"Restrict or prevent anonymous access and account enumeration on your systems:
HKLM\System\CurrentControlSet\Control\Lsa\RestrictAnonymous
Value Name: RestrictAnonymous
Data Type: REG_DWORD
Value: 1
For NT and mixed environments, choose '1' for the data field. Or choose the 'Do not allow enumeration of SAM accounts and shares' directive. For pure Windows 2000 environments or for the paranoid, choose the data value of '2' or 'No access without explicit anonymous permission.' This will prevent NULL session attacks which are a common and frequent threat. For more information on NULL sessions and their vulnerabilities, please see the SANS document at http://rr.sans.org/win/null.php and Microsoft Knowledgebase articles Q143474 and Q246261."
Monday, August 15, 2005
Null Sessions:
Mozilla and hypocrisy
Right, but what about the experiences that Mozilla chooses to default for users like switching to Yahoo and making that the default upon ...
-
via VMware blog
-
AJAX: redesign your PHP applications? - ThinkPHP /dev/blog : "First of all, XMLHttpRequest has a problem: in InternetExplorer, it doesn...