A while back, I was setting up an internal website (on a Windows domain with Active Directory), where I needed to identify each person who connected to it. IIS has an option for “integrated Windows authentication”: the idea is that if you’re already logged into the domain then you don’t have to provide a new […]
I was going through the log files on my firewall server today when I saw something odd: my PC was trying to send outbound traffic on port 6667 every 30 seconds. At first I thought that this was for my IRC client, but it wasn’t. Instead, it’s a legacy of the “Sky by Broadband” service […]
Following up on my recent post about computer security (and my comment about phishing scams being cross-platform), Bruce Schneier has posted an entry about “Drive-By Pharming”. It has a stupid name, and it’s nothing to do with wireless access; there is also some doubt about how feasible the attack vector actually is. Still, it’s worth […]
Since my email address is public, I get a lot of spam: typically 100 messages per day. The Outlook 2003 Junk E-mail filter does a decent job of catching most of it, but there are still some that slip through; I also keep an eye on the spam folder itself, in case of false positives. […]
I see that there’s now a UK version of the “PC vs Mac” adverts. These are pretty similar to the original American versions, although there are fewer UK ones so far. Still, I think that they’re quite funny, and I actually prefer the UK ones, mainly due to the actors involved (Mitchell and Webb); the […]
A few years ago (August 2002), my home server got hacked. I dealt with it fairly quickly, but it took me a while to really understand what had happened, because I was more naïve about security in those days.
Today I’ve been fixing a problem with my mail server after someone “hacked” (cracked) it. I’m reconstructing the chain of events as best I can, but the causality wasn’t obvious at the time. Background: this machine is running Windows Server 2003 SP1 with Exchange Server 2003 SP2. A few weeks ago, someone gained unauthorised access […]
I’ve been taking an interest in computer security recently, and as part of that I’ve been investigating digital certificates, primarily in the context of code signing (e.g. applications/macros/plugins). There seem to be two main misconceptions here (at opposite ends of the scale), which are worth addressing: 1. “If something has been signed then it’s safe.” […]