Last year I signed up with Facebook, and the “find friends” page asked me to give them the password to my GMail account so that it could log in as me and look at my list of contacts (address book), then see whether any of those people are already registered. I, however, was disinclined to …
Tag archives: security
Integrated Windows authentication in web browsers
A while back, I was setting up an internal website (on a Windows domain with Active Directory), where I needed to identify each person who connected to it. IIS has an option for “integrated Windows authentication”: the idea is that if you’re already logged into the domain then you don’t have to provide a new …
Continue reading “Integrated Windows authentication in web browsers”
The small print of DOOM!
I was going through the log files on my firewall server today when I saw something odd: my PC was trying to send outbound traffic on port 6667 every 30 seconds. At first I thought that this was for my IRC client, but it wasn’t. Instead, it’s a legacy of the “Sky by Broadband” service …
Router passwords
Following up on my recent post about computer security (and my comment about phishing scams being cross-platform), Bruce Schneier has posted an entry about “Drive-By Pharming”. It has a stupid name, and it’s nothing to do with wireless access; there is also some doubt about how feasible the attack vector actually is. Still, it’s worth …
Tales from the spam folder
Since my email address is public, I get a lot of spam: typically 100 messages per day. The Outlook 2003 Junk E-mail filter does a decent job of catching most of it, but there are still some that slip through; I also keep an eye on the spam folder itself, in case of false positives. …
Computer security
I see that there’s now a UK version of the “PC vs Mac” adverts. These are pretty similar to the original American versions, although there are fewer UK ones so far. Still, I think that they’re quite funny, and I actually prefer the UK ones, mainly due to the actors involved (Mitchell and Webb); the …
Anatomy of a hack: SBS 2000
A few years ago (August 2002), my home server got hacked. I dealt with it fairly quickly, but it took me a while to really understand what had happened, because I was more naïve about security in those days.
Anatomy of a hack: mail server
Today I’ve been fixing a problem with my mail server after someone “hacked” (cracked) it. I’m reconstructing the chain of events as best I can, but the causality wasn’t obvious at the time. Background: this machine is running Windows Server 2003 SP1 with Exchange Server 2003 SP2. A few weeks ago, someone gained unauthorised access …
Digital certificates
I’ve been taking an interest in computer security recently, and as part of that I’ve been investigating digital certificates, primarily in the context of code signing (e.g. applications/macros/plugins). There seem to be two main misconceptions here (at opposite ends of the scale), which are worth addressing: 1. “If something has been signed then it’s safe.” …