After some review of IE security and noticed a flaw (read more) I needed to block users from all sites except those allowed. I used the IE content advisor and GPO to do this.
The first step is to create a septate group policy object or use a common one with other IE changes to help in the organization.
Once you have your group policy object editor open navigate to "User Configuration" > "Windows Settings" > "Internet Explorer Management" > "Security" and open "Security Zones and Content Ratings".
Click the radio button "Import the current content rating settings".
In the Content Advisor window click the Approved Sites tab there you will add the domains, sub-domains or IPs you approve or disapprove of and this will affect users that this policy applies to (it seems to also affect the server).
If you need more info, screen shots or other details let me know in the comments below.
Enjoy!
Sunday, July 25, 2010
IE8 lockdown report
This is not a flaw with Internet Explorer at all, the flaw was in the security theory. Even though I had sites blocked before locking IE, I decided to lift the block after removing the address bar which I thought was the only way to get to other sites... this was not the case and I was so intrigued by this one that had to write a little report about it.
After locking IE and the entire user profile down I was convinced that users cannot go to any other sites than those we intended, i.e. the home page and links on desktop and without an address bar they couldn't get anywhere else. What never even crossed my mind and I had not thought of, is that one of our links' webpages was leading to google maps to show an address, seems harmless enough but from there the user can simply click on the web search and google anything and get to where they want! (assuming it does shows up on google of course - at least there will be no malicious sites)
The solution is another group policy object to only allow IE to get to sites we decided (read post), can include google too but if they try getting to another site it will be blocked.
So there you have it folks, even with security in mind you cannot always think, see or find the flaws in your system until it is used in production with real users daily tasks and them trying to exploit the system. In this case: with no address bar it is still possible to get to any site you want via search engine if it's linked ANYWHERE.
Let me know what you think in the comments below.
After locking IE and the entire user profile down I was convinced that users cannot go to any other sites than those we intended, i.e. the home page and links on desktop and without an address bar they couldn't get anywhere else. What never even crossed my mind and I had not thought of, is that one of our links' webpages was leading to google maps to show an address, seems harmless enough but from there the user can simply click on the web search and google anything and get to where they want! (assuming it does shows up on google of course - at least there will be no malicious sites)
The solution is another group policy object to only allow IE to get to sites we decided (read post), can include google too but if they try getting to another site it will be blocked.
So there you have it folks, even with security in mind you cannot always think, see or find the flaws in your system until it is used in production with real users daily tasks and them trying to exploit the system. In this case: with no address bar it is still possible to get to any site you want via search engine if it's linked ANYWHERE.
Let me know what you think in the comments below.
Friday, July 23, 2010
Hacker Documentaries
I was always fascinated with the concept of hacking, discovery of new ways to do things unimaginable. Applied to computers and networking it's very intriguing. So I started collecting documentaries about hacking (stream from megaupload):
Let me know what you think in the comments!
Thursday, July 22, 2010
How to Download and Stream from MegaUpload
It's really quite simple, note you will need VLC installed and either Firefox or Chrome as your browser.
Watch the video and read instructions below:
1. [Update: this part is now skipped by megaupload: start from step two, I will keep it for archive purposes] First you are going to get to a download page, enter the code and hit download file
(Example: http://www.megaupload.com/?d=EBRH99AC)
Watch the video and read instructions below:
1. [Update: this part is now skipped by megaupload: start from step two, I will keep it for archive purposes] First you are going to get to a download page, enter the code and hit download file
(Example: http://www.megaupload.com/?d=EBRH99AC)
2. Next you wait for the counter which will take 45 seconds without an account or 25 with an account (sign up is free).
3. Now you simply click Regular Download image button and the download starts! (you may close the window but don't close the browser so the download can finish)
4. If the file is avi/divx type (extension doesn't always matter), streaming will work with VLC and firefox/chrome, go to the download location (normally at My Documents>Downloads) Right click the file (which will be named appropriately, in firefox the extension is .part and as of 10/22/2010 chrome changes the extension to .crdownload) > and click Play with VLC media player (if the option you may need to restart or reinstall VLC player)
5. VLC will give the message "AVI is broken..." (it's because the file is incomplete, because it's in the process of download!) just click Don't Repair and the streaming video will start!
Note: depending on your connection (and other factors), VLC might stop playing - check if something interrupted the download (remember not to close the browser!) or just slow download speed, just wait a few minutes and repeat step 5. again. If it's too slow you may just prefer to wait until the download is complete.
Enjoy!
Tuesday, July 6, 2010
NinjaVideo is no more
After giving it some time and waiting to see if the site comes back up I am pronouncing it dead today, here is a last gimps at the wonderful site before it disappears from the cache (no longer there)
It made us cry, it made us smile but now we look forward to the next pirate streaming site that will provide us with mindless entertainment for countless hours and chew more bandwidth then our ISPs can swallow .
We loved it for so many reasons.
Pop culture and underground mashed up into one, a place like this is truly unique and let's hope the other sites can handle it, but the real question is when will the feds stop taking down those sites?
Maybe one day we will figure it out... until then, ROCK ON pirates!
A hate site to that has suggestions for alternatives could come in handy now.
It made us cry, it made us smile but now we look forward to the next pirate streaming site that will provide us with mindless entertainment for countless hours and chew more bandwidth then our ISPs can swallow .
We loved it for so many reasons.
Pop culture and underground mashed up into one, a place like this is truly unique and let's hope the other sites can handle it, but the real question is when will the feds stop taking down those sites?
Maybe one day we will figure it out... until then, ROCK ON pirates!
A hate site to that has suggestions for alternatives could come in handy now.
Subscribe to:
Posts (Atom)