Security

Renewing Certificates: DigiCert impresses again with customer service

Have you had a service that uses SSL/TLS, such as Outlook Web App (OWA), Exchange ActiveSync (EAS), AutoDiscover, or perhaps just a web site, impacted due to an expired certificate? Validity of digital certificates must be monitored, just as we monitor domain name registrations and renewal dates. Overlooking the fact that certificates expire and need […]

More →

HTC Droid not synchronizing with Exchange 2010?

Last year Apple riled IT departments and security community when it was revealed that before the iPhone 3.1 OS release, iPhones had bee incorrectly reporting their policy compliance for encrypting device data (or as some critics said— the iPhone was lying about its policy compliance). See previous post iPhone OS 3.1 Security Changes and Exchange […]

More →

Social Engineering Attack Disguised As Mailbox Quota Message

Social engineering is all about psychological attacks— convincing a user to willingly divulge information is much more convenient, in most cases, than actually brute-forcing your way in. Attackers with very little technical sophistication (and perhaps some great social skills) can easily prey upon even the more vigilant users. I would’ve held on to my belief […]

More →

Exchange 2010: Remove a RBAC Role from a Role Group

Exchange 2010 ships with a great new security feature – Role Based Access Control (RBAC). Having worked on the RBAC architecture of another product in what seems like a previous life, I’m excited about the RBAC implementation in Exchange! I wanted to write a detailed article/post on RBAC, but given current time constraints, the longish, […]

More →

Gmail discovers benefits of SSL, defaults to HTTPS

Google seems to have discovered the benefits of using SSL to encrypt HTTP traffic. In a blog post on the Gmail blog, Engineering Director Sam Schillace explains that Google has finally started valuing security over latency, and enabled HTTPS by default. Gmail has always been using SSL to encrypt the authentication credentials sent from the […]

More →

cc:Betty: A cool web app you may want to block

If you haven’t looked at Palo Alto-based cc:Betty yet, perhaps you should. cc:Betty promises to keep everyone on the same page. Still in beta, it’s a useful web app that helps users organize their email communication, collects email content, catalogs attachments and files, and also maintains your contacts. It’s also amazingly simple to use. Besides […]

More →

iPhone OS 3.1 Security Changes and Exchange ActiveSync Policy

Apple implemented device encryption in the iPhone 3GS, improving its odds of being considered for enterprise deployment. However, users using Exchange ActiveSync (EAS) to connect to their Exchange 2007 mailboxes couldn’t take advantage of it, even when encryption was required by an Exchange ActiveSync Mailbox Policy, because the device didn’t tell Exchange it can support […]

More →

The ‘Catastrophic’ Windows 7 bug and security vulnerability that never was

Perhaps I should’ve used a different headline for this post. Something like “InfoWorld’s conspiracy to derail the Windows 7 product launch”. But that would be giving in to exactly the temptation I want to highlight— the one many bloggers, writers, and editors fall victim to, or otherwise find hard to resist in the quest for […]

More →

Trust Thy Certificate? New SSL Vulnerabilities Revealed At BlackHat 2009

It’s BlackHat time in Vegas, and I was expecting some interesting security revelations to make headlines, but not as serious as the SSL vulnerability revealed by independent security researcher Moxie Marlinspike. Moxie showed a way to intercept SSL traffic using what he calls a null-termination certificate. Reportedly, some programs terminate processing of a certificate’s subject […]

More →

UAE BlackBerry Update A Surveillance App

Unsuspecting BlackBerry customers in the UAE have been pushed out a surveillance app disguised as a BlackBerry update by telco Etisalat. Rather than improve BlackBerry handheld performance, the update emails received messages back to a central server! After downloading the app developed by Milpitas, CA-based SS8, a provider of communications intercept and surveillance solutions, users […]

More →

← Previous Entries

Next Entries →