lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Tue, 2 Jan 2007 00:09:49 -0500
From: "Geo." <geoincidents@....net>
To: <full-disclosure@...ts.grok.org.uk>
Subject: Re: Vista Reduced Function mode triggered


> It just can't be that simple. There has to be more to what happened to
> the guy. Lots of computers are offline for several days at a time, it's
> inconceivable that they didn't test that.

Ok, as complete as I can be in the few minutes I have to post this.

During those three days I did a lot of poking around, stopping and starting 
services, switching from wired to wireless and back, trying to view high def 
video (which I still am not able to do in any video player except WMP for 
some reason) installing codecs and software, running into the event ID 4226 
tcp security connect limit, etc.

However I never got any notification of deactivation or any problem of that 
sort. Then on the third day suddenly solitaire would not start up and I 
couldn't get into network properties. I did a bunch of rebooting and trouble 
shooting trying to figure that out but got nowhere.

So I went back to trying to get high def video to work in Media player 
classic and figured perhaps it was trying to download a codec so I removed 
the routes. It didn't help the video but I quickly found network properties 
started working. So then I tried solitaire and it worked. This was all 
directly after removing the routes, there wasn't but a few minutes between 
letting it talk to the net and these apps starting to work again.

I decided this was probably reduced functionality in action but since I had 
never seen it before I needed some way to trigger it so I could compare 
since it would take 3 days to reproduce with route blocking. I disabled the 
software licensing service since it claims disabling that service will kick 
off reduced functionality mode. Nothing happened immediately but 24 hours 
later solitaire and network properties (and now control panel) would not 
start up. It was exactly the same apps and behavior. I enabled and started 
the software licensing service and in seconds things returned to fully 
functional just like removing the routes did.

So it's possible the routes didn't trigger it, but removing them sure cured 
it quickly so that is my guess at this point. Further testing is needed. I 
won't be testing it for a couple days as I need the laptop connected to 
other networks to try some other software I need to test. (that tcp limit 
may prove a problem for network monitoring)

Geo. 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ