CA

Aug 22 2008   8:02PM GMT

Poor Spelling = Identity Lost

Posted by: Troy Tate
administration, Networking, forensics, Security, Browsers, web, reporting, WWW, intellectual property, CA, certificate authority, malware, SSL, design, website, howto, network analysis, online identity, risk, awareness, blog, vulnerability, MITM, man-in-the-middle

Well, I am not the best speller and I know that is true for most people. I have recently discovered how this human weakness can get you into trouble and cause identity loss as well as potential financial loss.

This issue has recently come to light with some of the Black Hat presentations. The actual presentation can be found here. This example actually refers to SSL VPN attacks but consider what would happen if an attacker was able to create a man-in-the-middle SSL proxy using a typosquatting domain name. For example, what if you typed https://www.mybnak.com/myaccount into your browser. The actual address should be https://www.mybank.com/myaccount. This is just a simple typographical error right? Hmmmmm… maybe not!

Consider if an attacker purchased the domain name mybnak.com. They then were able to get an SSL certificate or create a self-signed one that to an uneducated user looked ok. Have you ever seen a message like the following?

How many of you (come on, admit it now) have clicked on this or know someone who would click on this without thinking a second time? Say you did click on Yes and proceeded. The website you go to looks exactly like the one where you intended to go! This is because the address you mistyped into your browser actually goes to an SSL proxy and you just said you trusted the website. You have now fallen into the man-in-the-middle attack.

This looks like the following picture:

This attacker now takes all the traffic you send it, reads it, saves what it wants, repackages it, sends it to your intended destination and returns information back to you (keeping copies of what information is returned) without you knowing that someone is between you and your intended bank. Phishers do use a similar mechanism although a savvy consumer might actually see that the address in the address bar does not match their intended destination at all. In my example, YOU mistyped the address!

Well if this does not scare you into making sure you can type addresses or keep accurate bookmarks then read some of the following and make up your own mind:

Mozilla SSL Policy Considered Bad for the Web

SSL VPN might not be as secure as you think

Black Hat 2008 Aftermath

But, on the other side of this argument consider this story about how a MITM attack saved Columbian hostages.

The internet is not a place to be ignorant about your surroundings. Users must be vigilent and savvy about its use. Maybe there should be internet driver testing and licences?

Thanks for your time. Let’s be good network citizens together & practice safe networking!

Aug 20 2008   6:19PM GMT

Did you see this? - Need some Exchange advice/support

Posted by: Troy Tate
administration, tools, Microsoft Windows, web, CIO, DataCenter, DataManagement, WWW, CA, spam, certificate authority, digital signatures, email, RSS, wiki, Exchange 2007, Outlook Web Access, Policy, Exchange, design, OWA, website, anti-virus, Performance, Powershell, howto, policy enforcement, awareness, blog, toolkit

Maybe you have already read my post about implementing new Exchange 2007 mailboxes for over 2000 users. If not… look here. So, as you see from this event, ongoing support for these global users on a new messaging system is going to be a real challenge.

I found a great blog posting with links to some excellent Exchange resources. Keep this in your toolkit for those times you just can’t find the answer elsewhere to those nagging Exchange problems. I see lots of other IT people struggling with this system and looking for support here at IT KnowledgeExchange.

Some other Exchange resources I recommend are:

Microsoft Exchange Server Resource Site

E-mail archiving

Seven ways to organize your e-mail

MessagingTalk.org - Portal for Microsoft Exchange Messaging & Collaboration

Thanks for your time. Let’s be good network citizens together & practice safe networking!

Jul 25 2008   12:41PM GMT

2000 users - new mailboxes - one weekend - DONE!

Posted by: Troy Tate
administration, Networking, tools, Microsoft Windows, internet, CIO, DataCenter, DataManagement, CA, antivirus, certificate authority, digital signatures, email, Exchange 2007, Outlook Web Access, Exchange, design, OWA, Microsoft, troubleshooting, Powershell

Well, we did it! We implemented new mailboxes on Microsoft Exchange 2007 for over 2000 users in one weekend. Of course it took lots of planning, testing and blood, sweat, tears during the process, but we are now on one e-mail platform where there were at least 5 before. We had more domains than we needed and now the company is on one domain. We had to plan and provide for inbound messages still to the old domains.

The implementation was not without a couple of minor glitches and learning how users use the application. One glitch was a mistyped IP address. This prevented e-mail flow for a short period of time, however that is not a huge issue since SMTP servers will continue to retry sending messages. Another issue that was encountered was administrative rights to “shared” mailboxes like customer service or supply buyers.  This has now been resolved and users are getting full use from the system.

We still have some work to be done on things like:

• proactive system monitoring to detect issues before the users do;
• alternatives to sending large attachments (our attachment limit is 15MB);
• running Outlook Anywhere so a mobile user can attach to their mailbox without having to use VPN;
• supporting mobile devices like smartphones (our focus is on Windows Mobile v6 and up);
• user certificates using private PKI to allow for digital signatures and encryption.

So, as you see, work in IT never finishes… it just continues to grow as more services and systems are implemented and change happens. Please feel free to leave a comment if you would like more information about our implementation process and decisions we made along the way.

Thanks for your time. Let’s be good network citizens together & practice safe networking!

Jun 18 2008   5:26PM GMT

Did you see this? - Infosecurity Magazine RSS feed

Posted by: Troy Tate
Networking, forensics, Security, tools, Monitoring, web, reporting, DataCenter, WWW, IT education, CA, antivirus, digital signatures, Data security, RSS, malware, SSL, Policy, website, anti-virus, honeypot, botnet, Metrics, research, policy enforcement, awareness

Infosecurity Magazine has a very good RSS feed to keep yourself up to date on events/issues and technologies. Check it out!