| Author | Messages | |
listmail
Posts:496
 | | 05/12/2007 12:18 PM |
| It IS NOTthe state of not having a GUI that makes it
secure... In fact, it really does have GUI capability - GUI just means Graphical
User Interface. There is a mouse cursor right there for heavens sakes, that
screams GUI.... Notepad is there and works fine... The timezone / clock
configuration dialogis there and works just fine... Task Manager is there
and works just fine... Regedit.... Even my one GUI tool I have up on the
joewarewebsite - ClientTest works just fine... We just say it doesn't have
a GUI to scare off the rubes andbecause to people who think that Explorer
Shell = Windows.... the GUI really is missing, they don't know any
better.
ItIS the state of not having the default shell and
all the crap that comes with it.
It IS the state ofhaving far fewer bins on the
machine that could be possible vectors.
It IS the state of being unableto use IE,
MediaPlayer, OE (or Windows Mail), and any other number of "dangerous" apps that
most "good" admins won't run from a production server anyway but other admins
will do in a heart beat.
ItIS the state of not seeing an ICON that represents
an image or something else not dangerous that you click on and it actually being
an executable.
ItSI ~13000 files under C:\Windows instead of ~40000
files under C:\Windows.
And yes... It ABSOLUTELY IS the state of people having to
have a bit more of a clue to use the product. Much harder to surf around to find
things to just click on and try...
Al... Load it up, play with it. I swear it will load onto
VMWARE Server 1.x in like 10 minutes. You will be pissed off to no end at first
probably as you realize there are things that you often want to do and you don't
have the Shell app you normally have to do it. Then if you up keep with it it
will grow on you and you will like it. I am pretty confident that is the case.
The one thing that is annoying me lately with it is that I
cannot figure out how to adjust the screen resolution. I am not sure if I am
being dense or if they forgot that part... If they forgot... It really needs
that capability. That way when I have 10 command prompts up and running, I can
space them nicely around my screen.
joe
--
O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm
From: ActiveDir-owner@mail.activedir.org
[mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Al
MulnickSent: Friday, May 11, 2007 9:18 PMTo:
ActiveDir@mail.activedir.orgSubject: Re: OT: [ActiveDir] MS07-029:
Vulnerability in Windows DNS RPC Interface Could Allow Remote,Code
Execution
I keep reading this thread and trying to wait until the end. But I
had to set my beer down while I jump up and down screaming: "what? Security
through separation? Can't we just do it right without going gooeyless?" (that
last bit is just thereto help with joe's now infamous pizza analogy.)
The thought process seems to be, "if you want security, drop the gooey."
Why should it be either or? What's the big difference? Why are we going back to
the nt bdc mentality with RODC's(oh wait, I've been corrected on that
before, haven't I? :)
Don't get me wrong. CLI only enforces the idea that l-admins
shouldn't be logging onto the box. I applaud that 'cause it's hard to find
a well trained dog to sit with the l-admins. I get that. But this is not
something that should be either/or when it comes to security. That would
fly directly in the face of what makes Windows wildly more adopted than other
alternatives. Heck, if you wanted to do away with the GUI why is VMS not more
popular?
Can you hold the anchovies?
Al
P.S. Call when you have something more challenging than SA work
without the gooey.
P.P.S. I've met both joe and Dean. If you're two days older, you may
as well be dirt. Very nice and socially graceful dirt, but that would be
the thing that I think of when I go through my list of things older than joe and
Dean.
PPPS (the heck with the periods) - I guess I'll have a hard time at the
next summit unless I can sabotage their walking canes ;)
On 5/11/07, Ruston, Neil
: Barclays Wealth
wrote:
Ouch!
What a sight the below was on a cold, windy Friday morning, after a late night
drinking, the day before!! J
[I'm only
a day or 2 older than joe and Dean so not THAT old!!]
Just to
clarify matters – I think server core as a concept is great. Any reduction in
attack surface gets my vote.
Now, I
just need to go find some admins who can use the CLI proficiently and admin
servers remotely … :-^
neil
From: ActiveDir-owner@mail.activedir.org [mailto:
ActiveDir-owner@mail.activedir.org] On
Behalf Of Al MulnickSent: 10 May 2007 22:03To: ActiveDir@mail.activedir.orgSubject: Re: OT: [ActiveDir] MS07-029:
Vulnerability in Windows DNS RPC Interface Could Allow Remote,Code
Execution
When we
return to monolithic-water-cooled-proprietary-protocol-networkcomputing
as the mainstream method, give a shout. Until then, it's just a niche
solution that looks familiar to old dinosaurs such as yourself.
So
no. You're just getting old. :)
(and
wasn't netware 2.0 old in those days?)
Seriously, I see the core server as filling a niche.
As Microsoft continues to grow, they can spend more time on niche products to
serve the needs of sig's (special interest groups.) Server core is not aimed
at everyone. Some people won't want nor be able to use server
core. Unless of course they put more stuff in it. But at some
point we have to admit it's not "core" and that it's more general purpose so
does that become yet another of the bazillion sku's harvested from the same
code tree (pun intended - it's been a long day.)
Oddly,
one of the greatest attributes about Windows is the versatility and it's broad
general appeal. It's everything to everyone. In contrast, it's also one
of the shortcomings if you listen to some talk.
-ajm
On
5/10/07, Ruston, Neil : Barclays Wealth <
neil.ruston@barclays.com> wrote:
Kind of ironic that
we see server core as so important and innovative – I cut my teeth on Netware
2.x, which was built as a core plus add–ons by default. This was back in the
early 90s.
Have we come full
circle? J
From: ActiveDir-owner@mail.activedir.org [mailto:
ActiveDir-owner@mail.activedir.org] On
Behalf Of joeSent: 10 May 2007 13:59To: ActiveDirSubject: RE: [ActiveDir] MS07-029:
Vulnerability in Windows DNS RPC Interface Could Allow Remote,Code
Execution
Yeah I just don't see
a lot of Server Core SBS servers in the near future... Well unless you count
those Novell boxes...
--
O'Reilly Active
Directory Third Edition - http://www.joeware.net/win/ad3e.htm
From: ActiveDir-owner@mail.activedir.org [mailto:
ActiveDir-owner@mail.activedir.org] On
Behalf Of Susan Bradley, CPA aka Ebitz - SBS Rocks
[MVP]Sent: Thursday, May 10,
2007 1:41 AM To: ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] MS07-029:
Vulnerability in Windows DNS RPC Interface Could Allow Remote,Code
Execution
Well server core isn't SBS friendly
period....nor is SBS the poster child of how to set up secure DNS.I
was just asking more along the lines if there was a similar listserve to
BIND-User for the Windows world. Akomolafe, Deji wrote:
>>>is there
a "DNS" only security listserve like BIND has?)
There is
abunch of DNS-related mailing lists on lists.oarci.netbutthey arenot
DNS-on-Windows-centric. And not typically SBS-friendly, if you know what I
mean ;)
Sincerely,
_____
(, / |
/)
/) /) /---|
(/_ ______ ___// _ // _ )
/ |_/(__(_) //
(_(_)(/_(_(_/(__(/_(_/
/)
(/ Microsoft MVP -
Directory Serviceswww.akomolafe.com- we
know IT-5.75,
-3.23Do you now realize that Today is the
Tomorrow you were worried about Yesterday? -anon
From: Susan
Bradley, CPA aka Ebitz - SBS Rocks [MVP]Sent: Wed 5/9/2007 10:28 PMTo: ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] MS07-029:
Vulnerability in Windows DNS RPC Interface Could Allow Remote,Code
Execution
http://iase.disa.mil/stigs/checklist/DNS-Checklist-V3R1-1.pdfVulnerability
Discussion:A vulnerability in the underlying operating system of a DNS
server could potentially impact notonly the DNS server but the entire
network infrastructure to include the Global Information Grid
(GIG).Checks: DNS0170Review the Operating System against the
appropriate OS STIG. For a Windows system thiswould mean an evaluation
with the Gold Disk; for a UNIX/LINUX system this would mean anevaluation
using the SRR scripts. STIG compliance means that all findings are either
closed, or there is a POA&M to address any outstanding
vulnerabilities.Fixes: DNS0170The underlying Operating System of the
DNS server must be in compliance with the appropriateOS
STIG.Vulnerability Discussion: Whether running the latest version
of software or an earlier version, the administrator should beaware of the
vulnerabilities, exploits, security fixes, and patches for the version that is
inoperation in the enterprise. Check: DNS0190If the site is using
BIND, interview the SA to determine if they have subscribed to ISC's
mailinglist called "bind-announce" (information on the Internet at http://www.isc.org/sw/bind/bindlists.php) for
vulnerabilities and software notifications.Fix: DNS0190If BIND is
utilized, the SA will subscribe to ISC's mailing list called
"bind-announce"(information on the Internet at http://www.isc.org/sw/bind/bind-lists.php) for
vulnerabilities and software notifications.Comments:.... looks
like keeping aware goes a long way to keeping a DNS server safe
(stupid question alert when DNS servers are on server core and what
not... is there a "DNS" only security listserve like BIND has?)
Akomolafe, Deji wrote:
And will this be as
a result of integrating DNS into AD? I say no, because I know that you can
still do bad things regardless of the DNS flavor or its complete separation
from AD. This, to me, negates the argument that you should not AD-integrate
DNS because of security "issues".
Sincerely,
_____
(, / |
/)
/) /) /---|
(/_ ______ ___// _ // _ )
/ |_/(__(_) //
(_(_)(/_(_(_/(__(/_(_/
/)
(/ Microsoft MVP -
Directory Serviceswww.akomolafe.com- we
know IT-5.75,
-3.23Do you now realize that Today is the
Tomorrow you were worried about Yesterday? -anon
From: Eric
FleischmanSent: Wed 5/9/2007
8:34 PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] MS07-029:
Vulnerability in Windows DNS RPC Interface Could Allow Remote,Code
Execution
Bad things can
happen if I own your DNS. This DL is not an appropriate forum for such a
discussion. But you should assume that I can do bad things to your forest if I
own your DNS.
From:
ActiveDir-owner@mail.activedir.org [
mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of joeSent: Wednesday, May 09, 2007 6:47
PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] MS07-029:
Vulnerability in Windows DNS RPC Interface Could Allow Remote,Code
Execution
Oh true, I am not
completely on board with the necessity of secure updates. I hear a lot of
noise around it and how someone can own your forest with it but can't
visualize a realistic attack vector in that realm to gain access that likely
wouldn't be easier to manage in some other way. I'd like to think I am not a
complete retard in this but I just don't see it and I have yet to have found
anywhere anyone who could point to even an accidental attack which we used to
see on a regular basis with WINS and misconfigured SAMBA and I easily overcame
those SAMBA issues when encountered.
Certainly I don't
expect an open discussion about actual attack methodshere in this forum
because if there is something real out there that just hasn't made it onto the
RADAR of anyone who tends to write exploits against things such that they have
done anything around it. Other attacks on forests etc I have seen code
examples for and not just stuff I have written. And certainly I can't take my
lack of understanding of a possible hole there as it being safe, but I do look
at the global knowledge level here and how serious MSFT may or may not be
about secure updates (i..e only being offered with one config and it not being
the default OS config) andthen make some judgements on relative
likelihood of possible compromise and the numbers just don't come up as giving
me much fear in the realm of insecure updates.
In my experience, the
biggest threat to come through DNS other than the various and
numerousissues that have occurred through the years due toADI DNS
dork ups and bugs has been this recent DNS vuln which was far more dangerous
to environments running ADI DNS than any other environment. In fact if you ran
ADI DNS in an enterprise with distributed DNS Admin delegation, this issue was
a positively serious kick square in the balls for choosing that model.It
wasn't the idea that you get control of the DNS Service and then start pumping
in bad DNS entries, you had localsystem on the DC and just did whatever the
heck you felt like doing. Why take a nice scenic hack route past old windmill
road when the door to the gold is sitting wide open?
joe
P.S. And sorry for
this... Rocky, tried to respond to your email, but it bounced with a 550
access denied from netherworld.jws.com
--
O'Reilly Active
Directory Third Edition - http://www.joeware.net/win/ad3e.htm
size=2
width="100%" align=center>
From: ActiveDir-owner@mail.activedir.org [
mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Eric FleischmanSent: Wednesday, May 09, 2007 6:49
PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] MS07-029:
Vulnerability in Windows DNS RPC Interface Could Allow Remote,Code
Execution
Totally agree.
If you are comparing AD integrated DNS with some other solution that also does
secure dynamic updates, that's a great convo I'd love to be part of. But I
want to make sure…do we agree that secure dynamic updates (or no dynamic
updates, ie you manage it yourself) are a min bar requirement? I have not
gotten the sense that you really buy in to this argument yet.
From: ActiveDir-owner@mail.activedir.org [
mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of joeSent: Wednesday, May 09, 2007 2:05
PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] MS07-029:
Vulnerability in Windows DNS RPC Interface Could Allow Remote,Code
Execution
I don't cut bait, I
just don't agree that MSFT is the only company that knows how to do some form
of secure DDNS updates.
--
O'Reilly Active
Directory Third Edition - http://www.joeware.net/win/ad3e.htm
size=2
width="100%" align=center>
From: ActiveDir-owner@mail.activedir.org [
mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Eric FleischmanSent: Wednesday, May 09, 2007 3:37
PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] MS07-029:
Vulnerability in Windows DNS RPC Interface Could Allow Remote,Code
Execution
The argument for
AD integrated DNS, as I understand it, is around dynamic update. Replication
is all well and good (maybe it is better than xfer, maybe not, I really don't
know), but the secure dynamic update part is the goodness side of it.
So, how do you
achieve this? I know joe cuts bait on dynamic updates….I'm of the opinion
(based on masses of PSS data over the last 7 years) that most customers cannot
do this. So how do you achieve it? Or do you just accept the lack of security
on this front?
After we tease
apart that one, I'd like to discuss your circular replication argument
further.
From: ActiveDir-owner@mail.activedir.org [
mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Ziots, EdwardSent: Wednesday, May 09, 2007 9:44
AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] MS07-029:
Vulnerability in Windows DNS RPC Interface Could Allow Remote,Code
Execution
Eric,
Better DNS servers?
DNS is DNS, whether AD integrated or Primary, Secondary, its basically the
same. I am saying that for troubleshooting its just easier to have
primary/secondary and place your DNS where you need them, instead of having it
tied to a DC, and thus add another infrastructure role to the domain
controllers, when its not always needed.
I know M$ wants you
to do AD integrated DNS, since they think its the best thing since sliced
bread, but down in the trenches where the work gets done and the problems get
solved, its not always the best choice. I personally don't see why you need to
have your DNS and AD on the same replication scheme, if something breaks in
replication is it AD or is it DNS, you have no physical seperation of the two,
so you start going in loops.
And given the flaws
we keep getting each and every month, from Microsoft land on this, that and
the other service, or offering, the less you can have on your DC' and
Infrastructure systems and the better you hardnen them from the start the
better off you will be. This DNS RPC interface issue was just an example, and
I am sure the security researchers out there are going to find more, and again
makes admin lives harder, but our systems more secure in the long run.
Also it takes
Microsoft how long to create a patch to fix this, but the exploit code has
been out for quite a while, and I am sure some hacker has coded a working
exploit by now, its probably in metasploit, ENCASE and other Pentest products,
so point and click and fire away at the DC's with DNS, if you haven't
protected yourself.
Just my take on the
situation, not saying that AD Integrated DNS isnt a viable option, but think
of this you wonder why Internet DNS in on BIND, and its not AD integrated or
even M$and its spread throughout the world...
EZ
Edward E.
Ziots Network Engineer
Lifespan
Organization MCSE,MCSA,MCP+I, M.E,CCA,Network+,
Security + email:eziots@lifespan.org cell:401-639-3505
size=2
width="100%" align=center>
From: ActiveDir-owner@mail.activedir.org [
mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Eric FleischmanSent: Wednesday, May 09, 2007 12:26
PMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] MS07-029:
Vulnerability in Windows DNS RPC Interface Could Allow Remote,Code
Execution
I don't yet get
this logic, please explain it to me like I'm an idiot.
The
primary/secondary road ends up taking you to a place where you point DCs at
the subset of DNS servers you end up creating. How is this better than having
use AD integrated DNS, and pointing DCs to a subset of anointed "better" DNS
servers?
From: ActiveDir-owner@mail.activedir.org [
mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Ziots, EdwardSent: Wednesday, May 09, 2007 8:23
AMTo: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] MS07-029:
Vulnerability in Windows DNS RPC Interface Could Allow Remote,Code
Execution
AD and its
replication and functions are dependent on DNS being correctly configured. If
you follow the logic of not having all your eggs in one basket, then the
following will make sense.
Why would you want to
have both your DNS and AD together on the same box, and integrated into the AD
replication, if something is broken in AD replication scheme its going to
affect your DNS as well, which also affects alot more of your infrastructure.
Secondly, it makes
decommission of the DC's a little more of a task than it needs to be, not
impossible, and not a regular event in most environments, but still again,
infrastructure roles ( DHCP, WINS, DNS, DC) should be seperate and redundant
as per good network design ( PhysicalSite redundancy is what I am
driving at here)
These are just my
views, administrators will do what they feel comfortable with but I have been
running primary, secondary DNS tertiary DNS at a third site for years and not
had much problems with DNS replication, uptime and minimal troubleshooting,
plus I know if my primary site gets hit I got critical infrastructure
elsewhere that can continue to service the organization in case of issues.
I think in the age of
DR, this isn't a bad way to go, and I am sure most of the folks that still run
BIND for there DNS services would probably see the reasoning in it.
Z
Edward E.
Ziots Network Engineer
Lifespan
Organization MCSE,MCSA,MCP+I, M.E,CCA,Network+,
Security + email:eziots@lifespan.org cell:401-639-3505
size=2
width="100%" align=center>
From: ActiveDir-owner@mail.activedir.org [
mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of DannySent: Wednesday, May 09, 2007 10:50
AMTo: ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] MS07-029:
Vulnerability in Windows DNS RPC Interface Could Allow Remote,Code
Execution
Sorry to jump in here, but
I am understanding that you both are recommending to avoid AD-integrated DNS
where possible?
On 5/9/07, joe <
mailto:listmail@joeware.net> wrote:
I can find no fault in that paragraph.
:)--O'Reilly Active Directory Third Edition -http://www.joeware.net/win/ad3e.htm-----Original
Message-----From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Ziots,
EdwardSent: Wednesday, May 09, 2007 8:57 AM To: ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir]
MS07-029: Vulnerability in Windows DNS RPC Interface Could Allow
Remote,Code ExecutionFunny part if you can call it a funny part is
that your DC's wouldn't have been vulnerable if you didn't have
AD-Integrated DNS. Which limitsthe attack surface quite a bit when you are
dealing with say 2-3 DNS servers instead of multiple DNS servers with DC
responsibilites to boot. This is whay I am never in the favor of putting
multiple infrastructureroles on any one system, especially a
DC.ZEdward E. Ziots Network EngineerLifespan
OrganizationMCSE,MCSA,MCP+I, M.E,CCA,Network+, Security +email:eziots@lifespan.org
cell:401-639-3505-----Original Message-----From: ActiveDir-owner@mail.activedir.org [mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Susan
Bradley,CPA aka Ebitz - SBS Rocks [MVP] Sent: Tuesday, May 08, 2007
11:21 PM To: ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir]
MS07-029: Vulnerability in Windows DNS RPC Interface Could Allow
Remote,Code ExecutionExchange one is the one I'm eyeing up this month.
IE7 has the printing fixes for IE7 included.Don't forget the
Word and Office patches for the workstations.... and WSUS 3.0 is out
...and....joe wrote:> Nice and handy that it just so happened
to be all wrapped up and done > for the May patch release so someone
didn't have to get a knock on the> head inside of MSFT for two out
of band patches in a month... >> Also nice to have DCs in a
state of having unmanageable services or > exposed to exploits in
enterprise environments I think.>> --> O'Reilly Active
Directory Third Edition - > http://www.joeware.net/win/ad3e.htm>>>
-----Original Message-----> From: ActiveDir-owner@mail.activedir.org> [mailto:
mailto:ActiveDir-owner@mail.activedir.org] On Behalf Of Susan>
Bradley, CPA aka Ebitz - SBS Rocks [MVP]> Sent: Tuesday, May 08, 2007
1:28 PM> To: mailto:ActiveDir@mail.activedir.org> Subject:
[ActiveDir] MS07-029: Vulnerability in Windows DNS RPC> Interface Could
Allow Remote,Code Execution>> MS07-029: Vulnerability in Windows
DNS RPC Interface Could Allow > Remote Code Execution (935966) >
http://www.microsoft.com/technet/security/Bulletin/MS07-029.mspx
> Max Severity: Critical>> List info : http://www.activedir.org/List.aspx> List
FAQ: http://www.activedir.org/ListFAQ.aspx> List archive:
http://www.activedir.org/ma/default.aspx>>
List info : http://www.activedir.org/List.aspx > List
FAQ: http://www.activedir.org/ListFAQ.aspx> List archive:
http://www.activedir.org/ma/default.aspx>>--If
you are a SBSer... you had better be reading http://blogs.technet.com/sbs - the SBS Blog...and my
blog is at http://www.sbsdiva.com/....List info :
http://www.activedir.org/List.aspxList
FAQ: http://www.activedir.org/ListFAQ.aspxList archive: http://www.activedir.org/ma/default.aspx List
info : http://www.activedir.org/List.aspxList
FAQ: http://www.activedir.org/ListFAQ.aspxList archive: http://www.activedir.org/ma/default.aspx List
info : http://www.activedir.org/List.aspxList
FAQ: http://www.activedir.org/ListFAQ.aspxList archive: http://www.activedir.org/ma/default.aspx
-- CPDE -
Certified Petroleum Distribution Engineer CCBC - Certified Canadian Beer
Consumer
--
If you are a SBSer... you had better be reading
http://blogs.technet.com/sbs - the SBS Blog.
..and my blog is at
http://www.sbsdiva.com/....
List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ma/default.aspx
List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ma/default.aspx
--
If you are a SBSer... you had better be reading
http://blogs.technet.com/sbs - the SBS Blog.
..and my blog is at
www.sbsdiva.com....
List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ma/default.aspx
This
e-mail and any attachments are confidential and intended solelyfor the
addressee and may also be privileged or exempt from disclosureunder
applicable law. If you are not the addressee, or have received this e-mail
in error, please notify the sender immediately, delete itfrom your system
and do not copy, disclose or otherwise act upon anypart of this e-mail or
its attachments Internet communications are not guaranteed to be
secure or virus-free The Barclays Group does not accept responsibility for
any loss arisingfrom unauthorised access to, or interference with, any
Internetcommunications by any third party, or from the transmission of
anyviruses. Replies to this e-mail may be monitored by the Barclays Group
for operational or business reasonsAny opinion or other
information in this e-mail or its attachments that does not relate to the
business of the Barclays Group is personalto the sender and is not given
or endorsed by the Barclays Group Barclays Bank PLC.Registered in England
and Wales (registered no. 1026167) Registered Office: 1 Churchill Place,
London E14 5HP, United KingdomBarclays Bank PLC is authorised and
regulated by the Financial Services Authority.
This e-mail and any attachments
are confidential and intended solelyfor the addressee and may also be
privileged or exempt from disclosureunder applicable law. If you are not
the addressee, or have received this e-mail in error, please notify the
sender immediately, delete itfrom your system and do not copy, disclose or
otherwise act upon anypart of this e-mail or its
attachmentsInternet communications are not guaranteed to be secure or
virus-free The Barclays Group does not accept responsibility for any loss
arisingfrom unauthorised access to, or interference with, any
Internetcommunications by any third party, or from the transmission of
anyviruses. Replies to this e-mail may be monitored by the Barclays Group
for operational or business reasonsAny opinion or other
information in this e-mail or its attachmentsthat does not relate to the
business of the Barclays Group is personalto the sender and is not given
or endorsed by the Barclays Group Barclays Bank PLC.Registered in England
and Wales (registered no. 1026167)Registered Office: 1 Churchill Place,
London E14 5HP, United KingdomBarclays Bank PLC is authorised and
regulated by the Financial Services Authority. | | | |
|
|