Social Media and the Downfall of the Password Reset Question

Category Archives: Email

Published:: August 4, 2009 – 4:04 pm
Author:: By Dave

Social Media and the Downfall of the Password Reset Question 8

There have been a number of high profile account compromises due to the insecurity of password reset questions. Examples of two big ones off the top of my head are Sarah Palin Yahoo account compromise and the Twitter “Hacker Croll” fiasco. There have been many more compromises on accounts due to weaknesses in password reset questions, even if they are rarely as publicized in the main stream media like the previous two. The attacks are basically the same – primary e-mail accounts are typically secured by password, and the password can be changed by entering an answer to a password reset question. Both of these account compromises were caused by weak password reset questions. And although Palin certainly was/is a high profile account, the Twitter compromise was caused by a low-profile IT Administrator who happened to store sensitive company documents in their Google Docs folder. This goes to show that everyone, from….

Categories: Email,Other Technology,Social Media,Software,System Administration

Tagged: accounts, password, Security

Published:: April 30, 2009 – 10:04 am
Author:: By Dave

Add IP to whitelist for Postini Mail Filtering 7

I could not find any way to see how you could add an IP address as a ‘white list’ for our Postini installation. Mails coming from our mailing list manager kept getting caught in the Postini spam interface (which is probably a whole other issue, which I will need to address later). To get Postini to white list an IP address, you need to go into the Batch editing mode and issue this command: addallowedip organization name,domain.com:10.0.0.0 Full Postini Batch Reference See page 30 for ‘addallowedip’ syntax and more information.

Categories: Configurations,Email

Tagged: ip address, postini, white list, whitelist

Published:: September 2, 2008 – 9:04 am
Author:: By Dave

Outlook 2003 or 2007 Won’t Save Hosted Exchange Password 13

For many people using hosted Exchange services, password saving problems could plague you. That is mainly because Outlook doesn’t like it if the Exchange server’s domain doesn’t match your domain. Fortunately there is a way around this, because by the default way it is set up, you would have to enter your password every time you open up Outlook. First step is to change the registry key: 1HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa Change lmcompatibilitylevel to “2″ Here is the meanings of these numbers (source): 0 – Clients use LM and NTLM authentication, but they never use NTLMv2 session security. Domain controllers accept LM, NTLM, and NTLMv2 authentication. 1 – Clients use LM and NTLM authentication, and they use NTLMv2 session security if the server supports it. Domain controllers accept LM, NTLM, and NTLMv2 authentication. 2 – Clients use only NTLM authentication, and they use NTLMv2 session security if the server supports it. Domain controller….

Categories: Code Samples,Configurations,Email,Other Code,Software

Tagged: exchange, hosted exchange, outlook, passwords, Windows

Published:: September 18, 2007 – 10:27 am
Author:: By Dave

Lyris Listmanager – Hacking the Web Frontend For Increased Functionality 2

Lyris Listmanager is a nice mailing list management system. However, there are a few features that are missing out of the frontend that make it hard to get by your day-to-day office job. Fortunately, most of it is written with TCL routines which are not encoded, which makes for easy updates to this code. Of course this is not supported by Lyris and if you have problems with it after making your changes, don’t expect them to support it. Make backup of your files – in Linux this is /usr/local/lm For this example, I’m going to add the Full Name field to survey results. By default, it shows the email address but not the name of the responding user. Step 1: Backup! 1cp -R /usr/local/lm /usr/local/lm.bak Step 2: Open the file which holds the routine for the “Survey Details” page. This is in /htdocs/reports/surveys/.tml 1vi /usr/local/lm/htdocs/reports/surveys/.tml Step 3: Modify the….

Categories: Code Samples,Email,Perl,Software,TCL

Tagged: Linux, Web Frontend For Increased Functionality Lyris

Published:: September 5, 2007 – 11:30 pm
Author:: By Dave

Remove Duplicate Email Messages in Thunderbird 2.x 2

I used to use a Thunderbird addon to remove duplicate messages in Thunderbird. This is handy if your mail client becomes “de synced” from your mail server, whether it be an IMAP or POP3 connection. Also this can occur if you restore a backup or import mails and it creates duplicates. However, after Thunderbird 2.0 was released, this old plugin was not compatible. Eyalroz re-released the plugin under GPL and with updates for Thunderbird 2.0. If you have a need to remove duplicate emails – this is the plugin you need! Get it: Remove Duplicate Messages (alternate)

Categories: Email,Programs,System Administration

Tagged: mail server

Published:: January 12, 2007 – 12:32 pm
Author:: By Dave

Postfix queue tools 2

Here are a few handy items for Postfix email server users: 1. If your system is acting as a spam / antivirus / relay server for secondary internal servers, and your destination mail server is down, postfix will queue your messages to resend at a later time. In order for postfix to instantly re-queue these messages you use: 1postqueue -f 2. The mailq equivilant specific to postfix is 1postqueue -p 3. If you want to delete specific messages in your queue, use an ncurses based open source software called pfqueue. It will give you a menu that shows mail currently queued, and allows you to delete specific emails.

Categories: Email,System Administration

Tagged: destination mail server, open source software, relay server

Published:: December 20, 2006 – 12:52 pm
Author:: By Dave

SMTP Errors – 550 vs 450 7

Well I got a lesson in properly configuring your e-mail server’s error messages. Since setting up postfix as a anti-spam and anti-virus gateway for my exchange system (see my article Postfix as proxy to exchange server), I had left the option 1soft_bounce = yes enabled in my postfix configuration. This worked fine for months. However, I was then “joe jobbed” – which means that some spammer used my domain name as the “from” or “reply to” address on their e-mails. This causes a flood of e-mails from mail servers, which messages such as, no user exists, this account has been deleted, etc. These e-mails are completely valid and authentic responses from e-mail servers. Now – it is my personal opinion that mail servers should reject connections to users who are not real – not generate more messages and bandwidth sending out their rejection response. But I understand why some e-mail….

Categories: Configurations,Email

Tagged: e-mail server, remote server