An Email Conversation Regarding Domain Names and Aliases

Posted on by Adam Fowler

Hi,

Just sharing some correspondence I had with a company that I signed up with to purchase some goods online. Details have been changed for privacy and a few extra lines in the emails deleted that were irrelevant.

From: Mr Website Owner <[email protected]>

Hello Mr Adam Fowler,

Recently you registered on our site using the email address of [email protected]

We are not sure why you have chosen our registered business name and web address as an email address.
We would hope that this is not for any misrepresentation. Therefore we request that you cancel this name registration immediately.

We would not like to have to report this to the authorities, ASIC or Planet Domain for a breach of any company laws or internet protocol related issues.

Thanking you in advance for your assistance.

Kind Regards,

Mr Website Owner

From: Adam Fowler <[email protected]>

Hi Mr Website Owner,

I’d recommend you have a chat with someone that knows I.T. to back up what I’m about to tell you, but this isn’t a name registration.
I own the domain mydomain.com and can have any email address @mydomainname.com, just like you can have anything @yourdomainname.com
That’s also why I’m replying from [email protected]
When I sign up for any service, I use a specialised email address solely for use with that business. Nobody sees this but you.
You can make up any word or phrase before @mydomainname.com and the email will get to me.
I also do not own any business, and do not have an ABN.

Threatening me with incorrect information, and being reported to the authorities isn’t the best way to deal with someone who’s planning to order XXXX from you.

Thanks

From: Mr Website Owner <[email protected]>

CC: Mr Website’s Lawyer

Thank you for your speedy reply.

It is unfortunate that your reply seems to contain a little more aggression that my email intended but that is the down side with the written word. Doesn’t contain emotion.

As you would be aware in owning a domain, which is just like any business, you need to protect it.

In today’s day and age, with Spammers, Hackers etc. doing enormous amounts of damage to all businesses, everyone needs to be vigilant.

We have competitors daily copying our business names (yes we have a few) registering and using names so close it’s confusing to our existing customers. Even down to having their office staff say they have the same name as our staff.

I accept your assurance that we are the only ones who will see this address, but I’m sure you would agree that it can be concerning to see initially.

I can assure you when I make a statement I have no intention of giving incorrect information.

When it comes to Misrepresentation I meant:

An assertion or manifestation by words or conduct that is not in accord with the facts.
Misrepresentation is a tort, or a civil wrong.

Many small businesses will have [email protected] as the email address for their business name of ‘My Big Pies’ because they don’t own a domain or have a web site. It’s any easy way to have a personalised email. Some of my friends have their business emails setup this way.

Just because you own a domain or even a printing press for that matter, doesn’t allow you to print a business card containing an email address of say [email protected] and be running an Electronics Service Business. The effect is confusion from Apple product owners who may think you work for or are an Authorised agent for Apple when this is not the case. I’m not here to lecture. I am asking in this case for some professional courtesy and refrain from using our business name just like any other business would.

If you are not happy with my explanation or request, please feel free to contact our Solicitor (I’m sure he is better with his words than I am):

<Lawyers Details Here>

If you choose not to purchase from us that is purely up to you. We can’t force you.  We do try to please every customer in the same way we fight to protect our business…with a passion.

Thanks again for your understanding and reply.

All the best,

Kind Regards,

Mr Website Owner

From: Adam Fowler <[email protected]>

CC: Mr Website’s Lawyer

Hi Mr Website Owner,
The reason for shortness on my last email is that I don’t like to be threatened, regardless if there is any emotion behind it.
To keep things short, are you confirming that you accept my explanation and that no action is required from myself? I have no interest in using your name for anything apart from an account I signed up to your website with, which now I would request that it be terminated and removed from any databases and mailouts.

Thanks

Mr Website Owner <[email protected]>

CC: Mr Website’s Lawyer

Thank you Adam,

Yes I accepted your explanation behind the creation of the email address. You must have quite a few if you deal with many businesses.

I will of course remove your account if you no longer require it.

Please accept my apology if I have caused any upset. It was not my intention. I am just very protective of my business as I’m sure you are with your domain.

Also I hope we haven’t sent you any unsolicited marketing emails in the past. We definitely don’t operate that way.

Consider it all closed.

Thanks again,

Kind Regards,

Mr Website Owner

From: Adam Fowler <[email protected]>

 

Thank you Mr Website Owner, I’ll consider the issue closed from my end too.

Anywhere I need to sign up for any service gets it’s own email address, you’d be suprised how many online companies seem to get hacked and their customer list starts to get spammed. There’s actually quite a few people who do the same, so you may see others sign up similar to how I did.

Not a problem either, I understand where you were coming from on it, which is why I took the time to explain.

Good luck with your ventures.

Thanks

That’s where it ended, apart from a week later I received a gift from the website owner of some of the products I was considering purchasing! Well done to him for turning the situation around in the end.

LinkedIn Security/Information Risks with Exchange

Posted on by Adam Fowler

Hi,

Today after logging on to LinkedIn, I was greeted with a new screen I found rather worrying. It is commonplace for services like LinkedIn and Facebook to scan through your address book, and ask for credentials to do so (which is rather concerning already), but a new option has popped up:

 

linkedin

 

This is asking for your work username and password. No 3rd party should be asking for corporate credentials like this, even more so a company that’s been hacked before http://www.pcworld.com/article/257045/6_5m_linkedin_passwords_posted_online_after_apparent_hack.html . I tried this with a test account, entering the username and temporary password. It then asked for further information, which was the address for the Outlook webmail link and then connected and started showing contacts.

LinkedIn on this page says “We’ll import your address book to suggest connections and help you manage your contacts. And we won’t store your password or email anyone without your permission.” which is a start, but it’s just such a bad practise to get into, and encouraging people to do this is irresponsible of LinkedIn in my opinion. On top of this, it’s providing an easy mechanism for staff to mass extract their contacts outside the company, which many companies frown upon or even have strict policies in place.

You can’t stop people from entering in these details of course, but you can block the connection from working at the Exchange end, as long as you have at least Exchange 2010 SP1.

There are a few settings to check. First, under the Set-OrganizationConfig area, you’ll need to check that EwsApplicationAccessPolicy is set to ‘EnforceBlockList’. If it’s not, it’s going to be “EnforceAllowList” and you’re probably OK, as it’s using a whitelist for access to only what’s listed rather than a blacklist, to only block what’s listed.

Next, you need to add LinkedIn into the BlockList. This is done with the command “Set-OrganizationConfig -EwsBlockList LinkedInEWS

How do we know it’s the string “LinkedInEWS” to block? The IIS log files from Exchange will reveal this. After doing your test of trying LinkedIn (or any other Exchange Web Services connection) there will be a log entry. You can read this blog post from Microsoft for some great details http://blogs.technet.com/b/matabra/archive/2012/08/23/block-mobile-apps-that-use-exchange-web-services.aspx but the abbreviated version is to look at what’s connecting fir POST /EWS/Exchange.asmx, and you’ll see the username you used to test, then the named connection. Here’s an example (with domain, username and IP changed):

2013-06-02 10:37:48 192.1.1.135 POST /EWS/Exchange.asmx – 443 domain\testusername 192.168.1.1 LinkedInEWS+(ExchangeServicesClient/0.0.0.0) 200 0 0 296

After applying, I retested and it seemed to still connect, but couldn’t find any contacts. My guess is that it’s authenticating OK, but then refusing to do much else. If anyone else would like to test this and post the results, I’d be very happy to find out update this.

 

Funnily enough, after writing this I found that LinkedIn had posted a very short version of the above:

From: http://help.linkedin.com/app/answers/detail/a_id/5025

Disabling Contact Import Process – Corporate IT Managers Instructions

How do I disable the ability for employees at my company to import contacts from their work email account?

Last Reviewed: 10/10/2012

Report Answer Inaccuracies

If you’re a Corporate IT manager, you can disable an employee’s ability to import contacts from their work email accounts.

Use Set-OrganizationConfig cmdlet to:

  • Set the value of config parameter EwsApplicationAccessPolicy to EnforceBlockList.
  • Add value LinkedInEWS to config parameter EwsBlockList.

For more information on using Set-OrganizationConfig cmdlet, please refer to Microsoft’s Managing Access for EWS Managed API Applications.

 

Further reading is available here:

http://thoughtsofanidlemind.wordpress.com/2010/08/12/controlling-ews-access-in-exchange-2010-sp1/

http://security.stackexchange.com/questions/36560/how-do-i-block-linkedin-from-extracting-data-from-microsoft-exchange-server

 

Update:

Paul Cunningham has done a great writeup about this with some extra investigation and details, have a read: http://exchangeserverpro.com/blocking-linkedin-access-to-your-exchange-server-organization/

 

Update 2:

This story had now been picked up by The Register, have a read here: http://www.theregister.co.uk/2013/06/06/linkedin_snarfing_contacts_from_exchange/

 

Update 3:

Seems to be getting picked up all over the place, so I’ll just keep updating this point as I find other articles. There’s some good discussion and opinions on this out there, such as why is Exchange configured to allow everything by default?

http://securencrypt.com/blog/linkedin-has-major-privacy-issue/

http://webwereld.nl/beveiliging/78036-linkedin-slurpt-data-van-zakelijke-exchange-servers

Unable to Map Drives from Windows 8 and Server 2012

Posted on by Adam Fowler

Hi,

Came across this issue recently and thought it was worth sharing. From a Windows 8 machine, trying to map drives to either Windows Server 2003 or Windows Server 2008 and failing. It was just the generic ‘Windows cannot access *blah*” but the details had ‘System error 2148073478’. Some googling found this Microsoft Support article: http://support.microsoft.com/kb/2686098

First, this only talks about 3rd party SMB v2 file servers which is a bit strange, but applying this client fix fixed it on an individual basis:

  • Disable “Secure Negotiate” on the client. 
    You can do this using PowerShell on a Windows Server 2012 or Windows 8 client, using the command:

    Set-ItemProperty -Path “HKLM:\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters” RequireSecureNegotiate -Value 0 -Force
  • Note: If you get a long access denied error, try running Windows PowerShell as an Administrator.

Fixes it, but not ideal. A better solution may be to disable SMB signing on the particular server you’re connecting to. The next set of instructions are fromExinda: http://support.exinda.com/topic/how-to-disable-smb-signing-on-windows-servers-to-improve-smb-performance

To disable SMB signing on the Windows Server 2000 and 2003 perform the following:

  1. Start the Registry Editor (regedit.exe).
  2. Move to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters.
  3. From the Edit menu select New – DWORD value.
  4. Add the following two values EnableSecuritySignature and RequireSecuritySignature if they do not exist.
  5. You should set to 0 for disable (the default) or 1 to enable. Enabling EnableSecuritySignature means if the client also has SMB signing enabled then that is the preferred communication method, but setting RequireSecuritySignature to enabled means SMB signing MUST be used and so if the client is not SMB signature enabled then communication will fail.
  6. Close the registry editor.
  7. Shut down and restart Windows NT.

In addition, default Domain Controller Security Policies may also force these values to “enabled” on Windows Servers. 

On Windows 2003 Servers, open Domain Controller Security Policy under Administritive Tools. Expand the Local Policies tree, then expand the Security Options tree and look for:Set both of these values to “Disabled”.

  • – Microsoft network server: Digitally sign communications (always)
  • – Microsoft network server: Digitally sign communications (if client agrees)

To disable SMB signing on the Windows Server 2008 and 2008 R2 perform the following: 

Changes need to be applied in the Group Policy management console. 
      Start –> Administrative Tools –> Group Policy Management 
Configure the Default Domain and Default Domain Controller Policies. The settings you are looking for are under: 
      Computer Configuration –> Policies –> Windows Settings –> Security Settings –> LocalPolicies –> Security

 Turning off SMB signing isn’t a best practise security thing to do, but if you need to get out of trouble and it’s only on your internal network then the risk of someone modifying SMB packets in transit is rather low, plus you’ll get a 15% boost due to losing the overhead of SMB signing. This is still a preferred option to just completely disabling it on the client, because at least the client can still do secure SMB to other servers.
Update: Trying this from Windows 8 PC to a Windows 7 PC had a similar issue, but the error code was 0x80004005. Another workaround is running the powershell command Set-SmbClientConfiguration -RequireSecuritySignature $true on the Windows 8 client. This may break other stuff again, if you try to connect to something that doesn’t have a Security Signature. Investigate this for yourself :)
All of the above should apply to Windows Server 2012 too.

Samsung ATIV Smart PC Pro 700T Review

Posted on by Adam Fowler

Hi,

I’ve been using the Samsung ATIV Smart PC Pro 700T solidly for a week for work purposes while travelling, so I thought it was about time to put up a brief review.

What is it? A hybrid laptop/tablet from Samsung that runs Windows 8. It’s a hybrid as you can undock it from the keyboard (similar to a Microsoft Surface, but the docking/undocking mechanism is nowhere near as nice) and use it as a tablet.

Here’s the Samsung site for it: http://www.samsung.com/us/computer/tablet-pcs/XE700T1C-A01US

…and here’s the specs from the same site:

 

Processor
 
Processor
 
Intel® Core™ i5-3317U Processor
 
Speed (GHz)
 
1.70 GHz
 
CPU Cache
 
3MB L3
 
Display
 
LCD Size
 
11.6"
 
Type
 
LED Full HD
 
Resolution
 
1920 x 1080
 
Brightness
 
400 nits SuperBright™ Plus Technology
 
System Memory
 
System Memory
 
4GB
 
Memory Type
 
DDR3 (1600MHz)
 
Max. System Memory
 
4GB (On Board)
 
Storage
 
HDD
 
128GB SSD
 
HDD RPM
 
SSD
 
SATA
 
SATA2
 
Graphics
 
Chipset
 
Intel® HD Graphics 4000
 
External or Integrated
 
Integrated
 
Maximum Graphics Memory
 
Shared
 
Sound & Camera
 
Speaker
 
Stereo Speakers (1 W x 2)
 
Sound Effect
 
SoundAlive™
 
Web Cam
 
2.0 MP HD(Front)
 5.0 MP HD (Rear)
 
Internal Mic
 
Yes
 
Wireless
 
Wireless LAN
 
802.11 a/b/g/n
 
Bluetooth
 
4.0
 
WiDi
 
Yes
 
I/O Ports
 
HDMI
 
Micro HDMI
 
Headphone Out
 
Yes (Headphone/MIC combo)
 
Microphone In
 
Yes
 
USB Ports (Total)
 
1 x USB 3.0
 
Multi Card Slot
 
1 Micro SD
 
Docking Port
 
Yes
 
Input Devices
 
Touch Pad / Track Point
 
Available with Keyboard Dock Accessory
 
Power
 
AC Adapter
 
40 W
 
Number of Cells/Cell Type
 
4 cell / Li-Po
 
Watt Hours
 
49
 
Dimensions
 
System Dimensions (L x W x H, Inch)
 
11.97" x 7.46" x 0.47"
 
Weight
 
System Weight (w/Std. Battery, lb.)
 
1.96 lb.

 

As you can see, it’s grunty enough with an i5 CPU and has the current standard Intel graphics chipset, but the screen runs at a rather high 1920 x 1080 for an 11.6″ screen. For general day to day use, this is just makes text a bit too small, and makes the cursor difficult to use with a small trackpad and a lot of pixels to cover distance wise.

The undockable keyboard is quite nice to use (I’m typing on it right now) so no complaints there, but due to the weight of the screen being a stand-alone tablet, there are two annoyances. First, it’s top heavy so can easily fall backwards as the keyboard is quite light. Secondly, the joints that hold up the screen aren’t tight enough so if you’re trying to type in bed on your back, the screen will just collapse onto you.

Other things like battery life were adequate at 3-4 hours, screen orientation detection works quite well and the 3 USB ports are again adequate, but 1 or 2 more wouldn’t go astray. There’s only one USB port on the tablet, and an extra 2 on the keyboard. The touchpad is nice to use, but I kept triggering right clicks when I didn’t intend to.

Overall a decent device depending on your needs, but in my eyes the Surface is a better pick.

Exchange 2010 – Out of Office for HelpDesk

Posted on by Adam Fowler

Hi,

One of the pains of looking after Exchange 2010 is putting in an Out of Office message for someone who forgot to do it before they went away, and either can’t or won’t do it themselves remotely. If you’re lucky enough to be able to delegate this task out to others, you can easily do so with “Role Based Access Control”. There’s a nice built in group called ‘Help Desk’ which gives the members access to everyone’s Outlook Web Access Options (not their actual emails). These options include Out of Office as well as several other useful settings that are not particularly private or contain confidential information.

To do this, from the Exchange Management Console go to Toolbox > Role Based Access Control (RBAC) User Editor. This will bring up a web page that is a part of Outlook Web Access – log in with the relevant credentials for Exchange Administration, and you can navigate to the Roles & Auditing Section:

rbac

From this, you can double click on the Help Desk entry from the list of Role Groups, and add members to the list.

Once this is done, the users who were added to the group can access other user’s Out of Office by logging onto Outlook Web Access, going to Options > Set Automatic Replies. You’ll be greeted with this screen:

auto replies

From here, you can drop down the ‘Manage Myself’ menu and choose ‘Another User…’, select your user and you’ll see the selected users options screen, allowing you to set Out of Office.

Hope that helps!

Update 7th October 2014:

I had someone ask as the above didn’t work for them, but it was due to one of the Assigned Roles being removed against Help Desk. They should be:

Assigned Roles:
Message Tracking
User Options
View-Only Recipients