Security – Page 3 – Absoblogginlutely!

XP service pack3 vulnerability – already!

By Andy on Tuesday, May 13, 2008

So Microsoft update a patch today to do with Adobe flash player and I quote “Caveats: This bulletin is for customers using Macromedia Flash Player version 6 from Adobe. Customers that have followed the guidance in Adobe Security Bulletin APSB06-11, issued September 12, 2006, are not at risk from these vulnerabilities. Vulnerable versions of Macromedia Flash Player from Adobe are redistributed with Microsoft Windows XP Service Pack 2, Microsoft Windows XP Service Pack 3, and Microsoft Windows XP Professional x64 Edition.”

Now XP sp3 has only been out a couple of weeks, if that, Adobe released their bulletin in September 2006 so how on earth is WindowsXP sp3 vulnerable – surely flash should have been updated in the xpsp3 release! This seems to make a mockery of the security focus that Microsoft are meant to be working hard on and coming on the heels of the recent snafu’s with Windows updates and genuine advantage, it’s no wonder people are not very happy with patching.

Security

I need some more coffee – reading the Paypal fob.

By Andy on Friday, November 30, 2007

I was using my paypal fob to sign into my MovableType 4 test installation and I entered the 6 digit code. I was surprised to see that Verisign rejected it. “That’s odd” I thought until I realised I was holding the fob upside down and the numbers just happened to be readable that way up too! It is obviously too early in the morning to be debugging css code – so sorry Neil!

Security

Some users w/d on’t learn.

By Andy on Wednesday, November 21, 2007

We all know that you should have good secure passwords and you can enforce this in Active Directory, but it is the other applications on the network that might raise a concern.
I got a helpdesk ticket saying that the password for a Peachtree database was not the normal one….the password that was the same as the company name! After trying password, no password I then discovered that a google search for Peachtree password removers comes up with tons of hits but no free ones. The shareware ones were about 60 bucks for a corporate licence but about $30 for personal use. However, one of them would demonstrate that it could actually break the password by revealing the first two characters of the password. I thought this might give me and the user a clue as to what the password could be. When the first two characters were revealed to be 12 it didn’t take the user long to realise what the password was and they got it on the first attempt.
Sometimes it is really hard to demonstrate the reasons that passwords should be used and you would have thought that the importance of security and a good password for company financial data would be recognised…
I wonder what will happen if at the next Board meeting I do a demonstration of insecurity with LIVE data…..

Security

Free Fraud Prevention DVD’s

By Andy on Tuesday, June 13, 2006

The US Post office are doing some free Fraud Prevention DVD’s with free shipping. There are 7 titles available covering topics such as work at home fraud and fraud on the internet etc.
I’ve ordered 2 copies of each – 1 for my own use and one for clients. Thanks to Security Catalyst

Firefox Greasemonkey Hacking Installed Greasemonkey Scripts Internet Explorer Security

Get noscript installed in firefox!

By Andy on Wednesday, June 7, 2006

There’s a new zero day exploit for firefox and internet explorer which involves javascript. So if you are running firefox, then installing NoScript will give you added protection. If you are running IE – then ooooooops 🙂

Having said that, it doesn’t look that malicious – you would have to be tricked into entering data into one page, which can then be sent to the malicious site at the same time, so you are probably only at risk if you do random surfing or surf in dodgy web site areas in the first place – and if you are doing that then I really hope you are not running internet explorer (or as an admin!)

Hacking Security

How not to handle data loss

By Andy on Friday, May 26, 2006

I had the misfortune to have to deal with a user who had received an email after their data was stolen from the University of Texas. The email mentioned that their username and email address had been divulged to unauthorised users.
Unfortunately the way the email was sent out to the user, it looked just like a phishing scam. The email contained references to http://www.mccombs.utexas.edu/datatheft/ but if you looked at where the link would take you, it actually went to a convio.com address.
As this is a typical phishing mechanism I did a bit of digging. A whois lookup on convio.com provided an IT contact and the fact that the domain had been registered for 6 years which therefore implied that their server might have been hacked.
I contacted the Convio and received a return phone call where I was told that a lot more data had been revealed (depending on what data was stored on the server) and that the email was genuine.
After that I received two phonecalls from a call center that was set up to answer queries about the data theft. The scary thing is that their records show I requested contact about the problem but they didn’t update the records that someone had already contacted me. It would also make sense to ensure that the users who are manning the call center can actually pronounce the names of the companies involved in the whole farce!

I was also amazed to see that the University are not offering free credit monitoring or any other form of compensation to the affected users – instead they are just given (more redirected) links to a reduced fee.

All the above makes a mockery of the comments on the University website that can be found on google and the REALLY scary thing is that the server was hacked more than a month ago (April 11th), they announced it on the April 23rd and they didn’t contact the user until May 25th (see Attrition for details.
Oh – and there are another 197,000 users also affected – still thats small change in the amount of 81,822,769 that have been affected since the Choicepoint breach in Feb 05

Security

Printing now works in the kiosk mode

By Andy on Saturday, May 6, 2006

I forgot to blog that we fixed the problem with not being able to use Ctrl-P to print in internet explorer with a kiosk group policy on a machine. The solution which sort of makes sense was to enable the File menu again. We had restricted this but for some reason this also restricts ctrl-p, ctrl-s and other shortcuts on some sites. By enabling the File Menu in the group policy everything worked 100% of the time. Further details in the extended entry

Security

Account lockout troubleshooting.

By Andy on Tuesday, April 11, 2006

A couple of useful pages on troubleshooting accounts that have been locked after the password has been changed. Normally I find that leaving it 10 minutes normally cures the problem (due to user mistyping the password) but the tools from microsoft with the article on how to use the tools will come in handy. Thanks to Victors posting on Friends in Tech for the hints.

Security Work

More online publishing.

By Andy on Tuesday, April 11, 2006

My tip on passwords was published in redmond magazine the other week and is available online. Shouldn’t be too hard to work out which tip I posted. Note to current employers – doesn’t mean that I’m using this function now – especially as Symantec Antivirus is crazy enough to think that certain tools are virus’s and deletes them!

Security

linux webfiltering

By Andy on Saturday, March 11, 2006

DansGuardian is a linux based web content filtering package that I’ve never heard of until two blogs just posted about it. Although I’m unlikely to use it for the near future, I’m blogging it now just in case as I do have some people who need web filtering appliances.