[ISN] Security UPDATE -- Security Information on the Web -- August
10, 2005
InfoSec News
isn at c4i.org
Thu Aug 11 03:16:44 EDT 2005
====================
This email newsletter comes to you free and is supported by the
following advertisers, which offer products and services in which
you might be interested. Please take a moment to visit these
advertisers' Web sites and show your support for Security UPDATE.
Rapid and Reliable Recovery from Symantec
http://list.windowsitpro.com/t?ctl=107B0:4FB69
Using Security Compliance Software to Improve Business Efficiency and
Reduce Costs
http://list.windowsitpro.com/t?ctl=1079B:4FB69
====================
1. In Focus: Security Information on the Web
2. Security News and Features
- Recent Security Vulnerabilities
- F-Secure Reports First Viruses for Microsoft Command Shell
- Bluetooth Security Essentials
3. Security Toolkit
- Security Matters Blog
- FAQ
4. New and Improved
- Improved FTP Client
====================
==== Sponsor: Rapid and Reliable Recovery from Symantec ====
As a leader in Information Security, Symantec now delivers rapid and
reliable system and data recovery solutions, including Symantec
LiveState Recovery 3.0.
With Symantec LiveState Recovery, you can perform a full system
restoration, a complete bare metal recovery or restore individual files
and folders in minutes. When disaster strikes, quickly restore failed
systems to a specified point-in-time without manually rebuilding and
reinstalling from scratch.
Symantec LiveState Recovery is a disk-based backup solution designed
to capture a server's entire live state, including files,
configurations and settings, in one easy-to-manage file. Administrators
can capture full and incremental snapshots throughout the day without
interrupting user productivity or application usage. Save backups to
virtually any disk storage device including SAN, NAS, or RAID array.
See http://list.windowsitpro.com/t?ctl=107B0:4FB69 for more information.
====================
==== 1. In Focus: Security Information on the Web ====
by Mark Joseph Edwards, News Editor, mark at ntsecurity / net
Recently I did a little poking around the Internet for security
information sources that I don't already regularly read. Over the past
few days, I've discovered a few sites that you might find useful.
When I heard that Mozilla Foundation was starting Mozilla Corporation,
I went to read about that and subsequently came across a huge list of
Mozilla-related blogs. Many of them are written by developers and
contain some information related to security or are written by people
involved directly with Mozilla product security. So if you use Mozilla
software, take time to go through the extensive list at MozillaZine,
where you'll find dozens of useful blogs.
http://list.windowsitpro.com/t?ctl=107B4:4FB69
Another place you can find a huge list of blogs is at Microsoft's Web
site. The company hosts some blogs on the Microsoft Developer Network
(MSDN). I didn't count how many are listed there, but I can tell you
there are a lot! The first URL lists the most recent posts; the second
URL lists the blogs by blog name.
http://list.windowsitpro.com/t?ctl=107B1:4FB69
http://list.windowsitpro.com/t?ctl=107AE:4FB69
You can also visit the Microsoft Community Blog site, where you can find
even more blogs, all of which are written by Microsoft employees. If
you use the search facility at that site to search for "security,"
you'll find that 25 blogs contain that word in either their title or
description. I subscribe to the Really Simple Syndication (RSS) feeds
of many of them, and they usually contain interesting information,
although I will warn you that you might have to endure the occasional
post about somebody's weekend or vacation adventures.
http://list.windowsitpro.com/t?ctl=107A3:4FB69
Another blog you might be interested in is written by the Microsoft
Internet Explorer (IE) development team. Keep an eye on that one if
you're interested in the upcoming IE 7.0 (at the first URL below).
Likewise you can keep tabs on the development of Windows Vista and its
RSS features by reading the blog of the developers on Microsoft's RSS
team (at the second URL below).
http://list.windowsitpro.com/t?ctl=107B6:4FB69
http://list.windowsitpro.com/t?ctl=107B5:4FB69
You probably know who Mark Russinovich is, but did you know he has a
blog? I didn't realize that until last week. So now I subscribe to his
RSS feed. It's a very interesting blog, and as you probably suspect, it
does contain very technical discussion and information. Be sure to
check it out.
http://list.windowsitpro.com/t?ctl=107B3:4FB69
Another interesting site I recently found is Spamfo.co.uk, which offers
information pertaining to spam, including a lot of recent news items.
If spam is a real bother to you, you might want to check in on the site
once in a while.
http://list.windowsitpro.com/t?ctl=107B7:4FB69
Last, but certainly not least, is Risks Digest, which has information
about security problems and a wide variety of other risks. You might
already know about it because it's been around for 20 years. In
essence, Risks Digest is a moderated discussion forum on Usenet
(comp.risks) that's republished on various Web sites and can be
obtained via email as well as in a Resource Description Framework (RDF)
feed, which should work in most popular RSS feed reader applications.
You can preview recent digests at the Web site below.
http://list.windowsitpro.com/t?ctl=107B9:4FB69
When you take time to review these sites, you'll find that not only do
they contain useful information but that there are probably far more
interesting information sources than you can possibly read in a
reasonable period of time. Nevertheless, you could at least bookmark
the sites that interest you and refer to them when the need arises.
====================
==== Sponsor: BindView ====
Using Security Compliance Software to Improve Business Efficiency and
Reduce Costs
Learn To Sort Through Sarbanes-Oxley, HIPAA And More Legislation
Quicker And Easier! In this free white paper, get the tips you've been
looking for to save time and money in achieving IT security and
regulatory compliance. Find out how you can simplify these manually
intensive, compliance-related tasks that reduce IT efficiency. Turn
these mandates into automated and cost effective solutions. Download
your copy today!
http://list.windowsitpro.com/t?ctl=1079B:4FB69
====================
==== 2. Security News and Features ====
Recent Security Vulnerabilities
If you subscribe to this newsletter, you also receive Security
Alerts, which inform you about recently discovered security
vulnerabilities. You can also find information about these
discoveries at
http://list.windowsitpro.com/t?ctl=107A2:4FB69
Identity Theft Ring Discovered
Sunbelt Software uncovered an identity-theft ring. Sunbelt CEO Alex
Eckelberry said that the ring was discovered by Senior Spyware Research
Analyst Patrick Jordan, who joined the company a week ago.
http://list.windowsitpro.com/t?ctl=107A9:4FB69
F-Secure Reports First Viruses for Microsoft Command Shell
Microsoft released a beta of its new command-line shell MSH (code-
named Monad) in June, and already viruses have been developed that take
advantage of the new technology. According to security solutions
provider F-Secure, a virus writer published five sample viruses in a
Web-based "magazine" dedicated to writers of computer viruses.
http://list.windowsitpro.com/t?ctl=107A7:4FB69
Bluetooth Security Essentials
As with its better-known cousin Wi-Fi, security questions have
arisen about Bluetooth, and in recent months, terms such as Bluejacking
and Bluesnarfing have entered the security professional's lexicon. John
Howie takes a look at Bluetooth, including its security features and
potential risks, and walks through the process of securing a Bluetooth
implementation.
http://list.windowsitpro.com/t?ctl=107A6:4FB69
====================
==== Resources and Events ====
Sort Through Sarbanes-Oxley, HIPAA Legislation and More--Quicker And
Easier!
In this free Web seminar, get the tips you've been looking for to
save time and money in achieving IT security and regulatory compliance.
Find out how you can simplify these manually intensive, compliance-
related tasks that reduce IT efficiency. Plus--sign up today and you'll
receive a free white paper by Charles Kolodgy of IDC on using security
compliance software to improve business efficiency and reduce costs.
http://list.windowsitpro.com/t?ctl=1079E:4FB69
Integrate Fax Services with Business Applications for Big ROI
In this free eBook you'll discover all you need to know about fax
technology! You'll learn how to improve business processes by
minimizing manual faxing and integrating faxing into your business
workflow for improved ROI. The eBook will also look at the how-to of
the desktop fax client, fax automation, faxing hardware and software
technologies, and the future of faxing. Let this important guide help
you stay on top of fax server technology within your business
environment.
http://list.windowsitpro.com/t?ctl=107A1:4FB69
The 15-Minute Failover Solution for Exchange
Do you rest confidently knowing your Exchange and BlackBerry
backup/restore solution meets your high-availability requirements? If
not, you won't want to miss this free Web seminar. Join industry guru
Paul Robichaux and learn all about choosing the appropriate technology,
balancing the cost and the skill set, assessing the knowledge level
required, the complexity added to your existing environment, and how
much availability each technology gives you. Attend and you could win a
$50 gift certificate to Best Buy!
http://list.windowsitpro.com/t?ctl=1079C:4FB69
Reduce Downtime With Continuous Data Protection
Continuous or real-time backup systems help avoid the danger of
losing data if your system fails after the point of backup by providing
real-time protection. In this free Web seminar, learn how to integrate
them with your existing backup infrastructure, how to apply continuous
protection technologies to your Windows-based servers, and more. Sign
up today and learn how you can quickly roll back data not just to the
last snapshot or backup, but to any point in time!
http://list.windowsitpro.com/t?ctl=107A0:4FB69
Compliance vs. Recovery: Can You Have Your Cake and Eat It Too?
In this free Web seminar, discover the issues involved with
integrating your compliance system with backup and recovery, including
backup schedules, the pros and cons of outsourcing your backup media
storage and management, the DR implications of having to back up all
that compliance data, and the possibility of using alternative backup
methods to provide backup and compliance in a single system. You'll
learn what to watch out for when combining the two functions and how to
assess whether your backup/restore mechanisms are equal to the
challenge.
http://list.windowsitpro.com/t?ctl=1079F:4FB69
====================
==== Featured White Paper ====
Converting a Microsoft Access Application to Oracle HTML DB
Get the most efficient, scaleable and secure approach to managing
information using an Oracle Database with a Web application as the user
interface. In this free white paper, learn how you can use an Oracle
HTML Database to convert a Microsoft Access application into a Web
application that can be used by multiple users concurrently. You'll
learn how to improve the original application by adding hit
highlighting and an authorization scheme to provide access control to
different types of users.
http://list.windowsitpro.com/t?ctl=1079D:4FB69
====================
==== 3. Security Toolkit ====
Security Matters Blog: Shortsighted Bankers Add to the Fraud Problem
by Mark Joseph Edwards, http://list.windowsitpro.com/t?ctl=107AF:4FB69
A friend received a surprising email message that demonstrates just how
shortsighted bankers can be. Read this blog item to learn how much
information was revealed in the email message and why such messages are
a really bad idea.
http://list.windowsitpro.com/t?ctl=107A8:4FB69
FAQ
by John Savill, http://list.windowsitpro.com/t?ctl=107AC:4FB69
Q: What happened to the "No Override" option in Group Policy Management
Console (GPMC)?
Find the answer at
http://list.windowsitpro.com/t?ctl=107AA:4FB69
====================
==== Announcements ====
(from Windows IT Pro and its partners)
Try a Sample Issue of the Windows IT Security Newsletter!
Security Administrator is now Windows IT Security. We've expanded
our content to include even more fundamentals on building and
maintaining a secure enterprise. Each issue also features product
coverage of the best security tools available and expert advice on the
best way to implement various security components. Plus, paid
subscribers get online access to our entire online security article
database! Sign up to try a sample issue today:
http://list.windowsitpro.com/t?ctl=107A5:4FB69
Windows IT Pro Gives IT Professionals What They Need
The August issue is a must have! Subscribe now and find out the best
ways to plan for Longhorn, what you need to know about VBScripts, and
how to make sense of SQL Server. If you order today, you'll also gain
exclusive access to the entire Windows IT Pro online article database
(over 9000 articles) and save 44% off the cover price!
http://www.windowsitpro.com/rd.cfm?code=theu2058wu
====================
==== 4. New and Improved ====
by Renee Munshi, products at windowsitpro.com
Improved FTP Client
Ipswitch announced the worldwide availability of Ipswitch WS_FTP
Professional 2006, a new version of Ipswitch's FTP client for sending
data. Advanced Encryption Standard (AES) ciphers now use 256 bits in
concert with OpenPGP and Secure Sockets Layer (SSL) over FTP transfers.
HTTP and HTTP Secure (HTTPS) transfers allow users to connect more
easily to many external and remote data stores. Ipswitch WS_FTP
Professional 2006 in English, French, and German is available directly
from Ipswitch's Web site for $54.95 ($89.95 including a 1-year service
agreement).
http://www.ipswitch.com
Tell Us About a Hot Product and Get a T-Shirt!
Have you used a product that changed your IT experience by saving
you time or easing your daily burden? Tell us about the product, and
we'll send you a T-shirt if we write about the product in a future
Windows IT Pro What's Hot column. Send your product suggestions with
information about how the product has helped you to
whatshot at windowsitpro.com.
Editor's note: Share Your Security Discoveries and Get $100
Share your security-related discoveries, comments, or problems and
solutions in the Windows IT Security print newsletter's Reader to
Reader column. Email your contributions (500 words or less) to
r2rwinitsec at windowsitpro.com. If we print your submission, you'll
get $100. We edit submissions for style, grammar, and length.
====================
==== Sponsored Links ====
Professional and secure remote control from all major platforms
http://a.windowsitpro.com/RealMedia/ads/click_lx.ads/www.windowsitpro.com/1112745096/x14/Penton/WN_Danware_Aug05_NLsplink_118338/1x1.gif/1
Argent versus MOM 2005
Experts Pick the Best Windows Monitoring Solution
http://a.windowsitpro.com/RealMedia/ads/click_lx.ads/www.windowsitpro.com/TextLink/1112745096/x14/Penton/WN_Argent_Aug05_NLSplink116193/1x1.gif/1
====================
==== Contact Us ====
About the newsletter -- letters at windowsitpro.com
About technical questions -- http://www.windowsitpro.com/forums
About product news -- products at windowsitpro.com
About your subscription -- windowsitproupdate at windowsitpro.com
About sponsoring Security UPDATE -- emedia_opps at windowsitpro.com
====================
This email newsletter is brought to you by Windows IT Security,
the leading publication for IT professionals securing the Windows
enterprise from external intruders and controlling access for
internal users. Subscribe today.
http://www.secadministrator.com/rd.cfm?code=00ep254xeb
View the Windows IT Pro privacy policy at
http://www.windowsitpro.com/AboutUs/Index.cfm?action=privacy
Windows IT Pro, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department
Copyright 2005, Penton Media, Inc. All rights reserved.
More information about the ISN
mailing list