PLEASE VISIT OUR SPONSORS, WHO BRING YOU SECURITY UPDATE FOR FREE: Patch and Spyware Management: An Integrated Approach to Network Security http://list.windowsitpro.com/t?ctl=39EE5:7EB890 How to Build a Real Time Enterprise. Free White Paper! http://list.windowsitpro.com/t?ctl=39EFB:7EB890 Reducing the Cost of IT Compliance: Streamlining the IT Compliance Life Cycle http://list.windowsitpro.com/t?ctl=39EE8:7EB890 === CONTENTS =================================================== IN FOCUS: Two More Portable Anonymous Web Browsers NEWS AND FEATURES - Two IE Vulnerabilities Allow Unwanted Code Execution - EMC Forms New Security Division - Recent Security Vulnerabilities GIVE AND TAKE - Security Matters Blog: New Tool: WindowsZones - FAQ: Join Vista to a Domain - Microsoft Learning Paths for Security: Identity and Access Management - KNOW YOUR IT SECURITY Contest PRODUCTS - Keep an Eye on Your Files - Wanted: Your Reviews of Products RESOURCES AND EVENTS FEATURED WHITE PAPER ANNOUNCEMENTS === SPONSOR: Shavlik =========================================== Patch and Spyware Management: An Integrated Approach to Network Security Manage threats and vulnerabilities from adware and spyware in one console as a comprehensive approach to maximizing network security. http://list.windowsitpro.com/t?ctl=39EEA:7EB890 SECTop0927 === IN FOCUS: Two More Portable Anonymous Web Browsers ========= by Mark Joseph Edwards, News Editor, mark at ntsecurity / net A few weeks ago after I wrote about Browzar (see the article at the URL below), a few people wrote to criticize the tool. That's to be expected, and I do respect their opinions even though they differ from mine. Since then, I've been looking around for other browsers that can help protect privacy above and beyond the typical browser features of being able to manually clear history and cache data. So far I've found two tools that fit the bill. http://list.windowsitpro.com/t?ctl=39EEC:7EB890 The first tool, PortableApps.com's Mozilla Firefox - Portable Edition (at the URL below) is based on Mozilla Foundation's Firefox code but was independently developed by John T. Haller. First released in June 2004, Firefox Portable seems to be kept up to date, including the addition of any necessary security fixes soon after vulnerabilities are found. http://list.windowsitpro.com/t?ctl=39EF7:7EB890 Firefox Portable is designed specifically to be copied onto portable media. You can install it on a small USB flash drive (or CD-ROM) and use it on nearly any PC that doesn't have its USB ports or CD-ROM drive locked down. Like regular Firefox, the portable version lets you install extensions and themes, but unlike Firefox, Firefox Portable helps prevent storage of usage information. Your download history is deleted when you shut the browser down cleanly (but not, for example, when you terminate the FirefoxPortable.exe process manually), URL history and form data storage are disabled by default, and no disk cache is used by default. However, you can configure Firefox Portable to write such data to the portable media (if the media is writeable) and use cache if you like. I tested Firefox Portable, and it works just fine. The self-extracting executable dumps all the required files into one directory tree that you select. The installed size is about 16.5MB. Note that Firefox Portable won't run if another instance of Firefox is already running. The second tool I found is Torpark (at the URL below). Developed by Hacktivismo, which "[operates] under the aegis of the [infamous] Cult of the Dead Cow (cDc)," Torpark is relatively new and based on the Firefox Portable code. It includes a very interesting added benefit in that it uses the The Onion Router (Tor) network. http://list.windowsitpro.com/t?ctl=39EFD:7EB890 In case you aren't aware of it, Tor (at the URL below) is software that builds a network of relatively anonymous servers by chaining them together automatically to encrypt and route traffic to and from its destination. At its core, a Tor client acts as a Sockets (Socks) proxy. http://list.windowsitpro.com/t?ctl=39EFE:7EB890 According to the developers, "Torpark comes pre-configured, requires no installation, can run off a USB memory stick, and leaves no tracks behind in the browser or computer." Sounds pretty good, right? There is however one drawback: Tor can be very slow at times. Tor volunteer server operators can regulate how much bandwidth they devote to their Tor server, and it seems that many Tor server operators allocate only a small amount. But if you really need anonymous Web surfing ability, some lag time is probably worth it. I tested Torpark and it's really easy to use. The installation process is the same as for Portable Firefox except that Torpark also installs the Tor client. The installed size is about 27MB. The custom Web interface includes all the regular Firefox controls along with two additional buttons: one to enable or disable use of the Tor network (so you can use Torpark without Tor to just browse without encryption) and another to flush the Tor circuit. The latter feature causes Tor to chain together a new set of Tor servers to use as your path out to the Internet. Flushing the circuit doesn't always result in a faster circuit, but at times it might, so the feature is helpful. I'll also point out for the Browzar detractors that neither Firefox Portable nor Torpark include any spyware or adware. Both let you customize the search tool just like Firefox does. === SPONSOR: NetSuite ========================================== How to Build a Real Time Enterprise. Free White Paper! The vast majority of businesses have information scattered throughout the enterprise on paper, in siloed databases and in emails, making real-time operations difficult to achieve. Learn the benefits and explore the challenges mid-sized businesses face in their real-time enterprise efforts. http://list.windowsitpro.com/t?ctl=39EFB:7EB890 === SECURITY NEWS AND FEATURES ================================= Two IE Vulnerabilities Allow Unwanted Code Execution Two new vulnerabilities were recently discovered in Microsoft Internet Explorer (IE). One allows intruders to install shell code and take subsequent actions, including installing malware. http://list.windowsitpro.com/t?ctl=39EF1:7EB890 The other, located in the DirectAnimation ActiveX control, also lets unwanted code be run on an affected system. http://list.windowsitpro.com/t?ctl=39EEF:7EB890 EMC Forms New Security Division EMC has completed the acquisition of RSA Security and has acquired Network Intelligence. EMC will form a new security division based on the RSA brand. Former chief executive officer at RSA, Art Coviello, will lead the division as president and will serve as an executive vice president at EMC. Network Intelligence will become a business unit of the new division. http://list.windowsitpro.com/t?ctl=39EF2:7EB890 Other Recent Security Vulnerabilities If you subscribe to this newsletter, you also receive Security Alerts, which inform you about recently discovered security vulnerabilities. You can also find information about these discoveries at http://list.windowsitpro.com/t?ctl=39EEB:7EB890 === SPONSOR: Scalable Software ================================= Reducing the Cost of IT Compliance: Streamlining the IT Compliance Life Cycle The average enterprise spends nearly $10 million annually on IT compliance. Download this free whitepaper today to streamline the compliance lifecycle, and dramatically reduce your company's costs! http://list.windowsitpro.com/t?ctl=39EE8:7EB890 === GIVE AND TAKE ============================================== SECURITY MATTERS BLOG: New Tool: WindowsZones by Mark Joseph Edwards, http://list.windowsitpro.com/t?ctl=39EFA:7EB890 WindowsZones is a new tool that claims to be able to protect Internet applications against zero-day exploits and to move those applications between security zones on the fly. http://list.windowsitpro.com/t?ctl=39EF0:7EB890 FAQ: Join Vista to a Domain by John Savill, http://list.windowsitpro.com/t?ctl=39EF5:7EB890 Q: How do I join my Windows Vista machine to a domain? Find the answer at http://list.windowsitpro.com/t?ctl=39EEE:7EB890 MICROSOFT LEARNING PATHS FOR SECURITY: Identity and Access Management Use the resources listed on the Microsoft Learning Paths Web page to get in-depth information about identity and access management. Find out how to provide a secure environment for managing user identities, authentication methods, and access rights across an organization's internal and external users. http://list.windowsitpro.com/t?ctl=39EF3:7EB890 KNOW YOUR IT SECURITY Contest Sponsored by Microsoft Learning Paths for Security Share your security-related tips, comments, or solutions in 500 words or less, and you could be one of 13 lucky winners of a Windows Mobile phone. Tell us how you do patch management, share a security script, write about a security article you've read or a Web cast you've viewed. Submit your entry between now and December 13. We'll select the 13 best entries, and the winners will receive a Windows Mobile phone--plus, we'll publish the winning entries in the Windows IT Security newsletter. Email your contributions to tipswinitsec@private Prizes are courtesy of Microsoft Learning Paths for Security: http://list.windowsitpro.com/t?ctl=39EF3:7EB890 === PRODUCTS =================================================== by Renee Munshi, products@private Keep an Eye on Your Files IS Decisions announces FileAudit 3.0, which lets you track accesses of and changes to Windows files. New features in FileAudit 3.0 include a redesigned GUI, which you can use from the FileAudit console or from Windows Explorer; the ability to display access history in printable reports that you can schedule to run automatically, the ability to schedule archiving of access events occurring on one or more systems to a database; and the ability to filter events (e.g., by type, user, timeframe). Pricing starts at $125 per audited system. For more information, go to http://list.windowsitpro.com/t?ctl=39EF6:7EB890 WANTED: your reviews of products you've tested and used in production. Send your experiences and ratings of products to whatshot@private and get a Best Buy gift certificate. === RESOURCES AND EVENTS ======================================= For more security-related resources, visit http://list.windowsitpro.com/t?ctl=39EF4:7EB890 Exchange & Office 2007 Roadshow Coming to EMEA! Get the facts about deploying Exchange and Office 2007! You'll come away with a clear understanding of how to implement a best-practices migration to Exchange Server 2007 and how you and your end users can get the most out of Office 2007, and you'll learn more about Windows Vista. http://list.windowsitpro.com/t?ctl=39EE9:7EB890 Enterprises on average store identity information in 63 places. Learn about provisioning, synchronization, single sign-on, identity and access management, LDAP, and directory interop solutions from independent expert Gil Kirkpatrick at TechX World in Washington DC, Chicago, Dallas, and San Francisco next month. Three other content tracks cover OS interoperability, data integration/interoperability, and virtualization. http://list.windowsitpro.com/t?ctl=39EF8:7EB890 Whether you're an outsourced-IT provider, part of an in-house IT service staff, or simply provide remote support, this can't-miss Web seminar will help you discover how the right technologies can expand your services. You'll learn how to tap into a $30 billion market for IT services and expand your geographic reach. Live Web seminar: Tuesday, October 17 http://list.windowsitpro.com/t?ctl=39EE7:7EB890 Dramatically simplify Exchange troubleshooting with an in-depth look at built-in troubleshooting tools and third-party applications. Join us as we analyze a typical troubleshooting process, address the problems faced while using standard tools, and learn how automated troubleshooting can address these challenges. View this free Web seminar now! http://list.windowsitpro.com/t?ctl=39EE3:7EB890 Mark Joseph Edwards discusses emerging spyware threats, including rootkits, keyloggers, and distribution methods. On-demand Web seminar http://list.windowsitpro.com/t?ctl=39EE6:7EB890 === FEATURED WHITE PAPER ======================================= Branch offices need flexibility and autonomy in implementing IT solutions; corporate requirements require centralized management, security, and compliance initiatives. Learn to resolve these conflicts and reduce your operational costs for branch offices with limited IT resources. Download the free white paper today! http://list.windowsitpro.com/t?ctl=39EE4:7EB890 === ANNOUNCEMENTS ============================================== Special Invitation for VIP Access Become a VIP subscriber and get continuous, inside access to ALL the content published in Windows IT Pro, SQL Server Magazine, and the Exchange and Outlook Administrator, Windows Scripting Solutions, and Windows IT Security newsletters. Subscribe now and SAVE $100: https://store.pentontech.com/index.cfm?s=1&promocode=eu2769uv Get the Windows IT Pro Utility Kit FREE SAVE up to $30 on Windows IT Pro and get an exclusive Windows IT Pro Utility Kit CD FREE with your paid order! You'll also get unlimited access to the entire online article archive, which houses more than 9000 helpful Windows IT articles. This is a limited-time offer, so order now: https://store.pentontech.com/index.cfm?s=1&promocode=eu2069uw ================================================================ Security UDPATE is brought to you by the Windows IT Pro Web site's Security page (first URL below) and the Windows IT Security newsletter (subscribe at the second URL below). http://list.windowsitpro.com/t?ctl=39EF9:7EB890 https://store.pentontech.com/index.cfm?s=1&promocode=eu255xsb Subscribe to Security UPDATE at http://list.windowsitpro.com/t?ctl=39EED:7EB890 Be sure to add Security_UPDATE@private to your antispam software's list of allowed senders. To contact us: About Security UPDATE content -- letters@private About technical questions -- http://list.windowsitpro.com/t?ctl=39EFC:7EB890 About your product news -- products@private About your subscription -- windowsitproupdate@private About sponsoring Security UPDATE -- salesopps@private View the Windows IT Pro privacy policy at http://www.windowsitpro.com/AboutUs/Index.cfm?action=privacy Windows IT Pro, a division of Penton Media, Inc. 221 East 29th Street, Loveland, CO 80538 Attention: Customer Service Department Copyright 2006, Penton Media, Inc. All rights reserved. _________________________________ Visit the InfoSec News store! http://www.shopinfosecnews.org
This archive was generated by hypermail 2.1.3 : Thu Sep 28 2006 - 00:34:52 PDT