NewSid Retired: Multiple SID Myth Debunked by Mark Russinovich

November 7, 2009

Mark Russinovich, creator of the Sysinternals toolset, has retired NewSid – citing multiple SIDS cause no harm. This may come as a suprise to anyone, myself included, that has faithfully created new SIDS when preping a system to be imaged.

The SID is a unique value created during a system install on all Windows versions post Windows NT. This unique SID is then used to create additional unique security descriptors, primarily the SID values for users and groups. If two separate machines had the same SID, then theoritcally these two machines could produce the same SID for local user accounts – thus, creating a security concern. Under this assumption, various tools have been produced to manipulate the SID.  Even Microsoft has used the Sysprep tool to create a unique SID for systems being prepared for imaging.

Mark agrees that theorically the aforementioned problem could arise, but also states it causes no security concern because the local SID info never leaves the local system. Mark also admits that like everyone else he never questioned the theory, and assumed like everyone else that duplicate SID’s was a bad thing.

As of November 3, 2009, NewSid is retired. Read Marks full analysis on his blog at http://blogs.technet.com/markrussinovich/archive/2009/11/03/3291024.aspx.

Advertisement

2 Comments | News | Tagged: , , , , | Permalink
Posted by securityvibe

BartPE or Other Bootable Distro Gives Blue Screen 0x0000007B

July 21, 2009

When using a BartPE, or other bootable distro, your system blue screens with ‘Stop 0x0000007B’.

The most likely cause for this BSOD is due to missing SATA drivers. To solve this problem you can add the correct drivers to your boot disk.  However, this involves you finding the correct drivers and then applying them to your particular boot disk. The easier solution is to change the mode of your disk controller within the BIOS of your system. Depending on your system setup you will have various settings for this device. Likely you will see: RAID, AHCPI, IDE, or Compatible inplace of IDE. You will want to choose Compatible or IDE depending on what you system presents. Reboot after making the change and you should be good to go.

18 Comments | Quick Fix | Tagged: , , | Permalink
Posted by securityvibe

MBSA CMDLINE Wizardry

July 17, 2009

MBSA (Microsoft Baseline Security Analyzer) is a free tool provided by Microsoft.  Its purpose is to scan systems to determine the systems security posture.  Most people run it as a gui, but it also has a cmdline option which allows for scripting and automation of tasks.  In this post I’ll show you how to run mbsacli the cmdline version of mbsa. 

Read the rest of this entry »

5 Comments | How To | Tagged: , , , , | Permalink
Posted by securityvibe

Using dd To Make a Floppy Image

July 17, 2009

First you may ask yourself, why would anyone would want to make an image of a floppy?  First, virtual floppy images give a better, more durable, and efficient way to store data than a physical floppy.  Secondly for archival purposes,  I have gobs and gobs of floppies with everything from bootable linux distros, utility disks, and games that I want to preserve.  Thirdly, floppy images give you a virtual floppy environment when no physical floppy is device available – supported by VMware workstation and other virtualization packages.  If you’re using linux or another Unix like OS, your probably good to go – just use the built in dd command and simply type the following commands at a shell prompt . If you’re on Windows, head over to chrysocome.net and pick you up a copy of dd for Windows.

On Unix:
     dd if=/dev/fd0 of=floppy.img bs 1440

On Windows:
     dd if=/./a: of=floppy.img bs 1440

Explanation of command:  if = in file, of = outfile, bs = byte sectors.

Leave a Comment » | How To | Tagged: , | Permalink
Posted by securityvibe

Hello world!

May 31, 2009

SecurityVibe is low live! Discussing security news, best practices, and how to instruction.

Leave a Comment » | Uncategorized | Permalink
Posted by securityvibe