==================== This email newsletter comes to you free and is supported by the following advertisers, which offer products and services in which you might be interested. Please take a moment to visit these advertisers' Web sites and show your support for Security UPDATE. Symantec LiveState Patch Manager http://list.windowsitpro.com/t?ctl=11B86:4FB69 Get Rapid and Reliable Data and System Recovery http://list.windowsitpro.com/t?ctl=11B71:4FB69 ==================== 1. In Focus: Proactive Honeypots, Part 2 2. Security News and Features - Recent Security Vulnerabilities - Symantec to Acquire Sygate - 180solutions Sues Seven Former Distributors - Microsoft Ships Windows 2000 Worm Removal Tool 3. Security Toolkit - Security Matters Blog - FAQ 4. New and Improved - Fight Phishing Attacks ==================== ==== Sponsor: Symantec ==== Symantec LiveState Patch Manager Symantec LiveState Patch Manager allows you to reliably protect your infrastructure from vulnerabilities. Its intuitive interface allows organizations to scan, identify and install missing patches on hundreds of clients and servers in minutes. Flexible grouping capabilities allow the targeting of patches to specific groups of users. Provides detailed patch status reports. Persistent delivery assures patches are successfully delivered and applied, helping ensure clients are secure and protected. LiveState Patch Manager is a member of a family of modular solutions that work on their own - with tools you may already have - and can be assembled into a broader suite if desired, leveraging a common look-and-feel, management database and agent deployment infrastructure. To learn more, visit us at: http://list.windowsitpro.com/t?ctl=11B86:4FB69 ==================== ==== 1. In Focus: Proactive Honeypots, Part 2 ==== by Mark Joseph Edwards, News Editor, mark at ntsecurity / net Last week, I wrote about Microsoft's Strider HoneyMonkey Exploit Detection System, which is software that tries to find new exploits by surfing the Web and waiting for something to infiltrate the system. I don't know of many other such tools, but I have heard of two other client-based honeypot projects. One is being developed by Bing Yuan at the Laboratory for Dependable Distributed Systems. Yuan is pursuing the technology as his diploma project at the laboratory, and so far, no working code seems to be available to the public. His project is Windows-based, will integrate with Microsoft Internet Explorer (IE), and will work with other software such as the Honeywall CD-ROM. I'm not sure how far along Yuan is in the development process or whether the tool will eventually be released to the public. You can however read more about it at the lab's Web site. http://list.windowsitpro.com/t?ctl=11B7B:4FB69 The second tool I know about is called Honeyclient. The tool is being developed by Kathy Wang, who gave a related presentation at the recent REcon 2005 conference (see the first URL below) in Montreal. You can see the slides from the presentation at the second URL below. Honeyclient is written in Perl and is designed to run on Windows systems. It surfs the Web by using IE and tries to detect any file or registry changes. As it stands now, the tool is made up of two Perl scripts: one is a proxy and the other uses IE to drive a Web-surfing session. http://list.windowsitpro.com/t?ctl=11B89:4FB69 http://list.windowsitpro.com/t?ctl=11B77:4FB69 Wang's project isn't extensively documented, but the two Perl scripts that make up Honeyclient contain a few comments that help you better understand what it actually does. Of course, if you can read Perl code, then you'll get an even better understanding. Honeyclient isn't nearly as functional as HoneyMonkey, but it's similar and a good start. You can learn more about Honeyclient and download the latest version at Wang's Honeyclient Development Project Web site. http://list.windowsitpro.com/t?ctl=11B84:4FB69 If you want to test Honeyclient, the readme file contains the basic installation and usage instructions. One thing I learned when testing the software (which isn't stated in the readme file) is that the directories in the checklist.txt file (which you need to create) are completely parsed, including any subdirectories. Another thing I noticed is that Honeyclient has a lengthy startup time because it also parses the registry HKEY_CLASSES_ROOT tree into a hash so that it can later detect any modifications. A word of caution is in order too: Be sure to use an isolated test machine or an OS running in a virtual machine when testing the tool. If you know of any other tools similar to these, send me an email message with a link or details. ==================== ==== Sponsor: Symantec ==== Get Rapid and Reliable Data and System Recovery Even under the best circumstances, performing a bare metal recovery from tape is tedious and unreliable. In this free white paper, learn how you can achieve unprecedented speed and reliability in recovering systems and data. http://list.windowsitpro.com/t?ctl=11B71:4FB69 ==================== ==== 2. Security News and Features ==== Recent Security Vulnerabilities If you subscribe to this newsletter, you also receive Security Alerts, which inform you about recently discovered security vulnerabilities. You can also find information about these discoveries at http://list.windowsitpro.com/t?ctl=11B76:4FB69 Symantec to Acquire Sygate Symantec announced a deal to acquire Sygate Technologies, maker of policy compliance solutions. The deal will close shortly after the companies receive regulatory approval. Terms of the pending acquisition weren't disclosed. http://list.windowsitpro.com/t?ctl=11B7E:4FB69 180solutions Sues Seven Former Distributors 180solutions filed suit against seven former distributors of its search software for allegedly causing the software to be installed on people's computers without proper notice and consent. 180solutions claims the distributors used botnets to facilitate the software installations. http://list.windowsitpro.com/t?ctl=11B7D:4FB69 Microsoft Ships Windows 2000 Worm Removal Tool In response to widespread Windows 2000-based worm attacks last week, Microsoft updated its Malicious Software Removal Tool (MSRT) to remove the worms and updated its statement about the attacks. http://list.windowsitpro.com/t?ctl=11B7F:4FB69 ==================== ==== Resources and Events ==== SQL Server 2005 Roadshow Is Coming to a City Near You Get the facts about migrating to SQL Server 2005. SQL Server experts will present real-world information about administration, development, and business intelligence to help you implement a best-practices migration to SQL Server 2005 and improve your database computing environment. Attend and receive a 1-year membership to PASS and 1-year subscription to SQL Server Magazine. Register now! http://list.windowsitpro.com/t?ctl=11B74:4FB69 Microsoft Exchange Connections Conference October 31 - November 3, 2005, Manchester Grand Hyatt, San Diego. Microsoft and Exchange experts present over 40 in-depth sessions with real-world solutions you can take back and apply today. Register by September 12 to save $100 off your conference registration and attend sessions at Windows Connections free! http://list.windowsitpro.com/t?ctl=11B88:4FB69 Avoid the 5 Major Compliance Pitfalls Based on real-world examples, this Web seminar will help C-level executives, as well as IT directors and managers, avoid common mistakes and give their organization a head start in ensuring a successful compliance implementation. Register today and find out how you can avoid the mistakes of others, improve IT security, and reduce the cost of continually maintaining and demonstrating compliance. http://list.windowsitpro.com/t?ctl=11B75:4FB69 Roll Back Data to Any Point in Time: Not Just the Last Snapshot or Backup Have you lost data because it was saved right after your last backup? Most of us have been in this situation. Continuous, or real- time, backup systems provide real-time protection, but are they right for you? In this free Web seminar, you'll learn about the design principles that underlie continuous data protection solutions, how to integrate them with your existing backup infrastructure, and how to best apply continuous protection technologies to your Windows-based servers. http://list.windowsitpro.com/t?ctl=11B72:4FB69 High Risk Internet Access: Are You in Control? Defending against Internet criminals, spyware, phishing and addressing the points of risk that Internet-enabled applications expose your organization to can seem like an epic battle with Medusa. So how do you take control of these valuable resources? In this free Web seminar, you'll get the tools you need to help you analyze the impact Internet-based threats have on your organization, and tools to aid you in the construction of Acceptable-Use Policies (AUPs). http://list.windowsitpro.com/t?ctl=11B73:4FB69 ==================== ==== Featured White Paper ==== Consolidate Your SQL Server Infrastructure Shared data clustering is the breakthrough consolidation solution for Microsoft Windows servers. In this free white paper, learn how shared data clustering technology can reduce capital expenditures by at least 50 percent, improve management efficiency, reduce operational expense, ensure high availability across all SQL Server instances and more! Download your free copy now. http://list.windowsitpro.com/t?ctl=11B70:4FB69 ==================== ==== 3. Security Toolkit ==== Security Matters Blog: Mac OS X Security Update Fixes Dozens of Vulnerabilities by Mark Joseph Edwards, http://list.windowsitpro.com/t?ctl=11B83:4FB69 Apple released a major security update for Mac OS X. Security Update 2005-007 fixes dozens of vulnerabilities, including problems in Apache, Kerberos, MySQL, OpenSSL, and many other system components. Apple pulled the update to correct problems it caused with 64-bit applications on the Tiger OS, then reissued it as Security Update 2005- 007 v1.1. If you loaded the initial release on Tiger, be sure to load v1.1. http://list.windowsitpro.com/t?ctl=11B78:4FB69 FAQ by John Savill, http://list.windowsitpro.com/t?ctl=11B82:4FB69 Q: How can I determine which groups I'm a member of for my current logon session? Find the answer at http://list.windowsitpro.com/t?ctl=11B80:4FB69 ==================== ==== Announcements ==== (from Windows IT Pro and its partners) Try a Sample Issue of the Windows IT Security Newsletter! Security Administrator is now Windows IT Security. We've expanded our content to include even more fundamentals on building and maintaining a secure enterprise. Each issue also features product coverage of the best security tools available and expert advice on the best way to implement various security components. Plus, paid subscribers get online access to our entire online security article database! Sign up to try a sample issue today: http://list.windowsitpro.com/t?ctl=11B7C:4FB69 Windows IT Pro Gives IT Professionals What They Need The August issue is a must have! Subscribe now and find out the best ways to plan for Longhorn, what you need to know about VBScripts, and how to make sense of SQL Server. If you order today, you'll also gain exclusive access to the entire Windows IT Pro online article database (over 9000 articles) and save 44% off the cover price! http://list.windowsitpro.com/t?ctl=11B81:4FB69 ==================== ==== 4. New and Improved ==== by Renee Munshi, products@private Fight Phishing Attacks CollectiveTrust has released ScamAlarm, a Windows application that protects users from phishing, identity theft, and fraud. ScamAlarm protects against all types of phishing attacks that try to collect personal information by pretending to be the Web site of a legitimate bank or investment firm. ScamAlarm uses a combination of contextual analysis, a robust set of rules, and a continuously updated list of dangerous sites. With ScamAlarm, users are notified immediately if the site that they're trying to visit is on the list of suspicious sites or if the Web site fails the program's security checks. ScamAlarm runs on Windows 98/2000/XP/2003, currently supports Microsoft Internet Explorer (IE) 5.5 or later, and costs $29.95 for a single-user license (volume discounts are available). You can purchase ScamAlarm securely online or download a free 30-day trial version at http://list.windowsitpro.com/t?ctl=11B87:4FB69 Tell Us About a Hot Product and Get a T-Shirt! Have you used a product that changed your IT experience by saving you time or easing your daily burden? Tell us about the product, and we'll send you a T-shirt if we write about the product in a future Windows IT Pro What's Hot column. Send your product suggestions with information about how the product has helped you to whatshot@private Editor's note: Share Your Security Discoveries and Get $100 Share your security-related discoveries, comments, or problems and solutions in the Windows IT Security print newsletter's Reader to Reader column. Email your contributions (500 words or less) to r2rwinitsec@private If we print your submission, you'll get $100. We edit submissions for style, grammar, and length. ==================== ==== Sponsored Links ==== Professional and secure remote control from all major platforms http://list.windowsitpro.com/t?ctl=11B6E:4FB69 Argent Versus MOM 2005 Experts Pick the Best Windows Monitoring Solution http://list.windowsitpro.com/t?ctl=11B6D:4FB69 Tech jobs at Dice Search 65K+ new IT jobs daily--Tech expert jobs at top companies! http://list.windowsitpro.com/t?ctl=11B6F:4FB69 ==================== ==== Contact Us ==== About the newsletter -- letters@private About technical questions -- http://list.windowsitpro.com/t?ctl=11B85:4FB69 About product news -- products@private About your subscription -- windowsitproupdate@private About sponsoring Security UPDATE -- salesopps@private ==================== This email newsletter is brought to you by Windows IT Security, the leading publication for IT professionals securing the Windows enterprise from external intruders and controlling access for internal users. Subscribe today. http://list.windowsitpro.com/t?ctl=11B7A:4FB69 View the Windows IT Pro privacy policy at http://www.windowsitpro.com/AboutUs/Index.cfm?action=privacy Windows IT Pro, a division of Penton Media, Inc. 221 East 29th Street, Loveland, CO 80538 Attention: Customer Service Department Copyright 2005, Penton Media, Inc. All rights reserved. _________________________________________ Attend ToorCon Sept 16-18th, 2005 Convention Center San Diego, California www.toorcon.org
This archive was generated by hypermail 2.1.3 : Thu Aug 25 2005 - 03:54:45 PDT