Re: Security Question

---

• From: "Gregg Hill" <bogus@xxxxxxxxxxx>
• Date: Fri, 10 Nov 2006 19:07:10 -0800

---

This may not apply, but are there any ex-employees who knew the name? Or
perhaps an owner who bragged to a friend that no one could hack him?

Gregg Hill


"cjobes" <cjobes@xxxxxxxxxxxxx> wrote in message
news:ejsJS$PBHHA.3560@xxxxxxxxxxxxxxxxxxxxxxx

kj,

Thanks for the additional comments. This client Trend SCM running. It's
very unlikely that there is software on one of the user stations that
would do that. This has come from the outside. They also haven't gotten is
because the password is quite complex. But given that this was the first
time I came across this I was curious how they got the username in the
first place.

--
Claus
"kj" <kj@xxxxxxxxxxx> wrote in message
news:%23msZdRPBHHA.204@xxxxxxxxxxxxxxxxxxxxxxx

A simple ldap query will return the administrator account, but in Windows
2003 AD "anonymous" ldap queries aren't allowed. However, a logged in user
with no other special privileges can easily determine the name of the
Administrator account. While a typical user isn't going to know how to do
this (or care probably), spyware/malware or such could easily do this
under the user credentials. As Les said this "obscurity" measure isn't a
significant security layer for a determined intruder.

That said, I'm not aware of any spyware that has been found to do this,
but it is certainly possible.

--
/kj
"Les Connor [SBS Community Member - SBS MVP]" <les.connor@xxxxxxxxxxxx>
wrote in message news:%23hIktUOBHHA.3928@xxxxxxxxxxxxxxxxxxxxxxx

SMTP tar pit feature for Microsoft Windows Server 2003

http://support.microsoft.com/kb/842851

Getting a valid email address is one thing; the planets would have to be
aligned with the stars for someone to get a valid username from an AD
harvest, but if the email address is <name>@domain.com and the user
account is <name>, then it's a no brainer.

I see quite a few installs like this - I don't really like it but it's
because of defaults. Customizing user account and email address
generation is an obscurity measure, not effective against a black hat
but keeps the dabblers moving on.

--
Les Connor [SBS Community Member - SBS MVP]
-----------------------------------------------------------
SBS Rocks !
----------------------
"Tell me and I'll forget. Show me and I'll remember. Involve me and I'll
understand." - Confucius


"cjobes" <cjobes@xxxxxxxxxxxxx> wrote in message
news:uEgA%23KJBHHA.1196@xxxxxxxxxxxxxxxxxxxxxxx

Les,

Can you elaborate a bit more on this?

--
Claus
"Les Connor [SBS Community Member - SBS MVP]" <les.connor@xxxxxxxxxxxx>
wrote in message news:eMtbFTIBHHA.1220@xxxxxxxxxxxxxxxxxxxxxxx

From an AD harvest? If AD filter is on, this is one of the caveats -
hence the use of tarpitting for mitigation.

--
Les Connor [SBS Community Member - SBS MVP]
-----------------------------------------------------------
SBS Rocks !
----------------------
"Tell me and I'll forget. Show me and I'll remember. Involve me and
I'll understand." - Confucius


"cjobes" <cjobes@xxxxxxxxxxxxx> wrote in message
news:%23I2lDv0AHHA.144@xxxxxxxxxxxxxxxxxxxxxxx

Hi all,

A first for me, so I would like to get some feedback from other
admins.

As a standard, we always change the Administrator account name to
something else. For the first time we had a breakin attempt at one of
our clients (SBS2003/ISA2004) that was using the correct renamed
admin account name. Now, the password is pretty complex but I still
don't like the fact that 50% of the safeguard is out there. Does
anybody have an idea how an outside hacker would be able to obtain
that username?

--
Claus

.

---

• Follow-Ups:
  • Re: Security Question
    • From: cjobes

• References:
  • Security Question
    • From: cjobes
  • Re: Security Question
    • From: Les Connor [SBS Community Member - SBS MVP]
  • Re: Security Question
    • From: cjobes
  • Re: Security Question
    • From: Les Connor [SBS Community Member - SBS MVP]
  • Re: Security Question
    • From: kj
  • Re: Security Question
    • From: cjobes

• Prev by Date: Re: Unable to logon to Windows 2003 Domain
• Next by Date: Re: 2 email domains for SBS 2k3
• Previous by thread: Re: Security Question
• Next by thread: Re: Security Question
• Index(es):
  • Date
  • Thread

---

Relevant Pages RE: cannot log on to user account following password change ... cannot log on to user account following password change ... I changed the username on the account in ... | on the sbs box. ... (microsoft.public.windows.server.sbs) Re: Security Question ... account is, ... Les Connor [SBS Community Member - SBS MVP] ... For the first time we had a breakin attempt at one ... (microsoft.public.windows.server.sbs) RE: cannot log on to user account following password change ... home box with an existing local profile in conjunction with the sbs account. ... a local profile on the xp home box called Fiona Bavester had a username ... (microsoft.public.windows.server.sbs) RE: SBS 2K3 R2 and Outlook ... The archive file created on the SBS is the folder redirection function. ... | account create a new user profile on client computer. ... | transfer the local user profile to domain user profile. ... (microsoft.public.windows.server.sbs) RE: strange problem....... ... Thank you for posting in SBS newsgroup. ... One is Exchange account, the other is an Internet POP3 account. ... (microsoft.public.windows.server.sbs)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(12)