We are facing sudden security issue stated with below details
isschildwroteandexecuted
an iis sub-process wrote a new executable and a sub-process ran it
And reported with below additional details as
exploit public-facing application gain issue
I am blank with this issue details. Can anyone help me regarding this issue details.
Thanks in advance.
We have tried to access IP tied up with request and everything seems valid provider.
We need to find and block IP which trying to exploit.
Related
We're currently using Okta for SSO for our IIS web app and it seems to work fine 99% of the time. However, there is a single user that, when attempting to login, gets this exception about a missing nonce. I've tried reducing all of the variables as much as possible, and I've gotten to the point where two users are trying to login to the same application with the same Okta credentials from the same machine and using the same browser (default chrome freshly installed with no plugins or browsing history). The only differences are where they are RDP'd into the machine from and which windows domain account they're logged in as. Neither of these seem like they should make any difference whatsoever.
However, one user successfully logs in and the other gets this obtuse Exception about a missing nonce.
I've seen several other questions regarding solving this error (IDX21323), and I'm not seeing any actual solutions or explanations that make sense. I've tried a couple of hacks like adding in a new challenge when authentication fails and the auth failed notification exception contains the text "IDX21323", but it doesn't have any effect.
I don't understand the problem well enough to ask a more detailed question because I can't, for the life of me, understand how it could be happening in one case but not the other. I'm not even sure what to investigate at this point.
on a WebSphere 7.0 console under Servers -> Server Types -> WebSphere application servers I do not see the checkboxes next to JVM servers. The version is ND 7.0.0.17 (as per screen shot below - some info removed for security reasons). So far it has our Network Admins a little perplexed. They have tried adding me to different trusted domain WAS groups, no luck. I also tried logging in from different browsers, flushing browser cache, running browsers like Chrome Incognito - all which probably has nothing to do with it, but no luck. Is this indeed related to inadequate security? If anyone has experienced this and has any suggestion it would be greatly appreciated. Please forgive me for any lack of information and if I have not explained this very well - I am just used to logging in and doing very specific tasks through the console, and that's it. Thank you.
According to this IBM KnowledgeCenter topic, you'll need Operator role: "An individual or group that uses the operator role has monitor privileges plus ability to change the runtime state."
Very frequently official YouTube website errors out. It works in incognito mode if I try. Which tells me the issue is due to one of cookies / cache / localstorage / application-data on the browser.
If I delete the data, it will start working again, but, I will need to sign-in again in all the gmail-accounts that I use.
I've asked Google (in feedback and over twitter) to look into this but they can't help it.
So, questions:
If anyone has faced this issue, have you figured out why and how to fix it without signing out from accounts?
How do I go about debugging this?
I've taken a memory heap snapshot on chrome but have no idea how to analyze it.
Is sending a memory heap snapshot as part of feedback or to anyone else secure?
So, I figured out the solution. Tried looking at patterns in general in the memory of the browser (localstorage, etc) and found the following in cookies and here's what fixed it (without signing me out of my accounts).
In the image below - there are lines which have gsScrollPos-xyz with a past expiry date. I deleted all of those. I understand that only Google will be able to figure out why that caused the issue and I will send them the feedback.
I've looked at the various questions on this topic but none of them QUITE fit the problem I'm having.
I've developed an MVC4 app which utilizes DNOA to call into a particular provider (Intuit). All worked perfectly on my local IIS (testing) but when I deployed to Windows Azure I get the proverbial wonderful "strange, intermittent" behavior. Specifically, 99% of the time, the initial sign-in request results in the "No OpenID Endpoint Found" error; however, SUBSEQUENT sign-ins go through without a hitch.
I've added the code referred to here: ServiceManagerCode, to no avail. I've checked and the OpenID URL is correct. I've also attempted to add log4net to see what might be occurring but have been unable to do this correctly, some other answers seem to suggest this returns nothing anyway. I've also asked Intuit but, so far, no responses.
Again, if this wasn't occurring on just the first attempt then there would be numerous relevant posts but with this peculiar behavior I am wary of wasting inordinate amounts of time on a wild goose chase.
Any suggestions, however slight, would be very much appreciated.
I am not familiar with OpenID. Is the OpenID sign in service hosted by you in Windows Azure as well? Please make sure the sign in service has started without any problems, one suggestion is to check the federation configuration. Most federation providers require you to configure the realm and return URL. If they’re not properly configured, the application won’t work.
Best Regards,
Ming Xu.
Since you say that your Azure relying party works reliably after the first failed attempt, perhaps you can workaround it by having your app_start event in your Azure web role call DotNetOpenAuth's OpenIdRelyingParty.CreateRequest method, not doing anything with its result, just to 'prime the pump'?
Did you ever find yourself in this position - a bug is reported by the client but you are unable to reproduce the bug. Even the QA team is unable to reproduce the bug. We are facing such a situation with our desktop application(C#, windows forms). What do you suggest we should do to reproduce the bug, or track the scenario which generates the bug.
Yes, this is a common situation.
I find that the best way to handle this situation is to log as much as possible in log files and get the customer to send the log files to you for analysis, as well as their description of what they were doing when the problem occurred. The customer description is often very incomplete and misses out important details about what they were doing when the error happened. A detailed log can help fill out the holes in the story.
If you are lucky enough that the log file includes a stack trace it is often possible to reason about possible causes of the error even if it is a rarely occuring bug that you have not been able to reproduce yourself. In this situation a code review of the affected code can reveal flaws in the design of the code and suggest an alternative approach that is less likely to fail.
This all dependes on what kind of bug you are facing (Logic, User Interface, Multi Threaded, Or actual User).
Ensure that the client has given you
all the required info to reproduce
the bug.
If at all possible, have the client
show you how to reproduce the bug, or at the least send some screen shots of how it was done.
Ensure that you write some Unit Test
to try and cover the bug, try proving that it is there.