DNS Secretly Resets Itself Instantly and DNS Servers are Not Blocked by Windows 10 Firewall Rules

I noticed that on a Windows 10 machine I if I leave DHS to be auto-configured or change the DNS serves to OpenNIC addresses they are automatically reassigned to

8.8.8.8

75.75.75.75

Malware scanners are not detecting anything, but colleagues say it is a known attack vector to defeat DNS anonymity.

Only SpyHunter detects and reports this change, though I previously found evidence of this by testing. It also seems to override DNS configured by VPN software. It is forcing itself at the top of the list, so it always checks Google before considering OpenNIC as a fallback.

As a mitigation step I tried custom Inbound/Output firewall rules to block all traffic in a wide range of either IP, but these rules seem to fail because I can still ping those IP’s.

How can I find and fix the root cause and/or how can I completely block all DNS traffic to these IP’s?

Old ODBC app throws “cannot generate sspi context” on Windows 10

An old Access 2003 .adp project is currently running on Windows 7 machines, while SQL Server 2008 is on the backend. Since the app is moved to a Windows 10 machine, the app will trigger “Connot generate SSPI context” error.

There are a lot of messages over the Internet to explain possible reasons and solutions.

In our case, we may overcome the problem running Msaccess.exe from commandline, using:

runas /netonly /user:userdomain\useralias "C:\Program Files\<path-to-office-folder>Msaccess.exe" 

The downside is that the user is prompted for password each time the shortcut is being used.

Is there a way to fix this so that the app (or Windows 10) are addressing the domain user name correctly, avoiding the error?

Support for signed SSH certificates – Windows 10 OpenSSH to Linux

“OpenSSH for Windows” version OpenSSH_for_Windows_8.0p1, LibreSSL 2.6.5 Client OperatingSystem Windows 10 Enterprise

Does OpenSSH for Windows support signed certs?

I feel like it does, as ssh-keygen picks up the certificate no problem. However, it doesn’t want to connect. The same steps seem to work fine from linux.

 Directory of C:\hi 11/04/2019  01:18 PM             2,013 GregDFO-cert.pub 04/16/2019  09:07 AM             1,854 GregDFO-private.key 04/16/2019  09:31 AM               389 GregDFO-public.key  C:\hi>ssh-keygen -Lf GregDFO-cert.pub GregDFO-cert.pub:         Type: ssh-rsa-cert-v01@openssh.com user certificate         Public key: RSA-CERT SHA256:Ccox9NCf/HBjzFxRE76XsnTT9k0vbmRB4/j5qX95WkQ         Signing CA: RSA SHA256:3axo+wPqiszHOTKy94Tk2gj4S6Rb6uGWKcB4s059bvg (using ssh-rsa)         Key ID: "root"         Serial: 17890926214909873034         Valid: from 2019-11-01T08:52:18 to 2019-11-13T19:52:48         Principals:                 cormierg         Critical Options: (none)         Extensions:                 permit-pty 

However, when trying to use it, ssh spits out invalid format

C:\hi>ssh -i GregDFO-private.key -i GregDFO-cert.pub cormiergr@1.2.3.4  Enter passphrase for key 'GregDFO-private.key': ***** Load key "GregDFO-cert.pub": invalid format 

A few extra verbose tidbits:

Enter passphrase for key 'GregDFO-private.key': debug2: we sent a publickey packet, wait for reply debug1: Authentications that can continue: publickey,keyboard-interactive debug1: Offering public key: GregDFO-cert.pub RSA-CERT  SHA256:Ccox9NCf/HBjzFxRE76XsnTT9k0vbmRB4/j5qX95WkQ explicit debug2: we sent a publickey packet, wait for reply debug1: Server accepts key: GregDFO-cert.pub RSA-CERT  SHA256:Ccox9NCf/HBjzFxRE76XsnTT9k0vbmRB4/j5qX95WkQ explicit debug1: sign_and_send_pubkey: no separate private key for certificate "GregDFO-cert.pub" Load key "GregDFO-cert.pub": invalid format debug2: we did not send a packet, disable method debug1: Next authentication method: keyboard-interactive 

What are the main attack vectors on USB storage drives on Windows 10?

I am trying to understand what generic risks are there in using my thumb drive to transfer files to some untrusted machine and plugging it back to my Windows device. Specifically I am interested in generic threats when I plug my USB Drive to external machine is compromised (like public image printing shop).

As far as I understand 2 main risks are:

A) Malicious files are copied to my pen drive from a compromised system and than

  1. I open them manually on a personal computer.
  2. Viruses are run automatically on usb drive plug in. (obsolete unless autorun is enabled manually on target machine)
  3. Malware is executed without user interaction and with autorun disabled. Such example would be something like buffer overflow in windows image thumbnail generator (CVE: 2010-3970). As far as I understand no user interaction will be needed and machine can be infected on it`s own (besides inserting USB drive, and browsing the folder of course).

B) Automated BadUSB firmware reprogramming. With all the further consequences that BadUSB deliver. But generally this kind of attack is not present in form of generic attack as it would require to support huge amounts of different peripheral manufacturers with different devices.

So my questions are:

Are there any other generic (non-targeted) threats that are similarly widespread in the wild?

In respect to risk 3 – how common are such almost no user interaction vulnerabilities in the wild?

Sharepoint OneDrive for Business and C# WPF Windows 7

I have a question and I would appreciate for your help.

I have WPF C# desktop application (windows 7) . And I want to connect to OneDrive For Business (SkyDrive Pro) account and to get the files from OneDriveForBusiness storage (we have corporate Office 365 account ).

If I understood correctly, I need to use Sharepoint API and REST GET command for connect to xxxxx@xxxx.onmicrosoft.com account?

But I can’t understand how to do this.

At first, how to login? I need to add Browser component to my Desktop App?

Maybe somewhere c# Desktop samples are? With demonstrate basic operations: connect, get metadata, get files.

If Sharepoint API can’t help me, tell me please, how can I do that? Which API I need to use?

Thanks for your consideration. It’s really needed for me.

Is using typical memory used when working under windows environment a good knowledge of needed memory for a new computer?

Let s suppose I want to buy a new computer. My reasonning for the amount of ram is the following.

Is it correct ?

I look under windows environment how much memory I use when a large amount of applications that I typically use are simultaneously active. This gives me the memory that I need for the next computer.

Not more is needed.

¿Como eliminar las tablas que no le pertenezcan a una base de datos en un TreeView? c# Windows Forms, Microsoft SQL Server

Resulta que tengo un TreeView que me muestra todas las bases de datos que hay con sus respectivas tablas. El problema como verán es que me aparecen tablas a las que le pertenecen a una base de datos pero que tambien les aparecen en otras, lo cual está mal.

introducir la descripción de la imagen aquí

Y lo que quiero es que me muestren nomas las tablas a las que les pertenecen la base de datos únicamente.

       TreeNode node;     TreeNode hijo;     private void Form1_Load(object sender, EventArgs e)     {         DataTable tabla = new DataTable();         DataTable tablas = new DataTable();          ReglasDeNegocios.OperacionesBD operaciones = new ReglasDeNegocios.OperacionesBD();         if (operaciones.BaseDatos(sUsuario, sPassword, ref tabla))         {               foreach (DataRow dr in tabla.Rows)             {                 node = new TreeNode(dr["name"].ToString());                 string hijos = Convert.ToString(dr["name"].ToString());                 if (operaciones.BaseDatos(sUsuario, sPassword, hijos, ref tablas))                 {                     foreach (DataRow dr2 in tablas.Rows)                     {                          hijo = new TreeNode(dr2["Tabla"].ToString());                         node.Nodes.Add(hijo);                     }                     treeView1.Nodes.Add(node);                 }              }             }         else         {              MessageBox.Show("Ocurrio un error: " + operaciones.sLastError);         }     } 

Asi mando a llamar la BaseDatos:

  public Boolean BaseDatos(String sUsuario, String sPassword, String BD, ref DataTable Tabla)     {         Boolean bAllOk = false;         using (SqlConnection conexion = new SqlConnection())         {             try             {                  conexion.ConnectionString = $  "Server=ROBERTODIAZ; User Id={sUsuario}; Password={sPassword}";                 conexion.Open();                 SqlCommand comando = new SqlCommand($  "use {BD} select sc.name+'.'+tb.name AS Tabla from sys.tables tb inner join sys.schemas sc on tb.schema_id = sc.schema_id order by Tabla ASC", conexion);                 SqlDataAdapter adapter = new SqlDataAdapter(comando);                 adapter.Fill(Tabla);                   bAllOk = true;              }             catch (Exception ex)             {                 sLastError = ex.Message;             }             finally             {                 conexion.Close();             }         }         return bAllOk;     } 

¿Como solucionarían esto?

Windows 10 invalidated PIN for three accounts out of four

I have a Windows 10 Pro 1903 with four accounts:

  • two are for adult users and two for children
  • one adult account is admin account, three remaining are standard users accounts,
  • all four are Microsoft accounts and uses Windows Hello feature to allow login with PIN number.

Recently I have changed by BIOS configuration, by disabling TPM 2.0 support and enabling TPM 1.2 support. Windows immediately “captured” this change and invalidated PINs, requesting users to re-login to Microsoft account via password and then recreate their PINs.

What surprised me the most is that above mentioned change occurred only to three accounts. One account — child and standard user account — was “missed” and can login without any problems, using the same PIN that was defined to this account prior to TPM version change in BIOS.

Am I missing something obvious? Shouldn’t PIN numbers for all four accounts be invalidated?