and security hardening, isn't
going to stop an 0 day, because its something you don't have a
compensating control for, if you are using a specific piece of software
or OS that is target
I am wondering if you can just filter the GPO for Windows 2008 and
Windows 2008 R2, and put in a separate GPO that sets the Audit Policy
for the Windows 2003 and below systems ( Possibly WMI filter).
Most of my Windows 2008/Windows 2008R2 I scripted the audit policy in on
them, but looking to
-Paul
From: Ziots, Edward [mailto:ezi...@lifespan.org]
Sent: Friday, October 14, 2011 7:21 AM
To: NT System Admin Issues
Subject: Feedback on the functionality of use of Cisco UCS Blades,
anyone using them
Looks for feedback from the list from folks that are using Cisco UCS
Blade Syste
Looks for feedback from the list from folks that are using Cisco UCS
Blade System in their organizations/business on the good bad and ugly (
con reply to me offline) need this information as a comparision to what
we are seeing in house as we evaluate them, before making a decision.
Thanks in a
http://www.stachliu.com/resources/tools/google-hacking-diggity-project/a
ttack-tools/
Something to take a good look at if you are interested in google hacking
or Bing Hacking,
Sincerely,
EZ
Edward E. Ziots
CISSP, Network +, Security +
Security Engineer
Lifespan Organization
Email:
ok. Own it. Love it. Do you get his e-mails too? He's a
funny guy...
Dave
From: Ziots, Edward [mailto:ezi...@lifespan.org]
Sent: Thursday, October 13, 2011 9:04 AM
To: NT System Admin Issues
Subject: RE: Has anyone tried to add a local account on a server to a
restrictive Group vi
Lum [mailto:david@nwea.org]
Sent: Thursday, October 13, 2011 9:41 AM
To: NT System Admin Issues
Subject: RE: Has anyone tried to add a local account on a server to a
restrictive Group via GPO?
I do exactly this, it's awesome.
From: Ziots, Edward [mailto:ezi...@lifespan.org]
to do this through GPO Restricted
Groups, or using Preferences.
Chris Bodnar, MCSE, MCITP
Technical Support III
Distributed Systems Service Delivery - Intel Services
Guardian Life Insurance Company of America
Email: christopher_bod...@glic.com
Phone: 610-807-6459
Fax: 610-807-6003
From:
I agree but there is one caveat, if I have physical access to the phone, you
can just take the battery out of it ( Bingo your remote wipe is gone), then
hook up the phone and boot the os, find out where the keys are stored on the
device ( yes the encryption keys are stored on the device), and de
What I was alluding too, and sometimes the training centers might offer
you a better deal if you can negotiate with them to handle the training
onsite at your site.
Yep seen the same price for the same training so if you can get it at
1/3 the price why wouldn't you...
Z
Edward E. Ziots
CISSP, N
Trying to add a local user to a restrictive groups GPO ( its on the
server for an application) I am wondering if that can even be done (
unless you modify the GPO from the server that has the local account in
question)
As for the local account ( silly Healthcare application, don't ask long
story
I agree with Dave on this one, I think that 27K for 3 people is a little
steep. If you could provide the resources on-site and have someone come
train you at your site, possibly you get the training for less and get a
lot more out of it, because you can apply it directly to how your
network works a
+10.. yep big time outages...
Z
Edward E. Ziots
CISSP, Network +, Security +
Security Engineer
Lifespan Organization
Email:ezi...@lifespan.org
Cell:401-639-3505
From: Michael B. Smith [mailto:mich...@smithcons.com]
Sent: Wednesday, October 12, 2011 11:03 AM
To: NT System Admin
ge level isn't
>> quite as handy when looking at wireshark.
>>
>> but good info here nonetheless, appreciate it.
>>
>>
>> Original Message:
>> -
>> From: Ziots, Edward ezi...@lifespan.org
>> Date: Wed, 5 Oct 2011 16:15:46 -0400
>
I am thinking from the Windows 2003 Cluster side of it ( I haven’t done
anything with Windows 2008 clustered) that you must add the new disks as as
dependent resources of the SQL Service, before you remove the old ones) (Along
with both nodes needing to know its cluster aware) and then you need
OK if the apps is hosted on the internet, is it safe to assume it's a
web-based application? If so, it probably invokes Java on the
workstation to do some of its function. Java, Unfortuntely, is a
notorious PIG of an application, which could be leading to some of your
application issues ( especiall
http://xml.ssdsandbox.net/ip?ip=(IP of offending system)
http://www.xandora.net/xangui/malware/search/?by=ip&keyword=(IP of
offending system)
Has been really good to see what is coming from the sites, so I can
quantify my IPS traffic better and add in additional controls.
Hope it helps fo
Just underscores how bad web-application security is taken with web
development these days. That is why the OWASP top 10 exists, its usually
the same thing again and again and again.
Z
Edward E. Ziots
CISSP, Network +, Security +
Security Engineer
Lifespan Organization
Email:ezi...@lif
Honestly, it really comes down to what your QSA evaluates your controls
at, on whether you meet the standard of PCI compliance or not.
Z
Edward E. Ziots
CISSP, Network +, Security +
Security Engineer
Lifespan Organization
Email:ezi...@lifespan.org
Cell:401-639-3505
From: Erik G
Very Very True...
Z
Edward E. Ziots
CISSP, Network +, Security +
Security Engineer
Lifespan Organization
Email:ezi...@lifespan.org
Cell:401-639-3505
From: Erik Goldoff [mailto:egold...@gmail.com]
Sent: Friday, September 23, 2011 3:19 PM
To: NT System Admin Issues
Subject: Re: O
I agree with that statement, all *nix admins I have run into have long hair,
and sometimes glasses, and know all the 60-70's good music by default. Now
Windoze admins, that is another story,
Z
Edward E. Ziots
CISSP, Network +, Security +
Security Engineer
Lifespan Organization
Email:
in your head and set up
right? That is the tricky part that sometimes makes my brain hurt.
From: Ziots, Edward [mailto:ezi...@lifespan.org]
Sent: Friday, September 23, 2011 10:02 AM
To: NT System Admin Issues
Subject: Using Restrictive Groups to lockdown membership to certain
groups in AD
TO the list,
I would like to use the Restrictive Groups Setting in Windows 2008 R2
SP1 DFL/FFL to lock the settings of specific groups to what I want them
to be ( Namely DA and Administrators and a few others specific groups,
to meet audit requirements)
What I have done so far.
Create
+1 this does not require MITM from what I have read and heard. Its
Javascript that performs the role of the malicious actor and its
payload, which unfortunately, most browsers have on for web sites they
do business with to function, which also leaves the door up for
malware/spyware,. Drive by down
Yep,
I have been fighting this stuff for a long time, that and given the
state of POS software development from healthcare software, its amazing
how the vendors haven't "got it" when it comes correct security
architecture in their applications ( either thick client or web
applications).
T
Used Zix before worked just fine,
Z
Edward E. Ziots
CISSP, Network +, Security +
Security Engineer
Lifespan Organization
Email:ezi...@lifespan.org
Cell:401-639-3505
From: Michael B. Smith [mailto:mich...@smithcons.com]
Sent: Wednesday, September 14, 2011 7:55 PM
To: NT System
OMG I think I am going to cry, too funny.
IPAD2 vs the Library.
http://www.youtube.com/watch?v=h0UZDOFiHyQ&feature=relmfu
Z
Edward E. Ziots
CISSP, Network +, Security +
Security Engineer
Lifespan Organization
Email:ezi...@lifespan.org
Cell:401-639-3505
~ Finally, powerfu
trator
Partnership For Strong Families
5950 NW 1st Place
Gainesville, Fl 32607
Office (352) 244-1610
Cell (352) 215-6944
MCSE, MCP+I, MCTS, CompTIA A+, N+, VSP4, VTSP4
From: Ziots, Edward [mailto:ezi...@lifespan.org]
Sent: Tuesday, September 13, 2011 8:27 AM
To: NT System Admin Issues
Subj
Thanks, anyone tried this on a USB stick?
Z
Edward E. Ziots
CISSP, Network +, Security +
Security Engineer
Lifespan Organization
Email:ezi...@lifespan.org
Cell:401-639-3505
From: G.Waleed Kavalec [mailto:kava...@gmail.com]
Sent: Monday, September 12, 2011 3:18 PM
To: NT System
oldoff
IT Consultant
Systems, Networks, & Security
' Security is an ongoing process, not a one time event ! '
From: Ziots, Edward [mailto:ezi...@lifespan.org]
Sent: Monday, September 12, 2011 9:40 AM
To: NT System Admin Issues
Subject: RE: anyone else seeing Hiloti malware zero day ?
W32tm /config /syncfromflags:DOMHIER
W32tm /config /update
W32tm /resync /rediscover
Let the time service take care of the rest, its going to be as good as the SNTP
protocol allows.
Z
Edward E. Ziots
CISSP, Network +, Security +
Security Engineer
Lifespan Organization
Email:ezi...@lifespan.org
Qakbot I have seen off and on, and its variants ( maybe they tweaking it
for other infections)
Z
Edward E. Ziots
CISSP, Network +, Security +
Security Engineer
Lifespan Organization
Email:ezi...@lifespan.org
Cell:401-639-3505
From: Erik Goldoff [mailto:egold...@gmail.com]
Sent
Log shipping and I am trying to get my DBA's to start mirroring the
critical DB's to secondary datacenter.
Z
Edward E. Ziots
CISSP, Network +, Security +
Security Engineer
Lifespan Organization
Email:ezi...@lifespan.org
Cell:401-639-3505
From: itli...@imcu.com [mailto:itli...@i
Thanks Andrew,
Just sent that to my VP's to remind them on how critical is to have the
hatches battened down, and make sure things are encryption and processes
to be improved.
Fun work on a vacation, never seem to get away J
Z
Edward E. Ziots
CISSP, Network +, Security +
Securi
Thanks for the heads up on this one.
Z
Edward E. Ziots
CISSP, Network +, Security +
Security Engineer
Lifespan Organization
Email:ezi...@lifespan.org
Cell:401-639-3505
From: Sean Rector [mailto:sean.rec...@vaopera.org]
Sent: Thursday, September 08, 2011 12:44 PM
To: NT System
his is capitalism in action. There is not guarantee that
Verisign is non-hackable, yet they have a profitable business model to
protect. Each of us has to make a tradeoff to decide whether a cheaper
price is worth the risk that too cheap a price is compromising due
diligence on behalf of the CA
Have used SQLIOSTRESS and IOMeter, along with the HP CD's for burn in
testing of the hardware before the OS in on. The previous tools I use
for IO for SQL database LUNS.
Z
Edward E. Ziots
CISSP, Network +, Security +
Security Engineer
Lifespan Organization
Email:ezi...@lifespan.org
Ce
This, and OTIS ( Microsoft Security discussion list) along with ISC
CISSP discussion lists and Active Directory discussion list. But this is
the main one I follow for System Admin issues etc etc.
Z
Edward E. Ziots
CISSP, Network +, Security +
Security Engineer
Lifespan Organization
Ema
Honestly,
It doesn't surprise me on this one, I am sure there are others that are
just as bad or worse, that will get owned at sometime in the future and
the same kind of stuff will be un-earthed.
Z
Edward E. Ziots
CISSP, Network +, Security +
Security Engineer
Lifespan Organizatio
, 2011 1:46 PM
To: NT System Admin Issues
Subject: Re: Fradulent *.google.com certs in Firefox.
Not just FF - MSFT is issuing a revocation for its products.
CERT notification to follow...
On Tue, Aug 30, 2011 at 10:40, Ziots, Edward wrote:
Fraudulent *.google.com Certificate at Mozilla
Fraudulent *.google.com Certificate at Mozilla Security Blog:
http://blog.mozilla.com/security/2011/08/29/fraudulent-google-com-certif
icate/
Status
Because the extent of the mis-issuance is not clear, we are releasing
new versions of Firefox for desktop (3.6.21, 6.0.1, 7, 8, and 9) and
mo
Gratz!
Z
Edward E. Ziots
CISSP, Network +, Security +
Security Engineer
Lifespan Organization
Email:ezi...@lifespan.org
Cell:401-639-3505
From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us]
Sent: Monday, August 29, 2011 3:04 PM
To: NT System Admin Issues
Subject: RE
> MMPC Blog Post:
> http://blogs.technet.com/b/mmpc/archive/2011/08/28/new-worm-targeting-
> weak-passwords-on-remote-desktop-connections-port-3389.aspx
>
> MMPC Encyclopedia:
>
> Worm:Win32/Morto.A
> http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.asp
> x?Name=Worm%3aW
Felt in RI, epicenter was Virgina I heard.
Z
Edward E. Ziots
CISSP, Network +, Security +
Security Engineer
Lifespan Organization
Email:ezi...@lifespan.org
Cell:401-639-3505
From: Christopher Bodnar [mailto:christopher_bod...@glic.com]
Sent: Tuesday, August 23, 2011 2:41 PM
To
+1
Seen this before with my systems also.
Z
Edward E. Ziots
CISSP, Network +, Security +
Security Engineer
Lifespan Organization
Email:ezi...@lifespan.org
Cell:401-639-3505
From: Michael B. Smith [mailto:mich...@smithcons.com]
Sent: Monday, August 22, 2011 1:44 PM
To: NT
it's only preseason.
Don Guyer
Windows Systems Engineer
RIM Operations Engineering Distributed - A Team, Tier 2
Enterprise Technology Group
Fiserv
don.gu...@fiserv.com
Office: 1-800-523-7282 x 1673
Fax: 610-233-0404
www.fiserv.com <http://www.fiserv.com/>
From: Ziots, Edw
Hey Hey that is my home sweet home PA ( abiet I was born on the west
side outside Pittsburgh) ( Go Steelers!)
Z
Edward E. Ziots
CISSP, Network +, Security +
Security Engineer
Lifespan Organization
Email:ezi...@lifespan.org
Cell:401-639-3505
From: Webster [mailto:webs...@carlwebs
Yep and they just reported that the PC division is getting spun off,
along with killing the WEB OS and there tablet solution.
Z
Edward E. Ziots
CISSP, Network +, Security +
Security Engineer
Lifespan Organization
Email:ezi...@lifespan.org
Cell:401-639-3505
From: Webster [mailto
http://download.sysinternals.com/Files/SysinternalsMalwareCleaning.pdf
I would assume this would be good for anyones toolkit for malware removal.
Z
Edward E. Ziots
CISSP, Network +, Security +
Security Engineer
Lifespan Organization
Email:ezi...@lifespan.org
Cell:401-639-3505
That is a good one but Helix is one of the good ones. Works on .NIX and
Windows.
http://www.e-fense.com/helix3pro.php
Z
Edward E. Ziots
CISSP, Network +, Security +
Security Engineer
Lifespan Organization
Email:ezi...@lifespan.org
Cell:401-639-3505
From: Steven M. Caesare [
ideas to add to your Secure Awareness training material
The SANS Ouch is good stuff.
On Wed, Aug 17, 2011 at 09:57, Ziots, Edward wrote:
Courtesy of SANS.
http://www.securingthehuman.org/resources/newsletters/ouch
Also if anyone needs some nice cheat sheets on IPV6, Incident Response
Courtesy of SANS.
http://www.securingthehuman.org/resources/newsletters/ouch
Also if anyone needs some nice cheat sheets on IPV6, Incident Response,
Windump, TCpdump, etc etc see me offline, I got a ton of them from my
last sans training to share with everyone.
Z
Edward E. Ziots
Welcome Back J
Good to see ya on the list again..
Z
Edward E. Ziots
CISSP, Network +, Security +
Security Engineer
Lifespan Organization
Email:ezi...@lifespan.org
Cell:401-639-3505
From: Sherry Abercrombie [mailto:sabercrom...@nhdallas.com]
Sent: Tuesday, August 16, 2011 1:44
Also check your scheduled tasks, and use the Microsofts Malicious
Software Removal tool along with ICesword and Rootkitrevealer and
TDSSkiller by Kapersky and Fsecure Blacklight.
Z
Edward E. Ziots
CISSP, Network +, Security +
Security Engineer
Lifespan Organization
Email:ezi...@lifespa
We have been seeing some file locking on one of our file servers with McCrappy,
but most times its been a user having a file open over the network ( in read
and write mode) and another user is trying to open it and modify it, causing
the lock.
Z
Edward E. Ziots
CISSP, Network +, Security +
Se
I am thinking you are on the right path with the malware, I would check
your scheduled tasks see if anything snuck in there and the run keys in
the registry accordingly.
If you can boot to alternative media and look at that systems with a
Live Cd and see if the DLL's are there and get a copy,
What I usually am doing is reading and studying up on the latest
security technologies and compliance challenges, along with working
towards an "auditors" state of mind ( so GSNA and CISA and Crisc
certifications on the horizon) along with learning penetration testing
techniques and auditing system
[mailto:scaes...@caesare.com]
Sent: Monday, August 15, 2011 2:26 PM
To: NT System Admin Issues
Subject: RE: Question on ESX VM issue, NEED HELP
Have you seen this issue referred to anywhere else? Pr know which patch
#?
Thanks for the heads up...
-sc
From: Ziots, Edward [mailto:ezi
?
-sc
From: Ziots, Edward [mailto:ezi...@lifespan.org]
Sent: Monday, August 15, 2011 1:55 PM
To: NT System Admin Issues
Subject: Question on ESX VM issue, NEED HELP
Has anyone seen an issue with this months patches causing the TCP/IP
Stack on Windows 2003 to blow up?
I have already
Has anyone seen an issue with this months patches causing the TCP/IP
Stack on Windows 2003 to blow up?
I have already did the following.
http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd
=displayKC&externalId=1014169
I have even uninstall and rebooted and reinstall
Jul 29, 2011 at 4:08 PM, Ziots, Edward
wrote:
To the list,
Been reading up on delegation of control wizard, and it seems that it
can be customized as per
http://support.microsoft.com/kb/308404
And there are additional templates in the following document:
Best Practices for Delegating A
401 - 500 of 2356 matches
Mail list logo
