[ISN] AxMan, Malware Search, and Bugle

From: InfoSec News (alerts@private)
Date: Wed Aug 09 2006 - 22:27:52 PDT


PLEASE VISIT OUR SPONSORS, WHO BRING YOU SECURITY UPDATE FOR FREE:

Tap into the Potential Value of Compliance
   http://list.windowsitpro.com/t?ctl=345FB:7EB890

Clean Up Your Company's Email Act: Using Filters to Block Threats
   http://list.windowsitpro.com/t?ctl=345F0:7EB890

The Starter PKI Program
   http://list.windowsitpro.com/t?ctl=345F1:7EB890


=== CONTENTS ===================================================

IN FOCUS: AxMan, Malware Search, and Bugle

NEWS AND FEATURES
   - Microsoft Testing Daily Malware Definition Updates
   - Security Guru Leaves Microsoft
   - The Balancing Act Between Security and Usability
   - Recent Security Vulnerabilities

GIVE AND TAKE
   - Security Matters Blog: Build Your Own Firewall
   - FAQ: Displaying a File's Full Path in Windows Explorer 
   - From the Forum: Authenticating Wireless Users
   - Share Your Security Tips

PRODUCTS
   - Encrypt Your Removable Media
   - Wanted: Your Reviews of Products

RESOURCES AND EVENTS

FEATURED WHITE PAPER

ANNOUNCEMENTS


=== SPONSOR: Quest Software ====================================

Tap into the Potential Value of Compliance
   If your compliance solutions only address compliance, you're not 
getting the most for your budget dollar. The new Quest Software white 
paper, "Leveraging Business Value from Compliance Efforts," offers 
expert tips for identifying compliance solutions with high business 
value.
   Read the white paper now.
   http://list.windowsitpro.com/t?ctl=345FB:7EB890


=== IN FOCUS: AxMan, Malware Search, and Bugle =================
   by Mark Joseph Edwards, News Editor, mark at ntsecurity / net

If you read my Security Matters blog, you might remember me mentioning 
the Month of Browser Bugs, in which one new browser bug was to be 
posted to a Web site each day during the month of July. Well, July is 
over, but you can still read about all the browser bugs at the 
following URL:
   http://list.windowsitpro.com/t?ctl=34603:7EB890

The Month of Browser Bugs was driven by well-known security researcher 
H.D. Moore and some of his associates. Moore is probably best known as 
the developer of the Metasploit Toolkit. Moore has a couple other 
useful tools that you might not be aware of: AxMan and Malware Search. 

According to Moore, "[AxMan] was used to discover and debug almost 
every single ActiveX flaw published during the Month of Browser Bugs." 
AxMan is an ActiveX fuzzer that can find bugs in COM objects through 
Microsoft Internet Explorer (IE). In case you don't know, a fuzzer 
injects random data into a program or object in an effort to find flaws 
or vulnerabilities. Moore recently made the AxMan package freely 
available for download. There's also an online demo you can try: 
   http://list.windowsitpro.com/t?ctl=34601:7EB890

Malware Search is a search tool that uses Google queries to look for 
the "fingerprints" of known malware on the Internet. A fingerprint 
includes the date and time the malware was received, the size of the 
code image, the address entry point, and the size of the code itself. 
The tool consists of a set of scripts written in Ruby and comes with a 
database of several dozen signatures. One of the scripts lets you 
generate a new fingerprint when a new malware file pops up on your 
network. To perform a malware search or download the tool, go to the 
following URL:
   http://list.windowsitpro.com/t?ctl=345FE:7EB890

Bugle, another new Web search tool by Emmanouel Kellinis, is 
essentially a list of search engine queries that look for possible 
security bugs in source code that has been indexed by Google. Bugle 
uses a "filetype" parameter along with function calls in the queries to 
specify the type of files to look in for the specific problematic 
function. 

For example, one query finds possible SQL injection vulnerabilities by 
looking for the function call "executequery request.getparameter" in 
.java files. Another query finds possible cross-site scripting problems 
in Active Server Pages (ASP) applications by looking for 
"response.write request.form" in .asp files. At the time of this 
writing, Google returned 452 results for the first example and 149 for 
the second example. 

Keep in mind that not every piece of code returned in the search 
results has vulnerabilities. The potential for a vulnerability 
typically depends on how the developer implemented the code, so you'll 
need to understand a bit about writing code in order to make a 
determination. 

Kellinis invites the public to develop other queries and submit them 
for inclusion in his list. If you like to hunt for vulnerabilities or 
are curious about whether an application you're interested in using 
might contain vulnerabilities, bookmark the site and use it when the 
need arises. 
   http://list.windowsitpro.com/t?ctl=345F9:7EB890


=== SPONSOR: St. Bernard Software ==============================

Clean Up Your Company's Email Act: Using Filters to Block Threats
   Do you want to block unwanted or undesirable email? Download this 
free whitepaper to learn how to manage the content of information 
crossing your network.
   http://list.windowsitpro.com/t?ctl=345F0:7EB890


=== SECURITY NEWS AND FEATURES =================================

Microsoft Testing Daily Malware Definition Updates
   Those who use Microsoft's anti-malware solution, Windows Defender, 
have probably noticed that Microsoft is currently testing its malware 
signature update pipeline by publishing updates each weekday instead of 
biweekly. Find out why in this news story.
   http://list.windowsitpro.com/t?ctl=345EB:7EB890

Security Guru Leaves Microsoft
   Amid the major shake-ups in management at Microsoft, one of the 
company's more notable security gurus, Jesper Johansson, announced that 
he's leaving the company to work for online retail giant Amazon. 
   http://list.windowsitpro.com/t?ctl=345F4:7EB890

The Balancing Act Between Security and Usability
   If your network's security is too tight, your network is more 
difficult to use and manage. If it's too loose, your network is 
vulnerable to attacks. Apostolos Fotakelis explains how he achieves 
balance in this Reader to Reader article. 
   http://list.windowsitpro.com/t?ctl=345EC:7EB890

Recent Security Vulnerabilities
   If you subscribe to this newsletter, you also receive Security 
Alerts, which inform you about recently discovered security 
vulnerabilities. You can also find information about these 
discoveries at
   http://list.windowsitpro.com/t?ctl=345F3:7EB890


=== SPONSOR: Thawte ============================================

The Starter PKI Program
   Test the Starter PKI Program to benefit your company with timesaving 
convenience and secure multiple domains and host names.
   http://list.windowsitpro.com/t?ctl=345F1:7EB890


=== GIVE AND TAKE ==============================================

SECURITY MATTERS BLOG: Build Your Own Firewall 
   by Mark Joseph Edwards, http://list.windowsitpro.com/t?ctl=34600:7EB890

Have a spare system and a couple of NICs lying around? You can use them 
to build your own firewall without too much trouble. Get the link that 
shows you how in this blog entry. 
   http://list.windowsitpro.com/t?ctl=345F5:7EB890

FAQ: Displaying a File's Full Path in Windows Explorer
   by John Savill, http://list.windowsitpro.com/t?ctl=345FD:7EB890 

Q: How can I modify the registry to enable the option to display the 
full path in the Windows Explorer Address bar? 

Find the answer at
   http://list.windowsitpro.com/t?ctl=345E9:7EB890

FROM THE FORUM: Authenticating Wireless Users
   A forum participant wants to use Remote Authentication Dial-In User 
Service (RADIUS) and Protected Extensible Authentication Protocol 
(PEAP) to authenticate wireless users, but he's experiencing some 
problems. Help him out at:
   http://list.windowsitpro.com/t?ctl=345EA:7EB890

SHARE YOUR SECURITY TIPS AND GET $100
   Share your security-related tips, comments, or problems and 
solutions in the Windows IT Security print newsletter's 
Reader to Reader column. Email your contributions to 
r2rwinitsec@private If we print your submission, you'll 
get $100. We edit submissions for style, grammar, and length.


=== PRODUCTS ===================================================
   by Renee Munshi, products@private

Encrypt Your Removable Media
   Addonics Technologies offers Cipher UDD, an encryption/decryption 
hardware device for securing data on removable media. You plug the 
portable (4.63-inch x 5.4-inch x .98-inch) device into your computer 
via a USB 2.0 or eSATA connection. Cipher UDD has a standard Type II PC 
card slot that accommodates standard PC cards and ATA flash cards. For 
other form factors, Addonics provides an array of adapters that can be 
purchased separately or as a bundled solution. Cipher UDD works with 
most systems and OSs as long as the user has the Cipher key. The base 
model has 64-bit encryption and costs $79. A model providing 128-bit 
encryption is also available. For more information, go to
   http://list.windowsitpro.com/t?ctl=34605:7EB890

WANTED: your reviews of products you've tested and used in 
production. Send your experiences and ratings of products to 
whatshot@private and get a Best Buy gift certificate.


=== RESOURCES AND EVENTS =======================================

Windows Connections Conference 
   Now in its seventh year, Windows Connections returns November 6-9, 
at Mandalay Bay in Las Vegas. Don't miss your chance to interact with 
industry experts and hear the latest information on Windows Server 
2003, Windows 2000 Server, and Windows XP Professional! Register and 
attend sessions at Microsoft Exchange Connections FREE! 
   http://list.windowsitpro.com/t?ctl=34604:7EB890

Gear up for TechX World Roadshow 
   Hear first-hand from today's leading interoperability experts, 
vendors, and peers at this exclusive one-day event. You'll learn about 
managing OS interoperability, directory migration, data 
interoperability, and much more. Register for the early-bird special of 
$129 by August 31!  
   http://list.windowsitpro.com/t?ctl=345FC:7EB890

Learn all you need to know about code-signing technology, including the 
goals and benefits of code signing, how code signing works, and the 
underlying cryptographic and security concepts and building blocks.
   http://list.windowsitpro.com/t?ctl=345F2:7EB890

Randy Franklin Smith outlines five evaluation points to consider when 
choosing your antispyware solution in this free podcast. Download it 
today! 
   http://list.windowsitpro.com/t?ctl=345EE:7EB890

When your systems go down, your users' productivity grinds to a halt. 
User downtime is one of the fastest growing concerns among businesses. 
This free Web seminar teaches you how to keep your users continuously 
connected and your business up and running. Live event: Thursday, 
August 24 
   http://list.windowsitpro.com/t?ctl=345ED:7EB890


=== FEATURED WHITE PAPER =======================================

Antivirus or patching software alone isn't enough to protect your 
valuable systems from spyware. Learn how an enterprise antispyware 
solution gives you an affordable--and most important, effective, 
solution to spyware. Download the free whitepaper today! 
   http://list.windowsitpro.com/t?ctl=345EF:7EB890


=== ANNOUNCEMENTS ==============================================

Monthly Online Pass--only $5.95 per month! 
   Includes instant online access to every article ever written in 
Windows IT Pro magazine, plus the latest digital issue. Order now: 
   http://list.windowsitpro.com/t?ctl=345F6:7EB890

Save $40 off SQL Server Magazine 
   Subscribe to SQL Server Magazine today and SAVE up to $40! Along 
with your 12 issues, you'll get FREE access to the entire SQL Server 
Magazine online article archive, which houses more than 2,300 helpful 
SQL Server articles. This is a limited-time offer, so order now:  
   http://list.windowsitpro.com/t?ctl=345F7:7EB890


================================================================

Security UDPATE is brought to you by the Windows IT Pro Web site's 
Security page (first URL below) and the Windows IT Security newsletter 
(subscribe at the second URL below).
   http://list.windowsitpro.com/t?ctl=345FF:7EB890
   http://list.windowsitpro.com/t?ctl=345F8:7EB890

Subscribe to Security UPDATE at
   http://list.windowsitpro.com/t?ctl=345FA:7EB890

Be sure to add Security_UPDATE@private 
to your antispam software's list of allowed senders.

To contact us: 
   About Security UPDATE content -- letters@private
   About technical questions -- http://list.windowsitpro.com/t?ctl=34602:7EB890
   About your product news -- products@private
   About your subscription -- windowsitproupdate@private
   About sponsoring Security UPDATE -- salesopps@private

View the Windows IT Pro privacy policy at
   http://www.windowsitpro.com/AboutUs/Index.cfm?action=privacy

Windows IT Pro, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department

Copyright 2006, Penton Media, Inc. All rights reserved.


_________________________________
Visit the InfoSec News store!
http://www.shopinfosecnews.org



This archive was generated by hypermail 2.1.3 : Wed Aug 09 2006 - 22:35:32 PDT