Many people identify sending mass email to spam. The word “spam” formerly used to identify the sending out of context to the discussion groups, but now the term has expanded its meaning and is used to denote “any unsolicited email” or “any email sent people who have not already requested. ” And Internet service providers are increasingly taking steps to protect themselves from spam by anti-spam programs, anti spam programs and these can be hazardous to your business, if you plan to use the bulk sending of email as a tool promotion.

If people who receive their unsolicited email, complain to your Internet service provider (ISP), or the company that hosts your website (your web server), you may end up losing both. This means your website will be closed and you lose all Internet connectivity. Read the rest of this entry »

Outlook View ActiveX Vulnerability

We’ve all heard the saying, “The only things guaranteed in life are death and taxes!” Well, some people are beginning to think that we need to add a third item to that list of sure things. “The only things guaranteed in life are death, taxes and new security vulnerabilities with each incarnation of Microsoft’s Office Suite.” Yesterday, noted Bulgarian security consultant, Georgi Guninski, went public with a security advisory for Office XP users that would allow a malicious web developer unencumbered access to a victim’s e-mails. Simply by visiting a web page or opening a web enabled e-mail message, an Outlook user would unwittingly expose not only Outlook, but also the entire Windows system to the attacker. Further testing by KeyLabs, and after a subsequent security bulletin issued by Microsoft, we now know that this vulnerability affects Outlook 98 and Outlook 2000 as well as Outlook 2002 (part of the Office XP suite). Read the rest of this entry »

Memo to Bill Gates, Steve Ballmer, or whoever is in charge nowadays:

Go into Microsoft Word and print up a whole bunch of signs that say “Check All Buffers.” Then go around and staple these signs to the cubicle wall, the monitor, or the forehead of all your programmers. Read the rest of this entry »

Winning the SMBRelay Race

Windows 2000 Server Message Block (SMB), Microsoft’s Eric Schultze has clarified the fixes necessary to guard against it. To recap: SMB is a NetBIOS protocol widely used in Windows networking to share files, printers, and other services. A new hacker tool, SMBRelay, exploits several legacy security options embedded in the NetBIOS/SMB protocols that would allow an attacker to interpose between the client and host, and “hijack” a secure session.

Read the rest of this entry »

IIS Exposed to Data Flood Damage

As the mighty Mississippi recedes from the sandbag levees in Iowa, a serious breach in the dam of that other force of nature, Microsoft, comes to the fore. eEye Digital Security announced on May 1 its discovery of an unchecked buffer in the Internet Printing Protocol (IPP) of IIS version 5.0 for Windows 2000. The buffer overflow in this case exposes the Extended Instruction Pointer (EIP) CPU register, allowing an attacker to compromise the security of Microsoft’s premier web server platform. Read the rest of this entry »

SMBRelay Exploits Windows Networking

If you’ve been waiting for a really good reason to upgrade the security of your Windows network, one Sir Dystic, of the infamous hacker group Cult of the Dead Cow, has come up with one. His utility, SMBRelay, coupled with Security Software Technology’s L0phtCrack password-cracking software, vastly simplifies the process of breaking passwords collected from Windows-based LAN and Internet hosts. Read the rest of this entry »

pcAnywhere 10: Remote Access Not a Remote Risk (Update)

Symantec recently contacted ?regarding its April 11th, 2001 analysis of pcAnywhere securities issues and pointed out several features we glossed over in our (albeit brief) discussion of pcAnywhere 10.0. To summarize Symantec’s claims and our responses:? Read the rest of this entry »

Windows Class IDs Create Serious Vulnerability

Remember the scene in “Mission Impossible 2″ where the guy in the plane rips off the mask and exposes Ethan Hunt’s nemesis? So too are Windows users also having problems distinguishing between good and bad applications. As security analyst Georgi Guninski has recently shown, malicious users can play a devastating trick on Windows systems using a CLSID extension, and thereby disguise a potentially dangerous COM object as a lowly .TXT file.? Read the rest of this entry »