Filenet – stupid vendor support suggestions

I previously commented on other design considerations that were preceived as less than optimal. They insisted in order to be “supported” in a cluster environment that we had to install Domainlets or have the servers as Domain Controllers in normal Active Directory domains. We had some trouble even with vendor support in setting it . . . → Read More: Filenet – stupid vendor support suggestions

Share

Exploits, Worms, and Clusters — Oh My!

SecurityTracker.com Archives – Microsoft Internet Explorer Integer Overflow in Processing Bitmap Files Lets Remote Users Execute Arbitrary CodeThe first exploit from the leak of Windows Source code has been released. Posted originally on Full Disclosure mailing list:
I downloaded the Microsoft source code. Easy enough. It’s a lot bigger than Linux, but there were a lot . . . → Read More: Exploits, Worms, and Clusters — Oh My!

Share

MS04-007 ASN.1 Exploit released – Remote DOS of Win2k Pro LSASS.exe

K-OTik : MS04-007 Exploit LSASS.EXE Remote Integer Overflow ASN.1 Windows
* > MS04-007-dos.exe 10.0.0.1 445
* connect failed *
* > nbtstat -A 10.0.0.1
* [..]
* SERVER3 UNIQUE Registered * [..]
* > MS04-007-dos.exe 10.0.0.1 139 SERVER3
* > MS04-007-dos.exe 10.0.0.1 139 SERVER3 * >
* * if the exploit works, LSASS gets killed,
* and after 1mn the server reboots.

I have not . . . → Read More: MS04-007 ASN.1 Exploit released – Remote DOS of Win2k Pro LSASS.exe

Share

IE Phishing flaw soon to be fixed by altering how IE works

834489 – Microsoft plans to release a software update that modifies the default behavior of Internet Explorer for handling user information in HTTP and HTTPS URLs
Microsoft plans to release a software update that removes support for handling user names and passwords in HTTP and HTTP with Secure Sockets Layer (SSL) or HTTPS URLs in Microsoft Internet . . . → Read More: IE Phishing flaw soon to be fixed by altering how IE works

Share

The Myth of Biometrics – Better than Tokens?

Help Net Security – The Biometrics Myth
To illustrate the problems, let us look at one of the most popular biometric solutions – fingerprint recognition. The mechanism for capturing the print is not important to this discussion. It could be an optical reader, or proximity capacitance. It doesn’t matter how detailed the scan is either. All this . . . → Read More: The Myth of Biometrics – Better than Tokens?

Share

Your account at U.S. Bank has been suspended. What?!?!?

Well U.S. Bank account holders shouldn’t feel left out by the previous Citibank %01@ exploit. I got this phishing e-mail in my inbox this morning.
Dear U.S. Bank account holder,

We regret to inform you, that we had to block your U.S. Bank account
because we have been notified that your account may have been compromised by outside . . . → Read More: Your account at U.S. Bank has been suspended. What?!?!?

Share

New spam/hack attempt – featuring the %01@ IE hole and Citibank

Dear Citibank Account Holder,

On January 10th 2004 Citibank had to block some accounts in our system connected with money laundering, credit card fraud, terrorism and check fraud activity. The information in regards to those accounts has been passed to our correspondent banks, local, federal and international authorities.

Due to our extensive database operations some accounts may have . . . → Read More: New spam/hack attempt – featuring the %01@ IE hole and Citibank

Share

Sunday Funnies

It may only be because I am here at work at 3 am on a Sunday patching servers, but I found this to be . . . → Read More: Sunday Funnies

Share

Being open is generally a bad thing on the Internet (Security Rule #1)

Adventures of an Open Proxy Server – LURHQ Thanks to JoatBlog
This paper discusses the abuse of misconfigured HTTP proxy servers, taking a detailed look at the types of traffic that flow through this underground network. Also discussed is the use of a “honeyproxy”, a server designed to look like a misconfigured HTTP proxy. Using such a . . . → Read More: Being open is generally a bad thing on the Internet (Security Rule #1)

Share

Does EFS even belong in laptop security policies

Insights into Information Security: Laptop Security Policies
The key question to me is why was such important information left unencrypted on the consultant’s laptop when all modern OSes come with folder and filesystem level encryption? Does Wells Fargo even have policy regarding the internal protection of customer confidential data. They must at a system and network level, . . . → Read More: Does EFS even belong in laptop security policies

Share

Statistics