Archive for the 'Security' Category

Out of Office reply policies

Published
by
Tom Raftery
on 22/6/2005
in Podcast, Security and Technology
. Comment

I saw a post on David Smalley’s blog about Microsoft Exchange Server Out of Office Replies. In his post David mentions that in Exchange server 2000, Out of Office Replies (OOR’s) are not sent outside of the Exchange organisation, and he goes on to explain how you can configure Exchange to allow OOR’s to go outside of the your organisation.

While this behaviour by Exchange would appear to be a bug - there is a good reason behind it - it is for protecting the privacy of your Exchange users. It is entirely possible to spam a company (or more likely companies), do automated searches for Out of Office Replies, cross reference them with phone book entries, and then burglarise houses secure in the knowledge that “Sally is on holidays in Bali until the 15th!”.

Out of Office Replies like these will also tell any cracker that this person’s logon will be unattended for the next x days so they can merrily ring the helpdesk saying “I have lost my password, can you re-set it for me?”

Also, OOR’s will reply to ‘normal’ spam mails, confirming the email address as a live one.

From an IT/security point of view, it is preferable to maintain the current situation of OOR’s not going beyond you Exchange organisation but I can see that from a client service point of view this might not be acceptable.

If you do need to allow OOR’s in your company, then you really need an OOR policy document and as we are rapidly coming into holiday season, you need to make all your staff aware of it asap for their own protection.

Staff shouldn’t say how long they are out for nor why they are out. They shouldn’t include their sig file as this gives away too much information (Job Title for instance - the more senior the position, the more likely (extended) travel is involved), and they should include the name of an alternate contact along with the main company number (but they shouldn’t include the job title of the alternate contact).

The following is an example of a reasonably safe and yet informative Out of Office Reply:
“Thank you for contacting me - unfortunately I am away from my email right now but I will reply to you on my return. In the meantime, if you need some assistance, please call John Doe at 555 1234.”

The podcast of this post is available here thanks to Pete Prodoehl whose comment on my last post explained how I could use Ourmedia.org to upload podcasts to the Internet Archive without the 24 hour wait!

Apple to move to Intel x86 architecture?

Published
by
Tom Raftery
on 4/6/2005
in Mac, Security and Technology
. Comments

I spotted a story on news.com this morning which said that Apple are going to move away from IBM PowerPC chips to Intel supplied x86 chips for their computers. The article goes on to say that this will be officially announced at Apple’s Worldwide Developer Conference in San Francisco on Monday by Steve Jobs.

Robert Scoble predicted this two weeks ago and was disbelieved at the time despite having his own version of Deep Throat!

But, I don’t want to say anything because then Steve Jobs might sue me to find out my sources.

Apple is reputed to be moving away from IBM due to supply problems (and the difficulty in creating a G5 for PowerBooks has to be an issue as well).

Apart from the issues this raises for developers, I would be concerned that this will raise security issues for Mac owners. My concern arises from the fact that malware and spyware often can’t run on a Mac due to its non-x86 architecture - this security advantage will be done away with if/when Apple shifts to the x86.

How to pick any lock in seconds

Published
by
Tom Raftery
on 20/5/2005
in Community Interest and Security
. Comments

Lockpicking is the art of opening a lock without damaging it or using a key - and recently lockpicking has become a sport with clubs and championships. Who knew?

One such club is TOOOL (The Open Organisation of Lockpickers). One of the founding members of this organisation is Barry Wels whose video on how to open a Kensington laptop lock with a toilet roll and a pen have gained him a lot of notoriety lately.

In a similar vein, Barry gave a talk at the Physical Security Workshop at 21st Chaos Communication Congress (21C3) in Berlin where he demonstrates a new technique for opening just about any physical lock in seconds. The technique is called the bump key method and a pdf explaining the bump key method is available here.

The talk is now available online and makes for scary viewing - be warned though, it is over 600mb so if you want to view it you will need a decent Internet connection.

Hat tip to Eric Marvets on whose blog I first saw a reference to this video.

Apple releases Tiger update 10.4.1

Published
by
Tom Raftery
on 17/5/2005
in Mac, Security and Technology
. Comments

There has been a lot of hysteria about a theoretical exploit for Apple’s latest OS - Tiger (OS X 10.4). The exploit was only theoretical, because no exploit has emerged as yet.

Apple have released an update for Tiger updating it to 10.4.1 - this update addresses that potential vulnerability. It also includes improvements for:

  • file sharing using AFP and SMB/CIFS network file services
  • using DHCP in wireless networks
  • user login when accessing LDAP and Active Directory servers
  • core graphics including updated ATI and NVIDIA graphics drivers
  • synchronization with .Mac
  • Address Book, iCal, Font Book, Mail, and Preview applications
  • Dashboard widgets: Address Book, Flight Tracker, Phone Book, and World Clock
  • compatibility with third party applications and devices

more details on the update are available here.

The update can be downloaded from the Apple 10.4.1 download page or through Software Update.

Web browser forensics

Published
by
Tom Raftery
on 16/5/2005
in Security and Technology
. Comment

I spotted a very interesting article on web browser forensics linked to on David’s blog.

The article is in two parts and documents the investigation of the browser logs on a fictitious user’s PC. The article includes downloadable browser logs to allow the article reader to take part in the investigation. The article also includes links to freeware and commercial forensic software.

It is amazing how much data is retained on a PC. I was asked recently to do a scan of a client’s PC and I was able to rebuild Hotmail messages read a year and a half earlier on the PC!

Part one of the article is here and part two is here.

Tom Raftery’s Social Media is Digg proof thanks to caching by WP Super Cache!