/XSSED is a repository for information about cross site scripting vulnerabilities and attacks. The site was created by Kevin Fernandez and Demitris Pagkalosand is considered the largest known listing of XSS vulnerable websites.
website: http://www.xssed.com/
US-CERT (United States Computer Emergency Readiness Team) is a US Government agency in partnership with both private and public sectors. The site includes the National Vulnerability Database , security publications, alerts and tips and other resources.
website: http://www.us-cert.gov/
The National Vulnerability Database is a US government repository of vulnerability management data. The database is sponsored by the Department of Homeland Security's National Cyber Security Division . The repository uses SCAP (Security Content Automation Protocol).
website: http://nvd.nist.gov/
Strap on your tinfoil hats and follow along with this scenario: Imagine that your database server is hacked. You are tasked with finding out what happened. Which files have been modified? Who hacked the machine? How long has it been compromised? Was it an inside job?
Lets start with the server itself; Which files have been modified recently? Probably easy enough to figure out by looking at the timestamps. Now, who modified them? What's that? You don't have logging enabled for object access? Or directory access? That's right, it's not enabled by default.
Perhaps you can narrow down the time frame to somewhere between 2-2:15 AM last Sunday night. So, who logged into the server at that time? What, you don't log successful and failed logons? (again, not enabled by default) You get the picture………
Another real world example: A colleague was having issues with an Exchange server sending large amounts of spam. Apparently an external entity was using the box as a relay, yet the box was not misconfigured as an open SMTP relay. So what was going on? Basic Exchange logging was useless. After enabling detailed logging, it was discovered that a 3rd party backup utility installed on that server and configured with default credentials was being used to obtain a valid logon and send mail through the box (let this be a lesson about changing default credentials).
As we can see, logging and auditing is very important. You can utilize it for forensics purposes, to detect anomalies before real problems surface, troubleshooting, and to gain a better understanding of what is going on within your network.
One of the oldest forms of logging is syslog, from the Unix world. This is an accepted standard and format that *nix machines have used forever. Unix and it's variants are very good when it comes to logging (some may say a bit too anal about it). These machines tend to log all operating system and user related events along with a majority of events generated by any applications running on the machines. Troubleshooting becomes very easy with this detailed level of logging.
But, alas, we're not here to talk about *nix machines only. Windows uses the Event Logs to keep track of what's happening with the device. The only pitfall is that even basic events are not logged by default. Successful and failed logons, object access, etc, is not logged. I can't stress how important it is that you develop a policy of enabling this on all of the servers that you build. Here's a good primer on getting started:
Recommendations on what to log
All of this logging tends to rapidly eat up drive space, which is most likely why it is disabled by default in Windows. You will find that the best solution to this is centralized log aggregation (required for regulatory compliance in many industries). Basically, you point all the logs from all of your servers to one log server device. This gives you a central repository for the information and allows you to control access to the logs (an important security consideration) and increase your log retention time (dedicated space for log storage). Most central log servers also have a search interface and some even have a correlation engine that allows you to set up alerts based upon certain thresholds or events. Examples include the Kiwi syslog products, Cisco Mars (more of Cisco-centric product), a simple home-built Linux syslog server, xDefenders ESM appliance (shameless plug), etc.
There are some issues with central logging in a network environment, not the least of which is the fact that Windows Event Logs are created in a proprietary format that is not directly compatible with the syslog standard. This is not a problem if you have a pure Windows network, don't want to log anything from your firewalls, switches, routers, etc., and are using a central log server that understands the Event Log format. I prefer to not only log my servers, I also want all that juicy information from my other network gear as well. Fortunately there is a solution in the form of products that can convert Event Log to syslog format. The best one by far (in my experience) is the Snare Agent for Windows. This product is free (everybody likes “free”), does a great job of formating the information into the syslog standard, and has a very powerful web-based interface to configure stuff to your heart's delight. The best feature of the Snare Agent is the fact that during the installation process it will ask you if it should enable some basic auditing and logging. Nice!
Get Snare Agent for Windows here
In summary, enable some basic logging on all of the important devices on your network, implement a central log server, and start to utilize the benefits that logging can provide for you. Some day you'll thank me.
Copyright Todd Hughes 2008
DiskInternals announces the update of Mail Recovery, its flagship product to recover and repair deleted and corrupted email databases by various mail clients. The new release supports Microsoft Outlook, Outlook Express, Windows Mail, Thunderbird, and TheBat, and recovers messages, attachments, contacts, tasks, calendars, and address books.
Seattle, WA (PRWEB) October 22, 2008 — DiskInternals announces the update of Mail Recovery, its flagship product to recover and repair deleted and corrupted email databases by various mail clients. The new release supports Microsoft Outlook, Outlook Express, Windows Mail, Thunderbird, and TheBat, and recovers messages, attachments, contacts, tasks, calendars, and address books.
About DiskInternals Mail Recovery
DiskInternals Mail Recovery allows everyone to recover and fix email databases used by Microsoft Outlook, Outlook Express, Windows Mail, Thunderbird and TheBat. The new version works fully automatically. The tool locates, recovers and repairs email databases automatically even if the disk is damaged or inaccessible.
DiskInternals Mail Recovery combines sophisticated data recovery technologies with simple, convenient user interface and fully automatic operation. The technologies used in Mail recovery are the same data recovery algorithms utilized by DiskInternals Uneraser, a top-of-the-line data recovery product to recover files and data from damaged, corrupted and inaccessible disks. Mail Recovery combines those data recovery techniques with new algorithms developed to fix corrupted email databases after they've been recovered. DiskInternals Mail Recovery recovers the original messages complete with attachments, contacts, address books, calendars, tasks, and indexes.
DiskInternals Mail Recovery is available as a free evaluation download, making it possible for evaluation users to preview the recoverable messages and attachments before the recovery. The full version of the product allows saving the results of the recovery to the disk. Mail Recovery supports export to Microsoft Outlook and Outlook Express formats, as well as to eml and vcf files.
About DiskInternals
Founded in 2003, DiskInternals Research develops and markets a wide range of disk and data recovery products. Data recovery software produced by DiskInternals Research deliver quality service to thousands of customers every month. DiskInternals products work on a variety of Windows systems, and recover failed disks, files and data. The company's unique recovery algorithms allow its products to locate and recover data such as office documents, digital pictures and multimedia files even from badly damaged and inaccessible disks.
You can download a full-featured trial version of DiskInternals Mail Recovery for free.
Xandros is a company that offers a desktop Linux distro aimed at business and general users. The company was founded in 1991 and is based in New York. The original distribution is based on Corel Linux. Xandros purchased Linspire in 2008.
Xandros offers a Partner Program for System Builders and resellers. The program is free and easy to join.
Contact:
Xandros
Suite 302,
New York, NY
10016
phone: 212-213-8083
613-842-3494
Fax: 613-842-3499
website: http://www.xandros.com
Partner Program Registration: http://www.xandros.com/partners/apply.html
I read an article in Computerworld this morning by Eric Lai in which he and Michael Croan, Senior Marketing Manager of Microsoft, provided the reasons why Microsoft Office has greater market share than OpenOffice.org. I thought it was completely off the mark. The comment by Croan was typical of a marketing shirt but was, nonetheless, was another example that Microsoft is basically full of itself and out of touch with reality.
This was my response to the article:
While I will concede that Microsoft Office is well integrated, this is largely due to the fact that it is usually running on a Microsoft OS with other Microsoft products that are designed for interoperability with each other, which does put OpenOffice.org at a disadvantage.
However, I disagree with Mr. Croan’s claim that MS Office is well supported compared to OpenOffice (yes, I know he was referring to open source in general, but I think we all know what he was alluding to). Actions speak louder than words.
Microsoft is known for taking their sweet time to patch their products (if and when they actually admit their is a flaw to be patched). In contrast, organizations such as Mozilla and OpenOffice.org are usually more responsive to such flaws and are quick to patch their software. So tell me again who offers better support?
As for the reasons OpenOffice.org is not widely adopted, I think the article is on the wrong track. According to the article Lai wrote, “OpenOffice.org’s total usage, while unknown, remains small overall, despite its free price. That is due to document compatibility fears and Microsoft’s aggressive, tactical discounting.”
Sure, there are certainly document compatibility concerns, but they are not concerns about the ability of OpenOffice.org to work with MS documents, but the other way around. That’s not the fault of OpenOffice.org. It uses and supports ODF, which is a standard format (something older versions of MS Office cannot claim). It is Microsoft that has resisted the call to support that standard, opting instead to stick to its closed, proprietary document format in order to lock customers in to their product. Even so, that is not the issue it once was, since MS has recently supported the development of plug-ins to add ODF support to its office suite, so that argument is moot.
However, the assertion that the other reason for low adoption of OOo is due somehow to Microsoft’s “aggressive, tactical discounting” is out of touch with reality and makes absolutely no sense. The article is essentially telling us that one of the reasons MS Office is more popular than OpenOffice.org is because this popularity is driven by a price factor. Let’s be real. No matter how aggressive the pricing, OpenOffice.org is free. MS Office isn’t. (I contend that MS Office is still overpriced, but that is another discussion). It is still more expensive than free. So if price is a primary main factor, how can MS Office possibly win over OpenOffice.org? It can’t. So it isn’t really a factor here.
No, the real reason is two-fold.
First, Microsoft Office is a household name. users are already familiar with MS Office and so they are comfortable using it. Users generally don’t like to go through the hassle of retraining themselves on new applications. They typically want to just sit down, load it and get down to business. Anything new to them is something they don’t want to deal with if they don’t have to.
This is one reason why it is sometimes difficult to sell new, better vertical applications to companies that have been on old, horrid systems for years. As old and cumbersome as these apps are, users are comfortable using them and do not want to deal with the hassle of migrating their entire operation to something else, even if it is better.
The other reason is simply product marketing and awareness. Microsoft is a household name. Microsoft Office is well-known throughout the world. That doesn’t make it a better office suite, just a famous one. It is well established and Microsoft pours tens of millions of dollars each year into making sure it stays that way.
OpenOffice.org does not have the power of branding that MS has, nor the marketing budget to create and perpetuate it. If you ask the man (or woman) on the street if they know MS Office you will likely get a positive response, since most people have at least heard of it. Ask those same people about OpenOffice.org and chances are you will get a blank stare. Most of them have never heard of OpenOffice.org and have no idea what it is.
There’s your real reason.
I have downloaded and installed OpenOffice.org 3.0 and I contend that it is every bit as good as Microsoft Office, and in some ways better. The problem is that most of the world doesn’t know it yet. That’s the real reason.
Calling itself "an enterprise level project management application", ServiceLive is an internet based platform for contract maintenance work, including computer repair.
The concept is similar to OnForce. Buyers pay $10 to route a service order through the system and Providers pay 10% of the service invoice.
Eric Castro, Director of Channel Management for ServiceLive was interviewed on The Force Field podcast in Episode 36 – Profit From the Service Platform.
Contact:
ServiceLive, Inc.
3333 Beverly Rd., B6-244A
Hoffman Estates, Illinois 60179
Phone: (888) 549-0640
Fax: (847) 286-3704
Support
support@servicelive.com
Website: http://www.servicelive.com
Registration: http://www.servicelive.com/MarketFrontend/joinNowAction.action
Originally known as ComputerRepair.com, OnForce is a platform for IT service professionals and clients. The clients, known as "Buyers", field work orders through the platform to service technicians, known as "Pros". the clients pay OnForce $11 for each work order routed through the platform and the Pros pay 10% on each invoice paid. The company was established in 2003 and claims a service force of over 12,000 Pros.
Jeff Leventhal, the founder and original CEO of OnForce, was interviewed on The Force Field podcast in The Story of OnForce, part 1 and The Story of OnForce, part 2 .
Contact:
10 Maguire Road
Bldg. 2, Suite 232
Lexington, MA 02421
Main: 1.888.515.0100
Support: 1.877.664.7778
Fax: 781.862.2901
Website: http://www.onforce.com
Registration: http://www.onforce.com/professionals
Computerrepair News and Blog site: http://www.computerrepair.com
OnForce articles: http://www.computerrepair.com/Articles
A web based platform similar to OnForce which provides field service technicians for contract work. There is no fee to join.
Contact:
Corporate Office
Field Nation, LLC
12100 Singletree Lane
Eden Prairie, MN 55344
Tel: 952-934-4247
Fax: 952-400-3408
info@fieldnation.com
Help Desk
Tel: 952-486-8061
helpdesk@fieldnation.com
Website: http://www.fieldnation.com
Registration: http://www.fieldnation.com/technicians.php