RE: local admin compromised

From: CHRIS GRABENSTEIN (LFGRABC@lf.vccs.edu)
Date: 11/13/01


Message-Id: <sbf11267.018@lf.vccs.edu>
Date: Tue, 13 Nov 2001 12:28:54 -0500
From: "CHRIS GRABENSTEIN" <LFGRABC@lf.vccs.edu>
To: <focus-ms@securityfocus.com>
Subject: RE: local admin compromised

Several things seemed to indicate they had never logged in. No profile
had been created, logs didn't show any activity by that user, and a few
other things that I can't remember off the top of my head. It's
entirely possible they got rid of their tracks, but it seems odd that
they wouldn't have deleted the user account if that were the case.

-----Original Message-----
From: Mike Shaw <mshaw@wwisp.com>
Sent: Tuesday, November 13, 2001 11:43 AM
To: H C <keydet89@yahoo.com>, <LFGRABC@lf.vccs.edu>
Cc: <Focus-MS@securityfocus.com>
Subject: Re: local admin compromised

I've been halfway reading these posts, but something occurred to me.
How do you know for sure that this account never logged in? If they
had
admin access they could have monkeyed with the logs.
 Mike



Relevant Pages

  • RE: Putting a password on a folder
    ... user1 logs in and saves file1 to their profile and logs out. ... I need to password protect my folder on my computer. ... > protected, so I put a password there, BUT it take me to the user account (in ...
    (microsoft.public.windowsxp.general)
  • RE: Run Advertised Programs is empty
    ... I did create a new user account for him with userid testing and added ... the SID, not the username, but any special characters in this username? ... Is it a clew that Add New Programs also is empty? ... The other machine he logs in to is also in the collection. ...
    (microsoft.public.sms.misc)
  • Re: [kde-linux] KDE 4.0.3 "Unable to load library" problem
    ... Yes, I use dedicated user account kde-devel, as advised in the tutorial. ... > Note that I list a *lot* of environment variables that need to be set. ... I set my LD_LIBRARY_PATH according to tutorial in my .bashrc file (included in my origial post along the build logs) ...
    (KDE)
  • Re: Screensaver takes too much time to fade-out...
    ... Well, if you are being security minded, logs on the same machine can't ... separate user account which is solely used for mailing, ... by my mail client, which will then move them via IMAP to my Gmail inbox :-). ...
    (Fedora)
  • Re: Cant access event system logs
    ... a member of the local admin group, ... user account to HKLM and apply "replace permission entries ... but I can then access the logs from ... >> other's event logs, although they can access logs on w2k ...
    (microsoft.public.windowsxp.security_admin)