CarnahanTech  

|:.·.: :'': :·.: :·: :::. ::''|  
/home /Linux /Windows /Programming /Resumé /Blog /HomeUsers
Other Blogs.:·
SysInternals/
Mark Russinovich.
LinuxQuestions/
Jeromy
ISAServer/
Various Authors
MSDN/
James Conrad
FrSIRT/
Security Incident Response.
US-Cert/
US-Cert.gov
Government Sec/
Security Articles


Favorites .:·
Wikipedia/
Free Encyclopedia.
IANA Ports/
TCP/UDP Port List.
Acronym Finder/
Always Handy.
Password Maker/
Generates Password and Phonetics.
My BLOG.
PHP DATE

I don't blog that often, but there are links to blogs that I find interesting. When I come across something interesting, I'll post about it. Feel free to contact me about my blogs or if your looking for an answer, maybe I can give it to you. Have fun.

RTL8187 Driver release on Microsoft Update (07/01/07)
A driver was release on the Windows Update website for the RealTek RTL8187 integrated wireless adapter on 06/28/07. This driver does have a flaw, and should be rolled back immediately. If you use the sysinternals tool Process Explorer, you will see around 30% CPU usage in your DPCs and 15% CPU usage in Hardware Interrupts. If you simply rollback the driver, you'll notice the CPU usage drop off to 0%. I have emailed microsoft product support, hopefully I'll hear back soon.
Click here to watch the video demo



Interesting Vista User (06/28/07)
Ok, so I've been messing around with my new laptop, Gateway MT6452, which has a 64bit processor and 2GB of ram for a couple months now. It's the fastest thing I've owned and it came with Vista so I could start playing with all the cool new features. Just for fun, I dug up the old Sysinternals tool tokenmon. Tokenmon monitors activity related to processes elevating their security level by using priviledges stored in the process's token. What I noticed when running this tool is that an svchost.exe process was running under the logged on user TURION64$. My laptop's computername is Turion64, my user account is Carnahan. The highlighted line is showing the svchost.exe process which is running under "workgroup\Turion64$" elevating its security access to "NT Authority\System". I hadn't really found a use for Tokenmon until now, but if you run another tool from sysinternals called logonsessions you'll be suprised how many users are logged onto your system. Most people know that there is a user called "NT Authority\System" which is the system account and most powerful of any account, but there are a few other accounts on my system. If you check out this link, you'll find a list of Security Identifiers (SIDs) and the account they relate to. Turion64$ ended up being my local system account (SID = S-1-5-18), now the kicker is that if you run psgetsid on S-1-5-18, it will return "NT Authority\System". In order to know who and what is running on your system, run these tools on your own computer and see what sessions & accounts the processes are running under.
Below is a picture of my findings.
.:· A little knowledge is a dangerous thing.      So is a lot. Einstein
carnahantech.com & adamcarnahan.com are maintained by Adam Carnahan