Eugene Siu's Thoughts on Security
Share my latest security research and techniques
Browse by Tags
All Tags
»
Security
(RSS)
Developer Productivity
Exchange server
IIS
Distribution List is more locked down in Exchange 2007 to reduce spam
Distribution list is used for grouping users together, and emails can be sent to all members belonging to a DL. In Exchange 2003, the default setting is that a DL accepts emails from any email addresses. It can be configured to reject external email addresses
Read More...
Is anonymous read-only site immune to XSS?
Most folks know that cross-site scripting (XSS) bugs can be used to steal logon cookies, as this scenario is touted pretty often as a classic XSS exploit. How about an read-only site without requiring any logons, such as dictionary sites or some news
Read More...
I am excited about EV Cert
I like the idea behind Extended Validation Cert a lot. It is designed to combat phishing problems. There are some well-known phishing victim sites, such as Paypal, Bank of America, EBay, etc, that would love this feature. Check out how IE7 green address
Read More...
Why do browsers show cert warnings for Outlook Web Access 2007 by default?
You may wonder why OWA 2007 show cert warnings by default on most browsers. At the back of your mind, Microsoft has talked so much about trustworthy computing, and they must still do not get security. Exchange team has gone back and forth on this issue
Read More...
Don't believe that anti-spam is disabled
After setting up Exchange 2007 Edge and Hub, you can verify their configuration via get-TransportServer. On Edge and Hub, two anti-spam settings are important. You can use "get-TransportServer | fl name, anti*" to show the status of anti-spam related
Read More...
About NTLM/Kerberos and Constrained Delegation in W2k3
I find some well-written documentation on NTLM/Kerberos and Constrained Delegation in W2k3 to share with my colleagues. They are useful as introduction and reference materials. NTLM http://davenport.sourceforge.net/ntlm.html Kerberos http://www.microsoft.com/msj/0899/kerberos/kerberos.aspx
Read More...
About LDAP injection
The concept of LDAP injection is similar to SQL injection, except that the target is Active Directory or any LDAP server. The idea is to inject untrusted data into a LDAP query by malicious users. Here comes a paper to explain that. http://www.spidynamics.com/support/whitepapers/LDAPinjection.pd
Read More...
More Posts
« Previous page
Search
This Blog
Home
About
Email
Tags
<script>alert()</script>
Developer Productivity
Exchange server
IIS
Infoworker Productivity
Mobile Phone
Security
Archives
November 2008 (2)
October 2008 (3)
March 2008 (1)
November 2007 (1)
October 2007 (8)
September 2007 (6)
May 2007 (2)
April 2007 (1)
March 2007 (1)
February 2007 (3)
January 2007 (2)
July 2005 (1)
March 2005 (2)
February 2005 (1)
January 2005 (2)
December 2004 (1)
November 2004 (3)
ACE Team
ACE Team
Syndication
RSS 2.0
Atom 1.0
