******************** Windows & .NET Magazine Security UPDATE--brought to you by Security Administrator, a print newsletter bringing you practical, how-to articles about securing your Windows Server 2003, Windows 2000, and Windows NT systems. http://www.secadministrator.com ******************** ~~~~ THIS ISSUE SPONSORED BY ~~~~ Experience How Real Time Monitoring Will Benefit YOU http://list.winnetmag.com/cgi-bin3/flo/y/ePZo0CJgSH0CBw07mN0Az Windows & .NET Magazine Network Web Seminars http://list.winnetmag.com/cgi-bin3/flo/y/ePZo0CJgSH0CBw02lB0Ah (below IN FOCUS) ~~~~~~~~~~~~~~~~~~~~ ~~~~ SPONSOR: EXPERIENCE HOW REAL TIME MONITORING WILL BENEFIT YOU ~~~~ A proactive Security Administrator installed TNT Software's ELM Enterprise Manager 3.0 on his critical servers to assess the benefits of real time monitoring. During the first week, EEM 3.0 paged him as a disgruntled employee attempted to access confidential files, alerted him when the QoS of his Exchange Server began to drop, and automatically restarted a failed anti-virus service. As a result, ELM Enterprise Manager was purchased and fully deployed during the second week. Download your FREE 30 day full feature evaluation copy today and experience how real time monitoring will benefit YOU. http://list.winnetmag.com/cgi-bin3/flo/y/ePZo0CJgSH0CBw07mN0Az ~~~~~~~~~~~~~~~~~~~~ February 12, 2003--In this issue: 1. IN FOCUS - Junk Mail and Spyware 2. SECURITY RISKS - Multiple Vulnerabilities in Microsoft IE - Unchecked Buffer in Windows XP Redirector 3. ANNOUNCEMENTS - Catch the Microsoft Mobility Tour--Time Is Running Out! - Black Hat Briefings & Training: Windows Security 4. SECURITY ROUNDUP - News: In-Stat/MDR Expects Broadband Security Market to Soar - News: IDC Says Security Market to Reach $45 Billion by 2006 5. SECURITY TOOLKIT - Virus Center - FAQ: How Can I Use Group Policy to Configure the Shutdown Event Tracker? 6. NEW AND IMPROVED - Ensure Logon Security Through Signature Authentication - Protect Lotus Notes/Domino Databases - Submit Top Product Ideas 7. HOT THREAD - Windows & .NET Magazine Online Forums - Featured Thread: Clear History When a User Exits Windows 8. CONTACT US See this section for a list of ways to contact us. ~~~~~~~~~~~~~~~~~~~~ 1. ==== IN FOCUS ==== (contributed by Mark Joseph Edwards, News Editor, markat_private) * JUNK MAIL AND SPYWARE Unsolicited (aka junk) email is a big problem. I've written about such email in a previous edition of Security UPDATE (see "Tired of Unwanted Email? Try This Simple Solution" at the URL below). Solicitors can find your email addresses many ways, some of which involve mining data from public news groups and Web-based message forums. http://www.secadministrator.com/articles/index.cfm?articleid=27495 Other methods of obtaining your email address involve intrusive software packages that include various types of data mining, such as copying your contact list or address book contents. Such software is typically referred to as "spyware." For one example of how others gather data about you and those you know, read the Security UPDATE commentary "Protect Your Contact List: Read the EULA!" at the URL below. http://www.secadministrator.com/articles/index.cfm?articleid=27122 To help protect yourselves from some kinds of spyware, you need to take several actions. First, don't let Java-based or ActiveX-based code run on your systems through your Web browser and email client software unless you're certain you can trust the content provider not to spy on your system. Second, you need to scan your systems from time to time to determine whether any known spyware might have slipped onto your system. One great tool to help scan your systems for spyware is Lavasoft's Ad-Aware. Lavasoft recently released Ad-Aware 6.0. Although other available tools perform similar tasks, the basic version of Ad-Aware 6.0 does a great job and is free. http://www.lavasoft.de/software/adaware/ Ad-Aware scans your system's registry and file systems looking for keys and files that match known spyware programs. When Ad-Aware finds such an item, you can have the software remove it from your system. One useful feature of Ad-Aware is its ability to check for new spyware signature update files. For example, as of February 10, Ad-Aware scans for 4375 known spyware programs. You must pay for the two more advanced versions of Ad-Aware: Ad-Aware Plus will scan for spyware in realtime and help prevent it from entering your system in the first place. Ad-Aware Professional can perform scans of remote systems and contains many additional features. For complete details about each version check the Web site at the URL below and click on the specific product. http://www.lavasoft.de Another useful tool for spyware identification is the SpyChecker.com Web site, located at the URL below. The site maintains a database and search engine in which you can enter a name to determine whether it's listed as a spyware program or vendor. http://www.spychecker.com Eliminating spyware from your systems won't eliminate junk email, but it will probably help you keep the amount of unwanted junk mail you receive to a minimum. It will also help keep marketing companies from snooping on your system to learn your Internet use habits without your knowledge and consent. ~~~~~~~~~~~~~~~~~~~~ ~~~~ SPONSOR: WINDOWS & .NET MAGAZINE NETWORK WEB SEMINARS ~~~~ DON'T MISS OUR WEB SEMINARS IN MARCH! Windows & .NET Magazine has 3 new Web seminars to help you address your security and storage concerns. There is no fee to attend "Selling the Importance of Security: 5 Ways to Get Your Manager's Attention," "Building an Ultra Secure Extranet on a Shoe String," or "An Introduction to Windows Powered NAS," but space is limited, so register for all 3 events today! http://list.winnetmag.com/cgi-bin3/flo/y/ePZo0CJgSH0CBw02lB0Ah ~~~~~~~~~~~~~~~~~~~~ 2. ==== SECURITY RISKS ==== (contributed by Ken Pfeil, kenat_private) * MULTIPLE VULNERABILITIES IN MICROSOFT IE Andreas Sandblad discovered two new vulnerabilities in Microsoft Internet Explorer (IE) that can result in information disclosure or the execution of arbitrary code on the vulnerable system. These vulnerabilities stem from a flaw in IE's showHelp function that results in incomplete security checking, which lets a Web site access information in another domain. An attacker can misuse certain dialog boxes to run malicious scripts and obtain that data. Microsoft has released Security Bulletin MS03-004 (Cumulative Patch for Internet Explorer) to address this vulnerability and recommends that affected users apply the appropriate patch mentioned in the bulletin. This patch addresses all previously discovered IE vulnerabilities. http://secadministrator.com/articles/index.cfm?articleid=37973 * UNCHECKED BUFFER IN WINDOWS XP REDIRECTOR A new vulnerability in the Microsoft Windows Redirector can result in the execution of arbitrary code on the vulnerable system. This vulnerability stems from an unchecked buffer that Windows XP uses to receive parameter information. By providing malformed data to the Windows Redirector, a potential attacker can cause the system to fail or run code of the attacker's choice. Microsoft has released Security Bulletin MS03-005 (Unchecked Buffer in Windows Redirector Could Allow Privilege Elevation) to address this vulnerability and recommends that affected users apply the appropriate patch mentioned in the bulletin. http://www.secadministrator.com/articles/index.cfm?articleid=37974 3. ==== ANNOUNCEMENTS ==== (brought to you by Windows & .NET Magazine and its partners) * CATCH THE MICROSOFT MOBILITY TOUR--TIME IS RUNNING OUT! This outstanding seven-city event will help you support your growing mobile workforce. Industry guru Paul Thurrott discusses the coolest mobility hardware solutions around, demonstrates how to increase the productivity of your "road warriors" with the unique features of Windows XP and Office XP, and much more. You could also win an HP iPAQ Pocket PC. There is no charge for these live events, but space is limited, so register today! Sponsored by Microsoft, HP, and Toshiba. http://list.winnetmag.com/cgi-bin3/flo/y/ePZo0CJgSH0CBw06Kw0A6 * BLACK HAT BRIEFINGS & TRAINING: WINDOWS SECURITY Attend the world's premier technical event for Windows and .NET security experts, February 24-27, 2003, in Seattle. You'll find six tracks, seven training sessions, and full support from Microsoft. See for yourself what the Black Hat buzz is all about. Register today! http://list.winnetmag.com/cgi-bin3/flo/y/ePZo0CJgSH0CBw0pHV0AT 4. ==== SECURITY ROUNDUP ==== * NEWS: IN-STAT/MDR EXPECTS BROADBAND SECURITY MARKET TO SOAR According to In-Stat/MDR, the market for broadband-based security solutions will grow to $829 million by the end of 2004, up from $71 million in 2000. The company attributes the expected growth rates to expanding use of broadband connectivity solutions. http://www.secadministrator.com/articles/index.cfm?articleid=37948 * NEWS: IDC SAYS SECURITY MARKET TO REACH $45 BILLION BY 2006 IDC reports that it expects the IT security market to reach $45 billion in revenues by 2006. The predicted figures include software, hardware, and services. Revenues in 2001 were about $17 billion. http://www.secadministrator.com/articles/index.cfm?articleid=37945 5. ==== SECURITY TOOLKIT ==== * VIRUS CENTER Panda Software and the Windows & .NET Magazine Network have teamed to bring you the Center for Virus Control. Visit the site often to remain informed about the latest threats to your system security. http://www.secadministrator.com/panda * FAQ: HOW CAN I USE GROUP POLICY TO CONFIGURE THE SHUTDOWN EVENT TRACKER? ( contributed by Brett Hill, http://www.iisanswers.com ) A. You can use Group Policy to configure the Shutdown Event Tracker by performing the following steps: 1. Open Group Policy, then load the group policy to which you want to apply the change. 2. Expand Computer Configuration, Administrative Templates, System. 3. Double-click Display Shutdown Event Tracker. 4. Select Enabled. 5. Select the Never option, then click OK. 6. Click OK to close all dialog boxes. 6. ==== NEW AND IMPROVED ==== (contributed by Sue Cooper, productsat_private) * ENSURE LOGON SECURITY THROUGH SIGNATURE AUTHENTICATION Security Biometrics released BIOSign, a biometric signature authentication solution to replace text-based password and PIN logon systems in Windows XP and Windows 2000. BIOSign is powered by Security Biometrics' PenFlow technology, which analyzes the way in which a signature is signed, not how it looks. To verify your users' identities, the software compares the pen's force, speed, and directional vectors to profile data. Contact Security Biometrics at 866-522-3888 and infoat_private http://sigbio.xplorex.com * PROTECT LOTUS NOTES/DOMINO DATABASES Symantec announced Symantec AntiVirus/Filtering for Domino, an integrated virus protection and filtering solution for Lotus Notes/Domino databases. The software now offers rules-based content filtering and realtime protection from malicious and spam attacks. Supports Lotus/Domino databases running AIX, iSeries, Linux, Solaris, Windows 2000 and Windows NT. Contact Symantec on its Web site. http://enterprisesecurity.symantec.com. * SUBMIT TOP PRODUCT IDEAS Have you used a product that changed your IT experience by saving you time or easing your daily burden? Do you know of a terrific product that others should know about? Tell us! We want to write about the product in a future What's Hot column. Send your product suggestions to whatshotat_private 7. ==== HOT THREAD ==== * WINDOWS & .NET MAGAZINE ONLINE FORUMS http://www.winnetmag.com/forums Featured Thread: Clear History When a User Exits Windows (One message in this thread) A user writes that he wants to be able to clear the Microsoft Internet Explorer (IE) history folder and delete all temporary Internet files and folders when a user logs off. Lend a hand or read the responses: http://www.winnetmag.com/forums/rd.cfm?cid=42&tid=54145 8. ==== CONTACT US ==== Here's how to reach us with your comments and questions: * ABOUT IN FOCUS -- markat_private * ABOUT THE NEWSLETTER IN GENERAL -- lettersat_private (please mention the newsletter name in the subject line) * TECHNICAL QUESTIONS -- http://www.winnetmag.com/forums * PRODUCT NEWS -- productsat_private * QUESTIONS ABOUT YOUR SECURITY UPDATE SUBSCRIPTION? Customer Support -- securityupdateat_private * WANT TO SPONSOR SECURITY UPDATE? emedia_oppsat_private ******************** This email newsletter is brought to you by Security Administrator, the print newsletter with independent, impartial advice for IT administrators securing a Windows 2000/Windows NT enterprise. Subscribe today! http://www.secadministrator.com/sub.cfm?code=saei25xxup Receive the latest information about the Windows and .NET topics of your choice. Subscribe to our other FREE email newsletters. http://www.winnetmag.com/email |-+-|-+-|-+-|-+-|-+-| Thank you for reading Security UPDATE. MANAGE YOUR ACCOUNT You can manage your entire Windows & .NET Magazine Network email newsletter account on our Web site. Simply log on and you can change your email address, update your profile information, and subscribe or unsubscribe to any of our email newsletters all in one place. http://www.winnetmag.com/email Thank you! __________________________________________________________ Copyright 2003, Penton Media, Inc. - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Thu Feb 13 2003 - 04:01:39 PST