Eugene Siu's Thoughts on Security : Developer Productivity

Troubleshooting Networking and IPSec Issues

esiu — Mon, 05 Nov 2007 11:30:00 GMT

I had a very strange networking issue last weekend. After connecting to corpnet via VPN and direct hookup, I was able to ping all remote servers, but was not able to do anything, such as web browsing and remote desktop. It was not the first time that I faced this issue, and helpdesk told me that IPSec settings may have messed up.

The following set of commands has helped me flush settings related to networking and IPSec, and restored my corpnet connection in both situations.

1. Launch a DOS command prompt
2. netsh int ip reset all
3. netsh winsock reset
4. ipconfig /flushdns
5. nbtstat -RR
6. gpupdate /force

Akin to "Ctrl-Atl-Del" of your networking settings, this series of commands should flush IP interface, DNS, Winsock, NetBIOS and group policy settings.

Good luck to troubleshooting your networking and IPSec issues.

More eyeballs for .Net Framework code

esiu — Fri, 05 Oct 2007 05:49:00 GMT

Microsoft will open up source code of .Net Framework to the public. It allows outsiders to review what is under the hood, and enables easier debugging of development projects around .Net Framework. .Net Framework code has been reviewed heavily, and developers can pick up coding best practices by reviewing source code of .Net Framework.

The following libraries are available:
* Net Base Class Libraries (including System, System.IO, System.Collections, System.Configuration, System.Threading, System.Net, System.Security, System.Runtime, and System.Text).
* ASP.Net (System.Web).
* Windows Forms (System.Windows.Forms).
* ADO.NET (System.Data).
* XML (System.Xml).
* Windows Presentation Foundation (System.Windows)

Source code is made available under the Microsoft Reference License, which is intended for developers to have read-only access. However, it does not allow modification or distribution.

An additional feature: It supports JIT code download for debugging in the final release of Visual Studio 2008. If set up properly, you don't need to download all source code on your box. You can get it when you need it transparently.

You can read this article for more details.

Just learned how to cross-post via MetaWeblog API

esiu — Thu, 20 Sep 2007 13:31:53 GMT

I work for ACE team, and want to cross-post from http://blogs.msdn.com/esiu to http://blogs.msdn.com/ace_team. Community Server supports MetaWeblog API, but I am not able to figure out how to configure cross-posting. After a few tries, I am able to cross-post now.

Community Server asks for several things

URL: http://blogs.msdn.com/blogs/metablog.ashx. Don't use http://blogs.msdn.com/<appkey>, and in my case, http://blogs.msdn.com/ace_team.
AppKey: target blogid, in my case, ace_team
Username: target blog login
Password: target blog password
Message to add: A header message on each cross post

Last not but least, you need to enable cross-posting in Global Settings -> Default Post Settings -> Enable Cross-Posting.

Hopefully, this will save you time as I spent numerous research hours figuring this out. I also apologize for polluting the blog atmosphere by a few phantom test messages while testing various configuration settings.

IE Developer Toolbar helps me hack

esiu — Thu, 20 Sep 2007 00:46:35 GMT

I was browsing IE blog articles to get research ideas. I came across IE Developer Toolbar, and decided to play with it. I was checking out different options, and it impressed me as a good web client developer tool, as it offers a breakdown of HTML elements, such as image dimension and structure validation. Almost I dismissed it as a security tool because as a security guy, I don't care so much about valid HTML. :)

Then, a few menus dawned on me as very useful. Disable menu offers disabling of Script, Popup Blocker and All CSS. Disabling script is very useful when I want to temporarily bypass some client-side checks on lengths or content. Of course, I can disable scripting via Internet Options or use Fiddler to bypass it, but it is easier via IE Developer Toolbar.

In addition, my favorite is Cache menu as shown in the first screenshot. It offers some very useful options to manipulate cookies, such as Disable Cookies, Clear Session Cookies, Clearn Cookies for Domain and View Cookies Information. I used to navigate to Temporary Internet Files directory, look for the right cookie among many temporary files, and review cookies by using Notepad. Each time a cookie is changed, I will need to manually open the same cookie again because Notepad does not offer refresh. It is time-consuming. It will be even more difficult if I want to see all cookies from the same domain name because they are stored in different files sorted by hostnames.

By using IE Developer Toolbar, I can easily view cookies across a domain by using View Cookies Information that will tabulate all cookies across the domain of the active page. The next screenshot shows a sample of all cookies from Microsoft.com as shown by View Cookies Information. In addition, cookies can be deleted without going to the Temporary Internet Files directory directly.

By using IE Developer Tool, it enables me to learn a new security penetration vector around cookies. Stay tuned for that. Also, please share with me your favorite security tools.

Running as non-admin is not as hard as I imagine

esiu — Wed, 19 Jan 2005 19:51:00 GMT

As a security tester, we need to ensure that our product works under minimal privilege. Yes, test machines are set up to test with minimal privilege, but my day-to-day email machine is set up with admin privilege. Although it is a threat to run under admin, it was more threatening to inflict myself with the hassles of running as non-admin. As an extremely paranoid person, I have so many novice questions: Do I need to reboot all the time if I need admin privilege? Will my apps continue to function properly? Will I get blue screen for no reasons?

One fine day, I decided to switch from admin to power user. Granted that power user is almost an admin, it should be a good start to run my box as non-admin. After several days, I did not find any differences with Office applications and other well-known ones, such as IE.

Until I need to unblock an application on my SP2 firewall do I have a problem. The problem can easily be circumvented by using "runas /user:mymachine\administrator control firewall.cpl" and enter my password. After the command, I run firewall.cpl as admin, and unblock my application. Finally, close the firewall app.

Voila, I am happy again with running my box as non-admin.

Do you have an easy way to find out what error codes mean?

esiu — Thu, 11 Nov 2004 04:43:00 GMT

You should check out err.exe available from http://www.microsoft.com/downloads/details.aspx?familyid=be596899-7bb8-4208-b7fc-09e02a13696c. Don't be tricked by the name (Exchange Server Error Code Look-up) because it supports error codes other than Microsoft Exchange.

It is very easy to easy, and supports “bidirectional” search. It can look up the meaning of an error from an error code, and vice versa. It supports many Windows common header files. Please let me know if you are aware of other error lookup tools.