[ISN] Security UPDATE--Security Blog and Googling for Vulnerabilities--July 28, 2004

From: InfoSec News (isn@private)
Date: Wed Jul 28 2004 - 23:53:03 PDT


==== This Issue Sponsored By ====

Featured Download: Patch Management Software

Security Administrator


1. In Focus: Security Blog and Googling for Vulnerabilities

2. Security News and Features
   - Recent Security Vulnerabilities
   - Book Review: PDA Security: Incorporating Handhelds into the

3. Security Matters Blog
   - It Had to Happen Sooner or Later
   - Stopping Malware That Travels Through SSL Connections
   - XML-Based Security Information Feeds

4. Instant Poll

5. Security Toolkit
   - FAQ

6. New and Improved
   - Know Your Enemy


==== Sponsor: Featured Download: Patch Management Software ====
   As a busy IT professional, do you really have time to inventory,
research, test, validate and report on each patch? Let UpdateEXPERT
Patch Management work for you. All the steps are automated and our
scalable architecture works on large and small enterprises alike. Find
out why UpdateEXPERT was named a TechTarget 2004 Product of the Year.
Download a Free 15-day Live Trial Today!


==== 1. In Focus: Security Blog and Googling for Vulnerabilities ====
   by Mark Joseph Edwards, News Editor, mark at ntsecurity / net

First, I want to let you know that we've added a new section to our
Web site and this newsletter. If you visit the Web site regularly and
subscribe to our security-related Really Simple Syndication (RSS)
feed, then you know we recently launched a new blog: Security Matters.
Each week in this newsletter, you'll find a summary of the most recent
blog postings.

You can visit the Security Matters blog to add your comments to a
given posting. If you have a tip, tidbit of information, resource,
commentary, or other content that you think might be of interest to
others, then certainly send me an email (mark at ntsecurity / net)
with that content and I'll consider posting it to the blog.

Last week, I mentioned the Information Security Writers Web site,
which publishes security papers written by many authors. In the past
week, the site has published a few new papers, one of which is
"Demystifying Google Hacks," by Debasis Mohanty.

The paper outlines several ways in which someone can use a particular
search syntax in Google to query for sites that might have known
vulnerabilities. For example, Google supports query syntax that
includes the commands intitle:, inurl:, allinurl:, filetype:, intext:,
and more. Google isn't the only search engine that provides the use of
this sort of query syntax. MSN Search, AlltheWeb, Yahoo!, and others
support a similar syntax to varying degrees.

If intruders are using search engines, you should try the same
techniques to check your own Web sites for vulnerabilities. Repeating
the searches when new Web-related vulnerabilities are published might
also be wise. Think of it as another method for scanning your systems.
You can also build false URLs into a honeypot that supports Web
services, then add the honeypot URLs to various search engines.

A drawback of using search engines to search for vulnerabilities on
your Web sites is that typing or pasting in query after query can
become tedious work. One obvious solution is to use scripts to store
queries and automate the actual querying and result gathering process.
Foundstone released a free tool in May that automates the process of
using Google to scan for vulnerabilities in a given site. I've used
SiteDigger a few times, and it works really well.

Site Digger has a list of more than 100 predefined queries
(vulnerability signatures) in which you simply enter a Web site
address and click a button to start the Google query process. After
the query is complete, you can easily export a report to HTML format.

The signatures are stored in XML format, so you can add more or
customize the current rules if you need to. If you do, be aware that
the tool also has an update feature that lets you download new queries
from the Foundstone Web site when they're available. I'm not sure
whether the update process totally overwrites the signature file or
not; you might want to save a copy of your custom signatures in case
it does.

Our Instant Poll this week asks, "Do you use search engines to look
for vulnerabilities in the Web sites you manage?" Visit
http://www.winnetmag.com/windowssecurity and give us your answer.


==== Sponsor: Security Administrator ====
   Try a Sample Issue of Security Administrator!
   Security Administrator is the monthly newsletter from Windows &
.NET Magazine that shows you how to protect your network from external
intruders and control access for internal users. Sign up now to get a
1-month trial issue--you'll feel more secure just knowing you did.
Click here!


==== 2. Security News and Features ====

Recent Security Vulnerabilities
   If you subscribe to this newsletter, you also receive Security
Alerts, which inform you about recently discovered security
vulnerabilities. You can also find information about these discoveries

Book Review: PDA Security: Incorporating Handhelds into the Enterprise
   According to information published on the companion Web site to the
book "PDA Security: Incorporating Handhelds into the Enterprise,"
"PDAs have moved into the workplace. More than 25 million of them will
soon be accessing company networks." Such a proliferation of PDAs
represents another challenge for systems administrators who are
already struggling to ensure that their company's information isn't
violated in any way or by any means. Reviewer Tony Stevenson says the
book will be useful to administrators tasked with developing a
practical "handheld computing" strategy for their company or
organization. Most important, the book provides the framework for
assessing, and then addressing, the risks that PDAs present. Read the
entire book review on our Web site.


==== Announcements ====
   (from Windows & .NET Magazine and its partners)

Get Your Free Small Business Servers Toolkit--Includes an eBook Plus 3
Web Seminars!
   Don't miss your opportunity to evaluate your server options and
discover which Windows version is right for your needs to lower
licensing and operating costs. You'll learn how to create a
centralized server environment and develop an IT infrastructure plan
to get the most out of your systems while minimizing the costs
involved. Get your Small Business Servers Toolkit now!

Do You Find Monitoring Windows Servers a Daunting Task?
   In this free eBook, we'll examine four main types of monitoring
crucial to any network: performance, capacity, availability, and
security. For each area, you'll find out the most important events and
conditions to monitor to maximize performance, manage capacity, ensure
availability, and stay on top of security. Download this free eBook


==== Hot Release ====

SSL123 - New from thawte
   The full 128-bit capable digital certificate issued within minutes
for US$159.00. Free reissues and experienced 24/5 multi-lingual
support included for the life of the certificate. Click here to read


==== 3. Security Matters Blog ====
   by Mark Joseph Edwards, http://www.winnetmag.com/securitymatters

Check out these recent entries in the Security Matters blog:

It Had to Happen Sooner or Later
   - It was inevitable that somebody somewhere would produce a virus
that affects Windows CE devices, and it happened this week.

Stopping Malware That Travels Through SSL Connections
   - Inspecting Secure Sockets Layer (SSL) traffic isn't possible
through standard methods. However, it is possible with a third-party

XML-Based Security Information Feeds
   - Really Simple Syndication (RSS) feeds are a great way to quickly
gather security-related information, including information about all
the latest vulnerabilities.

==== 4. Instant Poll ====

Results of Previous Poll
   The voting has closed in the Windows & .NET Magazine Network
Security Web page nonscientific Instant Poll for the question, "Do you
now use or do you plan to use 802.11i on your wireless LANs?" Here are
the results from the 47 votes.
   - 13% Yes, we use 802.11i now
   -  4% Yes, we plan to use 802.11i in the next 3 months
   -  9% Yes, we plan to use 802.11i in the next 6 months
   - 17% Yes, we plan to use 802.11i in the next year
   - 57% No, we don't plan to use 802.11i

New Instant Poll
   The next Instant Poll question is, "Do you use search engines to
look for vulnerabilities in the Web sites you manage?" Go to the
Security Web page and submit your vote for
   - Yes, I do so regularly
   - Yes, but only when I become aware of new Web vulnerabilities
   - No, but I plan to start
   - No, and I don't plan to start

==== 5. Security Toolkit ====

FAQ: Q. What Are the Relative Identifiers (RIDs) of a Domain's
Built-in Accounts?
   by John Savill, http://www.winnetmag.com/windowsnt20002003faq

A. Every object in a domain has a SID, which consists of the domain's
SID and a RID. For built-in objects, such as built-in accounts, RIDs
are hard-coded. A table at the URL below lists the built-in objects,
their RID, and their object type. The fact that RIDs are hard-coded
explains why merely renaming, say, the Domain Administrator object
doesn't often thwart an intruder, who can simply locate the account by
using the RID 500. However, you can create a honeypot by renaming the
real Domain Administrator account and creating a new account called
Domain Administrator that has no permissions. You can use the bogus
Domain Administrator account to fool hackers into attacking it, then
log the attacks and delay any real damage to the bona fide Domain
Administrator account.


==== Events Central ====
   (A complete Web and live events directory brought to you by Windows
& .NET Magazine: http://www.winnetmag.com/events )

We're Bringing the Experts Directly to You with 2 New IT Pro Workshop
Series on Security and Exchange
   Don't miss 2 intense workshops designed to give you simple and free
tools to better secure your networks and Exchange servers. Discover
how to prevent intruders from attacking your network and how to
perform a security checkup on your Exchange deployment. Get a free
12-month subscription to Windows & .NET Magazine and enter to win an
Xbox! Register now!


====6. New and Improved ====
   by Jason Bovberg, products@private

Know Your Enemy
   O'Reilly Media released "Security Warrior" by Cyrus Peikari and
Anton Chuvakin. Based on the principle that the best way to defend
your systems is to understand your attacker in depth, "Security
Warrior" covers everything from reverse engineering to SQL attacks and
includes such topics as social engineering, antiforensics, and
advanced attacks against UNIX and Windows systems. The book discusses
a combination of formal science and real-life information-security
experiences, multiple platforms, and attacks and defenses. The book
costs $44.95. For more information, contact O'Reilly at 707-827-7000
or 800-998-9938 or on the Web.

Tell Us About a Hot Product and Get a T-Shirt!
   Have you used a product that changed your IT experience by saving
you time or easing your daily burden? Tell us about the product, and
we'll send you a Windows & .NET Magazine T-shirt if we write about the
product in a future Windows & .NET Magazine What's Hot column. Send
your product suggestions with information about how the product has
helped you to whatshot@private


==== Sponsored Links ====

   Comparison Paper: The Argent Guardian Easily Beats Out MOM

   Free Download--New - Launch NetOp Remote Control from a USB Drive


Editor's note: Share Your Security Discoveries and Get $100
   Share your security-related discoveries, comments, or problems and
solutions in the Security Administrator print newsletter's Reader to
Reader column. Email your contributions (500 words or less) to
r2rsecadmin@private If we print your submission, you'll get
$100. We edit submissions for style, grammar, and length.


==== Contact Us ====

About the newsletter -- letters@private
About technical questions -- http://www.winnetmag.com/forums
About product news -- products@private
About your subscription -- securityupdate@private
About sponsoring Security UPDATE -- emedia_opps@private


==== Contact Our Sponsors ====

Primary Sponsor:
   St. Bernard Software -- http://www.stbernard.com

Hot Release Sponsor:
   thawte -- http://www.thawte.com -- 1-650-426-7400


This email newsletter is brought to you by Windows & .NET Magazine,
the leading publication for IT professionals deploying Windows and
related technologies. Subscribe today.

You received this email message because you asked to receive
additional information about products and services from the Windows &
.NET Magazine Network. To unsubscribe, send an email message to
mailto:Security-UPDATE_Unsub@private Thank you!

View the Windows & .NET Magazine privacy policy at

Windows & .NET Magazine, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department

Copyright 2004, Penton Media, Inc. All rights reserved.

Help InfoSec News with a donation: http://www.c4i.org/donation.html

This archive was generated by hypermail 2.1.3 : Thu Jul 29 2004 - 02:39:32 PDT