RE: Password Security and Distribution
Our company is starting to grow rather quickly and we are starting to have growing pains. We are in the need for a better mechanism for sharing passwords between our engineers. I wish there was a system that let you do the following: * Store and encrypt logins/passwords and access logs in a database * Assign permissions (add new logins/passwords, change password...) to those passwords on a per user/group basis, based on an existing authentication scheme (Windows AD, LDAP, Kerberos...) * SSL web frontend * Reporting. If a user leaves and you want to know which passwords he had access to or has ever accessed so you can change them, this would be really really nice. I've been playing around with Network Password Manager from www.sowsoft.com. It seems like the best product available in this area that I could find that makes sharing passwords kinda easy, but it's a service that runs on Windows, requires a Windows client software installation, and lacks any sort of reporting.
RE: Senator Diane Feinstein Wants to know about the Benefits of P 2P
Akamai or not, microsoft is overwhelmed by the demand for SP2, and today is giving the message listed below on windowsupdate: Download and install it now - Currently not available We are currently experiencing a high level of demand for Windows XP Service Pack 2, so please check back later for availability. We apologize for any inconvenience. If you prefer to obtain SP2 another way, the easiest way to get Service Pack 2 is to turn on the Automatic Updates feature in Windows XP and it will be downloaded when you are connected to the Internet without you having to take any further action. So then I thought about getting it from the torrent at sp2torrent.com, but sadly microsoft has made them remove the torrent... -Original Message- From: Byron L. Hicks [mailto:[EMAIL PROTECTED] Sent: Monday, August 30, 2004 3:21 PM To: Jeff Wheeler; Henry Linneweh Cc: [EMAIL PROTECTED] Subject: Re: Senator Diane Feinstein Wants to know about the Benefits of P2P Not true. For those of us who host Akamai servers, we could download SP2 with no problems. We did not need P2P, or MSDN. In fact, I would be very reluctant to trust a Windows update downloaded via P2P. -- Byron L. Hicks Network Engineer NMSU ICT On 8/30/04 12:43 PM, Jeff Wheeler [EMAIL PROTECTED] wrote: My two cents: When Windows XP SP2 was released the only way to get it (for those of us not part of MSDN at least) was via P2P. The same has been true for countless other large but important software releases on various platforms (particularly ones like Linux that aren't backed by huge corporations with tons of bandwidth to host these sorts of files). Point is? P2P is extremely valuable for the timely and cost-effective delivery of critical updates to the masses. -- Jeff Wheeler Postmaster, Network Admin US Institute of Peace On Aug 30, 2004, at 2:27 PM, Henry Linneweh wrote: So I would like some professional expert opinion to give her on this issue since it will effect the copyright inducement bill. Real benefits for production and professional usage of this technology. -Henry
RE: VeriSign's rapid DNS updates in .com/.net
Petri Helenius wrote: What would be your suggestion to achieve the desired effect that many seek by lower TTL's, which is changing A records to point to available, lower load servers at different times? On a similar note (and not viewing the issue through the usual spam-colored glasses): Some people are using low dns TTLs in disaster recovery setups, so that in the event of a disaster at a primary site, services can be switched over to new servers at a secondary site via easy and fast DNS changes? If the TTLs are too long, all the cached records will continue to point at the servers which might no longer exist -- until they expire. This is another situation where low TTLs can be beneficial. Are there any other uses for low dns TTLs that haven't been brought up in this thread? And what is a low TTL being classified as? 30 minutes? 10 minutes? 5 minutes? -Brian
RE: Spyware becomes increasingly malicious
Alexei Roudnev wrote: It is not a bug; it is specially designed IE feature. MS always was proud of their full automation - install on demand, update automatically, add new software to start at a startup without need to be system admin, etc etc... As a result, we have a field full of bugs, pests, pets, spiders, spies and so on... They have _exactly_ what they designed. No one even bored to ask me 'do you want to allow this registry change' , because 'MS believe that their users are lamers so everything must be automated from the beginning to the end'... Most of the lastest versions appear to install themselves using the ByteCode Verifier vulnerability in the Microsoft Virtual Machine. Fully patched systems don't get the stuff installed. I'm sure the authors are working on newer injection methods Though the blame might be placed on Microsoft for having a flaw in their code, this wasn't part of any IE feature. You can read more about this exploitable bug (not feature) at http://www.microsoft.com/technet/security/bulletin/MS03-011.mspx I do not blame MS, but what about spyware on MAC-s - is it so easy to write and install spyware there? I don't really want to get into the argument of why people choose microsoft products to attack, but if someone was going to choose a product to attack, from which they were going to try and make the most money/impact off of, do you think they would choose the product with the largest user base? I think that's the case here. It would be a poor business decision not to, and these people are definetly out to make as much money as they can off of these exploits. This is 100% legal at this point (and even if it is not legal, who bored about it outside of USA? No anyone!). It really shouldn't be legal. It is someone gaining unauthorized access to computer systems and altering data on those machines. Not to mention that people are profiting from these intrusions. -Brian
RE: Spyware becomes increasingly malicious
William Warren wrote: not all the variants are that easy..how about doing a google on coolwebsearch..scumware.com has a good writeup as well as spywareinfo.com...the newer variants are not that easy I second that. The version I saw required a third party registry editor and booting up into the recovery console from an XP cd (safe mode didn't cut it) just to remove a hidden dll. Had it not been for the forums out there at http://forums.spywareinfo.com and the cwsshredder, which got most, but not all, of the cruft installed by this piece of bastard software, my grandmother's computer would still be popping up those tens of pages of garbage randomly. The authors of these coolwebsearch variants are extremely intelligent programmers with far more understanding of the bowels of the windows platform than your average script kiddies. If you get hit with the version I saw, it's no 10 minute piece of cake. What I don't understand is how exploiting bugs in a program (internet explorer) to install software without the consent or even acknowledgement from the owner/user is legal behavior. To me, it's just like someone abusing a bug in bind, and installing a rootkit, which last time I checked, could end up getting someone in legal troubles. For another hastily-thought-out analogy, it's like someone breaking into your house and reprogramming your cable box to keep changing the channel to the home shopping club every 30 seconds. -Brian
RE: Barracuda Networks Spam Firewall
Title: RE: Barracuda Networks Spam Firewall Eric, There's one rule that will wipe out ~90% of spam, but nobody seems to have written it yet. if URL IP addr is in China then score=100 support for a generic lookup list of cidr blocks would get another 9% I agree that geographically classifying the URL's embedded in the spams would be pretty slick, using the china.blackholes.us and cn-kr.blackholes.us RBLs has been pretty effective at reducing our spamload, as a supplement to the standard lookup services. They do not descriminate between legit mails and spam mails from china. Everything from those IP blocks gets classified as spam. Luckily we don't ever get any client emails from those countries at this point and can use these filters without worrying about false-positives. (I think the doubleclick.blackholes.us is pretty funny too) There are others at: http://www.blackholes.us/ Is anyone else out there using these blackholes? I wonder how often they get updated. Brian Battle Confluence
