As we’ve all read, Google recently experienced a massive attack on its network, probably from China, and has threatened to leave the Chinese market as a result. I’ve written about that aspect before (Google taking its ball and going home) but this column is about the attack itself and Google’s internal plans for how to deal with future such problems, because of course this will happen again. I’m frankly trying to understand what Google is up to in its response to the Chinese threat — a response that doesn’t make much sense to me given the details of the attack as published.
First reports of the attack blamed a security flaw in an attached PDF file. Later reports blamed a vulnerability in Microsoft’s Internet Explorer browser. Adobe denies the PDF vulnerability, though the company not long ago issued a security patch for that product. Microsoft confirmed the IE vulnerability. But what’s interesting to me is that I understand from inside Google that the company plans to respond to this Chinese threat by changing its log-in process for web apps to one using a secure secondary server. That’s great, but it wouldn’t have stopped the most recent attack.
Is there something here we aren’t being told?
The most popular secure secondary server access system is called SiteKey and is used by Bank of America and many other financial institutions. The way SiteKey works is you log on to your bank’s computer, for example, by first typing an account identifier which causes one server to generate a picture and another server to generate a pass phrase which together don’t identify you to the bank but rather identifies the bank to you. Trapped as it is in a hash table, nobody at the bank can even tell you what picture you chose but you know it (the pass phrase too) so you can be pretty sure the server you are logging into is the one you want and not some phishing site. If the picture and phrase are satisfactory you can then type in your real password and you are there.
I’m told that Google will soon roll-out a similar system for Google Apps.
But I can’t see how using secure secondary authentication would have had any impact at all on the recent Chinese malware incident.
So I went to a friend who manages data security for a huge defense contractor and he agreed. “Authentication helps, ” he said, “but that was the second part of the attack, the original piece was a carefully crafted PDF file that was executed by the user. No amount of authentication helps against an authorized user. Don’t get me wrong, I am a believer in strong X. 509 based authentication, just it would not have helped against a malicious attachment.”
Adobe says it wasn’t a PDF problem at all. Yet my friend, who is privy to a flow of information the rest of us are not, says Adobe may be technically incorrect in this assertion. I don’t know for sure, nor do I think it really matters in this case.
“The IE use was a secondary effect (to download the malware using an allowed program), ” he explained. “I’m not sure what they are calling a vulnerability (it might be a feature). The initial vector was the PDF. Typically such an attack is limited in just how large a program can be in the initial attack (hidden inside the attachment). It has to be just enough to pull the real root kit. Early ones used their own network app but most systems are now protected by personal firewalls that would disallow or alarm. Use of IE would probably avoid this (and explains why large corporations are going to gateway white lists). Bottom line: the attack requires an executable program to be running on the workstation. Once that is in place, anything can be done. ”
The best defense against this sort of attack would have been two-fold. First, strip all e-mail attachments from messages and replace them with a URL. Send one copy of the attachment to a dedicated server that can be set to paranoid. Take as much time as needed to vet the attachment including emulation to see if it is malware or not. Once complete, the URL embedded with the forwarded e-mail becomes active and the attachment can be downloaded.
Google owns Postini, which could implement just such a technique, so we should probably expect that they will do so, making Google apps more secure and therefore more attractive in the process. In Google’s move to make itself ever more essential to the net they may well offer such a quarantine service as a standalone product, too.
The second part of this solution unfortunately died with Windows Vista — the hated User Access Control (UAC). Temporary privilege escalation with logging, which is what Vista’s UAC provided along with some user grief, is the way to go.
Remember that all the authentication in the world will not protect against a privileged user doing the wrong thing. It’s just that logging may help to determine what happened after the fact.
We have known for years how to fix this, but nobody cared.
From today’s Washington Post:
“Google, NSA to form alliance”
https://www.washingtonpost.com/wp-dyn/content/article/2010/02/03/AR2010020304057.html?hpid=topnews
If I remember correctly that this is the way Norton mail scanner used to work. You logged in to your email account and off it went to Norton by way of detour, then back to your PC. It was awful because it slowed your machine to a crawl if Norton was busy. (If I’m wrong about this process I apologise to Norton). As a result I disabled this service. As the years passed my email seemed to be getting more and more scanned on arrival. I now use AVG and it’s a very quick process.
Web-mail services could be used for remote scanning too, couldn’t they? I used to use Dot-Mac but after a while realised the servers were just too far away from the UK to make email using this service a pleasant experience – without virus/malware checking!
As for this PDF trojan method – I’m no expert – I just don’t open anything I don’t know about or expect.
With the Internet being global I sympathise with companies feeling they have to be global too, but if Google want’s to drop China, I can respect that given their experience. “He who fights and runs away, lives to fight another day…”
:-))
“As for this PDF trojan method – I’m no expert – I just don’t open anything I don’t know about or expect.”
As you should. Opening files you don’t know in emails is generally a big no-no.
Showing a picture to “identify” the bank does very little to enhance security. All the phishing site has to do is forward the login you gave them to the actual bank, then display the image and phrase the bank gives them.
Also the banks use a default picture, which most users simply use. So in the end most of your customers will use the same picture.
The phisher having your login will not get them the picture and pass phrase. The banking sites all require that “authorized” computers be used. The phiser would send the login from a new ip address and the Bank would respond with a challenge to answer 1-3 security questions before the picture and pass phrase are displayed.
Brent44,
SiteKey is vulnerable to a man-in-the-middle attack. BoA uses a cookie to mark your computer so that the secret question part can be skipped. The evil site just asks for the cookie from your machine and forwards it on to the BoA end. It then takes the SiteKey pic and sends it to the customer, then harvests the login.
I’m also convinced that having the evil site forward the secret questions to the customer would result in most people answering the questions to get in. Only people who understood the whole cookie/authorized machine aspect would be unlikely to be fooled.
Unless I’m missing something, UAC is still alive and well inside Windows 7. It may have been tweaked so as not be so obstructive, but I believe it still accomplishes the same thing: to make it clear you are making a decision worth spending a few seconds of your time on.
What Microsoft need to do though is ‘brand’ UAC better so as to distinguish its dialog from other system-generated messages. The lightbox helps, but a nice big logo that sets UAC dialogs apart would help immensely.
“It may have been tweaked…”
That’s what’s been done in Win7.
Well wouldn’t it be simple to first sign email, so people can see if it comes from the person/company you think it comes from. First step to prevent such social engineering attacks.
If your email system doesn’t support that, dump it.
Google wants to be involved into every protocol of the internet, why haven’t they invested in some fast key servers?
Or Google can just get a Mac.
DUCK!!!
Google could and should push the envelope of authentication forward. Android & Iphone apps could easily be used to carry one’s X. 509 certificates and the industry could begin to move forward to massive deployement of cert-tokens/keyfob + secret phrases as 2 phase authentication for humans. How cheap does a fob need to be to be adopted? Perhaps a MicroSD with the appropriate electronics akin to what EyeFi has done. As for server to server communications, most big boxes could have GPU based encryption added quite easily.
Given Googles capitalization they could subsidize a production run of such devices quite easily and gain back some public trust — and put to shame most of the US banking industry who can’t get their act together — I say this after reading Brian Kreb’s great articles about money mules.
However bypass of authentication protocols has always been an attack vector. Why need a key when you lift the door off the hinges.
However most “authorized escalation” attacks are due to poorly thought out OS design which for 20+ years fail to properly implement compartmentalization and self-integrity checking correctly out of the box. As a reminder Vista UAC didn’t have granularity based on the type of operation being requested, your admin or not admin.
If a stupid mistake is done it ought not to compromise the whole system but only a part, and only until the system is told to reset back to a known state (rollback, integrity check, etc) at boot or in the better case reset the user’s environment at logout/login.
Business and enthusiasts pay top dollar for faster processors, more processors, more memory, more storage, and still settle for mediocre operating system design. Why isn’t the market working against this? Why are inferior OS still accepted?
Between OS X and Windows 7 at least OS X has a possibility (because of BSD) for privilege granularity, compartmentalization, self integrity, etc. Not that it is implemented well, it just has the possibility for such.
I like public / private key model. Just add a usb key FOB that has a rotating port numbers. Just like your FOB does not open the door of the car next to you.
Like many I’d like to learn a lot more about the attack on Google.
The real problem as I see it, is two fold:
First — anonymity — we need a secure process whereby people’s identities can be authenticated. when I send email, the recipient should be able to know the message really came from me. when I log into my bank to check my account, the bank should know it is really me. We don’t have a global authentication service on the internet. We need one badly. Right now each web service must come up with their own system.
Imagine how nice it would be to be able to reject all email from sources without a verified identity of the sender? SPAM would end immediately.
Second — executables — when I visit a website or open an email attachment, the ONLY thing it should do is to VIEW information. It should NOT run any code, or install any executables on my PC. PERIOD. The only thing Acrobat should do is display pdf files. The only thing Flash should do is play Flash files.
We really do need to lock down outlook, the browser, and the browser plug in’s.
Oh, one more thing, every website must be registered to a real person and all that person’s contact information must be complete, correct, and current.
I examine some of the spam and pfishing messages that are sent my way. I am amazed how many domains are created with NO contract information, or falsified information.
I think it is time for the IETF and some of the big responsible web sites get together and start setting new rules, standards, and protections. This problem is LONG, LONG overdue.
https://www.schneier.com/blog/archives/2010/02/anonymity_and_t_3.html
As another response has pointed out anonymity is not the problem the lack of authentication in communication when desired is. But you know that isn’t even a problem for those using GPG (Gnu Privacy Guard https://www.gnupg.org/ ) The problem is in a nut shell is Apple, Google & Microsoft’s motivations for not including GPG support in their products. Understandably this would be a massive undertaking for Microsoft but Apple would only need to add a new data class to their Keychain database an a little UI glue to Mail etc.
Now on your second point you have what ought to be a basic tenet of computer security separation of data an (executable) code. Unfortunately both the formats you mention pdf and flash are executable data intended to be run in their respective VM’s. So if you want to make things secure you really need to consider moving from pdf (executable) to html (semantic data) and from flash (a mishmash of data including executable) to svg (semantic data) and HTML5. I know html and svg are boring without javascript but there is no reason we couldn’t add noexecute protections to the javascript vm; it is an open standard unlike flash and to some extend pdf.
The real solution is to assume that any PC accessing a corporate server is itself insecure and compromised — even if that PC is inside the company’s building. The current corporate Windows network places tens of thousands, or maybe even hundreds of thousands of Windows PCs on the corporate network. The assumption is that these PCs are all “inside” the corporate network and are therefore trustworthy. One infected PC can infect other PCs on the network. A malicious worm can go from computer to computer, slowly gaining access privileges. Then, it can install itself on the servers and have access to everything.
As the IE bug showed, even the mighty Google uses Windows networking for much of its corporate backbone. Otherwise, how could a user run IE?
Corporate employees should only be able to access corporate information via protocols like https. Documents that are shared between employees should be placed on secured servers, and those documents scanned for viruses and worms. It is still possible for an individual employee PC to be infected, but it will be much more difficult for the infection to spread and gain enough knowledge to affect the company’s servers themselves.
Which brings us to the employee’s PC. Most employees use email, look at the corporate calendar, and produce a few documents. A typical PC, especially the ones now with Multi-cored processors, gigabytes of disk space, and the ability to download and run any program, is overkill. These types of systems are capable of installing in random software, many times without the user’s knowledge. This makes them prone to infection. Although the corporate network can be structured to keep individual PCs from direct access, infections can be spread through out the corporation via IM and email clients.
A more solid locked down system like Apple’s new iPad or even better, a system based upon Google’s Chrome OS. Chrome OS systems do not allow any software or documents to be stored on the computer. In fact, a Chrome OS is able to detect if it has been modified in anyway (such as a rootkit or malware), wipe itself clean, and reinstall a virgin OS.
The current corporate network is based upon 1990s technology before most people even heard of the Internet. Back then, corporate networks did end at the front door and users had no access outside the corporate network. Viruses came from putting an infected floppy disk in your system.
Things have changed. Now, every single computer can connect to almost any other computer. The idea that a corporate network can contain thousands of PCs running unknown configurations and being used by an innumerable amount of non-technical employees can somehow still remain secured is unattainable. We should merely recognize that fact, and adjust our corporate infrastructure accordingly.
and, Google recently allowed any type of document to be stored in Google Docs. this could provide the parking place for docs while they’re waiting to be scanned and opened. where Google has a viewer or editor for a type of document, the user never has to expose their system to the original document unless they want to.
Here is a great quote from a current Slashdot article entitled:
Image Searchers Snared By Malware
“It’s uncertain how Arnold’s site got infected in the first place, but Sinegubko had earlier said that almost 90% of breakins in 2009 that occurred on Linux-hosted sites, were caused by malware installed surreptitiously on people’s Windows PCs and stealing the passwords that people used to administer their sites. Or the site could have been compromised via a WordPress exploit such as this one. As I always tell anyone who will listen, if you want to keep your Linux-hosted website from being broken into, one of the most frequently overlooked precautions that you need to take is to keep your Windows PC free of spyware.”
Or, I would add, don’t use Windows in the first place.
Unfortunately for Google they must run Windows systems for testing, but more importantly they have a large enough staff, all of whom are not Unix geeks who probably don’t feel at home using anything but Windows.
Gmail, by the way, already recognizes a lot of common attachment filetypes and offers to open them in a new browser window rather than downloading them to your PC first. Even if my ultimate goal is to download the file I often open it this way in the browser first, hoping that if it contains anything suspicious the Google servers will spot it first (actually I think they scan all attachments before you even see them in your inbox).
What they don’t allow you to do (yet) is save them directly into your Google Docs filesystem. With that addition there might never be a need to download these files at all, especially if, like me you want to access the same set of files from several non-LAN locations.
[…] here is a link to I Cringely who has a few […]
The real problem is Microsoft Windows! Vista and Windows7 have not truly fixed the problems in Windows.
It is far too easy for malware to install into directories and registry keys they should not be able to access. No other operating system suffers from the blatant disregard for security quite like Windows. You can put a rogue DLL into C:WindowsSystem32, register it and launch it under Svchost.exe all without local admin rights! A simple drive-by attack coming from a rogue advertisement and blamo, you’ve got some phony anti-malware telling you every EXE is infected when it’s not and demanding that you register and pay for the phony anti-malware to remove it.
Not to say that Mac OS X or other Unix systems could not be trojan’d; they certainly can and have been attacked before. But it’s a lot harder to do and requires the end user to enter their password and authorize it. But a user without admin rights won’t kill the whole machine the way it is under Windows. That user may mess up their account on the computer but the OS itself is much better protected.
On Windows, all you have to do is “see” a web page in Internet Explorer that contains malware and you get infected through no user interaction whatsoever. Heck, the demo of this Google attack vector demonstrates the loading of a blank web page and suddenly the computer has been completely compromised! The hacker has complete control of the computer, they can log your keystrokes, take screenshots, kill running processes start their own processes, install more insidious rootkits that hide from being displayed as a running process or file listing, etc.
How many Windows systems are currently hacked by Zero Day exploits that only an elite crew of professional or government hackers know about? The Google fiasco went on for months before anyone noticed. No virus scanner is going to catch it if the exploit and the attack are unknown, secret to only the attackers.
You want better corporate security? Why is Google even running Windows XP with IE6? Why aren’t they running Linux and OpenOffice, heck they can do GMail for employee’s on private Intranet servers. Move any Windows apps that are truly necessary to a protected Citrix farm where they are safely managed in a controlled environment.
“phony anti-malware telling you every EXE is infected when it’s not and demanding that you register and pay for the phony anti-malware to remove it.”
Would you buy the Brooklyn Bridge from me if I demanded it?
My wife would. Without someone knowledgable around to tell them differently, most of my family and hers and most people I know would. People know viruses are bad and that they need to do something. Most people do not know what to do.
But the reason the Internet will never be safe is precisely because of it’s open nature. I don’t think it wise to blame this or that browser particularly because they all strive to do the same job; none deliberately want to cause security problems. It’s virtually impossible to seal everything up and yet still allow the media-rich freedom we all expect from the Internet.
As far as I can remember it was back in the mid 90’s that the free and open nature of surfing began to be dominated by commercial interests. Not merely giving us access to the Internet but the use of the Internet. Nowadays I wonder what proportion of the web is commercial and what proportion informational (does that word exist!?!?) But that was not necessarily the purpose of the Internet at all. Companies just took advantage of the “free ride” being on the web gave them.
That banks offer online management is great – I use it – but trying to make the Internet fully secure for it’s use is always going to be a race to stay ahead of cyber-criminals. Safer to offer a different type of interconnected, packet-based networking that’s sealed tight.
I’m not sure how this can be piggy-backed onto our beloved Internet framework, but I can see it as the only way to keep such vulnerable data safe. Perhaps the open nature of multi-nodal, packet-based networking is the inherent problem for security.
Trying to merely add more and more Internet standards to the fray – new coding languages, methodologies etc, running mulitple servers feeding one client – is just adding to a complication it will be harder and harder to police once a way in is discovered.
As anecdotal evidence of how it’s easy to lose sight of what you’re aiming for, I remember (again!) back in the 80’s speaking to a couple of guys in my then local computer shop. One had been upgrading a lowly home micro computer with low-res graphics to a basic form of hi-res. To accomplish this he had soldered all kinds of chips on to daughter-boards; wires snaked inelegantly from place to place and he needed two hefty power-bricks to deliver enough juice to the mish-mash … I then pointed out that there was new software out which did all of the upgrading for the price of a cassette-tape. He looked dumbfounded. He’d been so busy, wrapped-up in the technical jiggerypokery needed to upgrade his micro that he’d totally missed the fact the work had been done using no hardware at all, just a bit of coding skill. It wasn’t a new language, it was a new way of looking at the problem.
Lateral thinking maybe the only way out of this security problem.
The banking system knows what it should do but it is being allowed to be sharp in that no oversight is present to enforce safe practices.
It used to be that to join the hogan system was a huge step in gaining legitimacy and security between banks. However that has been broken since the banks went into cost slashing at every level.
For all their economic might, until the write offs for fraud and loss to data security breach are tightened there is little incentive for businesses to do what is best and build something new and apart; that takes serious money, name cache and peer review to just enter into the shared system of transactions.
To build in a pay to play system would keep out the little cons and simple hackers. Only the well financed, high skilled ones could game the system at that point.
[…] “Authentication is Secondary” by Bob […]
I don’t think it is really fair to blame Microsoft or Windows for this stuff. I’d bet you can count all the Windows boxes in a Google data center on one hand. The attack against them had nothing to do with Microsoft. Further, the same types of attacks done against a Windows PC can be done against MacOS and Linux systems too. There are 10+ times as many Windows PC’s, so that is where the bad guys focus their attention. This has nothing to do with one operating system being more or less secure than another.
This is really a problem with the Internet.
Spam filters, antivrius, anti-spyware, anti-popups, anti-pfishing, etc… All these tools do is treat a problem. They do not fix the problem. They do not address the CAUSE of the problem. The best they can do is limit the damage. WE NEED TO FIX THE PROBLEM.
Sorry, you’re wrong, on several levels. It is widely acknowledged that the attack on Google (and 30 other large organisations, don’t forget) WAS carried out through IE6. If you don’t believe the published reports, you might ask yourself why Microsoft hurried through an out-of-band security update for IE right after the incident; and why Google has taken the draconian step of ending support for IE6 on all it’s websites.
Your argument that Windows is only attacked because it is popular is partly true, but it is also attacked because it is easier to compromise. If I was a bad guy, internet servers (web, mail, vpn, etc) would be tempting targets – I could connect directly to them, they are usually very powerful and have great bandwidth. These days most of them run on linux, so by your argument you’d expect to hear about lots of linux hacks – but you don’t. It actually has EVERYTHING to do with one OS being more secure than another.
One thing I do agree with you on is the madness of anti-spam/virus/spyware. Why consumers put up with buying an OS from Microsoft and then having to shell out large yearly subscriptions to be able to use it safely is beyond me, particularly when they also eat most of your processing power at the same time.
Certainly the anonymity of the internet is a problem, but it is also what makes it as powerful as it is. It is possible to design devices to connect to it safely, but this process is much easier if you let everyone examine your code for defects. If Microsoft did this, Windows would quickly become as secure as linux.
[…] I, Cringely » Blog Archive » Authentication is Secondary – Cringely on technology […]
“The second part of this solution unfortunately died with Windows Vista”
Bob. I must have missed this bit of news! Vista is dead? I’m sure a few 100 million users need to be told!
Just because MS brought out a “new” OS, only last year, doesn’t mean people stopped using other versions. Like many media folk you seem to have your “only in the last half hour” shades on.
Incidentally UAC, was copied from the technique which still exists perfectly happily in Linux.
Hated as it was, UAC worked… and it still does work. I fix home PCs for a living. Half of my business is malware removal. In three years, I haven’t seen a dozen infected Vista (or Win 7) PCs… and most of those infections were confined to the user’s own profile.
To Sum up.
Google has windows inside the googleplex. It may allow PDF files to be downloaded to them over the web, using IE6, likely on XP.
Google allows users with immense privileges (read other people’s mail and get passwords for the FBI etal) to have local admin rights on these windows XP computers
Google allows these highly privileged, and local administrators to surf the internet from these IE6/XP computers, exploit a buffer overflow attack in IE, to execute arbitrary code with those admin rights, to PWN the machine for the attackers will… Oh and these machines and users are the official ‘wiretappers’ for various govt’s that require that before Google can do business in their countries.
Simple solution: Stop that last item, by making the ‘wiretap’ computers within Google disconnected from the internet.
This is a requirement in SCADA control centers (you want the same XP desktop surfing ChineseCootchieGirls.cn also the point of control for SCRAMming your nuclear pile?… do you want the computer/authorized-user to be surfing the web and then within the same session, execute FBI ’email taps?’)
What that solution has to do with SiteKey (aka Passmark) or any other RSA product (aka Cyota… their login risk analysis engine) in use at BoA is beyond me. Oh, other than to CGA after the fact (detecting google user credentials stolen or in the process of being stolen).
30th
Bob,
Decent article.
My only real comment is on the last line…
“We have known for years how to fix this, but nobody cared.”
Should in fact read…
“We have known for years how to fix this, but GOOGLE didn’t care.”
I like Google, I use Google, but Google has appalling loose security requirements. Mashup services like Wave only make that vulnerability into your life that much more of a target. They don’t even require ‘semi-strong’ passwords for cryin out loud.
People cared (as you citied with the banking industry, and other have citied), but Google didn’t.
I’m sorry that it took this to wake them up to the facts that Microsoft got kicked in the teeth squarely for several years ago. Microsoft isn’t perfect, but you could say that they at least got with ‘the religion’ of security.
Google should have dropped support for IE6 ages ago when Microsoft did, but they were more interested in mining your data for advertising opportunities than paying attention to keeping your data in its place safely. That’s where the privacy folks should REALLY be screaming.
Just to nit-pick, but a password, any password, regardless of complexity, is inherently insecure. The reason for this is human nature.
On the one hand, humans are likely to use the same password for each of the dozens of systems that they need to access. Therefore, you compromise one password on one server, and chances are pretty good that you’ll compromise all other systems.
On the other hand, assume that each of those dozens of systems has a unique, enforced-strong password through some magic that makes certain of the uniqueness. Human beings are not very good at memorizing more than seven individual items. Even this memorization requires assigning to the token at some level. The result? Each password for those dozens of unique systems is probably written down somewhere. I know that’s how I do it. And for those cases, a slip of paper in my wallet backed by another in a locked safe in my house is “good enough”. If I get mugged, I have to change all those passwords.
My point, and Bob’s, is that “strong” passwords alone aren’t enough. You need to verify the identity of the system you are loging onto. How do I know that the computer on the other end of the cabel is who it claims to be? I don’t. However, if the computer on the other end answers my challenge of “Who are you?” with a token that only I would know, and I respond in kind (this part is missing), while it does not get rid of a loop-recording man-in-the-middle attack vector (to mitigate this vector, the paired tokens need to be changed frequently), it does set up the groundwork for a reasonable expectation of security. From that point, I can use any password, weak or strong, that I want.
The engineers at Google are aware of this problem. Hence why they do not require “semi-strong” passwords. They know that “password strength” is a weak veneer. It’s just that until now, they never thought that they needed to implement the computer verification strategy. Or, at least, that’s my reading. Hubris, not incompetence.
Yes, this is so true, Berin. Look at the recent attack on Twitter. It wasn’t actually Twitter servers attacked but the domain service. I find this fascinating but very, very worrying. A look-alike site with the correct URL in the address bar and I log in, totally unaware the site isn’t really the site at all…
Worse than viruses; worse than non-unique passwords… It’s easy to copy site graphics and content.
As I mentioned before, the system itself is inherently insecure. Some of the companies we’ve been mentioning are the biggest global enterprises. They have resources no mere criminal can have. Lateral thinking and new technology NOW please!
“A Google spokesman stated that some engineers use various browsers to ensure that their services work correctly for users of those browsers and Google has “…been upgrading employees to the latest version of Internet Explorer or other options for some time.””
[…] Shared Authentication is Secondary. […]
I was at a seminar once (can’t remember what it was about), and invited one of my employees to attend it with me. There were maybe 100 or so people in the room, and at the end the hosts went into the typical Q&A session. As I raised my hand to ask a question, my associate looked at me with deer-in-the-headlights eyes and asked, incredulously, ‘Are you really going to ask a question?!?’ To her it was simply inconceivable to do something like that. There is an entire block of readers that will NEVER consider leaving a comment, it’s just not part of their personality style.
All this knowledge would really have helped me if I’d read it before I’d written my latest blog post. Any insight that any of you have would be greatly appreciated. My blog is about internet security on a personal and international level. If anyone has anything to comment, I’d be very grateful, http://www.Katiebamb.wordpress.com
Thanks
Fantastic info here! I have been looking for this everywhere, and I’m happy I finally came across it! Keep up the good work.
Thanks for taking the time to discuss this, I feel strongly about it and love learning more on this topic. If possible, as you gain expertise, would you mind updating your blog with more information? It is extremely helpful for me.
I thought t’was going tu b som boring old post, but it really compensated for my time. I’ll put a link to this page on my site. I’m sure visitors will find it very very useful.
I’ll be back again, thanks for the info.
Maybe someone can clarify something for me. I’m just not getting it!
great thanks man…
great thanks man…
I just added this feed to my bookmarks. I like reading your posts. Ty!
good thanks o/
Wow!, this was a top quality post. In theory I’d like to write like this too – taking time and real effort to make a good article… but what can I say… I procrastinate a lot and never seem to achieve anything
Oh,nice article. Good informations..
i use both Avast and AVG virus scanner because they are very good “;-
I never knew how much stuff there was online on this! Thank you for making this all simple to get the picture
Thank you for this blog post.
Thank you for another necessary article. Where else could anyone get that sort of information in such a complete way of writing?
I had been doing nono hair removal treatments for over a year at this point on my facial beard. Until then I had a very thick dark beard. I’m proud of the final results. The actual hairs are really thin and I have not gone back for re-application in around six months. For certain i will point out that it did hurt a tad on my top lip and there were definitely instances when I got some redness on my neck. I like to recommend Intense pulsed light to those with thick hairs or currently have large areas of hair they want to remove. For the males who might like to do their tough facial hair be prepard to get patches in the following several weeks and lots of people saying man whats up with your facial hair.
For certain i will point out that it did hurt a tad on my top lip and there were definitely instances when I got some redness on my neck. I like to recommend Intense pulsed light to those with thick hairs or currently have large areas of hair they want to remove. For the males who might like to do their tough facial hair be prepard to get patches in the following several weeks and lots of people saying man whats up with your facial hair.great!
I know this is really boring and you are skipping to the next comment, but I just wanted to throw you a big thanks – you cleared up some things for me!
Hey! Thank you! I constantly needed to write on my site something like that. Can I implement a portion of your post to my blog?
I spotted an affiliate site yesteday that looked a lot similar to this, are everyone positive an individual isn’t replicating this web-site?
hey this is really great 🙂 i like this one im gonna save it thanksss 🙂
I love this post and please right more, i think a lot of your readers would enjoy writing as well.
Personally i think that you could perhaps show your class on how to make a superb blog. That is wonderful! This wasn’t state, everything that definitely got people had been a type. You recognize how to make your website above a rant approximately a challenge. Youve meant it was practical for individuals to get in touch. Useful in since possibly not more and more persons realize theyre accomplishing
this is one of the best reads I’ve had n a while, i will be sure to recommend this to a couple of people, great job
Hated as it was, UAC worked… and it still does work. I fix home PCs for a living. Half of my business is malware removal. In three years, I haven’t seen a dozen infected Vista (or Win 7) PCs… and most of those infections were confined to the user’s own profile.
Magic Mont Blanc Ballpoint Pen X is a precision writing instrument that features a hard-anodized aerospace-grade aluminum body with a stainless steel clip/ tip. The makes a wonderful business gift that will be appreciated and cherished.
You need to really moderate the responses at this website