PLEASE VISIT OUR SPONSORS, WHO BRING YOU SECURITY UPDATE FOR FREE: Choose Your Savings on Web Filtering http://list.windowsitpro.com/t?ctl=3527F:7EB890 Protect Your Network - Threats Brought in By Remote Laptops http://list.windowsitpro.com/t?ctl=3528D:7EB890 Patch and Spyware Management: An Integrated Approach to Network Security http://list.windowsitpro.com/t?ctl=3527D:7EB890 === CONTENTS =================================================== IN FOCUS: Black Hat Briefly NEWS AND FEATURES - Windows Server Service Still Vulnerable to DoS Attacks - Cult of the Dead Cow Puts Malware Samples Online - Name That Computer! - Recent Security Vulnerabilities GIVE AND TAKE - Security Matters Blog: Shine Some Light on Potential UAC Problems - FAQ: Process Explorer - Share Your Security Tips PRODUCTS - Antispyware on the Go - Wanted: Your Reviews of Products RESOURCES AND EVENTS FEATURED WHITE PAPER ANNOUNCEMENTS === SPONSOR: St. Bernard Software ============================== Choose Your Savings on Web Filtering iPrism, the IDC-ranked #1 Web filtering appliance has an offer that's too good to pass up. Purchase a 3-year subscription to the most accurate database in the industry and get your iPrism appliance at no charge. Or, purchase an iPrism and a 3-year subscription and get an extra year free. Only iPrism gives you two ways to save big. This is a limited time offer so get a Quick Quote now! http://list.windowsitpro.com/t?ctl=3527F:7EB890 === IN FOCUS: Black Hat Briefly ============================= by Mark Joseph Edwards, News Editor, mark at ntsecurity / net The Black Hat USA 2006 conference ended August 3. Several presentations at the show made some big waves. This week, I'll briefly summarize some of the more notable happenings in relation to Microsoft. You might have read any of the dozens of news stories about the Wi-Fi driver problems. David Maynor and Johnny Cache (a pseudonym used by John Ellch) demonstrated that they could hijack an Apple MacBook system even when it wasn't connected to a wireless Access Point (AP). Some of the stories implied that the flaw was within Mac OS X. But as Maynor pointed out in his presentation, "Don't think however that just because we're attacking an Apple that the flaw is in an Apple. We're actually using a third-party wireless card." Maynor and Ellch also discovered flaws in third-party Wi-Fi drivers for Windows platforms. So the problems aren't with any particular OS but instead reside firmly with third-party driver developers whose code contains significant flaws. Maynor and Ellch played a recording of their presentation at the conference instead of doing it live because they didn't want to risk having someone intercept Wi-Fi packets at the conference to discern the exact nature of their attack while various vendors are working on solutions for their problematic drivers. If you want to see Maynor and Ellch's presentation, you can watch it at YouTube: http://list.windowsitpro.com/t?ctl=3528C:7EB890 Another interesting presentation was given by Dan Kaminsky, who demonstrated a method of probing TCP/IP networks to determine whether a given Internet backbone provider is manipulating traffic based on its type or origin. Backbone providers have made noise recently about wanting to charge content providers, such as those who provide large amounts of audio and video, more money to carry high-bandwidth traffic. Kaminsky's tool would help reveal which backbone providers are already practicing traffic shaping. He plans to release the tool as part of his Paketto Keiretsu toolkit, which he intends to update in the next half year. You can learn more about Paketto Keiretsu at his Web site. http://list.windowsitpro.com/t?ctl=35288:7EB890 Joanna Rutkowska made some waves too when she demonstrated how to load unsigned code into Windows Vista. Her attack requires that the code run under an account with administrative privileges, and Vista's new User Account Control (UAC) feature will help defend against such attacks, provided users don't make mistakes answering a plethora of prompts. Also, Microsoft has reportedly fixed Rutkowska's path of attack in later builds of Vista. I'm not sure whether she'll post her presentation online, but you can monitor her Web site if you're interested: http://list.windowsitpro.com/t?ctl=3528F:7EB890 Microsoft was out in force at Black Hat watching presentations and giving eight presentations that touched on various aspects of Vista security and Microsoft's changing security landscape. During his presentation, John Lambert, security group manager in Microsoft's Security Engineering and Communications Group, said the company is putting Vista through the biggest penetration testing process in history. I remember years ago when people (myself included) cried out for Microsoft to hire hackers instead of opposing them when they discovered and released vulnerability reports. Well, now Microsoft has reportedly hired numerous companies and many well-known hackers to help with various aspects of security, including penetration testing--and I must say, it's about time! === SPONSOR: 8e6 Technologies ================================== Protect Your Network - Threats Brought in By Remote Laptops Learn how employee laptops indiscriminately harm company networks, despite standard security gear, and gain valuable information on how to protect your company against these threats - without throwing out the laptops. Get the FREE white paper from 8e6 Technologies. Qualify Now! http://list.windowsitpro.com/t?ctl=3528D:7EB890 === SECURITY NEWS AND FEATURES ================================= Windows Server Service Still Vulnerable to DoS Attacks Microsoft released a dozen security updates this month (which incidentally fix nearly two dozen flaws), but the updates don't include a fix for a known Denial of Service (DoS) attack that could cause an affected system to crash. http://list.windowsitpro.com/t?ctl=35276:7EB890 Cult of the Dead Cow Puts Malware Samples Online Offensive Computing, an offshoot of Cult of the Dead Cow (cDc), which labels itself a "technology activist group," offers a new malware library on its Web site. http://list.windowsitpro.com/t?ctl=35277:7EB890 Name That Computer! Jeff Fellinge looks at how naming conventions and IP standards can help you quickly identify systems, then compares the approaches that two everyday Windows tools take to resolve IP addresses to names. http://list.windowsitpro.com/t?ctl=35287:7EB890 Recent Security Vulnerabilities If you subscribe to this newsletter, you also receive Security Alerts, which inform you about recently discovered security vulnerabilities. You can also find information about these discoveries at http://list.windowsitpro.com/t?ctl=35280:7EB890 === SPONSOR: Shavlik =========================================== Patch and Spyware Management: An Integrated Approach to Network Security Manage threats and vulnerabilities from adware and spyware in one console as a comprehensive approach to maximizing network security. http://list.windowsitpro.com/t?ctl=3527D:7EB890 === GIVE AND TAKE ============================================== SECURITY MATTERS BLOG: Shine Some Light on Potential UAC Problems by Mark Joseph Edwards, http://list.windowsitpro.com/t?ctl=3528B:7EB890 Windows Vista introduces User Account Control (UAC), which might cause problems for some applications that aren't designed to run under the least-privileged user account (LUA) approach. Aaron Margosis released a tool, LUA Buglight, that might help you discover the source of such problems. http://list.windowsitpro.com/t?ctl=35281:7EB890 FAQ: Process Explorer by John Savill, http://list.windowsitpro.com/t?ctl=35289:7EB890 Q: What is the Process Explorer utility? Find the answer at http://list.windowsitpro.com/t?ctl=35275:7EB890 SHARE YOUR SECURITY TIPS AND GET $100 Share your security-related tips, comments, or problems and solutions in the Windows IT Security print newsletter's Reader to Reader column. Email your contributions to r2rwinitsec@private If we print your submission, you'll get $100. We edit submissions for style, grammar, and length. === PRODUCTS =================================================== by Renee Munshi, products@private Antispyware on the Go ParetoLogic announces the immediate availability of XOFTspy Portable, which consists of the antispyware program XoftSpySE running on a U3 smart USB flash drive. XOFTspy Portable is licensed for use on multiple computers and is designed to protect roaming users on whatever PC they might use. In addition to cleaning the computers a user plugs it into, the product protects the data and applications stored on the device itself. XOFTspy Portable costs $14.95, and more information is available at http://list.windowsitpro.com/t?ctl=35286:7EB890 WANTED: your reviews of products you've tested and used in production. Send your experiences and ratings of products to whatshot@private and get a Best Buy gift certificate. === RESOURCES AND EVENTS ======================================= Is your continuity solution letting you down? If you're not getting 100% coverage against lost or missing messages, even for short, unplanned outages, you might be jeopardizing your messaging system's integrity and your company's productivity. Learn how to manage disruptions to your messaging environment without breaking the bank in the process. View the on-demand Web seminar today! http://list.windowsitpro.com/t?ctl=3527A:7EB890 Use policy-based deployment to easily configure and deploy throughout your organization desktop spyware protection that provides AD support, an easy Admin Console for centralized management, and one of the most robust spyware threat databases in the industry. View the demo today! http://list.windowsitpro.com/t?ctl=3527B:7EB890 Incorporate Virtual Machines into Your Disaster Recovery Plan Join us for this free Web seminar to learn how incorporating VMs into your disaster recovery plan can reduce your TCO by 50% or more, reduce hardware cost, and simplify management. Attend the live Web seminar and get your questions answered by industry leaders from VMware and CA XOsoft. Live Event: Tuesday, September 19. http://list.windowsitpro.com/t?ctl=35278:7EB890 Any unscheduled downtime--especially of your Exchange systems--can quickly affect your company's bottom line. Learn the essential skills to reduce downtime to minutes instead of hours. http://list.windowsitpro.com/t?ctl=3527E:7EB890 Are you ready for the next spyware attack? Make sure--learn from industry expert Mark Joseph Edwards. Protect against emerging spyware threats, including rootkits, keyloggers, and distribution methods. View the on-demand Web seminar today! http://list.windowsitpro.com/t?ctl=3527C:7EB890 === FEATURED WHITE PAPER ======================================= Are you vulnerable when your users access the Internet outside the corporate network? Track and monitor remote access easily and unobtrusively to make sure that your intellectual assets are secure. Download the free whitepaper and find out more today! http://list.windowsitpro.com/t?ctl=35279:7EB890 === ANNOUNCEMENTS ============================================== Save $40 off Windows IT Pro Magazine Subscribe to Windows IT Pro magazine today and SAVE up to $40! Along with your 12 issues, you'll get FREE access to the entire Windows IT Pro online article archive, which houses more than 9,000 helpful IT articles. This is a limited-time offer, so order now: http://list.windowsitpro.com/t?ctl=35283:7EB890 Invitation for VIP Access For only $29.95 per month, you'll get instant VIP online access to ALL articles published in Windows IT Pro, SQL Server Magazine, and the Exchange and Outlook Administrator, Windows Scripting Solutions, and Windows IT Security newsletters--that's more than 26,000 articles at your fingertips. Sign up now: http://list.windowsitpro.com/t?ctl=35282:7EB890 ================================================================ Security UDPATE is brought to you by the Windows IT Pro Web site's Security page (first URL below) and the Windows IT Security newsletter (subscribe at the second URL below). http://list.windowsitpro.com/t?ctl=3528A:7EB890 http://list.windowsitpro.com/t?ctl=35284:7EB890 Subscribe to Security UPDATE at http://list.windowsitpro.com/t?ctl=35285:7EB890 Be sure to add Security_UPDATE@private to your antispam software's list of allowed senders. To contact us: About Security UPDATE content -- letters@private About technical questions -- http://list.windowsitpro.com/t?ctl=3528E:7EB890 About your product news -- products@private About your subscription -- windowsitproupdate@private About sponsoring Security UPDATE -- salesopps@private View the Windows IT Pro privacy policy at http://www.windowsitpro.com/AboutUs/Index.cfm?action=privacy Windows IT Pro, a division of Penton Media, Inc. 221 East 29th Street, Loveland, CO 80538 Attention: Customer Service Department Copyright 2006, Penton Media, Inc. All rights reserved. _________________________________ Visit the InfoSec News store! http://www.shopinfosecnews.org
This archive was generated by hypermail 2.1.3 : Thu Aug 17 2006 - 08:16:38 PDT