Security – Page 2 – Tech.It.2.Me

PsTools communication errors

My friend Anthony was getting “access denied” and “logon failure” errors when trying to to run psexec (from one of the PsTools suite) from an XP machine on a domain to an XP machine in a workgroup. It was something similar to:

PsInfo 1.34 – local and remote system information viewer
Copyright (C) 2001-2002 Mark Russinovich
Sysinternals – www.sysinternals.com

Could not connect to machine_name:
Access is denied.

And…

PsInfo 1.34 – local and remote system information viewer
Copyright (C) 2001-2002 Mark Russinovich
Sysinternals – www.sysinternals.com

Couldn’t access machine_name:
Logon failure: unknown user name or bad password.

Here are the settings/steps I checked/took that resolved the issue:

1. ping – was able to ping the machine by hostname. So no problem here.

2. net share – verified the ADMIN$ share was enabled. Again no problem here.

3. Remote Registry service – verified the service was started because the PsTools suite makes use of RPC calls via port 445. Was fine here.

4. Administrator password – verified the Administrator did not have an empty password. Was set here.

5. Test account – created a test account to use for psexec (e.g., psexec \\computer_name notepad.exe -u test -p test). Was available here.

6. Access hidden share – tried to access C$ and found that user name field grayed out. This tipped off the problem – cool!

To fix it, I had to set the Network Access: Sharing and security model for local accounts security option Classic – local users authenticate as themselves.

Access it via Start > Run > secpol.msc > Local Policies > Security Options (see screenshot below).

Apparently, updates to Windows XP now sets this security option to Guest only – local users authenticate as Guest, which denies the ability to implicitly or explicitly use of a specific user name/password combo.

Hope this helps someone out there. Peace.

Seagate hard drives ship with virus

Interesting…an undisclosed number of Seagate’s Maxtor Basics Personal Storage 3200 units have shipped with a virus that steals passwords to online games, such as World of Warcraft. Identified as Virus.Win32.AutoRun.ah by Kaspersky Labs, the virus also deletes similar viruses and can disable virus detection software as well.

The virus, which was loaded onto the Maxtor units at a sub-contract manufacturer’s location in China, is sending stolen passwords back to a server that’s also located in China.

Not good. Read more at eWeek.

OSX.RSPlug.A Trojan Horse

A company named Intego apparently found a malicious Trojan Horse that actually is harmful (OS X attacks and exploits were previously developed that lacked malicious power). According to Intego the Trojan Horse:

…disguises itself as a video codec that offers access to a pornographic video…and users attempting to install the codec receive a piece of malware classified as a ‘DNS Changer’ which modifies the way OS X handles the DNS requests used to link numerical IP addresses to web URLs.

The tool allows the attackers to redirect web traffic. Users attempting to visit PayPal, eBay or certain banking sites, for instance, will be directed to a phishing website instead.

You will see something like:

Quicktime Player is unable to play movie file.
Please click here to download new version of codec.

Read more about OSX.RSPlug.A. And just keep in mind that “a spokesperson for Symantec suggested that Intego “has a tendency to over-hype things.”

SQL Injection-proof your integrated SQL search in ASP.NET 2.0

I had forgotten to add SQL Injection prevention logic when I integrated and implemented a SQL search function for my employer’s internal ASP.NET app. So in this post, I’m adding it for archival and sharing purposes.

SQL injection is an attack in which malicious code is inserted into strings that are later passed to an instance of SQL Server for parsing and execution.

BTW, here’s an excellent article about SQL Injection on the MSDN site.

1. The first thing you’ll need to do is grab the user’s input from the search textbox; for example:

<font size="2"><span style="color: rgb(0,128,0)">// Get user search input
</span><span style="color: rgb(0,0,255)">string</span> requestString = txtSearch.Text.Trim(<span style="color: rgb(0,0,255)">null</span>);</font>

2. Next, you’ll need to add logic to see if the user input contains any of the following:

I added something like this:

<p><font size="2"><span style="color: rgb(0,0,255)">if</span> ((requestString.Contains(<span style="color: rgb(163,21,21)">";"</span>)) || (requestString.Contains(<span style="color: rgb(163,21,21)">"'"</span>)) ||
    (requestString.Contains(<span style="color: rgb(163,21,21)">"--"</span>)) || (requestString.Contains(<span style="color: rgb(163,21,21)">"/*"</span>)) ||
    (requestString.Contains(<span style="color: rgb(163,21,21)">"*/"</span>)) || (requestString.Contains(<span style="color: rgb(163,21,21)">"xp_"</span>)))
</span>{
    </font><font size="2"><span style="color: rgb(0,128,0)">// Stop processing and notify user
</span>}
</font><font size="2"><span style="color: rgb(0,0,255)">else
</span>{
    </font><font size="2"><span style="color: rgb(0,128,0)">// Continue processing and show results
</span>}</font></p>

3. Build/compile your app then test it out. If all goes well, you should not get any errors and your web app’s search function should now be SQL Injection-proof.

Password Chart

Just in case you want to make use or take advantage of “hard to hack” passwords, use the Password Chart as your compass. You’ll probably want to use some sort of password manager to auto-fill for you. ;0)

Go here to check it out. Ciao!