RE: Windows XP Guest Account.
From: Keith (keith_at_keithbergen.com)
Date: 07/20/03
- Previous message: Philippe Biondi: "Re: Cisco 0-day? [Was: strange protocol scans (and MOBP plug)]"
- In reply to: Maher Odeh: "Windows XP Guest Account."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: <incidents@securityfocus.com> Date: Sun, 20 Jul 2003 09:21:35 -0400
Look in the Event Viewer - Security log. I just turned my guest account off
and on. It logged an event for each. The off event was a "528" and the on
event was a "538". While the event logs are not very user friendly, you may
be able to gain some information from it. Also, you may be able to trace
back some events to see if there are any other logins that are turning guest
back on.
Regards,
Keith.
Oh, congratulations in advance to all those that are on vacation, and have
been too inconsiderate to turn off their "out of office assistant" for this
list.
-----Original Message-----
From: Maher Odeh [mailto:rax@X-war.org]
Sent: Sunday, July 20, 2003 3:53 AM
To: incidents@securityfocus.com
Subject: Windows XP Guest Account.
Hello,
Something really weird keeps happening to me.
I have installed WinXP SP1, and as usual, I go though manage computer and I
change and disable users from there, the users I always keep are
the Administrator account that I rename to admin and the guest account which
is disabled by default but I give it a long password that I forget just
In case this account gets enabled, now for my incident .
I have been using XP for a while now and I keep noticing from while to a
while the guest account being enabled, so I go back and disable it again
It happened to me more than once, on a new installed system that's not
connected to the internet, first thing I install XP and restart the system,
The guest account is enabled, something is fishy here I'd say . this cant be
a Trojan as this system is newly installed without internet connection
So I guess it could be a bug . but I think that there is a need to check it
more in depth, what do you think ?
Thanks,
----------------------------------------------------------------------------
Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the
world's premier technical IT security event! 10 tracks, 15 training
sessions,
1,800 delegates from 30 nations including all of the top experts, from CSO's
to
"underground" security specialists. See for yourself what the buzz is
about!
Early-bird registration ends July 3. This event will sell out.
www.blackhat.com
----------------------------------------------------------------------------
----------------------------------------------------------------------------
Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the
world's premier technical IT security event! 10 tracks, 15 training sessions,
1,800 delegates from 30 nations including all of the top experts, from CSO's to
"underground" security specialists. See for yourself what the buzz is about!
Early-bird registration ends July 3. This event will sell out. www.blackhat.com
----------------------------------------------------------------------------
- Previous message: Philippe Biondi: "Re: Cisco 0-day? [Was: strange protocol scans (and MOBP plug)]"
- In reply to: Maher Odeh: "Windows XP Guest Account."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
