Author Archives: Hacker Medic

Microsoft Security Advisory (977981): Vulnerability in Internet Explorer Could Allow Remote Code Execution – Version: 2.0

Revision Note: V2.0 (December 8, 2009): Advisory updated to reflect publication of security bulletin.
Summary: Microsoft has completed investigating public reports of this vulnerability. We have issued Microsoft Security Bullet…

Microsoft Security Advisory (974926): Credential Relaying Attacks on Integrated Windows Authentication – Version: 1.0

Revision Note: V1.0 (December 8, 2009): Advisory published.
Summary: This advisory addresses the potential for attacks that affect the handling of credentials using Integrated Windows Authentication (IWA), and the mechanisms Mi…

Microsoft Security Advisory (954157): Security Enhancements for the Indeo Codec – Version: 1.0

Revision Note: V1.0 (December 8, 2009): Advisory published.
Summary: Microsoft is announcing the availability of an update that provides security mitigations to the Indeo codec on supported editions of Microsoft Windows 2000, W…

Now, here’s an idea….

      No Comments on Now, here’s an idea….

Over the last couple of years, as a Product team working on Brightmail, we have really increased our efforts to gather as much information from customers as possible.
Talking to customers about what they need do today and how they do it, how they envisage doing it in the future, as well as how they deal with different security threats whether it’s around inbound email malware or Data Loss Prevention.

Last week I met with the top IT guys for one of our Enterprise Security customers, to talk about future projects they are running and how Symantec Enterprise Security products fit into their internal roadmap. I first visited them last summer on a whirlwind tour of customers in Europe.
Besides being a great week long roadtrip and building relationships with the guys in the field that I don’t often get to meet face to face, we had some really interesting discussions with customers about their requirements and futures.
Now, one of the thing I like to do when meeting customers, is to talk a little bit about what improvements our Engineering team have put into the product over the last release. It’s a pretty good way to break the ice, if it’s the first time i’ve met them.
It’s even better when I get to go back to a customer and outline improvements based on the feedback we took away from our last meeting with them. Of course, it doesn’t always go that way and some times it’s a little painful explaining why we haven’t put someone’s “must have” feature into the product yet. 🙂

Symantec have always been interested in customer feedback and i’m really pleased to see us adding more transparency to our product planning.
The Ideas section on Symantec Connect (https://www-secure.symantec.com/connect/ideas) was launched last month. It’s based on the idea of community voting and gives our customers a way to voice their opinions on and request new functionality requests.  You can find the Brightmail Gateway Ideas section under the Security heading.

One of the most difficult things to do around enhancements is to really understand just how popular a new feature would be across our entire customer base.
Sure, we can talk to as many customers as possible and ask for their opinions but using the Ideas portal to reach a wider audience is going to be invaluable.
It’s still in the infancy right now but as we start moving forwards through project release cycles, you’ll see others on my team and engineering folk joining in the conversations to make sure we are looking at the right solutions.

(Note: I try to steer clear from annoying corporate terms as much as possible so it pains me to type the next sentence.)

My “Call To Action” (grrr) for Brightmail Gateway customers is to get involved in the Ideas portal.
Have a look through the suggestions that have been put forward already.
Vote for the ones that interest you and add your own Ideas in.
You disagree with something that someone suggests? Add a comment to their suggestion explaining why you disagree.

I’m always happy to talk to customers so if you have a question about anything mail or web security related, leave a comment below or feel free to email me at ian_mcshane@symantec.com.

//Ian

Important information for users of Brightmail Gateway Virtual Edition

Here’s some information you should be aware of before upgrading to the forthcoming Symantec Brightmail Gateway 8.0.2 release.

//Ian

<go>
Notification type: New version will be available – Important information to read prior to updating on VMware environments
Product: Symantec Brightmail Gateway
Version: 8.0.1
Patch: 8.0.2
Other Hardware/Software/Environment: VMware ESX Server 3.0.2 or prior with virtual LSI SCSI controller

Overview:
Action required for customers using Virtual Edition of Symantec Brightmail Gateway and VMware ESX Server 3.0.2 or prior with virtual LSI SCSI controller. Prior to updating to 8.0.2., Symantec is strongly recommending that customers assure themselves that they are current with VMware 3.5 or later prior to upgrading to Brightmail Gateway 8.0.2 to prevent loss of functionality.  An alternative workaround is provided if VMware 3.5 is not available.

Recommendation:
Symantec encourages all customers to update Brightmail Gateway to 8.0.2. The update is available via the Control Center or through the Command Line Interface (SSH).
For more information about all changes in this update, please copy and paste the URL below in a browser:
http://service1.symantec.com/SUPPORT/ent-gate.nsf/…

If you have deployed Brightmail Gateway as a virtual appliance and are using a VMware ESX Server environment with a release prior to 3.5update4, you must upgrade the virtual environment to 3.5update 4 or later prior to performing the software update. Failure to do so will result in complete loss of functionality for your Brightmail installation.

This notice is applicable to the following customer configuration;

– VMware Server Version 3.0.2 or prior
AND
– Using the virtual LSI SCSI controller

If you have the above combination and do not take one of the actions specified below, Symantec Brightmail Gateway will not function after updating to version 8.0.2. A kernel panic will occur after rebooting the virtual appliance after the update. The following options are available to prevent this issue:

* The Primary recommended method is to upgrade to VMware ESX Server Version 3.5.

Upgrading typically requires down time and a reboot for the virtual machine in which Symantec Brightmail Gateway runs. These steps may also be necessary for other virtual machines on the same physical computer. Before upgrading, perform the following tasks on Symantec Brightmail Gateway Virtual Edition:

1. Back up your existing data.
2. Check for a running LDAP synchronization cycle.
3. Check for a running Scanner replication cycle.
4. Halt incoming messages to drain all message queues.

These steps are similar to preparing for a software update. See “Running software update” in this document for more information about these steps.
For more information about upgrading, copy and paste the URL below into a Web browser:
https://www.vmware.com/pdf/vi3_35/esx_3/r35/vi3_35_25_upgrade_guide.pdf  

* If you are unable to upgrade to the latest version of VMware ESX Server, you can alternately change your virtual machine to use the BusLogic SCSI controller. For more information about changing the SCSI controller configuration, copy and paste the URL below into a Web browser:
http://www.vmware.com/support/vc14/doc/c14chgscsicontrol11.html

* For the most current information about this issue, copy and paste the URL below into a Web browser:
http://service1.symantec.com/SUPPORT/ent-gate.nsf/docid/2009051416195754

Symantec Brightmail Gateway 8.0.1-7 released

I’m delighted to announce the release of our first update to the Brightmail Gateway 8.0 release.
Version 8.0.1-7 should be available for direct upgrade via your Brightmail Gateway UI or CLI right away and customers can upgrade from any previous production build directly to this release. 
Note:  If you participated in any of our previous beta programs, you CANNOT upgrade from a beta release of Brightmail Gateway.

What does this release include?

  1. Language Packs:
    This release includes translated help and documentation in: Simplified Chinese, Traditional Chinese, Japanese and Korean.  The Getting Started guide is also translated into Arabic, Brazilian Portuguese, Czech, European Portuguese, French, German, Greek, Hebrew, Italian, Polish, Romanian, Russian, Slovak, Slovenian and Spanish.
  2. New SMTP setting “Do not advertise 8BITMIME”:
    We’ve seen a few problems in the wild where, whilst Brightmail Gateway is able to handle messages containing 8-bit MIME data, if it tries to delier these messages  to an MTA that cannot handle 8-bit MIME, the contents became somewhat garbled.  This mostly affected hiascii character sets.  Enabling this new setting forces Brightmail Gateway to accept only 7-bit MIME, which inturn makes the sending MTA pass only 7-bit MIME data to us.
  3. Accepted inbound mail connections limit removed:
    With the 8.0.0 release, Brightmail Gateway did not use any entries after the first 100 in the “Accept inbound mail connections only from the following IP addresses and domains” list.  This has now been corrected.
  4. HTTP Access to control centre:
    Prior to upgrading to 8.0.0, some customers used plain HTTP to access the control centre.  After upgrading, this HTTP access was disabled automatically.  Additionally, the http CLI command did not function.  With the 8.0.1 release the functionality has been restored.  If you wish to access the control centre over HTTP, run the http on command from the CLI and restart the Control Centre.
  5. Messages remaining in delivery queue with SMTP error codes 421, 450, or 451:
    Under some circumstances, it was possible for the Brightmail Gateway connection timeout limit to be reached before all of a recipient domains MX records had been attempted.  For 8.0.1, this has been resolved.
  6. Large increase in messages reported by the control centre statistics:
    Under very unlikely circumnstances, it was possible for a short lived mail loop to exist between two of the Brightmail Gateway interfaces.  This would have manifested itself by way of showing an inflated number of messages sent and recieved under the control centre statistics.  Further redundancy has been added to Brightmail Gateway to avoid this problem.
  7. Virus definitions configured for download on weekends:
    If you perform a new installation of Brightmail Gateway, automatics virus definition updates are enabled every 10 minutes.  Previously, LiveUpdate was not set to run on Saturday and Sundays.  After upgrading to 8.0.1, you are stronly advised to verify your LiveUpdate settings as an upgrade will NOT change any schedules to remedy this.
  8. Ethernet interfaces on the same subnet:
    Previously, if you had two NICs on the same subnet, the MAC address for one NIC may have been cached by DNS and used for both addresses.  This may have resuled in mail delivery issues if one of the NICs was not working.  This issue has been addressed for NEW installations of Brightmail Gateway.  If you have this set up (2 NICs on one subnet) in an existing version of Brightmail Gateway, upgrading alone will not address this issue and you are advised to contact Technical Support for assistance.

Any questions?  Let me know!

//ian

NEW: Symantec Brightmail IQ Services

      No Comments on NEW: Symantec Brightmail IQ Services

If you point your web browser to http://www.brightmail.com/IQServices you’ll see our new online portal providing email security data to Brightmail administrators, email administrators and the general public.
The Global Intelligence Network is a co…