Montreal blog on Internet Security Software

Blog

May 13

Setting privileges on a specific thread

If you've ever needed to set privileges to a specific thread Id only, and not an entire process, you may of visited quite a few MSDN web pages trying to figure out exactly how to achieve this.

Here is a function that does this, call it using a format such as:

AddThreadPriv(GetCurrentThreadId(), SE_BACKUP_NAME);

AddThreadPriv(const DWORD in_tid, const std::string& in_rstrPrivilegeName)
{
ImpersonateSelf(SECURITY_MAX_IMPERSONATION_LEVEL);

HANDLE h = OpenThread( TOKEN_ALL_ACCESS, FALSE, in_tid);

HANDLE hToken = NULL;

if(h)
OpenThreadToken(h, TOKEN_ALL_ACCESS, TRUE, &hToken);

if( hToken )
{
TOKEN_PRIVILEGES tpNew = { 1 };
tpNew.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;

  if( ::LookupPrivilegeValue( NULL, in_rstrPrivilegeName.c_str(), &tpNew.Privileges[0].Luid ) )
  {
   VERIFY( ::AdjustTokenPrivileges( hToken, FALSE, &tpNew, 0, NULL, NULL ) );

CLOSEHANDLE(h);
CLOSEHANDLE(hToken);

return (ERROR_SUCCESS == GetLastError());
}
}

CLOSEHANDLE(h);
return false;
}

Trying to locate the proper documentation shouldn't be this difficult, certainly not for a company that size.

5:33 PM | Add a comment | Send a message | Permalink | View trackbacks (0)

May 10

IPv6 is good for business, and will flush out unmaintained crapware

Ipv4 will be out of addresses sooner than most people realize.

This will probably occur within 24 months, and will likely cement Vista as the desktop os replacement for Xp, since its stack has IPv6 out-of-the-box.

The good news is that this will weed out the smaller software products who do not have the man-power to upgrade their existing applications to this newer reality.

We may even see well established products lag behind because they may be dealing with too much legacy Ipv4 code.

Time will tell...

4:17 PM | Add a comment | Send a message | Permalink | View trackbacks (0)

May 06

What Will Microsoft Do With Credentica?

Written by Bernard Lunn / May 3, 2008

http://www.readwriteweb.com/archives/what_will_microsoft_do_with_credentica.php

7:29 PM | Add a comment | Send a message | Permalink | View trackbacks (0)

May 05

The Race to Zero

The Race to Zero contest is being held during Defcon 16 at the Riviera Hotel in Las Vegas, 8-10 August 2008.

The event involves contestants being given a sample set of viruses and malcode to modify and upload through the contest portal. The portal passes the modified samples through a number of antivirus engines and determines if the sample is a known threat. The first team or individual to pass their sample past all antivirus engines undetected wins that round. Each round increases in complexity as the contest progresses.

http://www.racetozero.net/index.html

2:36 PM | Add a comment | Send a message | Permalink | View trackbacks (0)

April 30

Bjarne Stroustrup on the Evolution of Languages

http://msdn.microsoft.com/en-us/magazine/cc500572.aspx

6:49 PM | Add a comment | Send a message | Permalink | View trackbacks (0)

View more entries

Other Security Bloggers, and articles on software



Programatically setting Wininet/Internet Explorer's Proxy settings From Windows Core Networking Blog

PaulDotCom Episode98 DLL Injection

Google Online Security Blog The latest news and insights from Google on security and safety on the Internet

The Ghost In The Browser - Analysis of Web-based Malware by Google's Niels Provos 2007 9 pages Other link to doc: http://www.usenix.org/event/hotbots07/tech/full_papers/provos/provos.pdf

All Your iFRAMEs Point to Us by Google's Niels Provos February 4th, 2008 22 pages

Password Strength Checker This application is designed to assess the strength of password strings. The instantaneous visual feedback provides the user a means to improve the strength of their passwords, with a hard focus on breaking the typical bad habits

Microsoft Password checker Password Checker can help you to gauge the strength of your password. It is for personal reference only. Password Checker does not guarantee the security of the password itself.

Default Router Password Database This is the internets most complete default router password database available.

Google Sparsehash Package The Google sparsehash package consists of two hashtable implementations: sparse, which is designed to be very space efficient, and dense, which is designed to be very time efficient. For each one, the package provides both a hash-map and a hash-set

IDN Conversion tool Putting [räksmörgås.josefßon.org] in IE7, gets puny coded to [http://xn--rksmrgs-5wao1o.josefsson.org/] use this tool to convert unicode characters to punycode as IE 7 does.

How long should my passphrase be? To provide adequate protection against the most serious threats... keys used to protect data today should be at least 75 bits long. To protect information adequately for the next 20 years ... keys in newly-deployed systems should be at least 90 bits long

Draft Technical Report on C++ Library ISO/IEC DTR 19768 Doc No: N1836=05-0096 Date: 2005-06-24 Reply to: Matt Austern austern@google.com

Jeffrey's Exif Viewer Great util for viewing more data on your image files than you care to know. Exchangeable Image File Format.

McAfee Avert Labs Blog Computer Security Research

Microsoft® Windows® Software Development Kit for Windows Vista™ and .NET Framework 3.0 Runtime Components The Windows SDK includes documentation, samples, and tools designed to help you develop Windows applications and libraries using both Win32® and .NET Framework 3.0 technologies targeting Windows Vista.

Anton Stiglic A senior IT security advisor with a strong background in information theory and a keen interest in the business aspects involved around IT decisions. He has been involved in security in the IT industry since 1999, and in academia since 1996

Virus Bulletin News Latest news from the anti-virus industry

StopBadware Blog Stop Badware Blog

Virus Total Blog Blog VirusTotal

Norman Sandbox Upload malware for analysis

Susceptible Api's Build Security In - Setting a Higher Standard for Software Assurance. This catalog provides a set of Coding Rules to assist software developers, whether manually or in conjunction with tools, to discover, explore, remove and eventually prevent security vul

Windows Wireless Networking Using WMI to verify WEP status - 2006 Article, Me

Uniform Resource Identifiers (URI): Generic Syntax This document defines the generic syntax of URI, including both absolute and relative forms, and guidelines for their use; it revises and replaces the generic definitions in RFC 1738 and RFC 1808.

RFC 3552 Guidelines for Writing RFC Text on Security Considerations

Should I check the parameters to my function? Larry Osterman's blog - May 18 2004

Agile Alliance We are uncovering better ways of developing software by doing it and helping others do it.

Exploit Prevention Labs Exploit and 0day prevention

got API A great website for ANY developer!

STL.NET Primer Stanley B. Lippman Architect, Microsoft Visual C++ team August 2004 Applies to: Microsoft Visual C++ 2005 Standard Template Library (STL) and STL.NET

STL/CLR STL/CLR – Version of Standard Template Library for managed code 4/4/2007

AV Test project of the Business-Information-Workgroup at the Institute of Technical and Business Information Systems at the Otto-von-Guericke-University Magdeburg (Germany) in cooperation with AV-Test GmbH. In regular intervals we test anti-virus, anti-spyware...

AV Comparatives Independent comparatives of Anti-Virus software

VS2005 SP1 update for Vista http://support.microsoft.com/default.aspx?scid=929470

Peter Gutmann's Cryptlib Better than OpenSSL?

Why Crunch Mode Doesn't Work slashdot article, 2005

Top 50 Msdn security Articles MSDN Magazine Security CD, 19,95$

The Six Dumbest Ideas in Computer Security by Marcus Ranum

Adam Shostack Security Blog

Stefan Brands Postings on anything related to digital identity management.