Threat Level: green Handler on Duty: Russell Eubanks

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2005-08-30 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Katrina; MSIE Clipboard; Exchange Security Logs

Published: 2005-08-30
Last Updated: 2005-08-31 14:54:35 UTC
by Michael Haisley (Version: 1)
0 comment(s)

Fake Hurricane emails



Like after similar events in the past, we do expect scams and viruses to take advantage of this situation. Please be careful with e-mails containing 'hurricane videos' as attachments, or e-mail asking for donations. Refer to fema.gov for a list of reputable agencies (see link bellow) or donate to organizations you trust and have past experience with.

Hurricane Katrina




Our sympathies for those affected by Katrina. This has been one of the worst storms in history, and it looks as if it is actually getting worse. For those who are interested, I would encourage you to


Clipboard Data Exposure




Microsoft's Internet Explorer exposes clipboard data via a javascript object 'clipboardData'. While there may be many really great uses for this function, the fact that it can be used with no security confirmation is very disconcerning. Ever work on your company payroll in excel? Copy and paste some of that data? Anywhere you go after that could possibly be collected and abused for any purpose. Hopefully Microsoft will update MSIE to at the very minimum prompt you with a security confirmation. Until then, you should be careful to clear your clipboard before surfing the web, if you deal with any sensitive data.


Exchange Server Security Issue


J.T. Moore sent us a note about the Exchange 2003 install. One interesting side effect is that during the install, the domainprep step grants the "Enterprise Exchange Servers" group the rights to "Manage auditing and security log" this permission can not be safely be removed, as it will cause the exchange server to exhibit errors. Should someone find an exchange server vulnarbility, they would be able to cover their tracks by modifying the security logs.
Keywords:
0 comment(s)
Diary Archives