Date: Sat, 29 Aug 1998 02:02:25 -0400 (EDT) From: Phlontarr, Lord of the Krontak Regions To: smt@as220.org Subject: Going out with a bang... I just replied to this freaking e-mail, and I almost hope it costs me my job. I don't want to deal with clueless NT morons NO MORE! We've been kissing the ass of this crappy microslut bedmate for several weeks. I actually tried to be tactful when I wrote this, but I've been drinking Malt Liquor, soooooo.... Well, I already pressed send. (DOH!) but I thought you folks might like my drunken anti-NT rant. ============================================================================ =========== >Josh, > I forced a security logon and entered my userid/pswd and now search >works... so that means that the anonymous web user does not have access >to something.... > I already checked the obvious hjh.mdb and search.exe >c:\winnt\system32\*.* > Are you doing any writes to temp files or ?????? > > > Some Guy > A Lame Company > xxxx Sunrise >Valley Dr. > Reston, VA >xxx1-xxxx > >http://www.xxx.com > > Hi Mike, I guess this is good news. At least now we have a clue. In answer to your question: Nope, no temp files, and no writing to files. Have you checked the logs?? Any messages about authentication errors? I'm not a a real Windows NT security expert (Although I use NT almost every day, why bother with security when nobody understands what's going on under the hood of the OS??????). In general I find NT and NT apps security to exceptionally strong (AKA paranoid) where they don't need to be (user level) and *VERY VERY VERY* weak at the protocol level. Throw it an extra byte, or an odd byte (or several thousand) here or there and it crashes. Or worse. FREE ADVICE: I wouldn't run a server on NT, if I were yo7u (or anybody). How can you trust a black box you know nothing about, except that it comes from a Big Company and they *probhably* have their act together? How silly is that? Plus any teenage hacker wannabe can give 25% (my lowball estimate) of all NT system the Blue Screen Of Death using stuff they got off the Internet, and new holes are found in their (secret, closed-source) code every week. I haven't had to patch our Linux installion for security reasons in, well, actually, never. How many patches have you applied in the last year? That's the beauty of open-source software. You, and I, (and hackers) can look at the source code and find the weaknesses before Evil Belgian Hackers raid your 'net. Plus NT crashes once a day, on average, (in my experience, at least doing programming stuff. If you're doing anything of consequence, twice a day). Why do you use this OS??? Did Microsoft actually drive a dumptruck full of money up to your offices, or what??? (this is a serious question, what would make you use NT as a server OS? I'm not even going to get into the fact you run a hideously outdated version of IIS.) But I digress. I can't help too much with security issues, because I think NT security is a _Waste_Of_Time_. I don't trust code I can't inspect, no matter where it came from. It's not like I ever really look at the source code, but Security through obscurity is no security at all. My suggestion: Make sure the files in question are readable by whatever user the server is running as, and make sure any libraries it is trying to load are kosher as well. My guess is that the server wants the database to be located somwhere it considers safe and where it is now isn't considered safe. That's just a guess. Other than that, have you tried Microsoft Tech Support??? If that fails, there's this thing caled Linux, perhaps you've heard about it... Peace, --JM