==================== This email newsletter comes to you free and is supported by the following advertiser, which offers products and services in which you might be interested. Please take a moment to visit this advertiser's Web site and show your support for Security UPDATE. Consolidate Your SQL Server Infrastructure http://list.windowsitpro.com/t?ctl=1116D:4FB69 ==================== 1. In Focus: Proactive Honeypots 2. Security News and Features - Recent Security Vulnerabilities - Recent Microsoft Security Bulletins: Exploits Already on the Loose - Identity Theft Ring Used a Powerful Keyboard Logger 3. Instant Poll 4. Security Toolkit - Security Matters Blog - FAQ 5. New and Improved - Filter Web and Email Content ==================== ==== Sponsor: PolyServe ==== Consolidate Your SQL Server Infrastructure Shared data clustering is the breakthrough consolidation solution for Microsoft Windows servers. In this free white paper learn how shared data clustering technology can reduce capital expenditures by at least 50 percent, improve management efficiency, reduce operational expense, ensure high availability across all SQL Server instances and more! Find out how you can reduce the overall Total Cost of Ownership (TCO) for SQL Server cluster deployments by as much as 60 percent over three years! Download your free copy now. http://list.windowsitpro.com/t?ctl=1116D:4FB69 ==================== ==== 1. In Focus: Proactive Honeypots ==== by Mark Joseph Edwards, News Editor, mark at ntsecurity / net Honeypots sit on a server and wait for intrusion attempts. When one occurs, they can perform a variety of actions. But what if a honeypot did the inverse--headed out on the Web to look for intruders? Microsoft has developed a new tool, Strider HoneyMonkey Exploit Detection System, that runs as a Web client by using "monkeys" to surf the Web for malicious Web-based content. HoneyMonkey's monkeys are programs that automate Web surfing and exploit detection. Instead of relying on databases of known exploits and malware, the monkeys launch a browser, connect to a site via its URL, and then wait for something to happen. The programs also monitor all file and registry access. Because the monkeys aren't designed to click links or dialog boxes on sites, it can be reasonably assumed that any executable file downloads or registry changes during monkey Web sessions might be hostile in one way or another. Microsoft says that HoneyMonkey also works in conjunction with Strider GhostBuster and Strider Gatekeeper to detect hidden processes and hooks that might use autostart features of the OS. HoneyMonkey runs inside a virtual machine (VM), which makes cleaning up after any potential exploit or infection much easier. When exploits are detected, HoneyMonkey alerts a controller, which destroys the VM, launches a new, fully patched VM, and passes the URL to another monkey. If an exploit is still detected, HoneyMonkey concludes that it's found a new (or zero-day, if you prefer) exploit and passes it on to Microsoft's Security Response Center for further research. HoneyMonkey works sort of like a search engine spider. It follows links and redirects at a detected exploit site to find more suspect sites. According to Microsoft, such sites often link to each other; if one site's exploit doesn't work, another site's might. Microsoft said that after a month of use, HoneyMonkey discovered 752 URLs at 287 sites that can infiltrate an unpatched system running Windows XP. Of that lot, 204 URLs at 115 sites can infiltrate a system running XP with Service Pack 2 (SP2) and no additional patches. Microsoft said that the first new exploit was detected in July. It used known vulnerabilities in javaprxy.dll, for which no patch was available. Microsoft then created a patch, which was released in conjunction with Microsoft Security Bulletin MS05-037, "Vulnerability in JView Profiler Could Allow Remote Code Execution (903235)." http://list.windowsitpro.com/t?ctl=11173:4FB69 Here's some interesting information: Of those 752 URLs, 102 of them were available via search results at Google and 100 of them were available at Yahoo!. As of June 1, 49 of them were available at MSN Search, but by June 10, Microsoft had removed all 49. The company didn't say whether it shared its information with other search engine operators so that they could remove the URLs from their respective engines. If you're interested in learning more about HoneyMonkey, visit the Microsoft Research Web site and click the link "Full research technical report on Strider HoneyMonkey" for a paper that contains a lot more detail. http://list.windowsitpro.com/t?ctl=11181:4FB69 ==== 2. Security News and Features ==== Recent Security Vulnerabilities If you subscribe to this newsletter, you also receive Security Alerts, which inform you about recently discovered security vulnerabilities. You can also find information about these discoveries at http://list.windowsitpro.com/t?ctl=11172:4FB69 Recent Microsoft Security Bulletins: Exploits Already on the Loose Just 48 hours after Microsoft issued its monthly security bulletins last week, three proof-of-concept exploits were released that take advantage of critical problems. On August 9, Microsoft issued six bulletins that explain numerous problems in Microsoft Internet Explorer (IE) and Windows Plug and Play and several other problems--many of these problems are considered critical. Are worms built on these exploits only a matter of time? http://list.windowsitpro.com/t?ctl=11178:4FB69 Identity Theft Ring Used a Powerful Keyboard Logger Last week, we reported that Sunbelt Software uncovered an identity theft ring. This week, we learned how that ring managed to gather so much sensitive information: by using a powerful keystroke logger. Learn all about it in this news item on our Web site. http://list.windowsitpro.com/t?ctl=11177:4FB69 ==================== ==== Resources and Events ==== Reduce Downtime with Continuous Data Protection Continuous or real-time backup systems help avoid the danger of losing data if your system fails after the point of backup by providing real-time protection. In this free Web seminar, learn how to integrate them with your existing backup infrastructure, how to apply continuous protection technologies to your Windows-based servers, and more. Sign up today and learn how you can quickly roll back data not just to the last snapshot or backup, but to any point in time! http://list.windowsitpro.com/t?ctl=1116E:4FB69 Identify the Key Security Considerations for Wireless Mobility Wireless and mobile technologies are enabling enterprises to gain competitive advantage through accelerated responsiveness and increased productivity. In this free Web seminar, you'll receive a checklist of risks to factor in when considering your wireless mobility technology evaluations and design. Sign up today and learn all you need to know about Firewall security, Transmission security, OTA management, management of third-party security applications and more! http://list.windowsitpro.com/t?ctl=1116F:4FB69 Deadline Extended--2005 Windows IT Pro Innovators Contest! If you've used Windows technology in creative ways to devise specific, beneficial solutions to problems your business has faced, we want you! Now's your chance to get the recognition you deserve. Enter the 2005 Windows IT Pro Innovators Contest now! You could win a complimentary conference pass to Exchange Connections and Windows Connections in San Diego in late October 2005. http://list.windowsitpro.com/t?ctl=11174:4FB69 SQL Server 2005 Roadshow is Coming to a City Near You Get the facts about migrating to SQL Server 2005. SQL Server experts will present real-world information about administration, development, and business intelligence to help you implement a best-practices migration to SQL Server 2005 and improve your database computing environment. Attend and receive a 1-year membership to PASS and 1-year subscription to SQL Server Magazine. Register now! http://list.windowsitpro.com/t?ctl=11170:4FB69 Avoid the 5 Major Compliance Pitfalls Based on real-world examples, this Web seminar will help C-level executives, as well as IT directors and managers, avoid common mistakes and give their organization a head start in ensuring a successful compliance implementation. Register today and find out how you can avoid the mistakes of others, improve IT security, and reduce the cost of continually maintaining and demonstrating compliance. http://list.windowsitpro.com/t?ctl=11171:4FB69 ==================== ==== 3. Instant Poll ==== Results of Previous Poll: Do you regularly scan your external network IP addresses for open ports on your network and compare the results against a known good baseline? The voting has closed in this Windows IT Pro Security Hot Topic nonscientific Instant Poll. Here are the results from the 14 votes. - 7% Yes, I regularly scan my network and compare against a baseline. - 14% Yes, I periodically scan but merely review the results. - 64% No, I don't scan, but I think I should. - 14% No, I don't think scanning is useful. New Instant Poll: Does your company use an encryption product to protect files and folders on Windows systems? Go to the Security Hot Topic and submit your vote for - Yes, we use Microsoft Windows Encrypting File System (EFS). - Yes, we use a third-party product. - We haven't used encryption in the past, but we're considering it now. - No, we don't see any need to encrypt data. http://list.windowsitpro.com/t?ctl=1117C:4FB69 ==================== ==== Featured White Paper ==== Sort Through Sarbanes-Oxley, HIPAA, GLBA and Basel II Legislation Quicker and Easier! In this free white paper, get the tips you've been looking for to save time and money in achieving IT security and regulatory compliance. Find out how you can simplify these manually intensive, compliance- related tasks that reduce IT efficiency. Turn these mandates into automated and cost effective solutions today! http://list.windowsitpro.com/t?ctl=1116C:4FB69 ==================== ==== 4. Security Toolkit ==== Security Matters Blog: Lawyer's Perspective on Cisco, ISS, and Mike Lynn at Black Hat by Mark Joseph Edwards, http://list.windowsitpro.com/t?ctl=1117F:4FB69 Controversy ensued at the recent Black Hat USA 2005 conference in Las Vegas. Internet Security Systems (ISS) researcher Mike Lynn was slated to give a presentation at the show to discuss vulnerabilities in Cisco Systems routers. Cisco tried to prevent the presentation, but the show went on. Read the blog entry to learn more. http://list.windowsitpro.com/t?ctl=11179:4FB69 FAQ by John Savill, http://list.windowsitpro.com/t?ctl=1117D:4FB69 Q: How can I use Group Policy to control the new Windows Firewall that's included with Windows Server 2003 Service Pack 1 (SP1) and Windows XP SP2? Find the answer at http://list.windowsitpro.com/t?ctl=1117A:4FB69 ==================== ==== Announcements ==== (from Windows IT Pro and its partners) Try a Sample Issue of the Windows IT Security Newsletter! Security Administrator is now Windows IT Security. We've expanded our content to include even more fundamentals on building and maintaining a secure enterprise. Each issue also features product coverage of the best security tools available and expert advice on the best way to implement various security components. Plus, paid subscribers get online access to our entire online security article database! Sign up to try a sample issue today: http://list.windowsitpro.com/t?ctl=11176:4FB69 Windows IT Pro Gives IT Professionals What They Need The August issue is a must have! Subscribe now and find out the best ways to plan for Longhorn, what you need to know about VBScripts, and how to make sense of SQL Server. If you order today, you'll also gain exclusive access to the entire Windows IT Pro online article database (over 9000 articles) and save 44% off the cover price! http://list.windowsitpro.com/t?ctl=1117B:4FB69 ==================== ==== 5. New and Improved ==== by Renee Munshi, products@private Filter Web and Email Content Aladdin Knowledge Systems offers eSafe 5.0, a gateway that checks Web content for spyware and blocks any malicious content. eSafe prevents downloads that use HTML vulnerability exploits and social engineering and downloads from known spyware sites, it uses signature and heuristic detection to identify and block spyware, and it prevents installed spyware from transmitting to its vendors and helps administrators identify infected PCs. eSafe also offers spam tagging, spam blocking, remote quarantine, and user-managed quarantine and reports, and its spam database is updated eight times a day. You can purchase eSafe pre-installed on a variety of hardware. For more information, visit http://list.windowsitpro.com/t?ctl=11180:4FB69 Tell Us About a Hot Product and Get a T-Shirt! Have you used a product that changed your IT experience by saving you time or easing your daily burden? Tell us about the product, and we'll send you a T-shirt if we write about the product in a future Windows IT Pro What's Hot column. Send your product suggestions with information about how the product has helped you to whatshot@private Editor's note: Share Your Security Discoveries and Get $100 Share your security-related discoveries, comments, or problems and solutions in the Windows IT Security print newsletter's Reader to Reader column. Email your contributions (500 words or less) to r2rwinitsec@private If we print your submission, you'll get $100. We edit submissions for style, grammar, and length. ==================== ==== Sponsored Links ==== Professional and secure remote control from all major platforms http://list.windowsitpro.com/t?ctl=1116A:4FB69 Argent Versus MOM 2005 Experts Pick the Best Windows Monitoring Solution http://list.windowsitpro.com/t?ctl=11169:4FB69 Tech jobs at Dice Search 65K+ new IT jobs daily--Tech expert jobs at top companies! http://list.windowsitpro.com/t?ctl=1116B:4FB69 ==================== ==== Contact Us ==== About the newsletter -- letters@private About technical questions -- http://list.windowsitpro.com/t?ctl=11182:4FB69 About product news -- products@private About your subscription -- windowsitproupdate@private About sponsoring Security UPDATE -- emedia_opps@private ==================== This email newsletter is brought to you by Windows IT Security, the leading publication for IT professionals securing the Windows enterprise from external intruders and controlling access for internal users. Subscribe today. http://list.windowsitpro.com/t?ctl=11175:4FB69 View the Windows IT Pro privacy policy at http://www.windowsitpro.com/AboutUs/Index.cfm?action=privacy Windows IT Pro, a division of Penton Media, Inc. 221 East 29th Street, Loveland, CO 80538 Attention: Customer Service Department Copyright 2005, Penton Media, Inc. All rights reserved. _________________________________________ Attend ToorCon Sept 16-18th, 2005 Convention Center San Diego, California www.toorcon.org
This archive was generated by hypermail 2.1.3 : Thu Aug 18 2005 - 00:24:50 PDT