Select Page

Mail, spam and viruses – update

by | Jan 9, 2006 | evilzenscientist, Linux, Uncategorized

I experimented several times during the holidays on various configurations of SpamAssassin and the like. I finally settled on something I liked and was easy to manage.

I found an addition to IPcop that added these services in a controllable manner – CopFilter – http://www.copFilter.org.

CopFilter plugs into IPcop and adds (for me) an SMTP proxy, ClamAV, SpamAssassin – as well as giving me a really simple web UI to manage things. Best of all all of the components are GPL.

I’ve trained the anti-spam – and it’s really working better so far than my own manual tweaking on a seperate server. 🙂

So far so good – I’ll keep track of the performance and post the results later.

Buying ITIL books in London

by | Dec 18, 2005 | evilzenscientist, fun stuff, ITIL, Uncategorized

As I was in central London I made a special visit to The Stationery Office Bookshop near Holborn.

TSO is a strange beast; formerly HMSO (Her Majestys Stationery Office), now the Office of Public Sector Information – it is the official publishing arm for the UK Government. Everything from Government papers, reports of debates in Parliament to ITIL, Prince and other documents are published.

The TSO bookshop is a veritable hideout of really specialist, non-overlapping information.

I was buying books on ITIL – the IT Infrastructure Library – for my team. Useful and required reading in todays IT world.

Mail, spam and viruses

by | Dec 6, 2005 | evilzenscientist, Linux, Uncategorized

Sigh.

I keep tweaking and tightening my anti-spam rules for my mail server – but the amount of inbound spam is getting crazy. I’m catching about 95% of bad mail – and getting all viruses – but I’m looking at switching to a dedicated inbound mail filter.

I’m probably going to run SpamAssassin and ClamAV running on SLES9.

Windows XP passwords

by | Dec 2, 2005 | evilzenscientist, Linux, Uncategorized

Don’t ask why – but I had need to reset an Administrator password on a Windows XP workstation today.

I had forgotten the password, it was locked out, the machine wasn’t in AD – and I was stuck.

Luckily there are a wealth of tools to help in this situation – including this. Petter Nordahl-Hagen has written a stunning Linux based boot floppy that just fixes things like this in seconds. Thanks Petter.

Internet Explorer – another unpatched vulnerability

by | Nov 21, 2005 | evilzenscientist, patching, Uncategorized

SANS are flagging a particularly nasty Internet Explorer problem:

the UK group “Computer Terrorism” released a proof of concept exploit against patched versions of Internet Explorer. We verified that the code is working on a fully patched Windows XP system with default configuration.

The bug uses a problem in the javascript ‘Window()’ function, if run from ‘onload’. ‘onload’ is an argument to the HTML tag, and is used to execute javascript as the page loads.

The Javascript Window() vulnerability has been known for a few months now, but it has so far been treated as a denial of service (DoS) vulnerability. The author of this PoC figured out a way to use this older vulnerability to execute code.

Impact:
Arbitrary executables may be executed without user interaction. The PoC demo as tested by us will launch the calculator (calc.exe).

In addition ot the PoC ‘Calculator’ exploit, a reader (thanks Chris R!) submitted a version that opens a remote shell. The PoC exploit allows for easy copy/paste of various shell code snippets.

In itself, the vulnerability will not escalate privileges. We are trying to verify other exploits at this point.

Mitigation:
Turn off javascript, or use an alternative browser (Opera, Firefox). If you happen to use Firefox: This bug is not affecting firefox. But others may. For firefox, the extnion ‘noscript’ can be used to easily allow Javascript for selected sites only.

Looks nasty. Fully patched Windows XP and IE 6 is at risk from this one; turning off javascript is going to break a lot of new sites..

As the man said – make sure you use Firefox or Opera.