Posts by quist

  • OnPoint: MSD's Leaky Servers,

    Aside from the obvious privacy implications, the screenshots at the end of your post are rather worrying.

    The first one is the file structure for the Hyper-V server. The Hyper-V server is a server that hosts virtual machines running in an organisation. If you know what you’re doing, you could quite conceivably alter the configuration of any one of those virtual machines to do your bidding. You could infact insert your own code into the machine configuration to say, log keystrokes. The possibilities are endless. You’d need some special software tools but it’s not beyond the realms of possibility if you have access to the server.

    The screenshot that mentions “Altiris” is known as an “answer file”. An answer file is like a template for setting up multiple computers. If you want to set up 100 computers, instead of setting up the computers one by one, which would take a long time – you use an imaging tool like Symantec Altiris. An imaging tool lets you take a snapshot of a single computer and then deploy it to multiple new computers, a bit like cloning. The answer file is a way to customise the configuration and your screenshot shows the admin passwords and other configurations such as time zone that will be applied to the cloned computers.

    These configurations could be altered to anything you wanted. If you had access to the disk images (these are the snapshots of the cloned computers) you could alter them (insert your own software) and then the administrator who subsequently used those disk images would be creating computers containing your software and probably not be aware of it.

    Symantec Altiris is an industry standard tool to do this kind of work and someone with knowledge of it could do that easily.

    The last screenshot on your article is a batch script file for setting the firewall settings in Windows on individual computers. You could alter this with any firewall rules you liked – including switching the firewall off completely.

    Since Oct 2012 • 2 posts Report Reply

  • OnPoint: MSD's Leaky Servers, in reply to dc_red,

    Mountain Standard Time has no relevance except that it is a setting in what is known as the "answer file". When setting up a lot of computers "en-masse", let's say an administrator has to set up 100 computers. Instead of going through the set up wizard 100 times, you submit an answer file instead. This file has all the answers to the setup wizard questions. One of the questions you get asked when setting up a computer (installing Windows) is what the timezone is... and another one is what you want your admin password to be. The screenshot shown is once such answer file. It seems they've set the time zone to Mountain Standard Time, for whatever reason, my best guess is that's the default and they didn't bother to change it to the correct time zone!

    Altiris is a tool used to deploy multiple computers using this method, so presumably they use it when setting up computers in the organisation. It's a perfectly good tool for the job and made by Symantec.

    Since Oct 2012 • 2 posts Report Reply