Category Archives: General Stuff

Microsoft has two upcoming webcasts that may be of interest to all you Titanium-watchers out there.
The first one, on 2/12 at 1000 PST, covers Exchange 2003 deployment methodologies. The second, on 2/20 at 1000 PST, covers Exchange security. The TechNet chat summary page lets you get reminders, add the chats to your Outlook calendar, or spam your friends with reminders. See you there!

The US Navy has helpfully posted a guide to tamper-resistant seals. What does this have to do with Exchange? Basically nothing. However, it’s still cool, and it offers some interesting insight into how high-value assets can be physically protected against tampering. In particular, chapter 2 (“The Theory of Effective Sealing”) has a lot of good attitudinal information that’s worth reading if you’re a computer security person.

MS Press still doesn’t have the book’s page completely put together, but so what: now I have my own samples. You can see them in the nav bar on the right-hand side of this page, or you can get them here:

• Table of contents: this gives a very detailed look at what’s in each chapter.
• Introduction: if you’re not table-driven (sorry, programmer humor), check out this more readable and condensed explanation of what’s in the book
• Chapter 3: Windows and Exchange Security Architecture: this chapter explains the fundamentals of Exchange’s security architecture, including what it uses Windows services for.
• Chapter 4: Risk and Threat Assessment: read this chapter for a new perspective on risks and threats (oddly, it’s the perspective that professional risk assessors use…)
• Chapter 8: SMTP Relaying and Spam Control

: read this chapter to learn how to control SMTP relaying and how to restrict spam on your servers (hint: buy a third-party product. just kidding, Microsoft.)

All of the files are PDFs. Please feel free to tell your friends about them; however, I’d appreciate it if you tell them to come here instead of just sending them copies. My children are rapidly approaching college age, y’know.

Lots of people subscribe to the idea that keeping security vulnerabilities secret is the best way to deal with them. Dr. Matt Blaze, an eminent cryptography and security researcher, had a few thoughts on that the he shared with Dave Farber’s Interesting-People list. I post it here as a cautionary tale.

Continue reading →

Mark your calendars; on 10 January at 0830 PST (that’s 1630 GMT), Microsoft’s scheduled a webcast with Ed Wu, product manager for Exchange 2003, to discuss its new features and cool goodies. There will probably be other such events, especially as we get closer to TechEd 2003. (Note to Microsoft: if you’re going to have TechEd in the summer, why hold it in sweltering places like New Orleans and Dallas? how about Minneapolis, San Diego, Toronto, or someplace with more moderate weather?)

Microsoft’s released the first public beta of Exchange Server 2003, formerly codenamed Titanium. Exchange 2003 has a ton of new features; my favorites include the ability (when running on Windows .NET Server) to do snapshot backups, and the ability to use signed and encrypted mail with OWA. You can download the Ti bits, or you can order an eval kit with Exchange 2003 beta 2, Windows .NET Server RC2, and Office 11 beta 1 for US$20. The “getting started” guide makes for interesting reading, too.

I had a network account, from a certain large software company, used for my work for them. Due to an administrative snafu, it was disabled and won’t be re-enabled until the manager returns after the holidays. I needed a message that had been sent to that account? What to do?
In my case, it was simple: I fired up Outlook 11 and got the message out of my client-side cache. This really isn’t a new feature; Outlook’s had PST and OST files for a long while. However, Outlook 11’s synchronization is seamless and automatic. As an end user, that’s great. As an administrator, though, it makes me wonder: what can I do to prevent or restrict the use of cached content? I have a sneaking suspicion that Microsoft has some ideas in this direction, and that we’ll be seeing them emerge in future betas of Outlook 11.

If you apply the security templates from Microsoft’s Exchange 2000 security operations guide, remember that these templates are additive. You must first apply the correct templates from the W2K security operations guide.

Apart from the twin facts that they’re annoying to outsiders and that they can cause mail loops, the BBC reports on a third excellent reason not to use out-of-office messages to the Internet: people will rob your house while you’re away.

Well, Valentine’s Day, that is. According to Amazon, the book will ship 2/5/03. This is a bit later than I’d hoped, but I suppose I should have written it faster.
If you preorder it now, though, you’re assured of getting it when they do.