Microsoft shuts down spam network, reduces worldwide spam by 39%

by Shijaz Abdulla on 20.03.2011 at 10:56

Microsoft Digital Crimes Unit (DCU), working together with the US Federal law enforcement units has brought down Rustock, the world’s largest email spam network.

Rustock, a botnet, that controlled around 2 million zombie machines worldwide, was sending out up to 30 million spam email messages each day into cyberspace.

no-spamRustock was taken down piece by piece – the master controllers (botnet controllers that sent out commands to compromized ‘zombie’ machines) were identified. Microsoft, working together with the US Marshall Service, seized some of these machines in the US for analysis and collaborated with the Netherlands police to disable some of the controllers outside the US.

Microsoft then worked with service providers to black hole IP addresses that were being used to control the botnet, and with the Chinese CN-CERT to block registration of domains that could be used for these purposes.

Microsoft provides the best anti-spam solution available in the market today, and also provides a variety of best-in-class unified threat management, rights management, secure remote access and anti-malware solutions. For more information, check out the Forefront website, or speak to your Microsoft representative.

Further reading:

Gmail: Lean, Mean Spamming Machine!

by Shijaz Abdulla on 12.05.2008 at 11:35

A "serious security flaw" in Gmail turns Google’s e-mail service into a spamming machine, according to a recent security report.

INSERT, the Information Security Research Team, has created a proof of concept that exploits the "trust hierarchy" that exists between mail service providers. By exploiting a flaw in the way Google forwards email messages, a spammer can send thousands of bulk e-mails through Google’s SMTP service, bypassing Google’s 500-address bulk e-mail limit and identity fraud protections.

Since email providers like Gmail are "auto-whitelisted" by ISPs and blocklist providers, the spam messages sent from Gmail are not looked upon with suspicion by many anti-spam technologies, which further magnifies the risk.

The INSERT report suggests that it does not require a rocket scientist to exploit this flaw:

In this regard, this document presents a vulnerability report and a proof of concept attack that demonstrate how anyone with no special internet access privileges other than being able to connect to SMTP (TCP port 25) and HTTP (TCP port 80) servers is able to exploit a single Gmail Account in order to be granted nearly unrestricted access to Google’s massive white-listed SMTP relay infrastructure

At the time of this writing, Google has not offered any official comment.

Security Vulnerability in Youtube?!

by Shijaz Abdulla on 18.04.2008 at 23:30

Hello world. The time is 12:31 AM in Abu Dhabi, United Arab Emirates, and I have logged in to YouTube to upload a short video. And guess what? I am automatically logged in as another Youtube user that I dont know anything about!!

I kept navigating on various pages in YouTube, and I found that I kept getting logged on as various other users! New vulnerability in Youtube/Google? I guess this will be published in a dozen other blogs by tomorrow and then maybe we can wait and see what Youtube/Google says.
Here are some screenshots. I’m cropping some of the images for ethical reasons 🙂

I clicked on My Favorites, and I get Zoobi4658‘s favorites!

Hmm, I clicked on Home, and I arrive at Just2koool‘s home.

I click on My Videos, here comes da54sk8er

Clicked a random link, and lo, here is koxlcxlk


No, I am not a hacker – neither white, nor grey, nor black hat. It just happened. I logged in with my username and password and the next thing I know I get redirected with a new identity. I keep clicking on other links, I get further new identities. I tried to logout and back in – the same story ensues.

This isn’t the first time with Google. The exact same problem was reported by GMail users in Kuwait a few months ago. Users were able to see other users’ inboxes and email. This was caused by a caching issue at a Kuwait ISP and in all probability, what I see with Youtube *might be* the same issue. Well, in my opinion, Google should write code that doesn’t allow the ISP web proxy cache to save somebody’s session and give it to someone else!

Updates:

19 Apr, 10:30 PM This problem seems to affect only users inside the United Arab Emirates. Most likely that the problem is caused by Etisalat, our ISP.
19 Apr, 9:30 PM My blog gets blocked in the UAE
20 Apr, 8:00 AM And we’re back online
23 Apr, 5:00 PM ITP reports the issue
27 Apr, 6.45 PM YouTube security issue in UAE fixed

USEFUL INFORMATION
Getting domain registration on cheap web hosting is no big deal. Getting it on a cheap but quality web hosting is something. At present we have 2 such names, dotster that is comparatively older, and aplus hosting.

Internet Explorer 7: Re-release

by Shijaz Abdulla on 05.10.2007 at 12:49

Microsoft has re-released Internet Explorer 7.0 yesterday. The added features include:

  • The Menu bar will be turned on by default (thankfully)
  • Removed the Windows Genuine Advantage validation requirement for expanded availability to Windows PC users (legal copy of Windows… or otherwise)
  • For first time users, the first-run experience includes a new, easily accessible overview
  • For all users, the online Internet Explorer 7 tour has been updated to include how-to’s on great new features like tabbed browsing.
  • Microsoft has also included a new MSI installer for enterprises that simplifies deployment for customers. IT Administrators can tailor to their organization’s needs by using the Internet Explorer Administration Kit (IEAK) and deploy the package to relevant units within their organization using e.g. Group Policies or Systems Management Server (SMS).

Microsoft takes its commitment seriously in helping protect the entire Windows ecosystem. Security enhancements to Internet Explorer 7 include a built-in Phishing Filter that prevents an average of 900,000 visits per week to known phishing Web sites!

Additionally, Internet Explorer 7 is the first and only browser to natively support Extended Validation SSL Certificates to help prevent online fraud.

How can I get it?

Wildcard Certificates: My frivolous antics

by Shijaz Abdulla on 01.10.2007 at 09:31

A client wanted to publish two web services on SSL using ISA Server 2006: Outlook Web Access and Sharepoint Portal Server.

We know that ISA Server can only bind one SSL certificate per socket. This translates to one HTTPS URL/website per socket. What does this mean? Lets say I have my OWA at https://owa.shijaz.com/ and I have an SSL certificate issued to owa.shijaz.com. I also have my Sharepoint portal at https://portal.shijaz.com/ for which I have acquired a certificate with common name portal.shijaz.com.

While publishing, I can have only one web listener per socket and a web listener can accept at most ONE SSL certificate. If I apply the owa.shijaz.com certificate on my web listener, OWA will work fine, but users browsing to portal.shijaz.com will get a certificate warning/error. If I apply the portal.shijaz.com certificate, users browsing to owa.shijaz.com will get a certificate warning/error.

So what’s the solution? Wouldn’t it be great if we could order a certificate with common name *.shijaz.com and use the same certificate for both (or more) websites? Yes, you can! That’s called the WILDCARD Certificate!

Ordering a wildcard certificate is fairly simple, if you know how to order a normal SSL certificate. While generating an SSL request, simply enter *.yourdomain.com as the common name for the new certificate.


Wildcard certificates have a limitation that they are not available in 128-bit SGC and available only in standard encryption. The encryption level is decided by the user’s browser, rather than the certificate. So, if you’re securing a electronic payment website or a finance-related website, a wildcard certificate may not be what you should be looking at.

Dying hard

by Shijaz Abdulla on 05.09.2007 at 10:43

I normally don’t blog about anything thats not technical enough. But this was asking for it.

Some of my readers who saw ‘Live Free or Die Hard 4’ said that they were fascinated by the technical possibility of the feats demonstrated by hackers in the movie. I’m not really the movies guy — but yielding to the awe of the readers, I was tempted to watch it.

Many have asked me “Can they really do it some day to a country?”; “Is IT warfare real?”, etc.

I’m not a movie critic and this is definitely not a movie review. This is a serious (ahem!) technology blog. So what’s ‘Die Hard 4’ doing here? Damn, I started this post, so let me begin and let me end. I promise to keep it technical.

1. How can simply copying financial information (or ‘downloading’ it – as in the movie) help the hackers steal money? Tell me how you can get rich just by copying a bank’s database to a portable hard drive?

2. The so-called “Financial Records” are 500 TB (Terabytes) as per the message on the screen and Hacker 101 says he’s going to copy the data to a portable hard drive. I’ve never seen a 500TB portable drive. Have you?

3. Every time they want to hack a system (traffic lights, tunnels, F11 controllers, CCTV cameras), our Harry Potter hacker boy just punches some buttons on his keyboard and says “we’re in”. Is it really that simple?
The encryption technologies of today require hundreds of computers working together for months and years to crack just one key, that may give access to just one system. And of course, within this long period, the key itself may change. The government of any country would not be dumb enough to protect all their systems with just one key, and passwords/keys will change frequently.

4. In the story, if system breaks, it ‘downloads’ all the data to a machine in a remote location. What kind of disaster recovery solution is that?! Data to a disaster recovery center is usually replicated in real time/periodically and does not ‘begin’ when an outage happens.

5. I believe there is always a way to manual over-ride things like traffic lights and power grids. Even when a hacker has control over traffic lights, I don’t think those systems allow anyone to set ‘green’ on every lane! I’m not a developer, but has anyone heard of user input validation?

6. How did they manage to blow up hacker good-boy’s computer when he pressed the delete button? If they were around, why didn’t they just plant a remote-controlled bomb in his apartment. Would have been more reliable 😉

7. When they played images of blowing up government buildings, why did hacker boy have to type the messages that were being posted on TV screens manually at the time of broadcast. Couldn’t he write a simple script or at least copy-paste it from Notepad?

8. Why couldn’t somebody at the television station just physically pull the plug off the transmitter? Isn’t it better to have no transmission than to broadcast as per the hacker’s whims and fancies?

9. I wonder why some of the IP addresses are from the private IANA range – 10.x.x.x, 192.168.x.x. Were they hacking the US govt, or the neighbor’s PC?

10. Those racks in the server room look strange. Why do the servers make wierd noises when our hackerboy presses a key?

Here’s the bottom line: I don’t think that an attack of such magnitude can be done with today’s available security technologies at least for a reasonable time into the future. And beyond that – as they say – ‘Security Transcends Technology’.

My experiments with IAG 2007

by Shijaz Abdulla on 28.07.2007 at 14:06

Intelligent Application Gateway 2007 (IAG) is Microsoft’s new addition to the ForeFront Edge Security family. IAG provides web-based SSL-VPN connections for secure access to applications from outside the organization’s network perimeter. IAG 2007 was previously known as Whale SSL VPN before Microsoft acquired Whale Communications.

I had always wanted to get my hands on an IAG appliance, but appliances are costly, and the only way to work on one was to get my company to buy one of those babies. However, I was excited when I saw that the IAG VHD is available for download! It’s a scenario-based demo, which involves a virtual machine image (VHD) running DC/Exchange 2007/SPS 2007 and another virtual machine running the IAG appliance itself. Also, there were two client machine VHDs – one ‘managed’ and the other an ‘unmanaged’ client.

I downloaded the whole demo lab, and put it together on my 64-bit Virtual Server 2005 R2. I got a preview of the IAG features, but found that the Network Connector feature (the one that lets a remote client connect to the corporate network – ‘VPN-style’) wasn’t working. Upon closer examination, I found that the “Whale Network Connector Server” service was not running on the IAG virtual machine. When I tried to manually start the “Whale Network Connector Server” service, i got the message that the service stopped after starting. My repeated attempts to start the service were in vain.

So I opened the IAG Configuration console, and navigated to Admin > Network Connector Server option. IAG appliance has two physical network cards – one sticking in to the internal network and the other sticking in to the external network. There is a third network interface named Whale Network Connector (a virtual NIC), which appears to be “unplugged”. I made sure that the correct network interface card was selected (it should be the NIC thats on the internal network), and then de-activated Network Connector by de-selecting the “Activate Network Connector” checkbox. Then, I applied my changes by clicking File > Activate.

Once again, I navigated to Admin > Network Connector Server. This time I selected the “Activate Network Connector” and click OK. Once again I applied my changes by clicking Activate. In a few moments, the “Whale Network Connector Server” services started and a third network interface (Whale Network Connector) started showing status as “Active”.


In short, I just de-activated and re-activated the Network Connector Server after making sure that the correct internal NIC is configured on it. So if you’ve downloaded the IAG demo lab, hope this helps you!

Digitally sign your email for free

by Shijaz Abdulla on 03.07.2007 at 10:05

Thawte gives away free personal email certificates at their website.

A thawte Personal E-mail Certificate in conjunction with the thawte Web of Trust allows you to secure and guarantee authorship of your e-mail communications by digitally signing and encrypting your e-mails.

IN SHORT: A personal email certificate lets you digitally sign all your outgoing email so that the recipient knows that you sent it!

Click here to get a certificate.

A word of caution here, read everything carefully whilst you apply for digital certificate. Remember the password and the question-answer pairs otherwise you will *never* be able to get another certificate for the same email ID. Also keep your password totally secret – a recipient can take you to court for documents that appear to be digitally signed by you, but was in reality signed in your name by an identity thief!

Are you in Control?!

by Shijaz Abdulla on 23.04.2007 at 15:20
See how great it feels when you’re in control!

Get ready for the Microsoft System Center and ForeFront Launch coming near you very soon. The event will be preceeded by IDC’s IT Security & Business Continuity Roadshow 2007 Securing Your Business: Technology Meets People Conference.

Don’t miss this chance!

  • Network with technology partners, peers and experts
  • Attend technical sessions with Microsoft experts
  • Test-drive Forefront and System Center technologies
  • Receive valuable Trial CDs of Microsoft software
  • Partake in the “You’re in Control” launch party
Manama, Bahrain:
May 29, 2007
Diplomat Radisson SAS Hotel

Doha, Qatar:
June 4, 2007
Intercontinental Hotel

Safe Surfing Workshop

by Shijaz Abdulla on 09.02.2007 at 22:52

Today, we at TechLinks conducted a workshop on “Safe Surfing” in association with Al Furqan Centre at DI Hall in Manama. The workshop consisted of two sessions – one for children and the other for parents.

The children’s session which ran from 9 AM to 11 AM covered the following:

  • Safety on the Internet
  • Threats on the Internet (Malware: Viruses/Worms/Bots and People: chatrooms/social networking/public profiles)
  • Misuse of the Internet (Privacy, Piracy, Online Fraud, Pornography)
  • Q & A session

The session was highly interactive and the children, mostly teenagers, participated well. Gifts were distributed to those who gave correct answers and proactive responses during the session.


The parents’ session which was supposed to run from 6 PM to 8 PM, ran all the way till 9 PM, with more questions asked during the Q & A session.

The parents’ session covered:

  • Safety of children on the internet
  • People Threats on the Internet
  • Misuse of the internet (Pornography, Online security, etc)
  • Monitoring & controlling child activity on the internet (Live demo Windows Vista Parental Controls, Internet Explorer 7 Content Advisor)

Overall, the event was a great success and the response & feedback from the parents and children were overwhelming. Special thanks goes to Bart Martens of Culminis for his assistance in providing some of the materials used in the presentation. The event was organized (the venue, the delicious snacks, light & sound, etc) by Al Furqan Centre.

I had a good time engaging in discussions with the teenagers and the parents and look forward to doing the same workshop again sometime in the future for other institutions!

Photos of the workshop at: http://www.shijaz.com/photos/flickr_mvp.htm