http://developer.apple.com/iphone/manage/overview/index.action

This is the best link
http://www.youtube.com/user/maniacdev

Use this to try to spot "blocked inheritance" and excessive ACLs.

Most of this is taken from here

--------------------------
'==========================================================================
'
' NAME:
'
' AUTHOR: Stephen Hulse , Stephen Hulse
' DATE : 01/07/2009
'
' COMMENT:
'
'==========================================================================

Public objAccessRights
Set objAccessRights = CreateObject("Scripting.Dictionary")
AddRights()
ShowFolderList("E:\MyFolder")

Function ShowFolderList(folderspec)
Dim fso, f, f1, s, sf
Set fso = CreateObject("Scripting.FileSystemObject")
Set f = fso.GetFolder(folderspec)
Set sf = f.SubFolders
For Each f1 in sf
GetACE folderspec & "\" & f1.name
ShowFolderList(folderspec & "\" & f1.name)
Next
End Function

Function GetACE(strFolder)
'On Error Resume Next
If GetObject("winmgmts:\\.\root\cimv2").Get("Win32_LogicalFileSecuritySetting='" & strFolder & "'").GetSecurityDescriptor(objSD) = 0 Then
For Each objAce in objSD.DACL
If objAce.AceFlags = 3 Then
If Isnull(objAce.Trustee.Name) Then
strName = objAce.Trustee.SIDString
Else
strName = objAce.Trustee.Domain & "\" & objAce.Trustee.Name
End If
WScript.Echo strFolder & " " & strName & " " & ListRights(objAce.AccessMask)
End If
Next
End If
End Function

Function ListRights(dblAccessMask)
Dim dblAccess, strRights
strRights = ""
For Each dblAccess in objAccessRights
If dblAccessMask >= dblAccess Then
strRights = objAccessRights(dblAccess) & ","
dblAccessMask = dblAccessMask - dblAccess
End If
Next
If len(strRights) > 1 Then
strRights = Left(strRights,Len(strRights) - 1)
End If
ListRights = strRights
End Function

Function AddRights()
objAccessRights.Add 2032127, "FullControl"
objAccessRights.Add 1048576, "Synchronize"
objAccessRights.Add 524288, "TakeOwnership"
objAccessRights.Add 262144, "ChangePermissions"
objAccessRights.Add 197055, "Modify"
objAccessRights.Add 131241, "ReadAndExecute"
objAccessRights.Add 131209, "Read"
objAccessRights.Add 131072, "ReadPermissions"
objAccessRights.Add 65536, "Delete"
objAccessRights.Add 278, "Write"
objAccessRights.Add 256, "WriteAttributes"
objAccessRights.Add 128, "ReadAttributes"
objAccessRights.Add 64, "DeleteSubdirectoriesAndFiles"
objAccessRights.Add 32, "ExecuteFile"
objAccessRights.Add 16, "WriteExtendedAttributes"
objAccessRights.Add 8, "ReadExtendedAttributes"
objAccessRights.Add 4, "AppendData"
objAccessRights.Add 2, "CreateFiles"
objAccessRights.Add 1, "ReadData"
End Function

I used Sysinternals' Process Explorer to look for anything suspicious and there are 20 CSCRIPT processes running. Normally these processes appear and disappear quite quickly but on this machine the 20 processes stayed running for over 5 minutes.

Then... All of a sudden they all disappeared. and a minute later they started up again. Weird.

To cut a very long story short. I used VMWare Workstation to start an XP VM from this VM I started an RDP session to the server with the problem and started Process Explorer. Then I used the video recording feature of VM workstation to record for 10 mins or so. (time for a coffee).

Examining the video I could see the OpsMgr Agent (Health Service) stopping and starting every 10 mins.

-----

This would then force ALL the Management Pack Scripts to restart. Over the next few hours WMI slowly ground to a halt. Something else happens with OopsMgr at 5:00 that then kills WMI for good.

Same problem as this with same solution.

i.e. increasing Agent Restart Threshold to 300Mb for agents with this problem.

Clever deconstruction of the patch

It used to be possible to force a buffer overflow by forcing the netapi32.dll to load

\..\..\..\..\..\abc

This was fixed in MS06-040 by stripping off and \.. characters at the beginning of the string.

Therefore \..\..\..\..\..\abc becomes \abc

However some bright button noticed that

\abc\..\..\..\..\xyz does the same buffer overflow but MS06-040 does not catch this. Hence the quick release of MS08-067

What McAffee has to say

Security Update KB958644 broke my wireless NIC!

We think it also broke the authentication to our firewall in our TestNet.

MS08-067 (Issues?)

Two (Local Application based) monitors to all servers
1. Is NETAPI32.DLL too old? i.e. not patched yet. We initially had problems with our distribution of the Update and this proved to be a good reality check. This has two states good and warning.
2. Is there a file %System%\Wbem\basesvc.dll on my servers (i.e. The server is exploited?. This also has two states Critical and good.

A Nice View
Of course a nice state view of all servers.

Details of a know exploit
Management Pack. Save as an XML file

SCOM OpsMgr System Center Operations Manager MS06-040 2007

After distributing it into out testnet the authentication for some of our non-windows services failed. It is important remember the experiences we had with MS06-040 as this Security Update has been superceeded by MS08-067.

Security Bulletin MS08-067

MS08-067 and the SDL

The Exploit Details

Department of Homeland Security and MS08-067

Deployment Issues; MS08067 MS-08067 Deploy