Security

Get file or folder permissions using PowerShell

The Get-Acl cmdlet in PowerShell’s Security module (Microsoft.PowerShell.Security) does a great job of getting file or folder permissions (aka the Access Control List or ACL). But getting useful info from the default output can take some getting used to. Instead, it’d be great to simply be able to see what the Security tab of a […]

More →

Dealing with WordPress’ Unauthenticated Privilege Escalation Vulnerability in a REST API Endpoint

On Thursday, WordPress.org released WordPress 4.7.2, fixing the following four vulnerabilities. The user interface for assigning taxonomy terms in Press This is shown to users who do not have permissions to use it. Reported by David Herrera of Alley Interactive. WP_Query is vulnerable to a SQL injection (SQLi) when passing unsafe data. WordPress core is […]

More →

BleachBit’s claim of permanently deleting emails from Exchange

In a recent news segment featuring BleachBit, Fox Business questioned whether Democratic presidential nominee Hillary Clinton may have used the software to permanently delete emails from her mail server. The segment features BleachBit lead developer Andrew Viem. Politics and click bait headlines aside, readers will find the claims interesting. How to delete secret emails from […]

More →

Net neutrality and how ISPs can impact your email security

There was a time ISPs limited themselves to providing layer 3 connectivity. You got a connection, and if the link was up and your computer or network configured correctly for Internet Protocol (IP) communication, you could send and receive TCP/IP packets over that link. The ISP controlled the bandwidth, which is the maximum rate at […]

More →

Change mailbox audit logging age limit in Exchange 2010 and later

In Exchange 2010 and later, you can use Mailbox Audit Logging to enable auditing of mailboxes for actions taken by mailbox owners, delegates and administrators. You can log events such as mailbox access, folder access, item access, deletes, hard deletes, moves, etc. For details, see Mailbox Audit Logging in Exchange 2013 documentation. By default, mailbox […]

More →

Exchange 2010: Change security groups to distribution groups

Distribution groups are a well-known concept for Exchange admins. Quite simply, a distribution group is an Active Directory group that’s Exchange-enabled and therefore has an email address. Messages sent to the group are delivered to group members, which can be mailbox users, mail users (users with an email address outside the Exchange org), mail contacts, […]

More →

Auditing Distribution Group Membership Changes

Exchange 2010 includes Administrator Audit Logging functionality to log all administrator actions. Because all administrator actions, including those taken using the EMC and the new web-based ECP consoles must fire off a Shell command under the hood, admin audit logging records cmdlets that can make changes (the ones that use the New and Set verbs, […]

More →

Exchange ActiveSync: What is the Allow/Block/Quarantine List?

If you’re an Exchange admin happy about how Exchange ActiveSync (EAS) just hums along with mobile devices supporting the EAS protocol, and the multitude of devices that can now access Exchange without any admin intervention (OTA device activation and all that…), but also unhappy about the multitude of devices that can now access Exchange without […]

More →

Exchange team posts guidance for the ASP.NET vulnerability

Late last week Microsoft released Microsoft Security Advisory (2416728), “Vulnerability in ASP.NET Could Allow Information Disclosure. The vulnerability is being investigated by the Microsoft Security Research Center (MSRC). The Exchange team has just posted guidance for Exchange customers. Head over to Microsoft Security Advisory 2416728, the ASP.NET Vulnerability, and Exchange Server for details. Microsoft to […]

More →

BlackBerry faces ban in UAE, Saudi Arabia, to cooperate in India

It appears to be an increasingly monitored world for mobile devices, as governments across the globe rev up their efforts to snoop into mobile messaging. UAE’s The National reports the country’s Telecommunications Regulatory Authority has said that BlackBerry Messenger, BlackBerry E-mail and BlackBerry Web-browsing services in the UAE will be suspended as of October 11. […]

More →