Saturday, July 31, 2004

Interesting perspective on password strength and usage

Robert Hensing posted this to his Incident Response Web Log. It is an interesting take on password usage, Windows, and authentication vulnerabilities.

http://blogs.msdn.com/robert_hensing/archive/2004/07/28/199610.aspx


Tuesday, July 20, 2004

Windows and Exchange 2004 Connections Conference

Now the Windows and Exchange Connections conferences are combined in to one larger conference. This conference is targeted towards the IT Pro that is tired of marketing heavy conferences like TechEd. While TechEd is a great place to 'network' with your peers, the Connections conference is a great place for the technical depth that IT Pros are now demanding.

The conference is small and attendees gets lots of face-time with experts, exhibitors, and speakers. It is Orlando, Florida from Oct 24 - 27. This conference is a great place to get to know industry experts like Mark Minasi, Jeremy Moskowitz, Dan Holme, and Brian Komar.

Unfortunately, I'm not going to be able to go this year because it looks like I'm going to be in Fairbanks, Alaska freezing my behind off. I was schedule to be a presenter and I'm really bummed that I can't go. Fortunately, Nick Cavalancia is jumping in to fill in for me.

Monday, July 12, 2004

How do I add a disclaimer to outgoing messages?

How do I add or append a disclaimer to outgoing messages? This is probably one of the most common questions I see in the newsgroups. For some reason, companies have decided their intellectual property is safe and they are safe from lawsuits if they add a handy disclaimer to the bottom of every outbound message. They usually read something like this:

"The company is not responsible for the content of this message, it does not reflect company policy, and if you received this in error, then destroy it immediately." Or something a little less flip.

Well, it can be done. The best way is to use a third party solution such as GFI Mail Essentials or other third party SMTP system that appends the dislaimer to the message. You can write your own event sinks for Windows 2000 / 2003 SMTP service that will do this, though, but you may be getting yourself in to more than you bargained for if you are not an experienced programmer.

Microsoft has published a couple of KB articles on this topic and includes some sample code. The first article is KB 317680: How to add a disclaimer to outgoing SMTP messages in Visual Basic script. This article includes some VBScript code, but that is not a particularly 'high performance' solution. KB article 3417327: How to add a disclaimer to outgoing SMTP messages in Visual Basic includes Visual Basic code.

There are lots of third party solutions you can find at msexchange.org.

However, take note, that if your organization is using or planning to use S/MIME digital signatures to verify authenticity of a message and non-repudiation, any thing that alters the message AFTER the user clicks Send will break the digital signature. I use S/MIME digital signatures for all of my official e-mail I send to customers and vendors. If this is the case, then you should have users append the disclaimers from within Outlook as part of a standard message signature.

Keywords: Message signature append disclaimer Outlook Exchange SMTP third party Visual Basic VBScript