In many organizations Active Directory Domain Services is the top tier in access management. Access to systems, information and connections, often, is governed by information in Active Directory. User objects and computer objects play a big role in this model, since they represent actual physical objects within the organization. Now, not every ...

A while back, Microsoft enabled the long awaited 2-factor authentication feature for Microsoft Accounts and released a code generator for Windows Phone. But a little know fact is that this app can also be used for the Google Account Two-factor authentication. See the screenshots below on how to do this: Go to the right corner of you Google ...

Today, Microsoft has released a document, detailing the Best Practices for Securing Active Directory Domain Services. The document contains 22 best practice recommendations to assist organizations in enhancing the security of their Active Directory installations. By implementing these recommendations, organizations will be able to identify and ...

Millions of Windows PCs are infected by scareware each year. Often, this kind of software fakes to be an anti-malware program. These rogue virus scanners convince Windows users their PC is infected and they need to pay to clean it. Microsofts free Security Essentials with its 10-15% market share, ForeFront Endpoint Protection, System Center ...

This blog post is something I intended to write for a while now, because it is a question that i get asked a lot. On which Exchange server roles do you need to install the Exchange malware protection software, be it the now no longer for sale Forefront Protection for Exchange or similar products from McAfee, Symantec or GFI and the like. Why is ...

Microsoft announced yesterday new approach regarding the validation of certificates coming in august this year. Certificates with a key length less than 1024bit will be blocked: Adding to our defense-in-depth measures, in August, we will release a change to how Windows manages certificates that have RSA keys of less than 1024 bits in length. ...

Kerberos in Windows Operating System is around for about 10 years and it is still causing problems and for many people it is like black magic voodoo. In most cases organizations and people in it are not aware that it is now working until it problem will occur on a surface with some application not working or reports not being displayed on MOSS web ...

One of my friends PFE has asked me a question regarding userPassword attribute in directory which was related to some behavior he was observing in customer environment. We had a little chat about it and then I thought that maybe other has such questions as well so … here’s a topic for a blog.  Behavior my friend was observing was related to ...

Protecting LDAP traffic with SSL is a good idea, especially if in network environment some applications are (ab)using LDAP as authentication protocol. Some explanation of abusing word – LDAP never was designed as authentication protocol (like Kerberos is). Its name states it clear “DIRECTORY ACCESS PROTOCOL”. However because it is simple to use ...

This isn't something which is in line with my day to day work, however this is something which may affect many organizations so I've decided to add my blog to list of sties which will duplicate this information. Secunia has reported critical vulnerability in MIT Kerberos implementation which can result in remote code execution, DoS or information ...