I recently got a forwarded email titled "Longest initials'. Only in Sri Lanka would there be a guy who has 15 initials to his name. I know what each of those initials stand for too.

It’s just another email forward right? Wrong!

This email contained scanned copy of a National Identity Card and a scanned pre-paid mobile connection application form of Dialog Telecom. Therefor I also know what he looks like, his date of birth, place of birth, address, mobile number along with his SIM number, and I also have a scanned copy of his NIC! That’s just disturbing on so many levels. I certainly would not like even the idea of my NIC or any other confidential document being scanned and sent out as email forwards.

It seems most likely that this happened at the place where this dude went to get his phone connection. If not, it’s certainly a good place to start looking for the place/person that had the bright idea of circulating these documents. Since the agent ID's are also on the form they won’t be too difficult to find either

Now that this has happened, who should be responsible for this? What should happen next? What should be done to make this not happen again?

What's likely to happen?

Google homepage now also reads ""New! Download Chrome (BETA) - the new browser from Google"





The web browser with no chrome is Google's fresh take on the browser. It does however have a chrome, but it doesn't try to stand out and get in your way.

This browser has been built from scratch; the Google Chrome comic strip explains the concepts that lay behind it and how and why things were done. Its a is a quick and easy way to understand what is different about Google Chrome.

Although Chrome may not have set any world download records today, I'm sure it's not going to be long before we start seeing this Google Chrome user agent making significant inroads into website stat logs.

It's probably safe to say that the browser wars have becoming really intense with Google joining in. So I guess the next question is, for how long will Google continue its funding of Firefox?

China is becoming, if not already, the world superpower. It has been boasting of many feats during the recent past along with some impressive numbers.

* China is set to become the world’s largest producer of manufactured goods next year. Four years earlier than expected! - Financial Times
* China ousts US as top Japanese market - Financial Times
* China boasts highest number of internet users - CIA World Factbook

This time they've done it with sports. China became the leading nation in sports at the recently concluded 2008 Summer Olympics. So congratulations to China!

China's raise to supremacy in the Olympic Games

1996 Olympic Medal Count

Rank  Nation         Gold  Silver  Bronze   Total
1     United States    44      32      25     101
2     Russia           26      21      16      63
3     Germany          20      18      27      65
4     China            16      22      12      50

2000 Olympic Medal Count

Rank  Nation         Gold  Silver  Bronze   Total
1     United States    36      24      31      91
2     Russia           32      28      28      88
3     China            28      16      15      59
4     Australia        16      25      17      58

2004 Olympic Medal Count

Rank  Nation         Gold  Silver  Bronze   Total
1     United States    36      39      27     102
2     China            32      17      14      63
3     Russia           27      27      38      92
4     Australia        17      16      16      49

2008 Olympic Medal Count

Rank  Nation         Gold  Silver  Bronze   Total
1     China            51      21      28     100
2     United States    36      38      36     110
3     Russia           23      21      28      72
4     Great Britain    19      13      15      47

The hosting country of the next summer Olympics (2012) Great Britain is another country to keep an eye on. It has risen from the 36th place in 1996 to the 4th in 2008 by continuously improving on its medal count. This could mean that Russia's standing in the top 3 nations may come to an end.

Jayasuriya with the bat and Mendis with the ball. The result? Defending champions Sri Lanka won the Asia Cup yesterday at Karachi. For the fourth time! Woohoo!! Way to go guys!! Congratulations!!

My Google Shared Stuff page is missing all the stuff I had shared on it! What gives?

It's true that I haven't used the service for some time; mostly due to Google Reader Shared Items feature. I noticed this when I was looking for something that I remember sharing using Google Shared Items, but when I went to the page, it was blank, it said You have no shared stuff!

Lucky for me I also had added my Google Shared Stuff into my FriendFeed, so I found the page I was looking for. But, where is my happy ending, where have all the shared stuff gone...

Earlier this week Microsoft IIS team released its URLScan 3.0 (beta) to help fight SQL injection attacks at the Web Server, now Microsoft has put out another tool, this time in the form of a Code Analyzer. Microsoft Source Code Analyzer for SQL Injection should help out to quickly analyze and secure any existing ASP code.

Microsoft Source Code Analyzer for SQL Injection [Community Technology Preview (June 2008)]
Static code analysis tool for finding SQL Injection vulnerabilities in ASP code.

Also, there is this tool from HP that allows you to check your sites against these types of vulnerabilities.

Scrawlr (offered as-is and is not a supported product by HP)
Developed by the HP Web Security Research Group in coordination with the MSRC will crawl a website while simultaneously analyzing the parameters of each individual web page for SQL Injection vulnerabilities.

Those nasty SQL Injection attacks have not stopped. They’ve probably just started!

If you’re still in the process of going through your SQL code and making sure it’s not susceptible to SQL injection attacks that means your websites are still wide open to the attack.

However not to worry, the Microsoft IIS team has come to the rescue with the announcing of the shiny new Microsoft Urlscan Filter v3.0 Beta release. It includes a GoLive license, so you can deploy it on your production servers.

Here are some of the cool new features:

• Support for query string scanning, including an option to scan an un-escaped version of the query string.
• Change notification for configuration (no more restarts for most settings.)
• UrlScan can be installed as a site filter.  Different sites can have their own copy, with their own configuration.
• Escape sequences can be used in the configuration file to express CRLF, a semicolon (normally a comment delimiter) or unprintable characters in rules.
• Custom rules can be created to scan the URL, query string, a particular header, all headers or combination of these.  The rules can be applied based on the type of file requested.

One thing important to remember is although this will protect websites against this latest form of SQL injection attack, any poorly written code still needs to be fixed. No escaping on that.

From the number of hits I've been getting on the posts on How to move Symantec Endpoint Protection Manager to another server and on How to change Symantec Endpoint Protection Manager port its seems that a lot of you seem to be in need of information on this product. So I thought I'd share with you this as well.

If you're got your Symantec Endpoint Protection Manager "Symantec Web Server" website on a Windows Server 2003 SP2 (IIS 6.0); Install the FastCGI extension for IIS and configure the "Symantec Web Server" website to use it. Doing that should speed up your SEPM console. Well not all of it but mainly the Home, Monitors, and Reports pages will show the improvement.

You can find the documentation on how to do it in the installation CD's. Although I found this under the NoSupport directory Symantec_Endpoint_Protection_11_0_2000_MR2_AllWin_EN_CD2\TOOLS\NOSUPPORT\FASTCGI\FASTCGI_SETUP_README.PDF
. The instructions from Symantec state that "Symantec provides full support for the Symantec Endpoint Protection Manager with the successful installation of the FastCGI extension.” So go ahead and give it a try.

 

 

Firefox Download Day is here. Download Firefox 3 today! Help set a World Record and make history!

In my last post I wrote about moving Symantec Endpoint Protection Manager to another server, one of the reasons I did so was because of the conflict between Windows Software Update Services and SEPM on port 80 of IIS.

However, instead of moving SEPM to another server it is also very much possible to keep SEPM on the same server by configuring its website to work with a custom port.

The installation process does ask us if we'd like to use the default website or create a separate site. However it does not give options to select a desired port for the website, so we’ll need to configure this after the installation.

There is a Symantec knowledge base article with detailed step by step instructions on how to configure SEPM to use a different port http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007111212591048. This solution is good if you don’t have clients already deployed.

However, if you do have a substantial number of clients already deployed, then problem with the method that the knowledge base article uses is that once we change the port of the IIS website the clients that are currently connected to it will no longer be able to communicate with the server.

This meant that after making the change to the ports, there is a manual process involved in getting each client computer to reconnect to the server. This is done my updating a file on the client computers; namely the symlink.xml file. It’s not a difficult thing to do; all you need is a small script to replace this file on all your client machines.  That solution didn't look clean enough. So here is how I would suggest in doing the change.

First of all you need to have the Symantec site installed on a custom website instead of using the Default Web Site on IIS, follow the instructions on the knowledge base article and get it done.

1) Install Symantec Endpoint Protection Manager on a custom Web site.
       i. Execute the Symantec Endpoint Protection Manager installer.
       ii. Select Create a custom Web site and proceed with the installation.
After the installation is complete, a site called "Symantec Web Server" exists in IIS.

2) Create another website with the exact same settings but with a custom port.
       i. Exporting the current configuration of the Symantec Web Server site to a file: Right click on the "Symantec Web Server" site,   Click All Tasks, Click Save Configuration to a File and save this file.
       ii. Importing it as a new website: Right click Web Site", click New, click Web Site (from file), select the file that you saved in the first step.

You will be asked if you want to overwrite the existing website or create a new one. Create a new one. The new site will also be named "Symantec Web Server" and in a  stopped state, rename the site so you don’t get the two mixed up, then go to new web site's properties and configure it to use a port number that you like, say 8080. Do the same with regard to the "Application Pools" and create your own "SymantecAppPool" from a copy of the "DefaultAppPool" and assign the new site to use it. Now Start the new site.

3) Create a new Management server list.
       i.   In Symantec Endpoint Protection Manager, click Policies, click Policy Components, click  Management Server Lists.
       ii.  Make a copy of the Default Management Servers list. Copy and Paste works here.
       iii. Edit the new server list.
             - Edit the existing servers under Priority 1 so that they will use your custom port
             - Add a new Priority, then add the same servers that are in Priority 1 to the it but without customizing the port. This is more of a backup plan, just in case clients are not able to connect to the custom port they can try the default.
       iv. Assign this new management server list to your groups and locations.
       v.  Update Contents on all clients so that this new policy is reflected for clients.

4) Edit Tomcat properties.
After all the clients have got updated, we can change the conf.properties file located under  the Symantec install directory, something like C:\Program Files\Symantec\Symantec Endpoint Protection Manager\Tomcat\etc\conf.properties.  
       i.   Stop the Symantec Endpoint Protection Manager service.
       ii.  Open the conf.properties file in a notepad
       iii. Add the line   “scm.iis.http.port=8080” without the quotes to the end of the file ( or whatever port you want to use instead of 8080).

5) Restart Server.
Now stop the "Default Symantec Web Server" and restart the server that hosts Symantec Endpoint Protection Manager.
After the server boots up, confirm whether the custom port has been configured in the Default Management Server List.  You can do this by clicking Edit on the Default Management Servers list. Although the default list is not editable, you can view the changes and confirm whether or not the custom port has been configured correctly.

6) Clean up.
If all looks well, such as the port has been configured and the clients have connected to the server on the custom port, you can
       i.  Re-assign the Default Management Servers list back to your groups and also
       ii. Delete the custom Management Server list  created in step 3
       iii. Delete the “Symantec Web Server” web site on that uses port 80


That's all. If you find that by accident there is this client who has not got updated when step 3 was done, you can always manually that clients symlink.xml file.