[ISN] IE Exploit; Firewall Tests
InfoSec News
isn at c4i.org
Thu Apr 6 04:27:56 EDT 2006
====================
This email newsletter comes to you free and is supported by the
following advertisers, which offer products and services in which
you might be interested. Please take a moment to visit these
advertisers' Web sites and show your support for Security UPDATE.
Thawte
http://list.windowsitpro.com/t?ctl=2605B:4FB69
8e6 Technologies
http://list.windowsitpro.com/t?ctl=26069:4FB69
====================
1. In Focus: IE Exploit; Firewall Tests
2. Security News and Features
- Recent Security Vulnerabilities
- CipherTrust Launches PhishRegistry.org
- Black-market Sale on Spyware
- Beef Up Security for Your Mobile-Device Fleet
3. Security Toolkit
- Security Matters Blog
- FAQ
- Share Your Security Tips
4. New and Improved
- Password-Protect Your Web Site Logon Information
====================
==== Sponsor: Thawte ====
Discover how to ensure efficient ongoing management of your digital
certificates, how your business will benefit by addressing unique
online security issues and more!
http://list.windowsitpro.com/t?ctl=2605B:4FB69
====================
==== 1. In Focus: IE Exploit; Firewall Tests ====
by Mark Joseph Edwards, News Editor, mark at ntsecurity / net
As you probably know, really dangerous JavaScript-based exploits of
Microsoft Internet Explorer (IE) are on the loose. The exploits take
advantage of problems in JavaScript processing that allow injection of
arbitrary code. Microsoft is working on a patch for the problems that's
currently scheduled for release April 11--the company's scheduled
monthly patch release date.
Several attacks that use the exploits are under way. For example, one
attack comes disguised as a BBC News story snippet. When a person
clicks the link to read the rest of the story, the exploit is
triggered. Ken Pfeil sent me a link to another site hosting an exploit.
The exploit includes some shell code, but I didn't completely reverse-
engineer the exploit, so I'm not entirely sure what all it does. If you
want to take a look, visit 207.5.68.153 on port 80 with a telnet client
and enter the command "GET /" to dump out the exploit code.
Ken also pointed out that some software, such as Microsoft SharePoint
Server, can be configured to load files based on content instead of
file extension. This means that an exploit can be packaged inside
something as seemingly harmless as a .txt file to get past your
defenses and will then be run by the software. This software capability
undoubtedly adds to the danger level of the new exploits and other
exploits.
While you're waiting for Microsoft's patch, you might consider using a
third-party patch from Determina or eEye Digital Security. I haven't
tested either of these patches so I can't vouch for them, but both
companies are reputable. Alternatively, you can disable Active
Scripting in IE to stop the execution of JavaScript.
I tested one of the JavaScript-based exploits with Mozilla Firefox and
found that it caused the system's disk subsystem to go into overdrive.
There was so much disk activity that it took me more than 5 minutes to
get Task Manager to open so that I could terminate the Firefox process,
which stabilized the system.
I recently came across an interesting set of desktop firewall test
results--at the Firewall Leak Tester Web site. The 2006 results show
which desktop firewalls perform best in terms of outbound application
filtering and the prevention of information leakage. Coming in dead
last out of 16 desktop firewalls is Windows Firewall, which ships as
part of Windows XP Service Pack 2 (SP2). This isn't too surprising
given that Windows Firewall doesn't do outbound blocking.
So which firewalls are the best? When it comes to outbound application
filtering, no other firewall beats Jetico Personal Firewall. Kaspersky
Lab's firewall is the strongest in terms of preventing information
leakage, with Jetico coming in a close second place. Overall, Jetico
appears to make the strongest desktop firewall available, beating out
other well-known firewalls such as those from Sunbelt Software (Kerio),
ZoneLabs (ZoneAlarm Pro and ZoneAlarm Free), and Symantec (Norton). As
a bonus, Jetico Personal Firewall is free.
Check out the results at the URL below.
http://list.windowsitpro.com/t?ctl=2606C:4FB69
Editor's note: Meet Your Favorite IT Experts at Connections Europe in
Nice, France, April 24-27
Did you know your favorite Connections conference is coming to
Europe in April? Learn from your favorite authors live and in person,
and hear directly from Microsoft experts about the next generation of
Microsoft technologies. This is an action-packed event with four
conferences located together for one rate: ASP.NET, Visual Studio, SQL
Server, and Exchange, plus bonus sessions on SharePoint and Windows!
I'm going to let you know about a special rate: When you buy your
first conference registration at 1,100 euros, you can get additional
passes at half off--so partner up with your friends and take advantage
of this great rate. The regular price is 1,450 euros, so this is a big
bargain, especially when you check out the line-up of speakers! To get
this special rate, go to http://list.windowsitpro.com/t?ctl=2606A:4FB69 to
register today and enter promocode: SECENL.
====================
==== Sponsor: 8e6 Technologies ====
Stop Spyware Now - Free White Paper!
Spyware remains a problem for most companies, disrupting
productivity, wasting time and money. Now 8e6 Technologies' free White
Paper proposes breakthrough solutions to counteract the Spyware
problem: recognize potential infections, stop unauthorized programs at
the source. Get the Free White Paper:
http://list.windowsitpro.com/t?ctl=26069:4FB69
====================
==== 2. Security News and Features ====
Recent Security Vulnerabilities
If you subscribe to this newsletter, you also receive Security
Alerts, which inform you about recently discovered security
vulnerabilities. You can also find information about these
discoveries at
http://list.windowsitpro.com/t?ctl=2605C:4FB69
CipherTrust Launches PhishRegistry.org
CipherTrust launched a new free service, PhishRegistry.org, that
aims to alert companies when their Web sites are mimicked for
fraudulent purposes.
http://list.windowsitpro.com/t?ctl=26064:4FB69
Black-market Sale on Spyware
You might think that buying exploit code to create spyware would be
expensive. But it's not. Security software maker Sophos reported that
it found a site selling a spyware kit, WebAttacker, for $15. Learn more
about it in this news article.
http://list.windowsitpro.com/t?ctl=26065:4FB69
Beef Up Security for Your Mobile-Device Fleet
When a mobile device falls into the wrong hands, so can a lot of
corporate information--even the device owner's domain credentials,
since most users choose to have the Microsoft ActiveSync client
remember their username and password. But help is available in the form
of Exchange Server 2003 Service Pack 2 (SP2) and the Messaging and
Security Feature Pack (MSFP) for Windows Mobile 5.0. An article by
Randy Franklin Smith shows you how to configure this protection.
http://list.windowsitpro.com/t?ctl=26062:4FB69
====================
==== Resources and Events ====
Learn to secure your IM traffic--don't let your critical business
information be intercepted!
http://list.windowsitpro.com/t?ctl=2605A:4FB69
Special Offer Ends Soon!
Register now for DevConnections Europe, 24-27 April in Nice, France,
and get a second registration for half price.
http://list.windowsitpro.com/t?ctl=26061:4FB69
Learn the best ways to manage your email security (and fight spam)
using a variety of solutions and tips.
http://list.windowsitpro.com/t?ctl=26056:4FB69
Expert Ben Smith describes the benefits of using server virtualization
to make computers more efficient.
http://list.windowsitpro.com/t?ctl=26058:4FB69
Learn the advantages of each alternative to traditional file servers
and tape storage solutions, and make the best choice for your
enterprise needs. Live event: Thursday, April 13
http://list.windowsitpro.com/t?ctl=26055:4FB69
====================
==== Featured White Paper ====
Protect mission-critical business information stored on your high-
availability Exchange systems when you implement backup and restore
strategies. You'll also learn about key configuration and deployment
considerations.
http://list.windowsitpro.com/t?ctl=26059:4FB69
====================
==== Hot Spot ====
Learn to identify the top 5 IM security risks, and protect your
networks and users.
http://list.windowsitpro.com/t?ctl=26057:4FB69
====================
==== 3. Security Toolkit ====
Security Matters Blog: Microsoft Takes a Page from Open Source
Playbooks
by Mark Joseph Edwards, http://list.windowsitpro.com/t?ctl=26068:4FB69
Bugzilla is a great resource for both developers and users of Mozilla
products. It lets people submit and track bug reports. Microsoft just
launched something similar for Internet Explorer (IE) 7.0. Learn about
it in this blog article.
http://list.windowsitpro.com/t?ctl=26063:4FB69
FAQ
by John Savill, http://list.windowsitpro.com/t?ctl=26067:4FB69
Q: What is the User Profile Hive Cleanup (UPH Clean) service?
Find the answer at http://list.windowsitpro.com/t?ctl=26066:4FB69
Share Your Security Tips and Get $100
Share your security-related tips, comments, or problems and
solutions in the Windows IT Security print newsletter's
Reader to Reader column. Email your contributions to
r2rwinitsec at windowsitpro.com. If we print your submission, you'll
get $100. We edit submissions for style, grammar, and length.
====================
==== Announcements ====
(from Windows IT Pro and its partners)
Exclusive Spring Savings
Subscribe to Windows IT Pro and SAVE 58% off! Along with your 12
issues, you'll get FREE access to the entire Windows IT Pro online
article archive, which houses more than 9,000 helpful articles. This is
a limited-time offer, so order now:
http://list.windowsitpro.com/t?ctl=2605F:4FB69
Save 44% off the Windows Scripting Solutions newsletter
For a limited time, order the Windows Scripting Solutions newsletter
and SAVE up to $80. You'll get 12 helpful issues loaded with expert-
reviewed downloadable code and scripting techniques, as well as
hundreds of tips on automating repetitive tasks. You'll also get FREE,
unlimited access to the full online scripting article library (more
than 500 articles). Subscribe now:
http://list.windowsitpro.com/t?ctl=2605E:4FB69
====================
==== 4. New and Improved ====
by Renee Munshi, products at windowsitpro.com
Password-Protect Your Web Site Logon Information
Siber Systems announced the release of RoboForm 6.6, which
automatically fills out online forms for users. New in RoboForm 6.6 is
the ability to isolate and protect personal IDs and passwords currently
left exposed in Microsoft Internet Explorer's (IE's) AutoComplete
directory. Users can convert logon information stored in AutoComplete
to RoboForm Passcards that are encrypted with a Master Password.
RoboForm 6.6's other new features include support for several new
encryption algorithms (AES, Blowfish, and RC6) and the ability to be
loaded onto USB drives (from SanDisk, Kingston Technologies, and
others) so that users can carry their RoboForm-stored information with
them. RoboForm 6.6 is now available for a 30-day trial; personal users
with 10 or fewer logons can use RoboForm for free even after the trial.
Volume discounts are available. For more information, go to
http://list.windowsitpro.com/t?ctl=2606D:4FB69
Tell Us About a Hot Product and Get a T-Shirt!
Have you used a product that changed your IT experience by saving
you time or easing your daily burden? Tell us about the product, and
we'll send you a T-shirt if we write about the product in a future
Windows IT Pro What's Hot column. Send your product suggestions with
information about how the product has helped you to
whatshot at windowsitpro.com.
====================
==== Contact Us ====
About the newsletter -- letters at windowsitpro.com
About technical questions -- http://list.windowsitpro.com/t?ctl=2606B:4FB69
About product news -- products at windowsitpro.com
About your subscription -- windowsitproupdate at windowsitpro.com
About sponsoring Security UPDATE -- salesopps at windowsitpro.com
====================
This email newsletter is brought to you by Windows IT Security,
the leading publication for IT professionals securing the Windows
enterprise from external intruders and controlling access for
internal users. Subscribe today.
http://list.windowsitpro.com/t?ctl=26060:4FB69
View the Windows IT Pro privacy policy at
http://www.windowsitpro.com/AboutUs/Index.cfm?action=privacy
Windows IT Pro, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department
Copyright 2006, Penton Media, Inc. All rights reserved.
More information about the ISN
mailing list