[ISN] Windows & .NET Magazine Security UPDATE--Online Fraud--January 14, 2004

From: InfoSec News (isn@private)
Date: Thu Jan 15 2004 - 03:27:03 PST

  • Next message: InfoSec News: "[ISN] Secunia Weekly Summary - Issue: 2004-3"

    ====================
    
    ==== This Issue Sponsored By ====
    
    Exchange & Outlook Administrator
       http://list.winnetmag.com/cgi-bin3/DM/y/ed8D0CJgSH0CBw0BEf10Am
    
    ====================
    
    1. In Focus: Defending Against Online Fraud
    
    2. Announcements
         - InfoSec World Conference and Expo/2004, Orlando, FL, March
           22-24, 2004
         - The Windows & .NET Magazine Network VIP Web Site/Super CD Has
           It All!
    
    3. Security News and Features
         - Recent Security Vulnerabilities
         - News: New Trojan Horse Claims to Be Microsoft Patch
         - Feature: Windows XP SP2 Beta In-Depth
         - Feature: Plug the Mobile Worm Hole
    
    4. Instant Poll
         - Results of Previous Poll: System Security in 2004
         - New Instant Poll: Fraud Victim
    
    5. Security Toolkit
         - Virus Center
         - FAQ: How Can I Quickly Lock the Console on Windows Server 2003 
           and Windows XP?
         - Featured Thread: Browser Highjackers and Other Security Issues
    
    6. Event
         - New Web Seminar: Email Is a Service--Manage It Like One
    
    7. New and Improved
         - Protect Your Network Perimeter
         - Guard Your Important Data
         - Tell Us About a Hot Product and Get a T-Shirt
    
    8. Contact Us
       See this section for a list of ways to contact us.
    
    ====================
    
    ==== Sponsor: Exchange & Outlook Administrator ====
       Try a Sample Issue of Exchange & Outlook Administrator!
       If you haven't seen Exchange & Outlook Administrator, you're
    missing out on key information that will go a long way towards
    preventing serious messaging problems and down time. Request a sample
    issue today, and discover tools you won't find anywhere else to help
    you migrate, optimize, administer, and secure Exchange and Outlook.
    Order now!
       http://list.winnetmag.com/cgi-bin3/DM/y/ed8D0CJgSH0CBw0BEf10Am
    
    ====================
    
    ==== 1. In Focus: Defending Against Online Fraud ====
       by Mark Joseph Edwards, News Editor, mark@private
    
    Internet-based fraud--whether identity theft, false advertising, or
    some other ploy--is a growing problem. Some of the more frequently
    used scams involve a combination of email messages and spoofed Web
    sites in which the sender tries to trick the recipient into providing
    private information such as bank account or credit card information
    and related logon credentials.
    
    Two organizations, Netcraft and Brightmail, have recently launched
    security services aimed at helping to curb fraud. Netcraft, known for
    its popular Web server surveys, has launched a service designed to
    alert banks and other financial institutions to Internet-based fraud
    attempts. Netcraft scans some 46 million Web sites looking for the
    misuse of a financial institution's domain names, trademarks, and
    familiar phrases. Netcraft also monitors in other ways, including
    pattern matching of DNS scans and common names used in Secure Sockets
    Layer (SSL) certificates. Financial institutions that use the Netcraft
    antifraud service can be alerted to potentially malicious sites,
    ideally before these sites have a chance to fool anyone.
    http://news.netcraft.com/archives/2004/01/02/phishing_identity_theft_and_banking_fraud_detection.html
    
    Brightmail's Anti-Fraud service is designed to help financial
    institutions, governments, and other services guard against email
    fraud and brand spoofing. Brightmail maintains a "probe network"--a
    collection of more than 2 million email addresses that the company
    uses as decoys to help collect information about spam and, now, fraud.
    If the company detects a potential fraud attempt via email, it will
    alert the involved organization, which can then take action.
       http://brightmail.com/bmi-af.html
    
    Fraud situations can lead to embarrassment and hassles for companies
    whose identities are spoofed and for individuals who provide their
    personal information. So how can companies and individuals help
    prevent these situations? Companies that operate a significant
    e-commerce site can consider using the new antifraud services.
    
    Individuals can help by raising their own and others' awareness about
    online fraud. If you're interested in helping to prevent online
    financial fraud, be sure to visit Anti-Phishing.org, a new Web site at
    which you can join a working group focused on finding ways to curb
    online fraud, find links to similar organizations, read news stories
    and reports about the latest fraud attempts, and more.
       http://www.anti-phishing.com
    
    ==== 2. Announcements ====
       (from Windows & .NET Magazine and its partners)
    
    InfoSec World Conference and Expo/2004, Orlando, FL, March 22-24, 2004
       Get dynamic techniques, real-world strategies, and innovative
    solutions for mitigating risk, securing critical data, and
    strengthening the enterprise at InfoSec World 2004. Featuring 80+
    sessions, the CISO Executive Summit, in-demand keynoters, a huge
    vendor expo, optional workshops, and more, InfoSec World will deliver
    everything you need to meet today's tough information security
    challenges! For details and to register, go to:
       http://list.winnetmag.com/cgi-bin3/DM/y/ed8D0CJgSH0CBw0BEnS0AU
    
    The Windows & .NET Magazine Network VIP Web Site/Super CD Has It All!
       With a VIP Web site/Super CD subscription, you'll get online access
    to all of our publications, a print subscription to Windows & .NET
    Magazine, and a subscription to our VIP Web site, a banner-free
    resource loaded with articles you can't find anywhere else. Click here
    to find out how you can get it all at 25 percent off!
       http://list.winnetmag.com/cgi-bin3/DM/y/ed8D0CJgSH0CBw0BEMw0AX
    
    ====================
    
    ==== Sponsor: Virus Update from Panda Software ====
       Are your traditional antivirus solutions really protecting your
    network? Panda Antivirus GateDefender is a dedicated hardware device
    installed at the Internet gateway to block viruses before they
    contaminate your network. It scans 7 different communication
    protocols, achieving optimum protection against external attacks.
    Panda Antivirus GateDefender 7100 (25-500 seats) & Panda Antivirus
    GateDefender 7200 (500 seats+) provide the highest scalability with
    native load balancing that transparently adapts to traffic volume.
       Visit "Panda's GateDefender Stands Guard!" at
    http://list.winnetmag.com/cgi-bin3/DM/y/ed8D0CJgSH0CBw0BEGa0A4
    for more information.
    
    ====================
    
    ==== 3. Security News and Features ====
    
    Recent Security Vulnerabilities
       If you subscribe to this newsletter, you also receive Security
    Alerts, which inform you about recently discovered security
    vulnerabilities. You can also find information about these discoveries
    at
       http://www.winnetmag.com/departments/departmentid/752/752.html
    
    News: New Trojan Horse Claims to Be Microsoft Patch
       A new Trojan horse program claims to be a critical patch from
    Microsoft. When run, the Trojan horse attempts to download software
    from a remote site and, if successful, installs a back door into the
    user's computer. According to iDEFENSE, the Trojan horse was purposely
    coded to try to avoid detection by antivirus software.
       http://www.winnetmag.com/article/articleid/41424/41424.html
    
    Feature: Windows XP SP2 Beta In-Depth
       Windows XP Service Pack 2 (SP2) is almost entirely centered on what
    Microsoft calls "safety technologies," so although the release will
    contain a collection of bug fixes, it will also include a slew of new
    features. Paul Thurrott discusses the new features in the first XP SP2
    beta. However, keep in mind that Microsoft said this beta isn't
    complete and that other features might be added in future betas.
       http://www.winnetmag.com/article/articleid/41364/41364.html
    
    Feature: Plug the Mobile Worm Hole
       The problems started the day Michael Otey returned from a recent
    trip. About an hour after he started working, he saw his router's WAN
    activity light turn solid white and stay that way. A little detective
    work revealed that he'd picked up a worm on his laptop from another
    system while working on a public wireless network. Find out how Mike
    tracked and eliminated the worm in this article on our Web site.
       http://www.winnetmag.com/article/articleid/41112/41112.html
    
    ==== 4. Instant Poll ====
    
    Results of Previous Poll: System Security in 2004
       The voting has closed in the Windows & .NET Magazine Network
    Security Web page nonscientific Instant Poll for the question, "Which
    of the following factors do you think will have the greatest impact on
    system security in 2004?" Here are the results from the 133 votes.
       - 28% Viruses and worms
       - 17% Junk email
       - 49% Patch management
       - 7% Managed security services
       (Deviations from 100 percent are due to rounding.)
    
    New Instant Poll: Fraud Victim
       The next Instant Poll question is, "Have you, your company, or
    someone you know been a victim of online fraud?" Go to the Security
    Web page and submit your vote for
       - Yes
       - No
       - Not sure
       http://www.winnetmag.com/windowssecurity
    
    ==== 5. Security Toolkit ====
    
    Virus Center
       Panda Software and the Windows & .NET Magazine Network have teamed
    to bring you the Center for Virus Control. Visit the site often to
    remain informed about the latest threats to your system security.
       http://www.winnetmag.com/windowssecurity/panda
    
    FAQ: How Can I Quickly Lock the Console on Windows Server 2003 and
    Windows XP?
       by John Savill, http://www.winnetmag.com/windowsnt20002003faq
    
    A. A reader, Jeff Lambert, sent us this tip: If you need to step away
    from your workstation for a few minutes, you might want to lock it to
    prevent passersby from being able to access your data. To lock your XP
    workstation, press the Windows key (i.e., the key with the Windows
    logo) + L. This trick doesn't work on Windows 2000, but it works on
    Windows 2003.
    
    Featured Thread: Browser Highjackers and Other Security Issues
       (Three messages in this thread)
       A user writes that he recently had a computer that was infected
    with a Web browser hijacking tool and another computer infected with
    an unauthorized ad program. He wants to know whether a way exists to
    block this kind of occurrence at the router, firewall, or server
    levels. Lend a hand or read the responses:
    http://www.winnetmag.com/forums/messageview.cfm?catid=42&threadid=66170
    
    ==== 6. Event ====
    
    New Web Seminar: Email Is a Service--Manage It Like One
       True end-to-end management of the messaging infrastructure requires
    an integrated, service-oriented approach. This free Web seminar
    introduces service-driven management and best practices for managing
    and monitoring the key elements crucial to ensuring email health and
    performance, including Exchange Server, Active Directory, network, and
    storage. Sign up today!
       http://list.winnetmag.com/cgi-bin3/DM/y/ed8D0CJgSH0CBw0BElA0AA
    
    ==== 7. New and Improved ====
       by Jason Bovberg, products@private
    
    Protect Your Network Perimeter
       GFI Software released a freeware version of GFI DownloadSecurity
    for Internet Security and Acceleration (ISA) Server 6.0, which checks
    files downloaded from the Internet for Trojan horse programs, viruses,
    and other objectionable content. The freeware version uses the
    BitDefender antivirus engine to scan HTTP and FTP downloads at the
    network perimeter. GFI DownloadSecurity automatically updates its
    BitDefender definition files as new files become available. To
    download GFI DownloadSecurity for ISA Server 6.0, contact GFI on the
    Web.
       http://www.gfi.com/dsec
    
    Guard Your Important Data
       Everstrike Software announced Universal Shield 3.0, a security tool
    that lets you hide and password-protect files, folders, and drives.
    You can set data-access rights for local users and administrators,
    prevent the deletion of specific files, and encrypt data. The tool
    also lets you control program startup and uninstallation. Universal
    Shield 3.0 runs on Windows XP/2000/NT and costs $34.95 for a
    single-user license. For more information about Universal Shield 3.0,
    contact Everstrike Software at info@private or on the Web.
       http://www.everstrike.com
    
    Tell Us About a Hot Product and Get a T-Shirt!
       Have you used a product that changed your IT experience by saving
    you time or easing your daily burden? Tell us about the product, and
    we'll send you a Windows & .NET Magazine T-shirt if we write about the
    product in a future Windows & .NET Magazine What's Hot column. Send
    your product suggestions with information about how the product has
    helped you to whatshot@private
    
    ===================
    
    ==== Sponsored Links ====
    
    VMware Inc.
       Are you an MCSE/MCP? Let VMware Workstation put $100 in your
     pocket.
       http://list.winnetmag.com/cgi-bin3/DM/y/ed8D0CJgSH0CBw0BElM0AM
    
    ===================
    
    ==== 8. Contact Us ====
    
    About the newsletter -- letters@private
    About technical questions -- http://www.winnetmag.com/forums
    About product news -- products@private
    About your subscription -- securityupdate@private
    About sponsoring Security UPDATE -- emedia_opps@private
    
    This email newsletter is brought to you by Windows & .NET Magazine,
    the leading publication for IT professionals deploying Windows and
    related technologies. Subscribe today.
       http://www.winnetmag.com/sub.cfm?code=wswi201x1z
    
    View the Windows & .NET Magazine privacy policy at
    http://www.winnetmag.com/AboutUs/Index.cfm?action=privacy
    
    Windows & .NET Magazine, a division of Penton Media, Inc.
    221 East 29th Street, Loveland, CO 80538
    Attention: Customer Service Department
    
    Copyright 2004, Penton Media, Inc. All rights reserved.
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomo@private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Thu Jan 15 2004 - 05:57:26 PST