[ISN] Symantec's New Internet Security Threat Report

From: InfoSec News (alerts@private)
Date: Thu Mar 29 2007 - 01:20:39 PST

Forwarded with permission from: Security UPDATE <Security_UPDATE (at) list.windowsitpro.com>


Messaging Security for Small and Mid-sized Businesses

Free White Paper: What's Missing from SEM?

Automatically fix links when you move files!

=== CONTENTS ===================================================

IN FOCUS: Symantec's New Internet Security Threat Report 

   - New Firefox Versions Released to Fix FTP Vulnerability
   - War Driving Goes Commercial
   - Microsoft Admits to Xbox Support Slip-Ups
   - Recent Security Vulnerabilities

   - Security Matters Blog: David LeBlanc Starts Blogging
   - FAQ: Accessing Drives After Renaming Servers
   - From the Forum: Vista's Security Features
   - From the Forum: Vote for Your Favorite Host IPS
   - Tell Us About the Products You Love!
   - Share Your Security Tips

   - Detect System Object and Registry Changes




=== SPONSOR: Symantec ==========================================

Messaging Security for Small and Mid-sized Businesses
   Did you know that 75% of corporate intellectual property resides in 
email? The challenges facing this vital business application range from 
spam to the costly impact of downtime and the need for effective, 
centralized email storage systems. Join us for a free Web seminar and 
learn the key features of a holistic approach to managing email 
security, availability, and control. On-Demand Web Seminar.

=== IN FOCUS: Symantec's New Internet Security Threat Report ===
   by Mark Joseph Edwards, News Editor, mark at ntsecurity / net

Security vendors often release reports based on their perspective of 
current and future Internet-related security threats. The reports are 
useful in learning what the vendor sees, which in turn can lead you to 
your own widened perspective on potential problems. 

Symantec recently released "Internet Security Threat Report, Trends for 
July-December 2006." While the report is based on historical data, it 
does lend some insight into the future. 

According to the report, the latest trend for intruders is to use 
medium-risk vulnerabilities as launch points to conduct future attacks. 
Symantec said that intruders are more frequently using combined 
vulnerabilities and that financial gain is often the motive. 

The company said it bases its findings on a network of more than 40,000 
sensors in more than 180 countries, more than 2 million decoy email 
accounts, and information collected from its BugTraq mailing list. 

Some interesting highlights from the report include the discovery that 
of all the attacks that affected Web browsers, approximately 77 percent 
were aimed at Microsoft Internet Explorer (IE). Ninety-three percent of 
all attacks were aimed at home users.

Another interesting data point is that Symantec tracked over 5,200 
Denial of Service (DoS) attacks per day. That's a lot! Interestingly 
enough, the company said that figure dropped from last year when it 
tracked more than 6,100 DoS attacks per day. 

The company also documented more than 2,500 vulnerabilities; 66 percent 
of them were related to Web applications, and 79 percent were "easily 

Another interesting set of points are patch turnaround times for OSs. 
Symantec measured five vendors: Microsoft, Sun Microsystems, Apple, HP, 
and Red Hat. Of those five companies, Symantec found that Microsoft had 
the fastest average turnaround time overall, Red Hat was second, HP was 
third, Apple was fourth, and Sun was fifth. 

The number of vulnerabilities measured for each vendor varied as did 
the response time, when comparing the second half of 2006 with the 
first half. For example, HP's average response time in the first half 
of 2006 was 53 days for the seven vulnerabilities the company 
disclosed. In the second half of 2006, HP's number of disclosed 
vulnerabilities increased to 98 and the company's average response time 
increased to 101 days.

Even though we'll most likely see fewer vulnerabilities in Vista than 
we do in previous Windows platforms, I expect Microsoft's average 
vulnerability response time will remain steady since it uses a monthly 
patch release schedule. 

Vista will no doubt affect the future reports of most any Windows-based 
security vendor--Symantec certainly included. The report predicts that 
third-party software developers could become the source of a 
significant percentage of attacks against the OS. 

That's just the tip of the iceberg of the information in Symantec's 
104-page report. Other information includes trends regarding specific 
types of attacks, what future trends might be, and a lot of detail 
about some of the topics I covered briefly here. If you're interested 
in reading the entire report, you can get a copy in PDF format at the 
URL below: 


Vote in the Windows IT Pro 2007 Community Choice Awards!
   Vote for your favorite products from the Buyer's Guides published in 
Windows IT Pro during the past 12 months. The first three categories--
Host-Based Intrusion Prevention Systems, KVM over IP Switches, and 
Ultra-Portable Laptops--are now open for voting on the Windows IT Pro 
forums. We'll open three new categories each week for the next three 
weeks, and voting will remain open for three weeks per category. To see 
the list of products in each category and vote, follow these links:
   Host-Based Intrusion Prevention Systems
   KVM over IP Switches 
   Ultra-Portable Laptops 

=== SPONSOR: NetIQ =============================================

Free White Paper: What's Missing from SEM?
   "What's Missing from SEM" examines what is required for a 
comprehensive and integrated solution to meet all your security 
management needs. This paper reveals the 12 critical questions to ask 
of your security management system, and explains why it's time to move 
beyond simple event management.

=== SECURITY NEWS AND FEATURES =================================

New Firefox Versions Released to Fix FTP Vulnerability
   Mozilla Foundation released Firefox and to fix a 
vulnerability in the FTP protocol that could allow an intruder to 
perform a basic port scan of a user's internal network.

War Driving Goes Commercial
   Skyhook Wireless operates trucks that locate wireless APs in more 
than 2,500 cities. The company can then locate people through their 
connections to an AP and provide them various location-related 

Microsoft Admits to Xbox Support Slip-Ups
   While Microsoft was originally quick to dismiss recent rumors of a 
security problem with its Xbox Live online service, the company now 
says that though the service is technically sound, it appears that 
staffers at Xbox support have been giving up users' personal 
information to callers without properly verifying their identities. 
Thus, some malicious users have indeed been able to subvert Xbox Live 
accounts by using old-fashioned social engineering schemes.

Recent Security Vulnerabilities
   If you subscribe to this newsletter, you also receive Security 
Alerts, which inform you about recently discovered security 
vulnerabilities. You can also find information about these 
discoveries at

=== SPONSOR: LinkTek ===========================================

Automatically fix links when you move files!
   Patented LinkFixerPlus is the first application that automatically 
fixes broken links in Excel, Word, Access, PowerPoint, Acrobat, 
InDesign, PageMaker, AutoCAD and other files when performing data 
migrations due to: server consolidations, server name changes, path 
name changes or folder reorganizations! Detailed broken link reporting 
   Download the FREE trial version NOW at 

=== GIVE AND TAKE ==============================================

SECURITY MATTERS BLOG: David LeBlanc Starts Blogging
   by Mark Joseph Edwards, http://list.windowsitpro.com/t?ctl=4FC2A:57B62BBB09A6927948DF73B48E1F7B69

David LeBlanc--one of the first programmers at Internet Security 
Systems (ISS) and now a security expert at Microsoft--is now blogging 
on MSDN.

FAQ: Accessing Drives After Renaming Servers
   by John Savill, http://list.windowsitpro.com/t?ctl=4FC27:57B62BBB09A6927948DF73B48E1F7B69 

Q: I've renamed servers using a special script but am now having 
problems accessing disks via the Microsoft Management Console (MMC) 
Disk Management snap-in. What's the problem?

Find the answer at

FROM THE FORUM: Vista's Security Features
   It seems like companies aren't in a rush to migrate to Windows 
Vista. But what about all the new security features Vista offers? 
Aren't they a draw to the new OS version? Which new security features 
make you want to move right away, and which aren't so compelling?

FROM THE FORUM: Vote for Your Favorite Host IPS
   Help us pick the most popular products to win Windows IT Pro's 2007 
Community Choice awards. Choose the best host-based IPS and tell us why 
it gets your vote. You could win a $100 Amazon.com gift card. Join the 
discussion at

   What products are you using that save you time or make your workload 
a little lighter? What hot product discoveries have you made that other 
IT pros need to know about? Let the world know about your experiences 
in Windows IT Pro's monthly What's Hot department. If we publish your 
story in What's Hot, we'll send you a Best Buy gift card! Send 
information about your favorite product and how it has helped you to 

   Share your security-related tips, comments, or problems and 
solutions in Security Pro VIP's Reader to Reader column. Email your 
contributions to r2r@private If we print your submission, 
you'll get $100. We edit submissions for style, grammar, and length.

=== PRODUCTS ===================================================
   by Renee Munshi, products@private

Detect System Object and Registry Changes
   Imperva announced the ADC Change Management Module for its 
SecureSphere appliances. The module performs an initial assessment and 
subsequently detects objects that are added to, changed on, or removed 
from the system. It also detects changes in the registry and monitors 
for files necessary for system operation. The ADC Change Management 
Module complements SecureSphere's existing abilities, which are to 
automate the complex processes required to produce compliance reports, 
perform change control audits, and maintain secure database 
configurations. The ADC Change Management Module is available 
immediately for free for SecureSphere customers that subscribe to the 
ADC security update service. For more information, go to

=== RESOURCES AND EVENTS =======================================
   For more security-related resources, visit

Deploy Exchange Server 2007 Without a Hitch! 
   This one-day technical training event teaches you how to preempt 
pitfalls and avoid corrupting your infrastructure. Learn how to 
effectively install, manage, and secure Exchange Server 2007 in a 64-
bit environment. You'll also get a peek into the integration of 
Outlook, SharePoint Server 2007, and Exchange Server 2007. Register 

Windows + UNIX/Linux = You Need TechX World! 
   If you work in an environment that includes Windows plus UNIX or 
Linux, TechX World is the place to go for practical strategies and 
resources to add to your toolkit. This one-day technical training event 
will teach you how to make the most of open-source tools on Windows and 
how to manage and sync multiple directories. Register today! 

Get Ready for the Windows Server Longhorn Roadshow! 
   Seize control of your Windows infrastructure with Microsoft's 
biggest server release since Windows 2003. Get a live, under-the-hood 
look at Longhorn virtualization, deployment, Web services, and 
breakthroughs in core reliability. This one-day event is filled with 
demonstrations and in-depth discussions designed for IT pros who want a 
deep understanding of Windows Server Longhorn.   

=== FEATURED WHITE PAPER =======================================

Devote your time, energy, and resources to serving your customers, not 
your servers. Want to focus on high-value activities instead of 
applying OS patches and updates, dealing with security vulnerabilities, 
and managing disk drives? Download this free white paper now and find 
out how you can have a business-class Web hosting solution with secure 
application pooling to protect your data. 

=== ANNOUNCEMENTS ==============================================

Introducing a Unique Security Resource 
   Security Pro VIP is an online information center that delivers new 
articles every week on topics such as perimeter security, 
authentication, and system patches. Subscribers also receive tips, 
cautionary advice, direct access to our editors, and a host of other 
benefits! Order now at an exclusive charter rate and save up to $50! 

Grab Your Share of the Spotlight!  
   Nominate yourself or a peer to become IT Pro of the Month. This is 
your chance to get the recognition you deserve! Winners will receive 
over $600 in IT resources and be featured in Windows IT Pro. It's easy 
to enter--we're accepting May nominations now, but only for a limited 
time! Submit your nomination today: 


Security UDPATE is brought to you by the Windows IT Pro Web site's 
Security page (first URL below) and Security Pro VIP (second URL 

Subscribe to Security UPDATE at

Be sure to add Security_UPDATE@private 
to your antispam software's list of allowed senders.

To contact us: 
   About Security UPDATE content -- letters@private
   About technical questions -- http://list.windowsitpro.com/t?ctl=4FC2D:57B62BBB09A6927948DF73B48E1F7B69
   About your product news -- products@private
   About your subscription -- windowsitproupdate@private
   About sponsoring Security UPDATE -- salesopps@private

View the Windows IT Pro privacy policy at

Windows IT Pro, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department

Copyright 2007, Penton Media, Inc. All rights reserved.

Visit the InfoSec News Security Bookstore

This archive was generated by hypermail 2.1.3 : Thu Mar 29 2007 - 01:32:36 PST