Skip to content

Posts from the ‘Security’ Category


Sophos ES4000 Active Directory Fun

The college recently purchased a new Sophos Email Security appliance model. It was very easy to setup and I’m looking forward to having PureMessage filtering our spam and crapmail attacks, it’ll be a good thing.

The Active Directory integration is not a polished as their Web Security appliances’ are. We have two WS1000 appliances, also from Sophos. Both hooked right into AD and pulled down both students and staff accounts without issue. Even indicated what sub-domains it found during the process. Top notch, no brainer installation.

The problem I’m writing about is the ES4000 appliance’s inability to detect our second domain in the same forest as the domain our service account is in. First off, it couldn’t even automatically detect settings using the same service account using the “Detect Settings…” feature. An undocumented bug was documented on with the workaround being you have to use an account with Schema Admin privileges in the domain’s original Users OU. Once detected, you could move the user and modify the DN used to authenticate.

Okay, that one was fixed. But I still couldn’t sync both staff and students – even if I pointed the Base DN to the top domain or left it blank.

I opened a case with Sophos and went through first level support. After 48 hours (plus a weekend) of remote support they kicked me to second tier.

Second tier connected remotely and continue the troubleshooting. After an hour or so they found a workaround and had me test it. Success.

Fix: Replace the Base DN for users/groups with a single space. Done and now it works. I’m not much of an LDAP junkie, but I would consider that a bug.

Anyway, it works for me and I hope it helps someone else out there scratching their head wondering why the eff their ES4000 is not working.

Side note: All in all, Sophos support is pretty good I just wish they would read my entire email before firing back the first canned response that essentially was exactly what I had already done. For anyone absolutely buried with this product, I can highly recommend leveraging their consulting services. Well worth the small price to get it done right the first time.


Rotten BlackBerries Make Good Whine.

Now to be perfectly fair, I’m not going to blame all of my issues on BlackBerry or their Enterprise Server. I will however, consider their method of message relay and integration with our environment quite a hack and their support staff a challenge to work with, especially late at night.

That being said… here’s my problem and what I’ve found that fixes it – I hope it may help you.

Read moreRead more


Journalspace – overwritten

Popular blogging site has been wiped off the Internet by a suspected disgruntled engineer. The engineer was fired months ago for stealing from the company but may have planted a logic bomb or delayed virus that initiated a full server wipe.
The server in question held the database for, which is the contents of every blog on the site. It was confirmed today that DriveSavers was unable to recover the data on the mirrored hard drives. Journalspaces did not Use any other form of backup so they are unable to recover their site or any used content. They, however, recommend checking Google’s cache to attempt to save published content.

There is no excuse for not having backups on tape or even an external drive. This disaster could have easily been recovered from with minimal data loss using free software and a hundred dollar hard drive.


Apple’s Safari Push Backlash

Windows users who installed and use iTunes are familiar with the Apple Software Update. This is a great utility to ensure everyone stays up to date with the latest bug fixes and security updates.

apple-update This week Apple has decided this would be a great way to push down their web browser to Windows users, regardless if you’ve installed previous versions. Most folks will just click next and let it do its magic.

I disagree with this method of marketing. A software update utility is for (you guessed it) updating software.  If they wanted to use this installer for pushing down new software – they should have called it something else.

This is a questionable tactic to trick me into installing something I don’t want. Why, Apple, would you risk negating the trust you’ve earned with Windows users just to get your browser on their desktops?

Regardless of how I feel about Safari as a browser, this makes me worried about what else is Apple going to push on me? Due to the fact that I’m unable to remove Safari from the list of download "updates", I plan on blocking the update app at the firewall.

Many people say that Microsoft already does this – look at IE7 and Silverlight getting pushed out through the update service.


Inside the PayPal Security Key

This week I received my PayPal Security Key. Curious about the internal workings and origins of this device got the better of me, so I thought I’d share my findings with anyone interested while I ripped it apart and found out what made it tick. And then I went on to see just how secure this method actually is.


A few months ago I was perusing the news sites and ran across an article that described how PayPal and eBay were going to offer a new authentication method that was immune to phishing scams, brute force attacks, and general end user gullibility tactics. They were going to start offering a security fob that generates six digit codes that you use as part of your password to log into the websites.


After asking PayPal when they’d be offering, they said that they would make them available to customers with business accounts by the end of January for a one time fee of $5 (US). When it became available, I used my paypal account to order one.
This week my fob arrived via USPS First Class mail in a cardboard envelope that was slightly bulging in the middle. The exterior of the envelope had the PayPal logo on both sides and a sticker which I later found contained my fob’s part number and serial number in both bar code and alphanumeric characters.

The envelope contained an instruction manual, a list of ten security tips, a printed packing list, a wallet card with instructions (not shown), and a white cardboard box which contained the fob.

After removing the fob from the box, I was able to get an idea of initial quality of the design. I wasn’t overly impressed and don’t think this device would hold up attached to my keychain. But I wanted to get a better look inside before I made my final decision on that.
Key Front
The second thing I found that was odd was that the display was blank and only activated when you press the rubberized gray triangle button on the left side of the display. My only other experiences with token based security devices has been with RSA’s SecurID product that is always showing a code and a time bar that shows how soon before the code changes.
Read moreRead more

%d bloggers like this: