PLEASE VISIT OUR SPONSORS, WHO BRING YOU SECURITY UPDATE FOR FREE: Reducing the Cost of IT Compliance: Streamlining the IT Compliance Life Cycle http://list.windowsitpro.com/t?ctl=3E6FA:7EB890 Protect Your Network - Threats Brought in By Remote Laptops http://list.windowsitpro.com/t?ctl=3E70A:7EB890 Achieving Compliance: Best Practices for Outward Bound Internet Content Protection http://list.windowsitpro.com/t?ctl=3E6F5:7EB890 === CONTENTS =================================================== IN FOCUS: eVade-o-Matic Nearly Evades My Understanding NEWS AND FEATURES - IE 7.0 and Firefox 2.0 Both Have New Antiphishing Technologies - IE 7.0 Vulnerable to Address Bar Spoofing - Norman Data Defense Systems Introduces Automated Malware Forensics - Recent Security Vulnerabilities GIVE AND TAKE - Security Matters Blog: Firefox 2.0 Badly Broken? - FAQ: Using a Script to Check User or Group Existence - From the Forum: Database Security Error - Know Your IT Security Contest - Your IT Pro Vote Counts! PRODUCTS - Easing Smart Card Administration - Wanted: Your Reviews of Products RESOURCES AND EVENTS FEATURED WHITE PAPER ANNOUNCEMENTS === SPONSOR: Scalable Software ================================= Reducing the Cost of IT Compliance: Streamlining the IT Compliance Life Cycle The average enterprise spends nearly $10 million annually on IT compliance. Download this free whitepaper today to streamline the compliance lifecycle, and dramatically reduce your company's costs! http://list.windowsitpro.com/t?ctl=3E6FA:7EB890 === IN FOCUS: eVade-o-Matic Nearly Evades My Understanding ===== by Mark Joseph Edwards, News Editor, mark at ntsecurity / net Metasploit is billed as a benevolent forensic tool to test security. In summary, it's a toolkit that nearly anyone with a modest amount of computer experience can use to exploit vulnerabilities to the maximum extent. Just plug in a module, fill in some parameters, and presto, instant exploitation. The logo on the Metasploit home page (see URL below) paints a picture that's the complete opposite of benevolence, in my mind anyway. The logo contains the image of an obviously malicious intruder (who reminds me of the Joker from the old "Batman" TV series) sitting at a keyboard with any of a variety of "catchy" phrases emblazoned next to it. The phrase cycles on each page reload and offers such pithiness as "Point. Click. Root.," "The Best a Haxor Can Get," "Always hot exploits. Always.," and "What would you like to Metasploit today?" http://list.windowsitpro.com/t?ctl=3E70F:7EB890 About the only beneficial thing I can see about Metasploit is that if it had to be developed at all, at least it's available to the public so that white hats can use it. Metasploit is about to take on an even more insidious tinge when the eVade-o-Matic Module (VoMM, for short) is released. VoMM makes it possible to completely evade signature-based security systems (including signature-based intrusion detection systems--IDSs--and antivirus platforms) by continually changing a piece of code. If code morphs with each new use, an endless number of detection signatures would be needed, which simply isn't practical. Therefore, VoMM and similar technologies render signature-based security systems useless for the most part. According to information posted on the Info-Pull.com blog (see the URL below), VoMM uses a number of techniques to morph code, including white space randomization, string obfuscation and encoding, random comments and comment placement, code block randomization, variable name and function name randomization and obfuscation, and function pointer reassignments. You can get a very detailed analysis of exactly what VoMM does. http://list.windowsitpro.com/t?ctl=3E6F3:7EB890 While these sorts of evasion techniques are by no means new to the world of malware, what is new is the packaging of such techniques into a tool like Metasploit, which anybody with one firing neuron can download to immediately experience that warm and fuzzy "point, click, root" feeling. Rest assured that VoMM will be used by just about every "bad guy" on the planet. Why anyone would unleash this madness upon the world nearly evades my understanding. Nearly. === SPONSOR: 8e6 Technologies ================================== Protect Your Network - Threats Brought in By Remote Laptops Learn how employee laptops indiscriminately harm company networks, despite standard security gear, and gain valuable information on how to protect your company against these threats - without throwing out the laptops. Get the FREE white paper from 8e6 Technologies. Qualify Now! http://list.windowsitpro.com/t?ctl=3E70A:7EB890 === SECURITY NEWS AND FEATURES ================================= IE 7.0 and Firefox 2.0 Both Have New Antiphishing Technologies Microsoft released the long-awaited Internet Explorer 7.0, and Mozilla Foundation released its long-awaited Firefox 2.0. Both include new antiphishing technology. http://list.windowsitpro.com/t?ctl=3E6FF:7EB890 IE 7.0 Vulnerable to Address Bar Spoofing Secunia reports that an anonymous person discovered that it's possible to partially spoof the Internet Explorer (IE) 7.0 Address bar in a pop-up window, which might lead to phishing attacks. http://list.windowsitpro.com/t?ctl=3E701:7EB890 Norman Data Systems Introduces Automated Malware Forensics Norman's new offerings bring malware analysis tools out of private labs and into corporate networks. http://list.windowsitpro.com/t?ctl=3E702:7EB890 Recent Security Vulnerabilities If you subscribe to this newsletter, you also receive Security Alerts, which inform you about recently discovered security vulnerabilities. You can also find information about these discoveries at http://list.windowsitpro.com/t?ctl=3E6FD:7EB890 === SPONSOR: Surf Control ====================================== Achieving Compliance: Best Practices for Outward Bound Internet Content Protection Achieve compliance in today's complex regulatory environment, while managing threats to the inward- and outward-bound communications vital to your business. Adopt a best-practices approach, such as the one outlined in the international information security standard ISO/IEC 17799:2005. Download the whitepaper today and secure the confidentiality, availability and integrity of your corporate information! http://list.windowsitpro.com/t?ctl=3E6F5:7EB890 === GIVE AND TAKE ============================================== SECURITY MATTERS BLOG: Firefox 2.0 Badly Broken? by Mark Joseph Edwards, http://list.windowsitpro.com/t?ctl=3E708:7EB890 I'm about to lose my patience with Firefox 2.0. It seems badly broken, and I wonder if these symptoms are happening to anyone else. Read the blog to learn about what I've found. http://list.windowsitpro.com/t?ctl=3E700:7EB890 FAQ: Using a Script to Check User or Group Existence by John Savill, http://list.windowsitpro.com/t?ctl=3E705:7EB890 Q: How can I use a script to check whether an Active Directory (AD) user or group exists? Find the answer at http://list.windowsitpro.com/t?ctl=3E706:7EB890 FROM THE FORUM: Database Security Error A forum participant uses SQL Server 2000 with SP4 and sees an error in his logs that reads "Login failed for user 'RECOVER'." Does this error have something to do with failed writes to audit files? If you have an idea, join the discussion at: http://list.windowsitpro.com/t?ctl=3E6F4:7EB890 KNOW YOUR IT SECURITY Contest Share your security-related tips, comments, or solutions in 1000 words or less, and you could be one of 13 lucky winners of a Zune media player. Tell us how you do patch management, share a security script, or write about a security article you've read or a Webcast you've viewed. Submit your entry between now and December 13. We'll select the 13 best entries, and the winners will receive a Zune media player-- plus, we'll publish the winning entries in the Windows IT Security newsletter. Email your contributions to tipswinitsec@private Prizes are courtesy of Microsoft Learning Paths for Security: http://list.windowsitpro.com/t?ctl=3E703:7EB890 YOUR IT PRO VOTE COUNTS! Vote for the next "IT Pro of the Month!" Take the time to reward excellence to an IT pro who deserves it. The first 100 to cast their vote will receive a one-year print subscription to Windows IT Pro magazine--compliments of Microsoft. Voting only takes a few seconds, so don't miss out. Cast your vote now: http://list.windowsitpro.com/t?ctl=3E709:7EB890 === PRODUCTS =================================================== by Renee Munshi, products@private Easing Smart Card Administration Gemalto announced integration of its .NET smart cards in Microsoft Certificate Life Cycle Manager (CLM). Gemalto .NET cards run a streamlined version of the .NET framework and provide cryptographic capabilities and two-factor authentication. Support for Gemalto .NET smart cards is integrated into Windows Vista or available from the Microsoft Download Center for Windows 2000/XP/Server 2003. CLM streamlines the provisioning, configuration, and management of digital certificates and smart cards. Gemalto .NET smart cards for testing can be ordered online at the first URL below, and CLM Beta 2 is available for download at the second URL below. http://list.windowsitpro.com/t?ctl=3E70B:7EB890 http://list.windowsitpro.com/t?ctl=3E70D:7EB890 WANTED: your reviews of products you've tested and used in production. Send your experiences and ratings of products to whatshot@private and get a Best Buy gift certificate. === RESOURCES AND EVENTS ======================================= For more security-related resources, visit http://list.windowsitpro.com/t?ctl=3E704:7EB890 Can disaster recovery planning create real value for your business beyond mere survival? Justify your investments in DR planning, and get real answers to your questions about how DR planning and implementation affect the financial performance of your organization. Make cost- effective decisions to positively impact your bottom line! Live event: Tuesday, November 14 http://list.windowsitpro.com/t?ctl=3E6F8:7EB890 How do you manage security vulnerabilities? If you depend on vulnerability assessments to determine the state of your IT security systems, you won't want to miss this Web seminar. Special research from Gartner indicates that deeper penetration is needed to augment your existing vulnerability management processes. Learn more today! http://list.windowsitpro.com/t?ctl=3E6F7:7EB890 Learn all you need to know about code-signing technology, including the goals and benefits of code signing, how it works, and the underlying cryptographic and security concepts and building blocks. Download this complete eBook today--free! http://list.windowsitpro.com/t?ctl=3E6FC:7EB890 Does your company have $500,000 to spend on one email discovery request? Join us for this free Web seminar to learn how you can implement an email archiving solution to optimize email management and proactively take control of e-discovery--and save the IT search party for when you really need it! On-demand Web Seminar http://list.windowsitpro.com/t?ctl=3E6F6:7EB890 Total Cost of Ownership--TCO. It's every executive's favorite buzzword, but what does it really mean and how does it affect you? In this podcast, Ben Smith explains how your organization can use virtualization technology to measurably improve the TCO for servers and clients. http://list.windowsitpro.com/t?ctl=3E6FB:7EB890 === FEATURED WHITE PAPER ======================================= Is your email easily accessible, yet secure, in the event of an e- discovery request? With the phenomenal growth in email volume and the high cost of failing to comply with a discovery request, you can't afford to lose any email. Download this free white paper and implement a strong email retention and management system today! http://list.windowsitpro.com/t?ctl=3E6F9:7EB890 === ANNOUNCEMENTS ============================================== Uncover Essential Windows Knowledge Through Excavator Try out the ultimate vertical search tool--Windows Excavator. Windows Excavator gives you fast, thorough third-party information while filtering out unwanted content. Visit http://list.windowsitpro.com/t?ctl=3E70E:7EB890 today! Your Vote Counts! Vote for the next "IT Pro of the Month!" Take the time to reward excellence in an IT pro. The first 100 readers to cast a vote will receive a one-year subscription to Windows IT Pro, compliments of Microsoft. Voting takes only a few seconds, so don't miss out. Cast your vote now: http://list.windowsitpro.com/t?ctl=3E709:7EB890 ================================================================ Security UDPATE is brought to you by the Windows IT Pro Web site's Security page (first URL below) and the Windows IT Security newsletter (subscribe at the second URL below). http://list.windowsitpro.com/t?ctl=3E707:7EB890 https://store.pentontech.com/index.cfm?s=1&promocode=eu255xsb Subscribe to Security UPDATE at http://list.windowsitpro.com/t?ctl=3E6FE:7EB890 Be sure to add Security_UPDATE@private to your antispam software's list of allowed senders. To contact us: About Security UPDATE content -- letters@private About technical questions -- http://list.windowsitpro.com/t?ctl=3E70C:7EB890 About your product news -- products@private About your subscription -- windowsitproupdate@private About sponsoring Security UPDATE -- salesopps@private View the Windows IT Pro privacy policy at http://www.windowsitpro.com/AboutUs/Index.cfm?action=privacy Windows IT Pro, a division of Penton Media, Inc. 221 East 29th Street, Loveland, CO 80538 Attention: Customer Service Department Copyright 2006, Penton Media, Inc. All rights reserved. _________________________________ Visit the InfoSec News store! http://www.shopinfosecnews.org
This archive was generated by hypermail 2.1.3 : Thu Nov 02 2006 - 03:15:37 PST