A simple Python based utility to create MD5 tables of files and directories. These tables can then be compared to target files or directories for changed MD5 hashes This is an early alpha version, more features including reporting functionality to come.
7
Nov
Comments Off
Understanding Windows User Accounts 2 – Running as limited user
By M. | Filed in PrimerThis is a quick video I put together to demonstrate the steps required to run as a limited user account within Windows XP. These same steps apply to Windows Vista and 7, the primary differences being the control panel interface for user accounts. Windows Vista/7 also implement UAC (User Account Control) which simplifies the RUNAS process by automatically prompting you for administrative credentials when trying to perform a task as a limited user that required elevated privileges.
Home versions of the Windows Operating system presents two classifications of user accounts through the Control Panel.
Standard User: This user account has the lowest level of rights and permissions on the computer. This account cannot install software or make significant system changes. This account cannot take control of files or folders and alter permissions of objects that it does not own.
Administrator: The administrator account is the head cheese of Windows systems. Installation of software, creation of accounts, system changes, permissions changes, ownership changes…all cake on a Sunday afternoon.
The user account configured during Windows setup is an Administrator account. Seems sensible right? If the account created at setup was a Standard User account, then we would be unable to make configuration changes, create new accounts or modify the system as we see fit after setup. The problem here arises because typically this account becomes the only account a person ever uses on that system.
Why does this matter?
Put simply any application or process initiated by a user is run within the context of that user and has the same rights/permissions as that user.
Let’s pretend I am a Standard User on a system (which is how I operate normally) browsing the web looking for the perfect anniversary gift for my wife. I click a link to a legitimate looking site, this site has a script which tries to exploit a flash vulnerability and install a virus on my system. If I am using my computer as a Standard User, then the web browser the script was called from and the script itself will all run within the context of Standard User. The limited permissions and rights granted to the Standard User accounts would prevent the virus from ever installing on the system or making any malicious system changes since Standard User does not have the rights to perform these actions. Had I been using an Administrator account, the virus would have happily installed and performed whatever nasty actions the author of the virus intended.
Starting with Windows Vista, Microsoft implemented User Account Control (UAC) to begin addressing the problem as explained above.
UAC presents the user of a system notification that an event is occurring requiring administrator privileges and provides the user a chance to cancel the action. As a Standard User, UAC would provide the opportunity to provide credentials for an account with enough privileges to perform the action, whereas an Administrator user would be asked simply to allow the action to occur. UAC not only provides a protection mechanism for people who are willing to pay attention to what is occurring and not just click past the prompt, but it also provides a more seamless solution for operating a computer under multiple user account contexts.
At the beginning of this post I defined the scope of the material to home versions of Windows OS. What about Business and Professional Editions? Typically these will be a part of the Domain and User Groups will be defined and granted appropriate permissions and tasks that they require assuming principle of least privilege. User accounts will then be assigned to the required groups. I will go more in depth on Domains and Groups in future posts.
Next Topic – Operating your Computer under multiple user contexts.
Hate.
Dictionary.reference.com defines this as “intense dislike, extreme aversion or hostility.”
Like the majority of the population I generally would associate hate with the either end of that definition. The difference between them is subtle but important to note. If my wife were to say “I hate zombies”, she would really be saying “I have an intense dislike towards zombies”, typically this comes up in response to a proposal from me to watch <insert Romero film here>.On the other hand, using the same phrase “I hate zombies” myself, would shift the definition to “hostility”. Examine this sentence if you will: “Dead Rising 2 is a great game, I really hate zombies”. Hate in this context is merely a representation of my desire to destroy as many of these ghouls in the most creative ways possible.
Lately I have found “Hate” to be an indispensable tool. There are claims that “Hate is an ugly word” , but a word is just a word, given meaning and driven contextually by the people who use it. I cannot get through a single day lately without “hate” passing my lips. “I hate the iPhone.” , “I hate myspace”. “I hate KDE.”. These phrases are not birthed from intense dislike or hostility, I merely have an extreme aversion to these items.
Let me take a quick break here to say to anyone who takes offense at my nay-saying of the above three items, I care not. Shall we move on?
I have no historical justification for my ill will towards “My Space” or the “iPhone”, although I’m sure if I took the time to dig deep enough I could produce it. I simply do not have the room in my life for these products. The sheer weight of choices presented at every turn when weighed against the amount of useable time in a day is enough to drive one past sanity’s brink. I wish my decision making was no more complex then deciding if I should trade my woven cloth for potato or grain, however I have been left with little choice but to employ hate in defense of my own mental well being.
I love tech, all tech..if I don’t draw the line I will drown in the fire hose of endless options. If I did not hate the iPhone, I would surely pursue ownership of one, but that would mean switching to AT&T who I also hate. So glad the weight of that decision has been lifted from me. Thank you hate.
I am excited about the upcoming SANS 401 mentoring session I will be offering in November at the New Horizons Computer Learning Center, Albany NY.
The SANS Mentor program provides a great training alternative for people who do not have the time for the boot camp style sessions of traditional SANS training, but do not want to sacrifice the face to face time with an instructor in a classroom environment. The SEC 401 course is the perfect primer for IT professionals or enthusiasts who require a broad overview of the today’s Cyber Security industry.
You can read more about the SANS Mentor program here
View details on Sec 401 here
View details and register for my upcoming course here
| Facing an upcoming Security Awareness Training delivery for a client, I found my mind meandering over fresh and new ways to deliver time tested advice on personal cyber security in a relatable way. At some point during this discovery process it became apparent to me that “New” forms of delivery may not be the best approach and would likely result in more confusion causing my core messages to be lost somewhere in translation ( I think that is in Arkansas, but I have not been able to confirm). After some time playing mental merry-go-round on the issue, I realized that the rote lessons of safety our parents presented to us time and time again during our childhood still apply to modern day safety in the digital space. How true I soon realized that many of the great wisdoms of today are simply re-adapted wisdoms of the past. I would like to share my top 3 with you.
1. Look both ways before crossing the street. How diligently I remember practicing this rule as a child upon crossing the street. I don’t quite recall if my adherence to this policy was driven more by fear of the oncoming tons of metal or the stern delivery of my Father’s discipline. Either way the consequence of not taking the few extra seconds to ensure the road was safe were clear and terrifying. How diligent are you when browsing the internet on checking the URL in your address bar? Does the URL say CNB.COM or CNNB.COM? It is proven that humans focus on words as a whole and not the individual character placement(Read more http://www.foxnews.com/story/0,2933,511177,00.html) and although the URL difference is clearly noticeable with a 3 letter URL, what about a 7 or 9 letter one? Would you truly have noticed if the URL I just presented sent you to foxxnews.com instead? Well, maybe you don’t need to worry about this, after all your banking site uses SSL and is secure right? You go there and get a “little green padlock” next to the address so everything is cool, right? Not really. I could just as easily get a valid SSL certificate for www.foxxnews.com and when you access the site you will continue with a false sense of security knowing that the site you are on matches the address, but that doesn’t guarantee you went to the site you intended. Look both ways. Check your URL every time you browse to a site or click a link, SSL enabled or otherwise. 2. Don’t take candy from strangers This is great advice, although the only time I have ever been offered candy from a stranger was during Halloween whose whole purpose is to take candy from strangers. Talk about conflicting messages. All humor aside, the core message of this statement being “People with bad intentions will try to bribe you with shiny things so don’t fall for it” holds true on the internet as well. I question links or content sent to me from my own family let alone a link to cheap Viagra sent to me by notacriminal@foolish.net This e-mail address is being protected from spambots. You need JavaScript enabled to view it . Why do people still insist on clicking on links in emails from people they don’t know? How do you know there isn’t a razor blade inside? Or maybe someone injected it with poison? I heard one time that most criminal offenses are more commonly an act of someone you know then a complete stranger. Maybe this is garbage, but I will happily present this bogus fact in the spirit of this post as it fits my next point. It is a trivial matter to send an email claiming to be from a different email address. If you receive an email from someone you know with links that are non descriptive or seem out of the ordinary, question it. Maybe the email address was picked off one of those obnoxious chain mails where people like to send their friends and families email addresses to the rest of the world by forwarding them in the CC field. How Rude! If I am going to send out malicious emails I certainly would masquerade as another individual. It gains me both credibility with the recipient and anonymity to my true identity. Email, is not the only vector of attack of phishing attacks, beware of links to content on Facebook and Twitter or any other social media service you may subscribe to. Another common location for this sort of scam is within MMO’s like World of Warcraft or other online gaming communities. If a player name “Blizzardservices” whispers you in game or sends you mail telling you about your exclusive entry into the new beta release and all you have to do is visit a website and login, just smile and refuse the lollipop. 3. Always wear your seatbelt
I am a firm believer in this one and it has always struck me as irresponsible the individuals who choose to express their rights to personal freedom and get into a car without buckling up. Really? It takes 15 seconds maximum to ensure a greater chance of survival in the event of an accident. Front seat or back, there really is no sensible justification around this one. Note the use of the descriptor “sensible”. I could take the same approach as this short sighted minority when using my system as well. Why be inconvenienced with allowing the occasional software update to install? I know Microsoft has gone to great lengths to design an update delivery system that basically automates the entire process of improving security on my machine in response to the latest exploits but why be inconvenienced with the required reboots during the regularly scheduled monthly patching? I’ll take that chance of hitting a malicious website and having an un-patched vulnerability exploited because freedom is cool. How about Anti-Virus? There are several great solutions out there that will update at no cost and can turn a system coma into some minor scrapes and bruises as a result of having fully up to date anti-virus present. However most people are content to allow that version of Norton 2007 that came bundled with the system 3 years ago on a 60 day trial to be their sole source of safety. I look forward to bringing some of these options to light for you in the near future. Accidents are bound to occur and I refuse to be the guy flying through the windshield. |
Comments Off