Re: Hacked via Microsoft Servers!
From: Roger Abell [MVP] (mvpNoSpam_at_asu.edu)
Date: 05/02/04
- Previous message: GlowOfSunsetREMOVE_at_Yahoo.com: "Hacked via Microsoft Servers!"
- In reply to: GlowOfSunsetREMOVE_at_Yahoo.com: "Hacked via Microsoft Servers!"
- Messages sorted by: [ date ] [ thread ]
Date: Sat, 1 May 2004 17:11:05 -0700
Hi GlowOfSunset,
I am not an MS person, but I may be able to clarify a couple things
for you. There is no way to script the policy settings in local of group
policy. There is a set of tools, preloaded on your server system,
that you may use to work with templates such as the ones you find
in the hardening guides. These are snapins you can load into an MMC:
Security Templates, and Security Analysis and Configuration
Once you have templates, you can apply these from batch or script
by invoking secedit.exe
Well, that might explain why you had such a long and unfruitful search.
BTW the hardening guides are fairly recent and hold some good info.
I highly doubt that any MS employee had anything to do with the inbound
traffic you experienced. You need to realize that you were only browsing
on some node in a downstream farm, and your actions were certainly
not even noticed in realtime. You were doing what the ms.com resources
are there for, and so your browing and searching would not be noticed in
realtime nor in any subsequent analysis of the logs.
Now, I can not explain what it is that you did experience, but I would
guess that it was easy to misidentify the origin of the inbound traffic,
particularly if you had a volume of it with ms.com for you browse,
search, download.
Your points on searchability of the ms.com property are well taken.
-- Roger Abell Microsoft MVP (Windows Server System: Security) MCDBA, MCSE W2k3+W2k+Nt4 "GlowOfSunsetREMOVE@Yahoo.com" <GlowOfSunset@yahoo.com> wrote in message news:204e9a2d.0405010942.6d320f79@posting.google.com... > Microsoft Corporation, > > I wrote this because I hope that the corporate officers of Microsoft > will hear of the complaint. So PLease do not remove it...move it > upstream to them if anything. > > I am currently learning about Microsoft Windows protocols and > applications regarding the securing of Windows XP Pro and Windows > Server 2003. I have just concluded attending the Microsoft Security > Summit and an additional class through New Horizons here in Chicago, > Illinois regarding group and security policy administration. That is > what piqued my interest in the available applications. > > Last night through the Microsoft Corporate website, a site I trusted > to be able to obtain documention from considering that I might use > documentation that was not accurate from elsewhere I attempted to find > the ability for batch or script group and local security policies. It > was at that time that I began being severely hacked by what appently > looks like none other than Microsoft Corporate system administrators. > Most if not all of what was hitting my system was through > microsoft.com. Can you explain what I have just said? > > I admit thaat I looked at well over 100 to 150 documents and was on > the Microsoft domain for well over four hours but that is how long it > took to find what I was looking for. Your document base is not > properly stemmed nor is it set up for system administrators who are > migrating from entry level to advanced administrators. In order to > become an advanved user of your online systems it probably takes any > individual well over a year given the services and document base that > you have. This is not going to happen overnight. I absolutely could > not find what I was looking for and that is why I had to continuously > run searches and pour through as many documents as I had. I have > better things to do woth my time such as performing the actual systems > security. > > I did eventually see the "Threats and Countermeasures Guide," which is > part of the information that I sought. I still have not download > "Windows XP Professional Resource Kit" or "Windows Server 2003 > Resource Kit Tools" because I was under some very heavy fire. Nice > hack on instanciating the WMI and Print Spooler services though I do > not know what you were up to. It certainly pisses me off. > > Now, I've been more than polite, but I would say that if you think you > are going to beat Google at indexing any documentation that you had > better start with a consolidation of your own documentation on your > own hosted systems, consider better stemming mechanisms for your > database systems and stop hacking individuals looking for > documentation regarding support until you develop better mechanisms to > find the documents that you have. > > That is about all I can say, because if I say much more I think we > will both lose respect for each other. I would tone down your server > security team and any other anuses hanging around that think that they > own the world.
- Previous message: GlowOfSunsetREMOVE_at_Yahoo.com: "Hacked via Microsoft Servers!"
- In reply to: GlowOfSunsetREMOVE_at_Yahoo.com: "Hacked via Microsoft Servers!"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
