Security Basics mailing list archives
Re: IRC in corporate enviroment
From: Joel Eriksson <joel.eriksson () gmail com>
Date: Mon, 27 Jun 2011 04:03:34 +0200
Oh, so I'm assuming we're talking about an invulnerable browser here then? :) I think we're all aware of the fact that any common browser has a huge attack surface, and most certainly will have vulnerabilities. Even assuming that noone is MITM:ing the connection and that the people hosting the IRC-to-web-interface service don't have any malicious intent, we can never rule out the possibility of the IRC-to-web-interface software being vulnerable to for instance some method to inject javascript / improper input filtering, which could be used to inject malicious javascript into the users browser. Even without exploiting any vulnerabilities in the browser this could possibly be used to access services on the internal network through javascript, and possibly do real damage. I would much prefer restricting the attack surface to a client vulnerability in an SSH client (which is certainly possible too, but compared to a browser you're _much_ less exposed). So, +1 to MadHatter's suggestion of having a linux/unix-server that the employees can SSH into. I don't want to be offensive, but logging in through some javascript based web interface is really just a horrible idea and saying that it "resolves all security issues" is ... Well.. Let's just say less insightful. Best Regards, Joel Eriksson On Tue, Jun 21, 2011 at 12:31 PM, McLean, Thomas <Thomas.McLean () gha org uk> wrote:
Let them logon via Javascript webpage over at freenode.net and this will resolve all security issues that could arise - they may not like the interface, but you are the admin not them. Thanks, -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Dennis Dayman Sent: 18 June 2011 19:48 To: security-basics () securityfocus com Subject: IRC in corporate enviroment Looking for some pros cons to having IRC connectivity in a corporate environment. Our R&D guys would like to join some coding channels to get ideas and help, but we are hesitating to allow them for fear of a possible hole being opened via an IRC channel and client. thoughts on pro's or cons? what is the beat way to implement if it is deemed ok? -Dennis ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442 f727d1 ------------------------------------------------------------------------ ------------------------------------------------------------------------------------ Disclaimer: This e-mail and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you are not the intended addressee, or the person responsible for delivering it to them, you may not copy, forward, disclose, rely on or otherwise use it or any part of it in any way. To do so may be unlawful. Any representations, contractual or otherwise, views or opinions presented are solely those of the author and do not necessarily represent those of Glasgow Housing Association Ltd. If you receive this e-mail by mistake, please advise the sender immediately by phoning 0141 274 6200 and delete this e-mail. As part of our Acceptable Use policy Glasgow Housing Association Ltd. monitors e-mail content. This footnote also confirms that this email message has been swept for the presence of computer viruses. The Glasgow Housing Association Limited is a not-for-profit housing association registered under the Industrial and Provident Societies Act 1965, registered no. 2572R(S). It is also recognised by HM Revenue and Customs as a Scottish Charity (SCO34054) and is registered with The Scottish Housing Regulator under the Housing (Scotland) Act 2001 as a registered social landlord, no. 317. VAT Registration No. 796709466. Registered office: Granite House, 177 Trongate, Glasgow G1 5HF ------------------------------------------------------------------------------------ ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
-- Best Regards, Joel Eriksson ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- IRC in corporate enviroment Dennis Dayman (Jun 20)
- Re: IRC in corporate enviroment AK (Jun 23)
- Re: IRC in corporate enviroment securityfocus . com (Jun 23)
- Re: IRC in corporate enviroment MaddHatter (Jun 26)
- Re: IRC in corporate enviroment Dennis Dayman (Jun 23)
- RE: IRC in corporate enviroment McLean, Thomas (Jun 26)
- Re: IRC in corporate enviroment Joel Eriksson (Jun 27)
- Re: IRC in corporate enviroment Todd Haverkos (Jun 26)