Security

Exchange team posts guidance for the ASP.NET vulnerability

Late last week Microsoft released Microsoft Security Advisory (2416728), “Vulnerability in ASP.NET Could Allow Information Disclosure. The vulnerability is being investigated by the Microsoft Security Research Center (MSRC). The Exchange team has just posted guidance for Exchange customers. Head over to Microsoft Security Advisory 2416728, the ASP.NET Vulnerability, and Exchange Server for details. Microsoft to […]

More →

Using Transport Rules to protect your organization from the ‘Here You Have’ Worm

The Here You Have worm, also known as Visal.B, has been spreading through network shares and email (more details on Microsoft’s Malware Protection Center web site). When spreading through email, the worm sends itself to your contacts with the following strings in the Subject field and message body: Subject: Here you have Body: Hello: This […]

More →

BlackBerry faces ban in UAE, Saudi Arabia, to cooperate in India

It appears to be an increasingly monitored world for mobile devices, as governments across the globe rev up their efforts to snoop into mobile messaging. UAE’s The National reports the country’s Telecommunications Regulatory Authority has said that BlackBerry Messenger, BlackBerry E-mail and BlackBerry Web-browsing services in the UAE will be suspended as of October 11. […]

More →

Renewing Certificates: DigiCert impresses again with customer service

Have you had a service that uses SSL/TLS, such as Outlook Web App (OWA), Exchange ActiveSync (EAS), AutoDiscover, or perhaps just a web site, impacted due to an expired certificate? Validity of digital certificates must be monitored, just as we monitor domain name registrations and renewal dates. Overlooking the fact that certificates expire and need […]

More →

Social Engineering Attack Disguised As Mailbox Quota Message

Social engineering is all about psychological attacks— convincing a user to willingly divulge information is much more convenient, in most cases, than actually brute-forcing your way in. Attackers with very little technical sophistication (and perhaps some great social skills) can easily prey upon even the more vigilant users. I would’ve held on to my belief […]

More →

Exchange 2010: Remove a RBAC Role from a Role Group

Exchange 2010 ships with a great new security feature – Role Based Access Control (RBAC). Having worked on the RBAC architecture of another product in what seems like a previous life, I’m excited about the RBAC implementation in Exchange! I wanted to write a detailed article/post on RBAC, but given current time constraints, the longish, […]

More →

Where are mailbox last logon, client IP address and other details in Exchange 2007 & Exchange 2010?

In Exchange Server 2003/2000, expanding a Mailbox Database (MDB) provides information about mailboxes in a database, last logon/logoff times and account(s) that logged on to mailboxes (see ‘Displaying Client IP Address in Exchange System Manager‘ for details). Figure 1: In Exchange 2003, the Logons node displays Store logon-related information. Click here to see a bigger […]

More →

Removing internal host names and IP addresses from message headers

Another frequently asked question about SMTP mail – how can I remove internal host names and IP addresses from outbound Internet mail? More often than not, this results from the belief that somehow if the outside world finds out an organization’s internal IP addresses and host names, it makes the organization vulnerable. Auditors love to […]

More →

List mailboxes with Full Mailbox Access permission assigned

In “HOW TO: Grant Full Mailbox Access permission“, we saw how to assign and view mailbox permissions, including Full Access. Here’s how you can get a list of mailboxes with explicitly-assigned (i.e. not inherited) Full Access permissions. You can specify a single mailbox and retrieve the permissions assigned on it by using the Get-MailboxPermission cmdlet. […]

More →

Renew self-signed certificates in Exchange 2010 and Exchange 2007

In Exchange 2007 and later, Exchange Setup creates a self-signed certificate to protect communication with Exchange services such as SMTP, IMAP, POP, OWA, EAS, EWS and UM. Exchange’s self-signed certificates meet an important need – securing communication paths for all Exchange services by default. The self-signed certificate meets an important need – securing communication paths […]

More →

← Previous Entries

Next Entries →