30 month ago
kayodeok : Mark's Sysinternals Blog: The Power in Power Users - What many administrators fail to realize, however, is that this power comes at the price of true limited-user security
# copy
33 month ago
kayodeok : Why doesn't Windows File Protection use ACLs to protect files? - Windows File Protection works by replacing files after they have been overwritten. Why didn't Windows just apply ACLs to deny write permission to the files? We tried that. It didn't work.
# copy
33 month ago
kayodeok : Default ACLs on Windows Event Logs - What are the default ACLs on Windows event logs? Here's the answer, straight from the source code with only a little formatting help from me, and in more detail than you probably care to know
# copy
34 month ago
kayodeok : Mark's Sysinternals Blog: Running as Limited User - the Easy Way - Process Explorer’s Run as Limited User menu item in the File menu opens a dialog that looks like and acts like the standard Windows Run dialog, but that runs the target process without administrative privileges:
# copy
34 month ago
kayodeok : Aaron Margosis' WebLog : Fixing "LUA bugs", Part I - In this mini-series of posts, I’ll lay out a systematic approach for working around LUA bugs that minimizes exposure. I’ll discuss approaches from most-preferred to least-preferred, with some of the pros and cons of each. By the way, while
# copy
34 month ago
kayodeok : Report: Many Apps Misconfigure Security Settings - My fellow Princeton computer scientists Sudhakar Govindavajhala and Andrew Appel released an eye-opening report this week on access control problems in several popular applications
# copy
34 month ago
kayodeok : Microsoft Security Advisory (914457): Possible Vulnerability in Windows Service ACLs - Microsoft is aware of published information and proof-of-concept code that that attempts to exploit overly permissive access controls on third- party (i.e., non-Microsoft) application services.
# copy
34 month ago
kayodeok : What is a "LUA Bug"? (And what isn't a LUA bug?) - A "LUA bug," then, refers to an application - or a feature of an application - that works correctly when run with elevated privileges but fails to work for a LUA user, and where there is no technical or business reason for requiring elevated privileges
# copy
35 month ago
kayodeok : Windows Access Control Demystified - I just came across an interesting paper being published out of Princton in which the authors have constructed a logical model of Windows XP access control, in a declarative but executable format. They have even built a simple scanner that reads access-con
# copy
35 month ago
kayodeok : Applying the Principle of Least Privilege to User Accounts on Windows XP - To read: Applying the Principle of Least Privilege to User Accounts on Windows XP
# copy
36 month ago
kayodeok : Useful registry hack to "Run As" MSI packages - How to tweak the registry so you can finally right click and "Run As" MSI packages when you are running with least privilege in Windows
# copy
36 month ago
kayodeok : Mark's Sysinternals Blog: Circumventing Group Policy as a Limited User - Windows administrators should be aware that if a user, even one running with a limited account, can execute just one program of their choice that they also can circumvent many group policy settings, including ones aimed specifically at tightening security
# copy
38 month ago
kayodeok : Reducing browser privileges - A simple yet little-known approach exists for users to avoid many of these vulnerabilities in any web browser. It is a novel tool called "Drop My Rights," created by Microsoft's Michael Howard
# copy
39 month ago
kayodeok : IEBlog : More details on Protected Mode IE in Windows Vista - Protected Mode helps to eliminate the silent install of malicious code through Windows Vista’s User Account Protection (UAP) technology by blocking writes outside of the Temporary Internet Files (TIF) folder
# copy
39 month ago
kayodeok : User Account Protection (UAP) in Vista: Did Microsoft get it right? - Even when logged into the administrator account, apps will start up in standard mode (meaning without elevated privileges). If you need admin perms, then you can select "Run Elevated" to do so. In many cases, it will prompt you to do so
# copy
41 month ago
kayodeok : SAFER security levels - How to get Windows XP's Software Restriction Policy to display the three other SAFER security levels (Normal User, Constrained, Untrusted) in addition to the default security levels (Disallow, Untrusted)
# copy42 month ago
kayodeok : Hall Of Shame is a list of programs and applications which do not work in User mode in Windows - This wiki page is dedicated to the thousands of applications that break when run as non-admin
# copy
42 month ago
kayodeok : The Administrator Accounts Security Planning Guide - The main goal of this guide is to provide prescriptive guidance in terms of the steps you can take to secure your local and domain-based administrator-level accounts and groups
# copy
42 month ago
kayodeok : Clarifying Low-Rights IE - "It is a defense-in-depth feature, meant to back up and support the many other security features. [...] Low-rights IE will only be available in Longhorn because it's based on the new Longhorn security features that make running without Administrator pri
# copy
42 month ago
kayodeok : The Administrator Accounts Security Planning Guide - This guide is an indispensable resource when you plan strategies to secure administrator-level accounts in Microsoft Windows NT -based operating systems such as Windows Server 2003 and Windows XP. It addresses the problem of intruders who acquire administ
# copy
44 month ago
kayodeok : How to allow users to manage file and print shares without granting other advanced privileges - This post describes how to grant users the ability to manage shares through Windows Explorer or the "NET SHARE" command line, without granting other advanced privileges
# copy
45 month ago
kayodeok : Using Image File Execution options as an Attack Vector on Windows - Spyware doesn't have to worry about trying to hide and start execution in the Run/RunOnce keys when they could simply tag to a common exe that starts up, and on startup spawn the real executable after doing its bidding. I will leave that to the reader to
# copy
