| Home | My Account | Directories |
Active Directory Domain Controller Hacked Through Remote DNS Management?
Published on 2010-04-07 05:31:00
This is my initial reaction to Microsoft's Security Advisory 935964, and should be correct to the extent the advisory is complete and correct.Through a buffer overflow attack on the RPC port of a Windows server an anonymous user can execute code in the DNS. Since the Windows DNS Service is integrated with Active Directory and often run on a domain controller, this means the attack has the opportunity to compromise a Windows domain controller, which is a great start towardsCompromising other doma
Appalacian Identity Management at Myspace
Published on 2010-04-03 05:34:00
What do you think about when you hear the word Appalachia? Beautiful mountains and trails? Poor, inbred communities? Its all there. And weirdly, it all relates to this blog entry. Sort of.This post is actually about poor (shall we say, inbred?) identity management on Myspace.com. But it starts on the Appalachian trail.My cousin's son Mason is taking the summer off to hike the Appalachian trail. As I write, he and his friend "Swamp Yankee" are somewhere in Tennessee. They are posting accounts of
Haiti, Urns, and Non-Quantifiable Risks
Published on 2010-04-02 05:36:00
I've been too busy to post lately because I went on a mission trip with our church to Haiti. They was a fantastic experience, so I started another blog about it at http://global-mission-trips.blogspot.com. Please check it out and let me know what you think!There are definite lessons from the security perspective, though. It is no secret to professionals in the field that we tend to over-estimate the risks of what is unfamiliar and novel, and under-estimate other risks.Concerning Haiti, much has
