The reason i ask is that i may have found a possible security flaw, but would
appreciate it if anyone else who has the above operatings system can also
check to see if this was coincident or is a flaw in vista's security

Scenario
1 PC Running Vista 64 Home Premium
1 PC Running Ubuntu 7

Vista pc setup for use on private network, i have no shares configured

From the Ubuntu desktop, i managed to browse the network, and select my
vista pc - because i am a local user on vista with admin rights i entered my
details and connected to the vista pc.

Usually you would get no shares available, but no all hidden admin shares
where displayed for my drives, and everyone was accessible.

Surely this is incorrect, this shares should not show up in ubuntu and
should be fully hidden.



As anyone else come across this or can someone else test. If the results are
the same and can see hidden shares when you're not supposed to, then surely
this is one major security breach.

regards

You must have misunderstood what "no shares configured" means. It means you
have not created any additional shares over and above the administrative
shares. "Hidden" as in "hidden share" means "flagged with a special flag that
directs the client not to display the share."

Also, if you had left UAC turned on you would not have been able to connect
to the administrative shares. You would be able to connect other shares but
those are restricted to administrators only and with UAC turned on
administrators do not get administrative tokens when connecting from the
network to stand-alone computers.

If you want to "hide" the Vista machine from the Ubuntu system either
configure the firewall in the public profile or open the Network and Sharing
Center and turn off network discovery.

---
Your question may already be answered in Windows Vista Security:
http://www.amazon.com/gp/product/047...otectyourwi-20


"mirdragon" wrote:

> The reason i ask is that i may have found a possible security flaw, but would
> appreciate it if anyone else who has the above operatings system can also
> check to see if this was coincident or is a flaw in vista's security
>
> Scenario
> 1 PC Running Vista 64 Home Premium
> 1 PC Running Ubuntu 7
>
> Vista pc setup for use on private network, i have no shares configured
>
> From the Ubuntu desktop, i managed to browse the network, and select my
> vista pc - because i am a local user on vista with admin rights i entered my
> details and connected to the vista pc.
>
> Usually you would get no shares available, but no all hidden admin shares
> where displayed for my drives, and everyone was accessible.
>
> Surely this is incorrect, this shares should not show up in ubuntu and
> should be fully hidden.
>
> As anyone else come across this or can someone else test. If the results are
> the same and can see hidden shares when you're not supposed to, then surely
> this is one major security breach.
>
> regards
>

"mirdragon" <mirdragon@discussions.microsoft.com> wrote in message
news:BEA28C04-C618-4A9C-B1F0-CD3B621A626C@microsoft.com...
> The reason i ask is that i may have found a possible security flaw, but
> would
> appreciate it if anyone else who has the above operatings system can also
> check to see if this was coincident or is a flaw in vista's security
>
> Scenario
> 1 PC Running Vista 64 Home Premium
> 1 PC Running Ubuntu 7
>
> Vista pc setup for use on private network, i have no shares configured
>
> From the Ubuntu desktop, i managed to browse the network, and select my
> vista pc - because i am a local user on vista with admin rights i entered
> my
> details and connected to the vista pc.
>
> Usually you would get no shares available, but no all hidden admin shares
> where displayed for my drives, and everyone was accessible.
>
> Surely this is incorrect, this shares should not show up in ubuntu and
> should be fully hidden.
>
> As anyone else come across this or can someone else test. If the results
> are
> the same and can see hidden shares when you're not supposed to, then
> surely
> this is one major security breach.

Further to Jespers comments, the user connecting to the Vista machine from
the Linux machine knew the admin username & passphrase for the Vista
machine.
I assume this information isn't something you will be making readily
available to everyone on your network?
This isn't a security breach at all.

sorry i do think this is a security breach

a hidden share is a hidden share and should not be viewable within network
browsing, that is why they are called hidden for extra security

try connecting exactly the same way with exactly the same details from a
windows xp machine, and you'll find that this DOES NOT list these hidden
shares

do it from a linux box running ubuntu 7 and you'll get everything this only
happens when connecting via linux

as for uac, if you leave this active even though you are an administrator of
the system, you might as well be a limited user, as it prevents a lot of
stuff running properly



"Iuvenalis" wrote:

> "mirdragon" <mirdragon@discussions.microsoft.com> wrote in message
> news:BEA28C04-C618-4A9C-B1F0-CD3B621A626C@microsoft.com...
> > The reason i ask is that i may have found a possible security flaw, but
> > would
> > appreciate it if anyone else who has the above operatings system can also
> > check to see if this was coincident or is a flaw in vista's security
> >
> > Scenario
> > 1 PC Running Vista 64 Home Premium
> > 1 PC Running Ubuntu 7
> >
> > Vista pc setup for use on private network, i have no shares configured
> >
> > From the Ubuntu desktop, i managed to browse the network, and select my
> > vista pc - because i am a local user on vista with admin rights i entered
> > my
> > details and connected to the vista pc.
> >
> > Usually you would get no shares available, but no all hidden admin shares
> > where displayed for my drives, and everyone was accessible.
> >
> > Surely this is incorrect, this shares should not show up in ubuntu and
> > should be fully hidden.
> >
> > As anyone else come across this or can someone else test. If the results
> > are
> > the same and can see hidden shares when you're not supposed to, then
> > surely
> > this is one major security breach.
>
> Further to Jespers comments, the user connecting to the Vista machine from
> the Linux machine knew the admin username & passphrase for the Vista
> machine.
> I assume this information isn't something you will be making readily
> available to everyone on your network?
> This isn't a security breach at all.
>
>
>

Nope, you misunderstand hidden share, it was never intended as a
security feature, it was more of a housekeeping, keeping things looking
clean standpoint. A hidden share is marked as "hidden" by having a $
appended to it. The Windows OS sees the appended $ and treats it as
hidden. The OS still sends the share in the list of shares for the share
enumeration request. This has always been the case. Basically it is up
to the OS or the application if it wants to display those shares once it
sees the "hidden" flag.

This was pretty common in Windows NT, it is how computer accounts were
"hidden" from display when you listed user accounts or if you just
wanted to display computer accounts.

joe

--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net


---O'Reilly Active Directory Third Edition now available---

http://www.joeware.net/win/ad3e.htm


mirdragon wrote:
> sorry i do think this is a security breach
>
> a hidden share is a hidden share and should not be viewable within network
> browsing, that is why they are called hidden for extra security
>
> try connecting exactly the same way with exactly the same details from a
> windows xp machine, and you'll find that this DOES NOT list these hidden
> shares
>
> do it from a linux box running ubuntu 7 and you'll get everything this only
> happens when connecting via linux
>
> as for uac, if you leave this active even though you are an administrator of
> the system, you might as well be a limited user, as it prevents a lot of
> stuff running properly
>
>
>
> "Iuvenalis" wrote:
>
>> "mirdragon" <mirdragon@discussions.microsoft.com> wrote in message
>> news:BEA28C04-C618-4A9C-B1F0-CD3B621A626C@microsoft.com...
>>> The reason i ask is that i may have found a possible security flaw, but
>>> would
>>> appreciate it if anyone else who has the above operatings system can also
>>> check to see if this was coincident or is a flaw in vista's security
>>>
>>> Scenario
>>> 1 PC Running Vista 64 Home Premium
>>> 1 PC Running Ubuntu 7
>>>
>>> Vista pc setup for use on private network, i have no shares configured
>>>
>>> From the Ubuntu desktop, i managed to browse the network, and select my
>>> vista pc - because i am a local user on vista with admin rights i entered
>>> my
>>> details and connected to the vista pc.
>>>
>>> Usually you would get no shares available, but no all hidden admin shares
>>> where displayed for my drives, and everyone was accessible.
>>>
>>> Surely this is incorrect, this shares should not show up in ubuntu and
>>> should be fully hidden.
>>>
>>> As anyone else come across this or can someone else test. If the results
>>> are
>>> the same and can see hidden shares when you're not supposed to, then
>>> surely
>>> this is one major security breach.
>> Further to Jespers comments, the user connecting to the Vista machine from
>> the Linux machine knew the admin username & passphrase for the Vista
>> machine.
>> I assume this information isn't something you will be making readily
>> available to everyone on your network?
>> This isn't a security breach at all.
>>
>>
>>

Security breach? Hardly - at best, it's another case of MS using
"security by obscurity", except that it isn't even particularly obscure
in this case. I think you will find that only Windows fails to display
those "hidden" shares. I doubt MS even intended for this to be for
security, probably just to keep things a little cleaner for non-admin
types. AFAIK, there isn't any special hidden attribute attached to them
beyond having the $ after the name, they are just hidden by convention
in a MS network environment. Besides **everyone** knows they are there,
and that they are called <drive letter>$, so being hidden isn't helpful
anyway. You still need credentials with the correct permissions to
access them.

Regards,

Dave

"mirdragon" <mirdragon@discussions.microsoft.com> wrote in message
news:88442B8E-6858-476D-A2AD-524A0768C802@microsoft.com...
> sorry i do think this is a security breach
>
> a hidden share is a hidden share and should not be viewable within
> network
> browsing, that is why they are called hidden for extra security
>
> try connecting exactly the same way with exactly the same details from
> a
> windows xp machine, and you'll find that this DOES NOT list these
> hidden
> shares
>
> do it from a linux box running ubuntu 7 and you'll get everything this
> only
> happens when connecting via linux
>
> as for uac, if you leave this active even though you are an
> administrator of
> the system, you might as well be a limited user, as it prevents a lot
> of
> stuff running properly
>
>
>
> "Iuvenalis" wrote:
>
>> "mirdragon" <mirdragon@discussions.microsoft.com> wrote in message
>> news:BEA28C04-C618-4A9C-B1F0-CD3B621A626C@microsoft.com...
>> > The reason i ask is that i may have found a possible security flaw,
>> > but
>> > would
>> > appreciate it if anyone else who has the above operatings system
>> > can also
>> > check to see if this was coincident or is a flaw in vista's
>> > security
>> >
>> > Scenario
>> > 1 PC Running Vista 64 Home Premium
>> > 1 PC Running Ubuntu 7
>> >
>> > Vista pc setup for use on private network, i have no shares
>> > configured
>> >
>> > From the Ubuntu desktop, i managed to browse the network, and
>> > select my
>> > vista pc - because i am a local user on vista with admin rights i
>> > entered
>> > my
>> > details and connected to the vista pc.
>> >
>> > Usually you would get no shares available, but no all hidden admin
>> > shares
>> > where displayed for my drives, and everyone was accessible.
>> >
>> > Surely this is incorrect, this shares should not show up in ubuntu
>> > and
>> > should be fully hidden.
>> >
>> > As anyone else come across this or can someone else test. If the
>> > results
>> > are
>> > the same and can see hidden shares when you're not supposed to,
>> > then
>> > surely
>> > this is one major security breach.
>>
>> Further to Jespers comments, the user connecting to the Vista machine
>> from
>> the Linux machine knew the admin username & passphrase for the Vista
>> machine.
>> I assume this information isn't something you will be making readily
>> available to everyone on your network?
>> This isn't a security breach at all.
>>
>>
>>

"mirdragon" <mirdragon@discussions.microsoft.com> wrote in message
news:88442B8E-6858-476D-A2AD-524A0768C802@microsoft.com...
> sorry i do think this is a security breach
>
> a hidden share is a hidden share and should not be viewable within network
> browsing, that is why they are called hidden for extra security
>
> try connecting exactly the same way with exactly the same details from a
> windows xp machine, and you'll find that this DOES NOT list these hidden
> shares
>
> do it from a linux box running ubuntu 7 and you'll get everything this
> only
> happens when connecting via linux
>
> as for uac, if you leave this active even though you are an administrator
> of
> the system, you might as well be a limited user, as it prevents a lot of
> stuff running properly


It isn't a security breach. Others have explained hidden shares better than
I could.
But remember, ***you are connecting to the vista pc using the admin
username & passphrase***

If an attacker didn't have this information they would not be able to
connect to the admin shares.

So, anyone connecting a Ubuntu machine without knowing the admin login
details would not be able to access.

As for UAC I still have mine enabled.
For general use on this machine I get ZERO UAC popups, i'm not sure what
apps you're using?
I run browsers, email, games, office apps, graphics apps, DVD & audio
ripping, DVD - Xvid apps on a daily basis & none give me UAC pop ups.

I get a pop up when I run true Image every week. For daily backups I use
Robocopy which doesn't give you a UAC popup.

I tend to view event viewer once a week or so if I think it necessary & that
gives a pop up.

So, what is it that you run that cannot run properly with UAC on?

Joe Richards [MVP] wrote:

> hidden. The OS still sends the share in the list of shares for the share
> enumeration request.

In that case, it's very silly! If the enum is done by by a local process
with a connection over DCOM then it's fair enough, it's listing shares
that it's exposing.

If it's showing up in a network browser, it defeats the whole point of
the $ concept, which is to hide it from the browse request. Remember,
it's not just C drives, it could be vast listings of a file server.
You'd still have NTFS to get through, but it still defeats the whole
point of them being "hidden".

--
Gerry Hickman (London UK)

> If it's showing up in a network browser, it defeats the whole point of
> the $ concept, which is to hide it from the browse request. Remember,
> it's not just C drives, it could be vast listings of a file server.
> You'd still have NTFS to get through, but it still defeats the whole
> point of them being "hidden".

What point is it that you believe is being defeated?

You missed the part where I said this was never designed to be a
security feature but instead is used for housekeeping/display. Say, and
this is a real life example, I have a file server with 5000 home folder
shares on it called user1$ through user2$ and I have 10 project shares
on the server called proj1 through proj10. Some random user connects to
the server by \\servername to get a list of the project shares, if MSFT
didn't have the hidden mechanism the user would get a listing of 5010
shares instead of 10.

Your understanding or wish of what the $ concept is just needs to be
readjusted. It isn't about hiding it from the browse request, it is a
quick way to indicate to the client that the shares have been marked
hidden which is a guideline and a guideline only, to not display. If
MSFT intended for that to be a security feature, you can rest assured
they wouldn't be sending those share names when requested. It is simpler
not to send them than to not display them when they have been sent.


--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net


---O'Reilly Active Directory Third Edition now available---

http://www.joeware.net/win/ad3e.htm


Gerry Hickman wrote:
> Joe Richards [MVP] wrote:
>
>> hidden. The OS still sends the share in the list of shares for the
>> share enumeration request.
>
> In that case, it's very silly! If the enum is done by by a local process
> with a connection over DCOM then it's fair enough, it's listing shares
> that it's exposing.
>
> If it's showing up in a network browser, it defeats the whole point of
> the $ concept, which is to hide it from the browse request. Remember,
> it's not just C drives, it could be vast listings of a file server.
> You'd still have NTFS to get through, but it still defeats the whole
> point of them being "hidden".
>