For every question, there's an answer -- and you'll find it here!


Printer-friendly copy
Top The PC Q&A Forum The Computer Forum topic #844
View in linear mode

Subject: "OT - Privacy registry hack." Previous topic | Next topic
spy1Fri Dec-14-01 08:10 PM
Charter member
1117 posts
Click to view this author's profileClick to add this author to your buddy list
"OT - Privacy registry hack."


          

Re-discovery of an old issue: http://www.dslreports.com/forum/remark,1994778~root=security,1~mode=flat . Pete

"When fascism comes to America it will come wrapped in the flag and carrying a cross." Sinclair Lewis

  

Alert Printer-friendly copy | | Top

Replies to this topic
Subject Author Message Date ID
RE: OT - Privacy registry hack.
Dec 14th 2001
1
RE: OT - Privacy registry hack.
Dec 14th 2001
2
RE: OT - Privacy registry hack.
Dec 14th 2001
3
      RE: OT - Privacy registry hack.
Dec 14th 2001
4
      RE: OT - Privacy registry hack.
Dec 14th 2001
5
           RE: OT - Privacy registry hack.
Dec 14th 2001
6
                RE: OT - Privacy registry hack.
Dec 14th 2001
7
      RE: OT - Privacy registry hack.
Dec 14th 2001
8
           RE: OT - Privacy registry hack.
Dec 15th 2001
9

TuffFri Dec-14-01 08:17 PM
Charter member
3875 posts
Click to send email to this author Click to send private message to this authorClick to view this author's profileClick to add this author to your buddy list
#1. "RE: OT - Privacy registry hack."
In response to spy1 (Reply # 0)


          

Pete,Did you try this ?And does it work on 98SE also?Thanks,Tuff









  

Alert Printer-friendly copy | | Top

SloHandsFri Dec-14-01 08:31 PM
Charter member
1542 posts
Click to send email to this author Click to send private message to this authorClick to view this author's profileClick to add this author to your buddy list
#2. "RE: OT - Privacy registry hack."
In response to spy1 (Reply # 0)
Fri Dec-14-01 08:56 PM

          

I've used it and it works in SE. Wonder about W2K? If it would apply there also?




EDIT: Went through W2K (dual-boot) and entered the line. It worked as prescribed in both systems.

Slo Hands

  

Alert Printer-friendly copy | | Top

    
WhitPhilFri Dec-14-01 09:08 PM
Charter member
965 posts
Click to send private message to this authorClick to view this author's profileClick to add this author to your buddy list
#3. "RE: OT - Privacy registry hack."
In response to SloHands (Reply # 2)


          

???
"You used it and it works".

Meaning you can unregister the DLL or that by doing so, it stops Home Page Highjacking.

I have to question the validity of this "tweak", only because in the post referenced, it believes that REGWIZC.DLL is the "registry wizard control module".
It isn't.
It is the REGISTRATION Wizard Control Module.

If a site could reach into your registry and do read/writes using just a DLL and nothing else, this would be a HUGE security exposure that security analysts everywhere would be all over.

  

Alert Printer-friendly copy | | Top

        
GroganFri Dec-14-01 11:06 PM
Charter member
20650 posts
Click to send email to this author Click to send private message to this authorClick to view this author's profileClick to add this author to your buddy list
#4. "RE: OT - Privacy registry hack."
In response to WhitPhil (Reply # 3)


  

          

Actually, you've seen home page hijacking before I'm sure, Whitphil. We've had plenty of threads about it here, in fact the more unscrupulous site operators also set a policy in the registry to disable Internet Options so you can't change it back.

An Activex control or even VB Script does indeed have the power and authority to modify the system registry by calling on a dll.

Security advocates are indeed "all over it"... just that this isn't the only issue and the only solution (e.g. security settings for "active scripting" and Activex to prompt or disabled... and/or make use of the security zones in IE for trusted sites). To me, that seems like a more comprehensive solution to a problem larger than one dll.

Grogan

  

Alert Printer-friendly copy | | Top

            
WhitPhilFri Dec-14-01 11:25 PM
Charter member
965 posts
Click to send private message to this authorClick to view this author's profileClick to add this author to your buddy list
#5. "RE: OT - Privacy registry hack."
In response to Grogan (Reply # 4)


          

Grogan:

Agreed. My point (& question) is that it is NOT this DLL that is involved.

For example, under\windows\samples\wsh is a javascript Registry.js that demonstates how to modify the registry.
It happily runs even after regwizc.dll is unregistered.

So does unregistering this DLL do anything, other than disable the ability to REGISTER things?

  

Alert Printer-friendly copy | | Top

                
GroganFri Dec-14-01 11:36 PM
Charter member
20650 posts
Click to send email to this author Click to send private message to this authorClick to view this author's profileClick to add this author to your buddy list
#6. "RE: OT - Privacy registry hack."
In response to WhitPhil (Reply # 5)


  

          

I would say, unregistering that dll probably just takes care of one mechanism that's used to modify the registry.

Grogan

  

Alert Printer-friendly copy | | Top

                    
WhitPhilFri Dec-14-01 11:38 PM
Charter member
965 posts
Click to send private message to this authorClick to view this author's profileClick to add this author to your buddy list
#7. "RE: OT - Privacy registry hack."
In response to Grogan (Reply # 6)


          

Thanks.
The operative word being "one".

  

Alert Printer-friendly copy | | Top

        
SloHandsFri Dec-14-01 11:47 PM
Charter member
1542 posts
Click to send email to this author Click to send private message to this authorClick to view this author's profileClick to add this author to your buddy list
#8. "RE: OT - Privacy registry hack."
In response to WhitPhil (Reply # 3)


          

Unregistered the .dll, which is, from what I understand, what it is supposed to do.

AND, as Grogan suggested above, it is only ONE avenue being secured. I am also making the presumpsion that it is a HIGH PROFILE avenue for "crackers" to attack.

One other thing lets clear up, I also am cognizant of the fact that NO SYSTEM OR CONFIGURATION IS TOTALLY "SAFE" from a determined cracker.

BUT, I intend to make accessing my PC as difficult as I possibly can using every means available to me to do so. I may be marginally competent at using a PC, but I am not totally stupid. I can comprehend the dangers that threaten my use of this PC. Should some asshole cracker render it unusable, I'll throw the damn thing in the trash can and walk away. It was fun while it lasted.

Slo Hands

  

Alert Printer-friendly copy | | Top

            
WhitPhilSat Dec-15-01 03:12 AM
Charter member
965 posts
Click to send private message to this authorClick to view this author's profileClick to add this author to your buddy list
#9. "RE: OT - Privacy registry hack."
In response to SloHands (Reply # 8)


          

I'm probably beating a dead horse here, but I don't see the vulnerability. There are some notes on Buffer overruns with this AND a bunch of other ActiveX dlls, but the issue had nothing to do with writing to the registry. The issue was being able to run other code.

I think this is someone who has seen the REG in the DLL name, and assumed it meant REGistry. The same as the people who saw AD in ADvpack.dll when Aureate originally raised it's ugly head, and assumed the AD meant ADvertising, and started recommending the removal of this DLL.

The following MS note talks about the Registration Wizard after the fiasco in 1999 with unique identifiers being sent back to MS.

http://www.microsoft.com/presspass/features/1999/03-08custletter2.asp
http://www.microsoft.com/presspass/features/1999/03-10qa.asp

This is also the time when this "tweak" originally surfaced, and the following page is "meant" to show the hole? (it shows nothing on my system, since it is uptodate with all security, etc patches. And I could not find the specific one the closed the "leak").

http://content.techweb.com/winmag/web/regwiz.htm

You can also confirm the purpose of this DLL by doing Start > Run > REGWIZ or REGWIZ /r.

If you have unregistered the DLL, you will get an error. If you haven't, you get the Registration Wizard.

Maybe I'm missing something, but this does not seem to be a gaping vulernabilty (or even a small one) that hackers are waiting to pounce on.

  

Alert Printer-friendly copy | | Top

Top The PC Q&A Forum The Computer Forum topic #844 Previous topic | Next topic
Powered by DCForum+ Version 1.27
Copyright 1997-2003 DCScripts.com
Home
Links
About PCQandA
Link To Us
Support PCQandA
Privacy Policy
In Memoriam
Acceptable Use Policy

Have a question or problem regarding this forum? Check here for the answer.