Find your vulnerable desktop applications

02.03.2008

Many corporate and private computers have installed “standard” set of free programs and utilities which users use in everyday work. You use them for sure as well, Adobe Acrobat Reader, ICQ, Skype, Irfan view, Quick Time, iTunes, Firefox, plugins as flash, shockwave, Sun Java and many others. As it is usual, in every piece of non trivial software package is a hidden bug which just wait for discovery and if possible misuse with no exception for those above.

What is good that some of them have incorporated automatic patching function (like Adobe Acrobat, Quicktime, Firefox) but these mostly work only when logged as Admin and others don’t have anything. So after all its up to user to watch security lists like that in Secunia or just install every new version wherever available which is quite boring and nobody is doing it.

One nice option which is offered by danish security company Secunia for free. It is online (as Java applet) or offline (Secunia PSI) security scanner which “know” what vulnerabilities in what piece of sw is known and will tell you that. All the rest is up to user so he’ll install recommended new versions. Better once for a time than never. Self describing info can be found at http://secunia.com/blog/20/ which is telling that 81.01% of all Windows users that run Secunia’s security scanner had some piece of installed sw vulnerable to hacking.

So don’t wait, do a scan and patch, patch, patch as you do not want to become “privileged” member of botnet or do you? πŸ˜‰

Advertisements

Blat – command line SMTP client

26.02.2008

From time to time there is a need to send mails from command line. In Unix its easy but in Windows one of fine alternatives isΒ  Blat

Blat is a small, efficient SMTP command line mailer for Windows. It is the SMTP *sending* part of an eMail User Agent (MUA) or eMail client. As such, Blat sends eMail via SMTP (or internet eMail) from the command line, or CGI, …

lot of options, thorough output for debugging… but if you are hardcore IT, then read RFC 821 and telnet to TCP port 25 πŸ™‚

option reference here


Lightweight http servers

21.02.2008

There are situations when you need to serve just a set of static html pages. Apache is of course able to handle it with ease. But in this context it might be like using cannon to hit a fly. Simpler http server would be a better option for reasons like
– speed
– memory needs
– less complex piece of software ~ lower chance to contain a bug

If you agree, then look around some lightweight http server like thttpd , lighttpd (even sites like Youtube use it) and others. Nice post about Lightweight Web servers can be found at IBM DeveloperWorks website


Postini antispam service provider acquisition

16.02.2008

Google has bought Postini service provider and is becoming more and more gigantic service provider.

“With Google security and compliance services, powered by Postini, you can secure all of your electronic communications – email, instant messaging, and the web – and manage your company’s communication policies from one central location. These services can also make it easy to meet your archiving and encryption needs. Best of all, it’s all 100% hosted, so there’s no hardware or software to install or maintain. Whether you’re looking to transition from or enhance your existing messaging infrastructure for better control, Google enables you to provide employees the tools they need to be productive while reducing the cost and complexity of managing those tools.” www.postini.com

I’m definitely going to try this antispam service as soon as I will have chance as it looks good event though so far I have experience just as a user and not admin. But what also have weight in my eyes is positive reference from IT fellows of one big international PR company based in London. I will update post when I’ll have personal experience on this. But still, Google and Postini together mean to me solid base for any business.