[ISN]
Security UPDATE -- Browser History: What Happened? -- April 27, 2005
InfoSec News
isn at c4i.org
Fri Apr 29 05:27:11 EDT 2005
====================
This email newsletter comes to you free and is supported by the
following advertisers, which offer products and services in which
you might be interested. Please take a moment to visit these
advertisers' Web sites and show your support for Security UPDATE.
Simplify Software, Desktop and Server Management
http://list.windowsitpro.com/t?ctl=87E6:4FB69
Phishing, viruses, bot-nets and more: How to prevent the "Perfect
Storm" from devastating your email system
http://list.windowsitpro.com/t?ctl=87CD:4FB69
====================
1. In Focus - Browser History: What Happened?
2. Security News and Features
- Recent Security Vulnerabilities
- Firefox 1.0.3--Nine Security Fixes
- Credit Card Companies to Enforce Payment Card Industry Standard
- Putting OpenVPN to Work
3. Security Toolkit
- Security Matters Blog
- FAQ
- Security Forum Featured Thread
4. New and Improved
- Fast Security
====================
==== Sponsor: KACE ====
Simplify Software, Desktop and Server Management
KBOX by KACE is a simple, affordable solution that delivers complete
inventory, software deployment, patch management, software update,
reporting and more. Finally there's a complete solution that lets you
act on your information. It's all in the (K)BOX. This self-contained
appliance is a snap to implement and use and costs less than you'd
expect. Find out why leading companies are choosing KBOX by KACE every
day and learn how you can take advantage of our 45-day return policy
that guarantees your satisfaction.
http://list.windowsitpro.com/t?ctl=87E6:4FB69
====================
==== 1. In Focus - Browser History: What Happened? ====
by Mark Joseph Edwards, News Editor, mark at ntsecurity / net
Occasionally, you might need to trace a user's Web-browsing path.
Manual forensic analysis, which involves digging through cookie files,
the browser's cache, and browser history data, isn't easy.
For a good rundown on forensic analysis of browser activity, you should
consider reading "Web Browser Forensics, Part 1," by Keith J. Jones and
Rohyt Belani of Red Cliff Consulting. The article, published on the
SecurityFocus Web site, offers a brief usage overview of some very
useful tools: in particular, Pasco, Internet Explorer History Viewer,
Web Historian, and Forensic Toolkit.
http://list.windowsitpro.com/t?ctl=87E4:4FB69
Pasco is an open-source tool that can be used to reconstruct browser
use from Microsoft Internet Explorer's (IE's) index.dat files. The
files contain data such as which URLs were visited and when. Pasco is a
command-line tool that creates a text-based output file.
http://list.windowsitpro.com/t?ctl=87E7:4FB69
Internet Explorer History Viewer, available from Phillips Ponder, has
been around for a while. It too can reconstruct IE usage and has the
added benefits of being able to read Netscape history data and find
fragments of deleted files in the Windows Recycle Bin. IE History costs
$50.
http://list.windowsitpro.com/t?ctl=87E2:4FB69
The free Web Historian, provided by Red Cliff Consulting, is more
powerful than the previous two tools. It can help you analyze the
historic usage of Internet Explorer, Mozilla, Firefox, Netscape, Opera,
and Apple Computer's Safari.
http://list.windowsitpro.com/t?ctl=87D7:4FB69
Forensic Toolkit (FTK), from AccessData, is the most powerful of the
bunch, and at $995, it better be. It too can reconstruct browser use
history, but it's also billed as a tool that can perform "complete and
thorough forensics examinations." Among other tasks, Forensic Toolkit
can index entire drives, allows quick text searches, and supports more
than 270 file types.
http://list.windowsitpro.com/t?ctl=87DE:4FB69
Now let's suppose for a minute that you don't want anybody to be able
to perform such analysis on your systems. For example, if your laptop
is stolen or lost, do you want whoever ends up with it to be able to
find out detailed information about you by analyzing your surfing
habits? To prevent someone else from accessing your data, you could
implement disk encryption.
You can also manually delete browser details (IE History and Cache)
fairly easily, but you have to remember to do that, and you also need
to erase the disk sectors to ensure that the data can't be recovered. I
know that many standalone tools can do both these tasks quickly and
effortlessly. Privacy Eraser is one example (which I haven't yet
tried).
http://list.windowsitpro.com/t?ctl=87E5:4FB69
Are any such tools that include centralized management available for an
enterprise? If you know of any, please send me an email with the
details or a URL.
====
Don't miss a Web chat with Randy Franklin Smith on the topic "The
Security Event Log: The Unofficial Guide." It will take place May 4,
12:00 P.M. Eastern (9:00 A.M. Pacific). For more information, go to
http://list.windowsitpro.com/t?ctl=87D3:4FB69
And, finally, you have less than one week left to vote for your
favorite products in Windows IT Pro's annual Readers' Choice Awards.
Voting ends May 2, so vote now at
http://list.windowsitpro.com/t?ctl=87E8:4FB69
====================
==== Sponsor: Postini ====
Phishing, viruses, bot-nets and more: How to prevent the "Perfect
Storm" from devastating your email system
Unfortunately, fragmented appliance-based and software-based anti-
spam solutions operating inside the email gateway can't prevent a
potentially devastating impact on your email system and users. In this
free white paper learn how you can protect your email boundary and stop
attacks with a multi-layered approach that effectively prevents the
perfect storm from ever reaching your email gateway. Download your copy
now!
http://list.windowsitpro.com/t?ctl=87CD:4FB69
====================
==== 2. Security News and Features ====
Recent Security Vulnerabilities
If you subscribe to this newsletter, you also receive Security
Alerts, which inform you about recently discovered security
vulnerabilities. You can also find information about these
discoveries at
http://list.windowsitpro.com/t?ctl=87D4:4FB69
Firefox 1.0.3--Nine Security Fixes
Mozilla Organization released Firefox 1.0.3 to correct nine security
vulnerabilities. Interestingly enough, all the problems corrected in
the new release relate to vulnerabilities that could be exploited via
JavaScript.
http://list.windowsitpro.com/t?ctl=87DD:4FB69
Credit Card Companies to Enforce Payment Card Industry Standard
Most major credit card companies have adopted the Payment Card
Industry (PCI) Data Security Standard, which was jointly developed by
VISA and MasterCard. Adopters of the standard include American Express,
Diners Club, Discover, and JCB International.
http://list.windowsitpro.com/t?ctl=87DB:4FB69
Putting OpenVPN to Work
You're probably familiar with Microsoft's RRAS VPN solutions, as
well as commercial VPNs from vendors such as Cisco Systems and Nortel
Networks, but you might not be aware of an open-source program called
OpenVPN. Jeff Fellinge explains how to implement OpenVPN in this
article on our Web site.
http://list.windowsitpro.com/t?ctl=87DA:4FB69
====================
==== Resources and Events ====
Protect the Rest of Your Exchange Infrastructure
There is more to data protection for Exchange than protecting mail
and mail servers. In this free Web seminar, you'll learn some methods
for anticipating, avoiding, and overcoming technical problems that can
affect your Exchange environment, including corruption or errors in
Active Directory, DNS problems, configuration errors, service pack
installation, and more. Register now!
http://list.windowsitpro.com/t?ctl=87CA:4FB69
Get Ready for SQL Server 2005 Roadshow in a City Near You
Get the facts about migrating to SQL Server 2005. SQL Server experts
will present real-world information about administration, development,
and business intelligence to help you implement a best-practices
migration to SQL Server 2005 and improve your database computing
environment. Attend and receive a 1-year membership to PASS and 1-year
subscription to SQL Server Magazine. Register now!
http://list.windowsitpro.com/t?ctl=87CE:4FB69
Ensure SQL Server High Availability
In this free Web seminar, discover how to maintain business
continuity of your IT systems during routine maintenance and unplanned
disasters. Learn critical factors for establishing a secure and highly
available environment for SQL Server including overcoming the
technology barriers that affect SQL Server high availability and
Microsoft's out-of-the-box high-availability technologies such as
clustering, log shipping, and replication. Register now!
http://list.windowsitpro.com/t?ctl=87CB:4FB69
Configuring Blade Servers for Your Application Needs
Blade servers pack a lot of function into a small space, conserve
power, and are flexible. In this free, on-demand Web seminar, industry
guru David Chernicoff details the best use of 1P, 2P, and 4P
configurations using single and multiple enclosures; integrating with
NAS and SAN; and managing the entire enterprise from a single console.
Register now and take advantage of blade servers' power and
flexibility.
http://list.windowsitpro.com/t?ctl=87CF:4FB69
Discover All You Need to Know About 64-bit Computing in the Enterprise
In this free, on-demand Web seminar, industry guru Michael Otey
explores the need for 64-bit computing and looks at the type of
applications that can make the best use of it. He'll explain why the
most important factor in the 64-bit platform is increased memory.
Discover the best platform for high performance and learn how you can
successfully differentiate, migrate, and manage between 32-bit and 64-
bit technology. Register now!
http://list.windowsitpro.com/t?ctl=87CC:4FB69
====================
==== Featured White Paper ====
Get Rapid and Reliable Data and System Recovery
Even under the best circumstances, performing a bare metal recovery
from tape is tedious and unreliable. In this free white paper, learn
how you can achieve unprecedented speed and reliability in recovering
systems and data.
http://list.windowsitpro.com/t?ctl=87C9:4FB69
====================
==== Hot Release ====
Security Event Management – It shouldn't cost a fortune to save a
fortune
Activeworx Security Center dramatically reduces the time, effort &
cost required to collect, analyze, report & escalate critical security
data. Activeworx consolidates multi-vendor security log data -
providing an affordable solution for detailed event correlation to
detect both known and unknown threats. Free Trial.
http://list.windowsitpro.com/t?ctl=87E1:4FB69
====================
==== 3. Security Toolkit ====
Security Matters Blog
by Mark Joseph Edwards, http://list.windowsitpro.com/t?ctl=87E3:4FB69
Perils of Wardriving
It's fairly common knowledge that some people set up Wi-Fi hotspots
using the Wi-Fi cards in their own computers in hopes that someone will
connect. Once a connection is made, an intrusion attempt begins against
the machine that connected. Obviously it's not very smart to use any
old Wi-Fi hotspot you come across just because it's there.
http://list.windowsitpro.com/t?ctl=87DC:4FB69
FAQ
by John Savill, http://list.windowsitpro.com/t?ctl=87DF:4FB69
Q: How can I configure the Windows Server 2003 Service Pack 1 (SP1)
Windows Firewall from a command line?
Find the answer at
http://list.windowsitpro.com/t?ctl=87D5:4FB69
Security Forum Featured Thread
A forum participant is looking for methods or products that can
block all access to X-rated Web sites on his company's laptop computers
and for security policy templates to use as a model for developing an
acceptable-use policy. Join the discussion at:
http://list.windowsitpro.com/t?ctl=87D0:4FB69
====================
==== Announcements ====
(from Windows IT Pro and its partners)
Check Out the New Windows IT Security Newsletter!
Security Administrator is now Windows IT Security. We've expanded
our content to include even more fundamentals on building and
maintaining a secure enterprise. Each issue also features product
coverage of the best security tools available and expert advice on the
best way to implement various security components. Plus, paid
subscribers get online access to our entire security article database!
Click here to try a sample issue today:
http://list.windowsitpro.com/t?ctl=87D9:4FB69
Windows IT Security Monthly Pass = Quick Answers!
Sign up today for your Windows IT Security Monthly Pass and get 24/7
online access to every article on the Windows IT Security Web site,
including exclusive subscriber-only content. That's a database of more
than 1900 security articles to help you get all the answers you need,
when you need them! Sign up now:
http://list.windowsitpro.com/t?ctl=87D1:4FB69
====================
==== 4. New and Improved ====
by Renee Munshi, products at windowsitpro.com
Fast Security
Metanetworks Technologies offers the MTP-1G Gigabit Ethernet and
MTP-10G 10 Gigabit Ethernet cards, specifically designed to support
existing open-source network security and monitoring applications, such
as Intrusion Detection Systems (IDSs). The MTP-1G passes Gigabit
Ethernet traffic and the MTP-10G passes 10 Gigabit Ethernet traffic
between the card's two ports with 400 ns latency while performing wire-
speed, stateful packet inspection. When determining whether to capture
or block packets, the cards can apply up to 1500 wire-speed stateful
policies per packet. When the cards capture packets, the cards present
the packets to the OS as standard NICs in promiscuous mode. For more
information, go to
http://list.windowsitpro.com/t?ctl=87EB:4FB69
Tell Us About a Hot Product and Get a T-Shirt!
Have you used a product that changed your IT experience by saving
you time or easing your daily burden? Tell us about the product, and
we'll send you a T-shirt if we write about the product in a future
Windows IT Pro What's Hot column. Send your product suggestions with
information about how the product has helped you to
whatshot at windowsitpro.com.
Editor's note: Share Your Security Discoveries and Get $100
Share your security-related discoveries, comments, or problems and
solutions in the Windows IT Security print newsletter's Reader to
Reader column. Email your contributions (500 words or less) to
r2rwinitsec at windowsitpro.com. If we print your submission, you'll
get $100. We edit submissions for style, grammar, and length.
====================
==== Sponsored Links ====
Quest Software
Heading to Exchange from Notes or GroupWise? Get Expert Help!
http://list.windowsitpro.com/t?ctl=87EC:4FB69
Best Practices for Establishing and Enforcing a Security Policy in Your
Business
Is your company prepared to fend off threats? Download this free
white paper!
http://list.windowsitpro.com/t?ctl=87ED:4FB69
====================
==== Contact Us ====
About the newsletter -- letters at windowsitpro.com
About technical questions -- http://list.windowsitpro.com/t?ctl=87E9:4FB69
About product news -- products at windowsitpro.com
About your subscription -- windowsitproupdate at windowsitpro.com
About sponsoring Security UPDATE -- emedia_opps at windowsitpro.com
====================
This email newsletter is brought to you by Windows IT Security,
the leading publication for IT professionals securing the Windows
enterprise from external intruders and controlling access for
internal users. Subscribe today.
http://list.windowsitpro.com/t?ctl=87D8:4FB69
View the Windows IT Pro privacy policy at
http://www.windowsitpro.com/AboutUs/Index.cfm?action=privacy
Windows IT Pro, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department
Copyright 2005, Penton Media, Inc. All rights reserved.
More information about the ISN
mailing list