Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: InfoSec Handlers Diary Blog InfoSec Handlers Diary Blog

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Katrina; MSIE Clipboard; Exchange Security Logs

Published: 2005-08-30
Last Updated: 2005-08-31 14:54:35 UTC
by Michael Haisley (Version: 1)
0 comment(s)

Fake Hurricane emails

Like after similar events in the past, we do expect scams and viruses to take advantage of this situation. Please be careful with e-mails containing 'hurricane videos' as attachments, or e-mail asking for donations. Refer to for a list of reputable agencies (see link bellow) or donate to organizations you trust and have past experience with.

Hurricane Katrina

Our sympathies for those affected by Katrina. This has been one of the worst storms in history, and it looks as if it is actually getting worse. For those who are interested, I would encourage you to

Clipboard Data Exposure

Microsoft's Internet Explorer exposes clipboard data via a javascript object 'clipboardData'. While there may be many really great uses for this function, the fact that it can be used with no security confirmation is very disconcerning. Ever work on your company payroll in excel? Copy and paste some of that data? Anywhere you go after that could possibly be collected and abused for any purpose. Hopefully Microsoft will update MSIE to at the very minimum prompt you with a security confirmation. Until then, you should be careful to clear your clipboard before surfing the web, if you deal with any sensitive data.

Exchange Server Security Issue

J.T. Moore sent us a note about the Exchange 2003 install. One interesting side effect is that during the install, the domainprep step grants the "Enterprise Exchange Servers" group the rights to "Manage auditing and security log" this permission can not be safely be removed, as it will cause the exchange server to exhibit errors. Should someone find an exchange server vulnarbility, they would be able to cover their tracks by modifying the security logs.
0 comment(s)
Diary Archives