[ISN] Security UPDATE--Mobile Computing Security Through Obscurity--June 23, 2004

From: InfoSec News (isn@private)
Date: Fri Jun 25 2004 - 06:10:13 PDT

  • Next message: InfoSec News: "[ISN] Stephen Northcutt is sadly mistaken"

    ==== This Issue Sponsored By ====
    Windows & .NET Magazine
    Implementing Client Security on Windows 2000/XP
    1. In Focus: Mobile Computing Security Through Obscurity
    2. Security News and Features
       - Recent Security Vulnerabilities
       - eBook: Preemptive Email Security and Management
       - News: Audit Reveals Spyware Infestation
       - News: Secure SMS and Your Passwords
    3. Security Toolkit
       - FAQ
       - Featured Thread
    4. New and Improved
       - Monitor Your System and Applications
       - Protect Your Privacy
    ==== Sponsor: Windows & .NET Magazine ====
       Get 2 Sample Issues of Windows & .NET Magazine!
       Every issue of Windows & .NET Magazine includes intelligent,
    impartial, and independent coverage of security, Active Directory,
    Exchange, scripting, and much more. Our expert authors deliver how-to
    articles and product evaluations that will help you do your job
    better. Try two, no-risk sample issues today, and find out why 100,000
    IT professionals rely on Windows & .NET Magazine each month!
    ==== 1. In Focus: Mobile Computing Security Through Obscurity ====
       by Mark Joseph Edwards, News Editor, mark at ntsecurity dot net
    I wonder if part of your job as security administrator or manager
    includes handling mobile phone security? Someone at your company
    should be tending to that responsibility, especially if employees are
    storing company information on their phones.
    Last week, Kaspersky Labs announced the discovery of the first virus
    to infect mobile phones. The virus, which Kaspersky named Cabir,
    affects mobile phones that use the Symbian OS. The virus is relatively
    harmless--its only purpose is to propagate itself, and it does so only
    to other phones that have Bluetooth enabled and are broadcasting their
    presence. However, Denis Zenkin, head of Corporate Communications at
    Kaspersky Labs, said that sooner or later, more malicious forms of
    mobile phone malware that will possibly destroy or steal data will
    begin to spread.
    Since Cabir spreads to mobile phones that broadcast their presence via
    Bluetooth wireless technology, you might want to configure Symbian to
    use Bluetooth in an invisible mode that doesn't broadcast the phone's
    presence. Configure other mobile phone OSs too to prevent any future
    attacks against them. Using invisible mode is similar to configuring
    wireless Access Points (APs) to not broadcast their SSID. If an AP
    broadcasts its SSID, intruders can detect it and use it as a starting
    point for penetrating your network. Bluetooth invisible mode is also
    similar to using a firewall, which makes your internal networks
    invisible to connected networks.
    These security measures are probably common sense for you, but they
    might not be for mobile phone users in your organization. You could
    explain the security needs to users by comparing their
    Bluetooth-broadcasting mobile phone to a wallet or purse left lying on
    a car seat while they're out of the car. The wallet or purse is
    essentially begging somebody to break into the car and steal it. A
    little security through obscurity might save a lot of frustration
    sooner or later. Some people might disagree, but I think you can gain
    a fair amount of security by obscuring the presence of anything,
    whether it be a wallet, purse, or wireless network.
    Of course, you can gain plenty of security by adding device
    protection, such as antivirus software for mobile phones, which is
    available from many antivirus software vendors. And, as I mentioned
    earlier, you might also consider some configuration changes to your
    mobile phone OS, particularly disabling Bluetooth broadcasts to make
    the devices somewhat invisible.
    If you're interested in other problems with Bluetooth and mobile
    phones, you might want to read about a few other related
    vulnerabilities, which are mentioned in a recent Integralis press
    ==== Sponsor: Implementing Client Security on Windows 2000/XP ====
       Learn the requirements for securing client computers in
    environments where Windows Server 2003, Windows 2000 and Windows NT
    4.0 servers are present. You will also learn how to implement best
    practices for clients in extreme high-security environments. The
    session will discuss the use of Group Policy and Administrative
    Templates to secure Windows 2000 and Windows XP installations and
    provide guidance on software restriction policies, anti-virus
    strategies, and distributed firewall technologies. This session also
    covers configuring Microsoft Office and Internet Explorer to help
    achieve a secure client environment. Register now!
    ==== 2. Security News and Features ====
    Recent Security Vulnerabilities
       If you subscribe to this newsletter, you also receive Security
    Alerts, which inform you about recently discovered security
    vulnerabilities. You can also find information about these discoveries
    eBook: Preemptive Email Security and Management
       In this free eBook, author Peter Bowyer details a preventive
    approach to eliminating spam and viruses, stopping directory harvest
    attacks, guarding content, and improving email performance. The first
    two chapters of the book are already online. You can download them in
    PDF format from our Windows IT Library.
    News: Audit Reveals Spyware Infestation
       An April audit conducted by EarthLink and Webroot Software scoured
    420,761 computer systems. The audit discovered more than 11.3 million
    instances of spyware and Trojan horse programs installed on the
    News: Secure SMS and Your Passwords
       Microsoft released two new security-related articles that cover
    Systems Management Server (SMS) environments and user password
    management. The SMS article, "Scenarios and Procedures for Microsoft
    Systems Management Server 2003: Security," details security
    fundamentals, how to secure SMS, and how to maintain SMS security. The
    password article, "Mind Those Passwords!" addresses the problems many
    users face in managing numerous passwords.
    ==== Announcements ====
       (from Windows & .NET Magazine and its partners)
    Attend the Black Hat Briefings & Training USA Event - July 24-29, 2004
       This is the world's premier technical IT security conference,
    hosting 2,000 delegates from 30 nations. Featuring 27 hands-on
    training courses and 10 conference tracks with presentations by
    security experts and "underground" security specialists. The
    early-bird registration deadline is July 1!
    The Conference on Securing and Auditing Windows Technologies, July
       New for 2004, The Conference on Securing and Auditing Windows
    Technologies will be held July 20-21, 2004, at the Fairmont Copley
    Plaza in Boston, MA. In vendor-neutral sessions on today's hottest
    topics, you'll get practical strategies for mitigating risk and
    safeguarding your systems. For more information, call 508-879-7999 or
    go to:
    Free eBook--"Preemptive Email Security and Management"
       Chapter 2 available now, "Evolving techniques for eliminating spam,
    email virus and worm threats." In this eBook, you'll discover a
    preventive approach to eliminating spam and viruses, stopping
    directory harvest attacks, guarding content, and improving email
    performance. Download this eBook today!
    ==== 3. Security Toolkit ====
    FAQ: How Can I Enable the Security Tab at the Exchange Organization
       by John Savill, http://www.winnetmag.com/windowsnt20002003faq
    A. By default, the Security tab isn't displayed on an Exchange
    organization's properties page. To display the tab, perform these
       1. Start the registry editor (regedit.exe).
       2. Navigate to the
    HKEY_CURRENT_USER\Software\Microsoft\Exchange\EXAdmin subkey.
       3. From the Edit menu, select New and click DWORD Value.
       4. Enter the name ShowSecurityPage and press Enter.
       5. Double-click the new value and set it to 1. Click OK.
       6. Close the registry editor.
    The Security tab will now be displayed on the Exchange organization's
    properties page. On the Security tab, you can turn off the Send As and
    Receive As deny settings to grant Exchange administrators full access
    to all mailboxes in the organization. Using the Security tab to allow
    full access is a simpler way to grant administrators access to users'
    mailboxes than the technique described in the FAQ "How can I configure
    Microsoft Exchange Server 2003 administrators so that they can access
    all users' mailboxes?" at the URL below. However, keep in mind that
    the Security tab lets you grant access only to all mailboxes or none.
    Featured Thread: Port Filtering on Windows 2000 Server
       (One message in this thread)
       Jeff writes that he needs to tighten security on a Windows 2000
    Advanced Server Web server. He wants to allow most UDP traffic, except
    through ports 161 and 445. He doesn't want to use the OS's IP
    filtering because it only lets you define allowed ports, not blocked
    ports, which means that he'd have to manually create a long list of
    allowed ports. Do you know an easy way to accomplish this task? Lend a
    hand or read the responses:
    ==== Events Central ====
       (A complete Web and live events directory brought to you by Windows
    & .NET Magazine: http://www.winnetmag.com/events )
    We're Bringing the Experts Directly to You with 2 New IT Pro Workshop
    Series About Security And Exchange
       Don't miss two intense workshops designed to give you simple and
    free tools to better secure your networks and Exchange servers.
    Discover how to prevent hackers from attacking your network and how to
    perform a security checkup on your Exchange Server deployment. Get a
    free 12-month subscription to Windows & .NET Magazine and enter to win
    an Xbox. Register now!
    ==== 4. New and Improved ====
       by Jason Bovberg, products@private
    Monitor Your System and Applications
       Anfibia Software announced Watchman 6.0, an application-monitoring
    and system-protection tool. Watchman's new GUI offers file protection,
    application-usage logging, and access-control management. You can stop
    unwanted applications and protect documents from tampering. The
    software works on Windows 2003/XP/2000/Me/NT 4.0/98 systems, and
    single licenses start at $45. You can download a fully functional
    evaluation version from the company Web site.
    Protect Your Privacy
       WinGuides released Privacy Guardian 3.0, a privacy protection tool
    that deletes Internet tracks and program history information stored on
    your computer. Information from the Web sites you visit is stored on
    your computer in hidden locations including temporary files, cookies,
    the registry, and the index.dat file. Privacy Guardian cleans out
    these hidden files. Privacy Guardian runs on Windows XP/2000/Me/9x,
    and prices begin at $29.95 for a single-user license. For more
    information, contact WinGuides at 877-576-2445 or info@private
    You can download a free trial version of Privacy Guardian from the
    company's Web site.
    Tell Us About a Hot Product and Get a T-Shirt!
       Have you used a product that changed your IT experience by saving
    you time or easing your daily burden? Tell us about the product, and
    we'll send you a Windows & .NET Magazine T-shirt if we write about the
    product in a future Windows & .NET Magazine What's Hot column. Send
    your product suggestions with information about how the product has
    helped you to whatshot@private
    ==== Sponsored Links ====
       Comparison Paper: The Argent Guardian Easily Beats Out MOM
       CommVault - Free White Paper: Managing the Infinite Inbox
    VERITAS Software
       VERITAS White Paper: Reclaim 30% of Your Windows Storage Space Now!
    Editor's note: Share Your Security Discoveries and Get $100
       Share your security-related discoveries, comments, or problems and
    solutions in the Security Administrator print newsletter's Reader to
    Reader column. Email your contributions (500 words or less) to
    r2rsecadmin@private If we print your submission, you'll get
    $100. We edit submissions for style, grammar, and length.
    ==== Contact Us ====
    About the newsletter -- letters@private
    About technical questions -- http://www.winnetmag.com/forums
    About product news -- products@private
    About your subscription -- securityupdate@private
    About sponsoring Security UPDATE -- emedia_opps@private
    This email newsletter is brought to you by Windows & .NET Magazine,
    the leading publication for IT professionals deploying Windows and
    related technologies. Subscribe today.
    View the Windows & .NET Magazine privacy policy at
    Windows & .NET Magazine, a division of Penton Media, Inc.
    221 East 29th Street, Loveland, CO 80538
    Attention: Customer Service Department
    Copyright 2004, Penton Media, Inc. All rights reserved.
    ISN mailing list
    Sponsored by: OSVDB.org - For 15 cents a day, you could help feed an InfoSec junkie!
    (Broke? Spend 15 minutes a day on the project!)

    This archive was generated by hypermail 2b30 : Fri Jun 25 2004 - 09:07:41 PDT