Mail Anyone?

When you are doing a Business Impact Analysis or a Risk Assessment, you will often find that email, be it internal or external, is one of the systems that people think they cannot live without. They might even be right. Email systems are being used as communications tool, storage system, social calendar, gossip line, attack vector, etc. The expectation that an email has been received, read and is being acted on, within minutes of it being sent, is much higher than it was a few years ago. Woe if for some reason the message is delayed. Now there are lots of reasons why emails can be delayed, but I want to have a look at how people manage their email as the content management system is often the point where things go wrong and not necessarily because of technology.

Typically organisations have something that filters all the inbound and often outbound email. Known viruses are blocked, SPAM is blocked and depending on a number of rules, emails are blocked based on content. What is blocked depends from organisation to organisation and that is probably there one of the main issues starts. What should you block inbound?

Known viruses and SPAM are easy, but there is so much more around in PDF, excel, word, exe, scr, pif, cmd, com, bat, URLs, undesirable images, etc. So should all attachments be blocked, regardless of what they are? It probably depends on your risk profile. Certain organisations, as we’ve seen with the Tibetan issue, are more likely to receive targeted malicious content and they may need to implement something as strict as blocking every attachment.

Read the rest of this story…

Posted in Internet, Privacy, Security | No Comments

Session Hijacking in Windows Networks

I found a great write-up over at SANS that goes over session hijacking in amazing detail.  Click the link below to read the full 49-page white paper.

Session Hijacking in Windows Networks

Posted in Coding, Internet, Networking, Privacy, Security, Windows | No Comments

Massive IFRAME SEO Poisoning Attack Continuing

Last week’s massive IFRAME injection attack is slowly turning into a what looks like a large scale web application vulnerabilities audit of high profile sites. Following the timely news coverage, Symantec’s rating for the attack as medium risk, StopBadware commenting on XP Antivirus 2008, and US-CERT issuing a warning about the incident, after another week of monitoring the campaign and the type of latest malware and sites targeted, the campaign is still up and running, poisoning what looks like over a million search queries with loadable IFRAMES, whose loading state entirely relies on the site’s web application security practices – or the lack of.

What has changed since the last time? The number and importance of the sites has increased, Google is to what looks like filtering the search results despite that the malicious parties may have successfully injected the IFRAMEs already, thus trying to undermine the campaign, new malware and fake codecs are introduced under new domain names, and a couple of newly introduced domains within the IFRAMES themselves.

Read the rest of the story…

Posted in Coding, Internet, Privacy, Security | No Comments

SQL query injection for dummies

The purpose of this article is to help people without advanced computer knowledge to start white hacking and learn how to write more secure login web pages. When I started to learn about security, even though I searched really hard, I did not manage to find articles that would tell me from scratch what to do in order to learn how SQL query injection works.

In fact for some strange reason almost none will actually explain you exactly what an SQL query injection is and how is that you can exploit a database using an SQL query injection.  So based on these thoughts I decided to write this article, explaining in great detail how to create your own testing environment and perform SQL query injections (using your own machine, well not exactly).

Read the rest of the story…

Posted in Coding, Internet, Security, Software | No Comments

Announcing the Windows Search 4.0 Preview

To search for files on my PCs, I use Windows Search – Windows Vista’s desktop search feature. I use Windows Search specifically to find photos that I’ve tagged in Windows Live Photo Gallery or important emails and Word documents. I also rely on saving specific searches that I can go back to later on. Searching and being able to find important files quickly on my PC is very important to me.  And Windows Search allows me to “find my stuff” whenever I need to. Today we get to see a little “preview” of the next step for Windows Search. The Windows Search Team is making available Windows Search 4.0 Preview – a preview of the next version of desktop search for Windows.Windows Search 4.0 introduces several improvements I’d like to call out making search even better in Windows Vista:

• With Windows Search 4.0, the Windows Search Team has fixed most of the reported bugs causing a majority of distractions users have seen since Windows Vista RTM – many of those bugs were reported by you.
• Great improvements have been made with regards to performance.Even now as Preview, Windows Search 4.0 has query response time about 33%faster than search queries in Windows Vista RTM.
• The Windows Search Team has extended Remote Index Discovery for PC-to-PC search to work onevery supported version of Windows. This makes finding information on other PCs running Windows Search 4.0 quick and less resource-consuming. Now Windows Search can find information shared on a remote PC by accessing an index on that PC – and you will open files only when relevant to your search. This will also work if the user’s profile is redirected.
• The Windows Search Team has implemented Rollback Recovery where your search index will roll back to the last known good state (this is good in handling disc write errors). If an error occurs, your index isn’t rebuilt from scratch; only the newly changed files are added to the index, making recovery from system errors not as disruptive to the machine or the user

Being able to find files isn’t just important to consumers – it is also important to IT Professionals managing enterprise environments. The Windows Search Team has made some improvements in Windows Search 4.0 that IT Professionals should take note of:

• We have improved performance when indexing Exchange in online mode, sending fewer packets and making less RPC calls. In this process we apply significantly less load on the Exchange server too.
• Support for Group Policy settings is extended and improved; per-user policy is supported now.
• We now support EFS – Windows Search 4.0 will index encrypted files, and user can search for them in the sane UI and through the same user experience as seen with regular, unencrypted files.

IT Professionals can expect a smooth deployment for Windows Search 4.0 and easier support.

With Windows Search 4.0, the Windows Search Team has taken the next step in improving the PC search experience in Windows. To download and check out the Windows Search 4.0 Preview yourself, click here. I encourage folks to try out the Windows Search 4.0 Preview and let us know what you think!

Source: Windows Vista Team Blog

Posted in Windows | No Comments