[ISN] IE Exploit; Firewall Tests

InfoSec News isn at c4i.org
Thu Apr 6 04:27:56 EDT 2006


====================

This email newsletter comes to you free and is supported by the 
following advertisers, which offer products and services in which 
you might be interested. Please take a moment to visit these 
advertisers' Web sites and show your support for Security UPDATE. 

Thawte
   http://list.windowsitpro.com/t?ctl=2605B:4FB69

8e6 Technologies
   http://list.windowsitpro.com/t?ctl=26069:4FB69

====================

1. In Focus: IE Exploit; Firewall Tests 

2. Security News and Features
   - Recent Security Vulnerabilities
   - CipherTrust Launches PhishRegistry.org
   - Black-market Sale on Spyware
   - Beef Up Security for Your Mobile-Device Fleet

3. Security Toolkit
   - Security Matters Blog
   - FAQ
   - Share Your Security Tips

4. New and Improved
   - Password-Protect Your Web Site Logon Information

====================

==== Sponsor: Thawte ====

Discover how to ensure efficient ongoing management of your digital 
certificates, how your business will benefit by addressing unique 
online security issues and more!
   http://list.windowsitpro.com/t?ctl=2605B:4FB69

====================

==== 1. In Focus: IE Exploit; Firewall Tests ====
   by Mark Joseph Edwards, News Editor, mark at ntsecurity / net

As you probably know, really dangerous JavaScript-based exploits of 
Microsoft Internet Explorer (IE) are on the loose. The exploits take 
advantage of problems in JavaScript processing that allow injection of 
arbitrary code. Microsoft is working on a patch for the problems that's 
currently scheduled for release April 11--the company's scheduled 
monthly patch release date. 

Several attacks that use the exploits are under way. For example, one 
attack comes disguised as a BBC News story snippet. When a person 
clicks the link to read the rest of the story, the exploit is 
triggered. Ken Pfeil sent me a link to another site hosting an exploit. 
The exploit includes some shell code, but I didn't completely reverse-
engineer the exploit, so I'm not entirely sure what all it does. If you 
want to take a look, visit 207.5.68.153 on port 80 with a telnet client 
and enter the command "GET /" to dump out the exploit code.

Ken also pointed out that some software, such as Microsoft SharePoint 
Server, can be configured to load files based on content instead of 
file extension. This means that an exploit can be packaged inside 
something as seemingly harmless as a .txt file to get past your 
defenses and will then be run by the software. This software capability 
undoubtedly adds to the danger level of the new exploits and other 
exploits. 

While you're waiting for Microsoft's patch, you might consider using a 
third-party patch from Determina or eEye Digital Security. I haven't 
tested either of these patches so I can't vouch for them, but both 
companies are reputable. Alternatively, you can disable Active 
Scripting in IE to stop the execution of JavaScript.

I tested one of the JavaScript-based exploits with Mozilla Firefox and 
found that it caused the system's disk subsystem to go into overdrive. 
There was so much disk activity that it took me more than 5 minutes to 
get Task Manager to open so that I could terminate the Firefox process, 
which stabilized the system.

I recently came across an interesting set of desktop firewall test 
results--at the Firewall Leak Tester Web site. The 2006 results show 
which desktop firewalls perform best in terms of outbound application 
filtering and the prevention of information leakage. Coming in dead 
last out of 16 desktop firewalls is Windows Firewall, which ships as 
part of Windows XP Service Pack 2 (SP2). This isn't too surprising 
given that Windows Firewall doesn't do outbound blocking.

So which firewalls are the best? When it comes to outbound application 
filtering, no other firewall beats Jetico Personal Firewall. Kaspersky 
Lab's firewall is the strongest in terms of preventing information 
leakage, with Jetico coming in a close second place. Overall, Jetico 
appears to make the strongest desktop firewall available, beating out 
other well-known firewalls such as those from Sunbelt Software (Kerio), 
ZoneLabs (ZoneAlarm Pro and ZoneAlarm Free), and Symantec (Norton). As 
a bonus, Jetico Personal Firewall is free. 

Check out the results at the URL below. 
   http://list.windowsitpro.com/t?ctl=2606C:4FB69

Editor's note: Meet Your Favorite IT Experts at Connections Europe in 
Nice, France, April 24-27  
   Did you know your favorite Connections conference is coming to 
Europe in April? Learn from your favorite authors live and in person, 
and hear directly from Microsoft experts about the next generation of 
Microsoft technologies. This is an action-packed event with four 
conferences located together for one rate: ASP.NET, Visual Studio, SQL 
Server, and Exchange, plus bonus sessions on SharePoint and Windows!
   I'm going to let you know about a special rate: When you buy your 
first conference registration at 1,100 euros, you can get additional 
passes at half off--so partner up with your friends and take advantage 
of this great rate. The regular price is 1,450 euros, so this is a big 
bargain, especially when you check out the line-up of speakers! To get 
this special rate, go to http://list.windowsitpro.com/t?ctl=2606A:4FB69 to 
register today and enter promocode: SECENL. 

====================

==== Sponsor: 8e6 Technologies ====

Stop Spyware Now - Free White Paper!
   Spyware remains a problem for most companies, disrupting 
productivity, wasting time and money. Now 8e6 Technologies' free White 
Paper proposes breakthrough solutions to counteract the Spyware 
problem: recognize potential infections, stop unauthorized programs at 
the source. Get the Free White Paper:
   http://list.windowsitpro.com/t?ctl=26069:4FB69

====================

==== 2. Security News and Features ====

Recent Security Vulnerabilities
   If you subscribe to this newsletter, you also receive Security 
Alerts, which inform you about recently discovered security 
vulnerabilities. You can also find information about these 
discoveries at
   http://list.windowsitpro.com/t?ctl=2605C:4FB69

CipherTrust Launches PhishRegistry.org
   CipherTrust launched a new free service, PhishRegistry.org, that 
aims to alert companies when their Web sites are mimicked for 
fraudulent purposes.
   http://list.windowsitpro.com/t?ctl=26064:4FB69

Black-market Sale on Spyware
   You might think that buying exploit code to create spyware would be 
expensive. But it's not. Security software maker Sophos reported that 
it found a site selling a spyware kit, WebAttacker, for $15. Learn more 
about it in this news article. 
   http://list.windowsitpro.com/t?ctl=26065:4FB69

Beef Up Security for Your Mobile-Device Fleet
   When a mobile device falls into the wrong hands, so can a lot of 
corporate information--even the device owner's domain credentials, 
since most users choose to have the Microsoft ActiveSync client 
remember their username and password. But help is available in the form 
of Exchange Server 2003 Service Pack 2 (SP2) and the Messaging and 
Security Feature Pack (MSFP) for Windows Mobile 5.0. An article by 
Randy Franklin Smith shows you how to configure this protection.
   http://list.windowsitpro.com/t?ctl=26062:4FB69

====================

==== Resources and Events ====

Learn to secure your IM traffic--don't let your critical business 
information be intercepted!
   http://list.windowsitpro.com/t?ctl=2605A:4FB69

Special Offer Ends Soon!
   Register now for DevConnections Europe, 24-27 April in Nice, France, 
and get a second registration for half price.
   http://list.windowsitpro.com/t?ctl=26061:4FB69

Learn the best ways to manage your email security (and fight spam) 
using a variety of solutions and tips.
   http://list.windowsitpro.com/t?ctl=26056:4FB69

Expert Ben Smith describes the benefits of using server virtualization 
to make computers more efficient.
   http://list.windowsitpro.com/t?ctl=26058:4FB69

Learn the advantages of each alternative to traditional file servers 
and tape storage solutions, and make the best choice for your 
enterprise needs. Live event: Thursday, April 13
   http://list.windowsitpro.com/t?ctl=26055:4FB69

====================

==== Featured White Paper ====

Protect mission-critical business information stored on your high-
availability Exchange systems when you implement backup and restore 
strategies. You'll also learn about key configuration and deployment 
considerations.
   http://list.windowsitpro.com/t?ctl=26059:4FB69

====================

==== Hot Spot ====

Learn to identify the top 5 IM security risks, and protect your 
networks and users.
   http://list.windowsitpro.com/t?ctl=26057:4FB69

====================

==== 3. Security Toolkit ==== 

Security Matters Blog: Microsoft Takes a Page from Open Source 
Playbooks
   by Mark Joseph Edwards, http://list.windowsitpro.com/t?ctl=26068:4FB69

Bugzilla is a great resource for both developers and users of Mozilla 
products. It lets people submit and track bug reports. Microsoft just 
launched something similar for Internet Explorer (IE) 7.0. Learn about 
it in this blog article.
   http://list.windowsitpro.com/t?ctl=26063:4FB69

FAQ
   by John Savill, http://list.windowsitpro.com/t?ctl=26067:4FB69 

Q: What is the User Profile Hive Cleanup (UPH Clean) service?

Find the answer at http://list.windowsitpro.com/t?ctl=26066:4FB69

Share Your Security Tips and Get $100
   Share your security-related tips, comments, or problems and 
solutions in the Windows IT Security print newsletter's 
Reader to Reader column. Email your contributions to 
r2rwinitsec at windowsitpro.com. If we print your submission, you'll 
get $100. We edit submissions for style, grammar, and length.

====================

==== Announcements ====
   (from Windows IT Pro and its partners)

Exclusive Spring Savings
   Subscribe to Windows IT Pro and SAVE 58% off! Along with your 12 
issues, you'll get FREE access to the entire Windows IT Pro online 
article archive, which houses more than 9,000 helpful articles. This is 
a limited-time offer, so order now:
   http://list.windowsitpro.com/t?ctl=2605F:4FB69

Save 44% off the Windows Scripting Solutions newsletter
   For a limited time, order the Windows Scripting Solutions newsletter 
and SAVE up to $80. You'll get 12 helpful issues loaded with expert-
reviewed downloadable code and scripting techniques, as well as 
hundreds of tips on automating repetitive tasks. You'll also get FREE, 
unlimited access to the full online scripting article library (more 
than 500 articles). Subscribe now:
   http://list.windowsitpro.com/t?ctl=2605E:4FB69

====================

==== 4. New and Improved ====
   by Renee Munshi, products at windowsitpro.com

Password-Protect Your Web Site Logon Information
   Siber Systems announced the release of RoboForm 6.6, which 
automatically fills out online forms for users. New in RoboForm 6.6 is 
the ability to isolate and protect personal IDs and passwords currently 
left exposed in Microsoft Internet Explorer's (IE's) AutoComplete 
directory. Users can convert logon information stored in AutoComplete 
to RoboForm Passcards that are encrypted with a Master Password. 
RoboForm 6.6's other new features include support for several new 
encryption algorithms (AES, Blowfish, and RC6) and the ability to be 
loaded onto USB drives (from SanDisk, Kingston Technologies, and 
others) so that users can carry their RoboForm-stored information with 
them. RoboForm 6.6 is now available for a 30-day trial; personal users 
with 10 or fewer logons can use RoboForm for free even after the trial. 
Volume discounts are available. For more information, go to
   http://list.windowsitpro.com/t?ctl=2606D:4FB69

Tell Us About a Hot Product and Get a T-Shirt!
   Have you used a product that changed your IT experience by saving 
you time or easing your daily burden? Tell us about the product, and 
we'll send you a T-shirt if we write about the product in a future 
Windows IT Pro What's Hot column. Send your product suggestions with 
information about how the product has helped you to 
   whatshot at windowsitpro.com.

====================

==== Contact Us ==== 

About the newsletter -- letters at windowsitpro.com
About technical questions -- http://list.windowsitpro.com/t?ctl=2606B:4FB69
About product news -- products at windowsitpro.com
About your subscription -- windowsitproupdate at windowsitpro.com
About sponsoring Security UPDATE -- salesopps at windowsitpro.com

====================

This email newsletter is brought to you by Windows IT Security, 
the leading publication for IT professionals securing the Windows 
enterprise from external intruders and controlling access for 
internal users. Subscribe today.
   http://list.windowsitpro.com/t?ctl=26060:4FB69

View the Windows IT Pro privacy policy at
   http://www.windowsitpro.com/AboutUs/Index.cfm?action=privacy

Windows IT Pro, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department

Copyright 2006, Penton Media, Inc. All rights reserved.





More information about the ISN mailing list