Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror

Submission Summary: 0 pending, 2 declined, 0 accepted (2 total, 0.00% accepted)

Security

+ - Microsoft TMG (OMG!) security->

Submitted by m2f2
m2f2 (1420929) writes "I was talking with a colleague of mine about the new incarnation of good ol' Microsoft ISA server, the TMG edition.

Browsing thru the filtering options I found this little gem (http://technet.microsoft.com/en-us/library/dd441053.aspx). To inspect https traffic, nothing better than generating your fake certificate in the name of the target site, acting as man-in-the-middle.
So when accessing www.yourbank.com you will be presented with a fake certificate issued by Microsoft TMG, Internet Explorer will trust it because signed by a CA in your trusted ring et voilà... your banking session ends — in cleartext — at proxy level.

Nice way to get sure that techies will do their ebanking at home."

Link to Original Source

+ - Falling leaves, failing domains ...

Submitted by m2f2
m2f2 (1420929) writes "Network solutions may have a problem. A series of domains (one of which, an NGO, I am pleased to administer) have been disabled yesterday and put on "pending renewal".
Their own records tell that the domain expires on 21-Jun-2010 but admin and tech contacts now are the limbo of pendingrenewalordeletion@networksolutions.com.
How many of the ./'ers have been there, and ... what have they done?
Cheers"

Any given program, when running, is obsolete.

Working...