Hacking EFS
Learning how a product might be compromised is a good exercise. If we can learn how someone might get through our defenses, we can make our defenses better. Take Microsoft’s Encrypting File System (EFS). This free tool available with Windows 2000 and XP computers can be used to encrypt files. Can it be hacked? Should anything additional be done to harden it? Any security product can be compromised, what problems are there with EFS?
Friday, May 24, 2002
How-To Harden OpenBSD Using Packet Filter
Traditionally firewall software has run on computers with two or more network interfaces to control the flow of traffic between them. Increasingly firewall software is run on a single machine which it protects. I've tried to cover everything you need to know to use IP Filter or Packet Filter as a single host firewall on this page and discuss when such use may or may not be appropriate.
Traditionally firewall software has run on computers with two or more network interfaces to control the flow of traffic between them. Increasingly firewall software is run on a single machine which it protects. I've tried to cover everything you need to know to use IP Filter or Packet Filter as a single host firewall on this page and discuss when such use may or may not be appropriate.
The passphrase FAQ
This is The Passphrase FAQ for PGP. I tried to include everything I've seen asked on alt.security.pgp along with some extras to cover other things like passwords and different key lengths. Most people who have had college algebra or higher should be able to follow the math.
This is The Passphrase FAQ for PGP. I tried to include everything I've seen asked on alt.security.pgp along with some extras to cover other things like passwords and different key lengths. Most people who have had college algebra or higher should be able to follow the math.
Securing Web Based Corporate E-Mail Using Microsoft Exchange Outlook Web Access
In today’s hyper-connected environment, it is essential that the workforce remain in touch with their home office and clients. This is often at odds with the fact that a significant portion of the workforce is also a mobile one. To overcome this problem, a number of solutions have been employed such as cellular phones, personal digital assistants (PDA’s) such as Palm Pilots, Blackberry’s and iPaq devices. Each of these has restrictions on the amount of data that can be communicated. It is evident that the best system for communicating anything from brief "fyi’s" to long-term corporate strategy is still a reliable e-mail system. As such, many organizations have moved towards exposing their internal e-mail systems to the Internet in order to maintain those lines of communication and an immediate transmission of data. Of course, doing so unleashes a significant number of security risks that must be addressed before even the first e-mail is opened at any unsecured location. Failure to do so threatens the host organization’s mail server, network, corporate partners and even a corporation’s very existence.
One such solution is Microsoft’s Outlook Web Access (OWA), an extension of the Exchange 5.5 mail system, which allows a client access to basic e-mail features, public folders, and a personal calendar through a standard Web browser. As it is based on the notoriously insecure IIS web server, it may be supposed that this system cannot possibly be secured, bu
In today’s hyper-connected environment, it is essential that the workforce remain in touch with their home office and clients. This is often at odds with the fact that a significant portion of the workforce is also a mobile one. To overcome this problem, a number of solutions have been employed such as cellular phones, personal digital assistants (PDA’s) such as Palm Pilots, Blackberry’s and iPaq devices. Each of these has restrictions on the amount of data that can be communicated. It is evident that the best system for communicating anything from brief "fyi’s" to long-term corporate strategy is still a reliable e-mail system. As such, many organizations have moved towards exposing their internal e-mail systems to the Internet in order to maintain those lines of communication and an immediate transmission of data. Of course, doing so unleashes a significant number of security risks that must be addressed before even the first e-mail is opened at any unsecured location. Failure to do so threatens the host organization’s mail server, network, corporate partners and even a corporation’s very existence.
One such solution is Microsoft’s Outlook Web Access (OWA), an extension of the Exchange 5.5 mail system, which allows a client access to basic e-mail features, public folders, and a personal calendar through a standard Web browser. As it is based on the notoriously insecure IIS web server, it may be supposed that this system cannot possibly be secured, bu
Thursday, May 23, 2002
SerialSniffer
SerialSniffer is a tool to get more information about data, which is transmitted via a serial link.
You can either connect SerialSniffer to a single device, which transmits serial data and SerialSniffer will print out the data, which is received, in the ASCII an HEX-Display.
SerialSniffer is a tool to get more information about data, which is transmitted via a serial link.
You can either connect SerialSniffer to a single device, which transmits serial data and SerialSniffer will print out the data, which is received, in the ASCII an HEX-Display.
Securing a Win2K Webserver
This document serves as a checklist for securing a Windows 2000 webserver on the Internet. This document was created to help Sys Admins get started configuring security on their machines, and in no way should be considered the final word on Windows 2000 security. The alert reader will notice that securing a machine from hacking is an ongoing process.
This document serves as a checklist for securing a Windows 2000 webserver on the Internet. This document was created to help Sys Admins get started configuring security on their machines, and in no way should be considered the final word on Windows 2000 security. The alert reader will notice that securing a machine from hacking is an ongoing process.
Wednesday, May 22, 2002
Welcome to iJET Travel Intelligence
Welcome to iJET Travel Intelligence, the first "intelligence agency" specifically for the global travel industry. Our mission is to provide you with critical and up to the minute travel information specific to your needs. With our simple, customer-friendly services to assist you, worldwide travel has never been more worry-free.
Welcome to iJET Travel Intelligence, the first "intelligence agency" specifically for the global travel industry. Our mission is to provide you with critical and up to the minute travel information specific to your needs. With our simple, customer-friendly services to assist you, worldwide travel has never been more worry-free.
The Cross Site Scripting FAQ
Websites today are more complex than ever, containing a lot of dynamic content making the experience for the user more enjoyable. Dynamic content is achieved through the use of web applications which can deliver different output to a user depending on their settings and needs. Dynamic websites have a threat that static websites don't, called "Cross Site Scripting" (or XSS dubbed by other security professionals). Currently small informational tidbits about Cross Site Scripting holes exist but none really explain them to an average person or administrator. This FAQ was written to provide a better understanding of this emerging threat, and to give guidance on detection and prevention.
Websites today are more complex than ever, containing a lot of dynamic content making the experience for the user more enjoyable. Dynamic content is achieved through the use of web applications which can deliver different output to a user depending on their settings and needs. Dynamic websites have a threat that static websites don't, called "Cross Site Scripting" (or XSS dubbed by other security professionals). Currently small informational tidbits about Cross Site Scripting holes exist but none really explain them to an average person or administrator. This FAQ was written to provide a better understanding of this emerging threat, and to give guidance on detection and prevention.
Tuesday, May 21, 2002
..ThinkPad TM supervisor password, hard drivepassword and power on password recovery or removal solutions
This site is dedicated to ThinkPad™ (TP) owners who find themselves locked out because for whatever reason, they don't know the Supervisor Password or Power On Password or Hard Drive Password.
This site is dedicated to ThinkPad™ (TP) owners who find themselves locked out because for whatever reason, they don't know the Supervisor Password or Power On Password or Hard Drive Password.
SpyFinder™
The SpyFinder™ is a small, lightweight, battery-powered device that allows the user to quickly identify and locate hidden cameras.
Since the SpyFinder™ works optically, no amount of electronic jamming or shielding can stop it from finding hidden cameras.
SpyFinder™ works against all types of cameras: Video cameras, Pinhole / spy cameras, Digital cameras, and Auto-focus cameras.
Anytime a camera can see you, the SpyFinder™ can see the camera. SpyFinder™ detects hidden cameras in a wide range of conditions -- inside covert packaging, in walls and ceilings, inside EM shielding -- even when camera is off.
The SpyFinder™ is a small, lightweight, battery-powered device that allows the user to quickly identify and locate hidden cameras.
Since the SpyFinder™ works optically, no amount of electronic jamming or shielding can stop it from finding hidden cameras.
SpyFinder™ works against all types of cameras: Video cameras, Pinhole / spy cameras, Digital cameras, and Auto-focus cameras.
Anytime a camera can see you, the SpyFinder™ can see the camera. SpyFinder™ detects hidden cameras in a wide range of conditions -- inside covert packaging, in walls and ceilings, inside EM shielding -- even when camera is off.
Subscribe to:
Posts (Atom)