[ISN] A Different Kind of Honeypot Project

From: InfoSec News (alerts@private)
Date: Wed May 02 2007 - 23:24:56 PDT


Forwarded with permission from: Security UPDATE <Security_UPDATE (at) list.windowsitpro.com>

PLEASE VISIT OUR SPONSORS, WHO BRING YOU SECURITY UPDATE FOR FREE:

Email Security for the 21st Century
   http://list.windowsitpro.com/t?ctl=54849:57B62BBB09A692798684B08A92833E46

Roadmap to Email Archiving and Compliance
   http://list.windowsitpro.com/t?ctl=5484B:57B62BBB09A692798684B08A92833E46

Enterprises Rate Important IP Telephony Features
   http://list.windowsitpro.com/t?ctl=5485E:57B62BBB09A692798684B08A92833E46 


=== CONTENTS ===================================================

IN FOCUS: A Different Kind of Honeypot Project

NEWS AND FEATURES
   - Dangerous QuickTime and Java Flaw Affects Windows
   - Browser Toolbars Integrate Real-Time Anti-Malware Defenses
   - Microsoft Prepares Forefront Client Security for May Release
   - Recent Security Vulnerabilities

GIVE AND TAKE
   - Security Matters Blog: Vbootkit Bypasses Vista Code Signing
   - FAQ: Get Windows 2003 SP2
   - From the Forum: Looking for Password Analyzer
   - We Need Your Feedback About the Products You Use
   - Share Your Security Tips

PRODUCTS
   - Easier Management of Data Encryption Appliances

RESOURCES AND EVENTS

FEATURED WHITE PAPER

ANNOUNCEMENTS


=== SPONSOR: Ironport ==========================================

Email Security for the 21st Century
   Protect your users and your network against email-borne threats. 
This free eBook gives you the knowledge required to understand the real 
threat that email-borne attacks pose, and how to address those attacks 
in a way that reduces risk while ensuring users aren't impacted. 
Download it today!
   http://list.windowsitpro.com/t?ctl=54849:57B62BBB09A692798684B08A92833E46


=== IN FOCUS: A Different Kind of Honeypot Project =============
   by Mark Joseph Edwards, News Editor, mark at ntsecurity / net

Honeypots are excellent tools for preemptive forensic investigation. 
They let you see what intruders are targeting in your network, monitor 
their activity, capture their exploits, and more. So when I think of 
honeypots, that's typically the image that comes to mind. But a new 
type of honeypot project is aimed squarely at spammers. 

Project Honey Pot is a community effort that aims to identify spammers 
and email address harvesters and put them out of business by 
eliminating their ability to deliver spam and thus hitting them where 
it hurts most: in the pocketbook. 

The way it works is relatively simple. Web developers insert special 
code into their Web server platform that communicates with Project 
Honey Pot servers. The code grabs unique email addresses (tied to the 
IP address of the Web site visitor) from Project Honey Pot servers that 
are then inserted into the Web site dynamically. The email addresses of 
course are spam traps operated by Project Honey Pot. So when robots or 
people harvest those addresses and mail arrives in those traps, the 
project can track and identify the spammers. 

Project Honey Pot also operates a new blacklist DNS system (called 
http:BL), similar to those used by email DNS blacklist providers. Web 
site developers can use Project Honey Pot's API to query the http:BL 
DNS servers by using a Web site visitor's IP address. The DNS query 
results reveal whether the visitor is a known harmless search engine 
robot, a known spammer, or a known email harvester. Code written by the 
Web developer can then take action based on the visitor's 
categorization. For example, If the DNS query returns info that says 
the visitor IP address is that of a spammer, code can prevent the 
visitor from posting a comment and thus prevent comment spam. 

Overall, I think the project is a pretty good idea. Integrating a spam 
trap into your site isn't incredibly difficult. After you sign up for 
an account, you can download ready-made code in one of several 
languages, including Active Server Pages (ASP), PHP, Perl, Python, 
ColdFusion, and more. You drop the code into your Web site and make a 
link to it somewhere. If you run Apache, module code is available that 
you can integrate directly to work with http:BL. You can also donate MX 
records from your own domains that will be used to create spam traps 
shared at Project Honey Pot. 

So far, the project has identified more than 15,000 email address 
harvesters and 2.5 million spam servers and currently operates more 
than 2.2 million spam traps. Last week, the project announced that it 
has filed a $1 billion lawsuit, the largest antispam suit ever, against 
spammers for harvesting email addresses and spamming Project Honey Pot 
members. The suit comes as a result of two years of tracking spammers. 

You can read more about the suit at the first URL below (click the days 
of the week on the left-hand side of the screen to see other recent 
announcements, including integration information). If you're interested 
in joining the project, visit the home page at the second URL below, 
where you'll find a link to register along with links to a FAQ and 
more. 
   http://list.windowsitpro.com/t?ctl=54859:57B62BBB09A692798684B08A92833E46
   http://list.windowsitpro.com/t?ctl=54860:57B62BBB09A692798684B08A92833E46

===

You can win $100 by voting for the products you find most useful in 
Windows IT Pro's Community Choice Awards! Give us your feedback to 
qualify to win one of twelve $100 Amazon.com gift certificates. Voting 
is open through May 21. Winners will be announced in the August 2007 
issue of Windows IT Pro. Go to 
   http://list.windowsitpro.com/t?ctl=54848:57B62BBB09A692798684B08A92833E46


=== SPONSOR: Sherpa Software ===================================

Roadmap to Email Archiving and Compliance
   How will compliance regulations affect your IT infrastructure? Help 
design your retention and retrieval, privacy and security policies to 
make sure that your organization is compliant. Download the free eBook 
today!
   http://list.windowsitpro.com/t?ctl=5484B:57B62BBB09A692798684B08A92833E46


=== SECURITY NEWS AND FEATURES =================================

Dangerous QuickTime and Java Flaw Affects Windows
   At the recent CanSecWest conference, Shane Macaulay and Dino Dai 
Zovi worked in tandem to successfully break into a MacBook Pro running 
OS X by using a zero-day exploit. The security flaw is now believed to 
also affect Windows platforms.
   http://list.windowsitpro.com/t?ctl=54854:57B62BBB09A692798684B08A92833E46

Browser Toolbars Integrate Real-Time Anti-Malware Defenses
   Toolbars from Exploit Prevention Labs and Finjan help protect 
against malicious content in Web sites and search results by scanning 
Web page content in real time without the use of signature databases.
   http://list.windowsitpro.com/t?ctl=54858:57B62BBB09A692798684B08A92833E46

Microsoft Prepares Forefront Client Security for May Release
   Microsoft will ship its long-awaited Forefront Client Security 
product--a managed security solution for enterprises--in "the next 
month or so," according to Microsoft CEO Steve Ballmer.
   http://list.windowsitpro.com/t?ctl=54853:57B62BBB09A692798684B08A92833E46

Recent Security Vulnerabilities
   If you subscribe to this newsletter, you also receive Security 
Alerts, which inform you about recently discovered security 
vulnerabilities. You can also find information about these 
discoveries at
   http://list.windowsitpro.com/t?ctl=5484C:57B62BBB09A692798684B08A92833E46


=== SPONSOR: ShoreTel ==========================================

Enterprises Rate Important IP Telephony Features
   This comprehensive guide is invaluable for those evaluating VoIP and 
shows how organizations can reduce cost and improve operations to help 
you to plan and implement an IP phone system. Define system components 
- Identify network requirements - Learn important standards - Learn 
deployment options:
   http://list.windowsitpro.com/t?ctl=5485E:57B62BBB09A692798684B08A92833E46 


=== GIVE AND TAKE ==============================================

SECURITY MATTERS BLOG: Vbootkit Bypasses Vista Code Signing
   by Mark Joseph Edwards, http://list.windowsitpro.com/t?ctl=5485D:57B62BBB09A692798684B08A92833E46

As expected, Vista isn't perfect. It's possible to load unsigned code 
into the kernel. Vbootkit proves it. 
   http://list.windowsitpro.com/t?ctl=54855:57B62BBB09A692798684B08A92833E46

FAQ: Get Windows 2003 SP2
   by John Savill, http://list.windowsitpro.com/t?ctl=5485B:57B62BBB09A692798684B08A92833E46 

Q: Where can I download Windows Server 2003 SP2?

Find the answer at
   http://list.windowsitpro.com/t?ctl=54856:57B62BBB09A692798684B08A92833E46

FROM THE FORUM: Looking for Password Analyzer
   A forum participant is looking for some sort of utility to run on a 
server that would find weak user passwords and send an alert about 
them. Join the discussion at
   http://list.windowsitpro.com/t?ctl=54847:57B62BBB09A692798684B08A92833E46

WE NEED YOUR FEEDBACK ABOUT THE PRODUCTS YOU USE!
   Share your product experience with your peers. Have you discovered a 
great product that saves you time and money? Do you use something you 
wouldn't wish on anyone? Tell the world! If we publish your opinion, 
we'll send you a Best Buy gift card! Send information about a product 
you use and whether it helps or hinders you to 
whatshot@private 

SHARE YOUR SECURITY TIPS AND GET $100
   Share your security-related tips, comments, or problems and 
solutions in Security Pro VIP's Reader to Reader column. Email your 
contributions to r2r@private If we print your submission, 
you'll get $100. We edit submissions for style, grammar, and length.


=== PRODUCTS ===================================================
   by Renee Munshi, products@private

Easier Management of Data Encryption Appliances
   Decru announced the Decru SecureView framework to centralize 
management of its encryption and key management appliances. The 
appliances are used to encrypt stored data. The framework provides 
secure management of up to 1,000 devices from one interface. Features 
include administrator management, role-based access controls (RBAC), 
configuration and patch management, rolling upgrades, performance and 
access monitoring, and centralized graphical and command-line 
interfaces to enable the automation of operations across groups of 
appliances. For more information, go to
   http://list.windowsitpro.com/t?ctl=54862:57B62BBB09A692798684B08A92833E46


=== RESOURCES AND EVENTS =======================================
   For more security-related resources, visit
   http://list.windowsitpro.com/t?ctl=5485A:57B62BBB09A692798684B08A92833E46

Windows + UNIX/Linux = You Need TechX World! 
   If you work in an environment that includes both Windows and UNIX or 
Linux, TechX World is the place to go for practical strategies and 
resources to add to your toolkit. This one-day technical training event 
will teach you how to make the most of open-source tools on Windows and 
how to manage and sync multiple directories. Register today! 
   http://list.windowsitpro.com/t?ctl=54857:57B62BBB09A692798684B08A92833E46

Get Ready for Exchange & Office 2007 Roadshow--free! 
   The successful Microsoft-partnered Get Ready for Exchange & Office 
2007 Roadshow is coming to Stockholm! Three independent, respected 
technical speakers--Jim McBee, Mark Arnold, and Ben Schorr--will 
deliver tracks on securing, managing, and deploying Exchange and Office 
2007 and using Exchange Server 2007 capabilities to improve your 
messaging environment. Register today for this free day-long event. 
Your delegate bag will include Microsoft Exchange Server 2007 and 
Office 2007 Beta 2 Software Kits. 
   Venue: Berns Hotel, Stockholm 
   Date: Monday, 14 May 2007 
   http://list.windowsitpro.com/t?ctl=54852:57B62BBB09A692798684B08A92833E46

Get Ready for the Windows Server Longhorn Roadshow! 
   Seize control of your Windows infrastructure with Microsoft's 
biggest server release since Windows 2003. Get a live, under-the-hood 
look at Longhorn virtualization, deployment, Web services, and 
breakthroughs in core reliability. This one-day event is filled with 
demonstrations and in-depth discussions designed for IT pros who want a 
deep understanding of Windows Server Longhorn.   
   http://list.windowsitpro.com/t?ctl=54850:57B62BBB09A692798684B08A92833E46


=== FEATURED WHITE PAPER =======================================

Increase customer confidence with the latest breakthrough in online 
security--Extended Validation SSL. Extended Validation triggers a green 
address bar in Internet Explorer 7.0 that proves site identity. Get the 
green bar and higher sales by reading the technical white paper 
"Maximizing Site Visitor Trust Using Extended Validation SSL." 
   http://list.windowsitpro.com/t?ctl=5484A:57B62BBB09A692798684B08A92833E46


=== ANNOUNCEMENTS ==============================================

Introducing a Unique Security Resource 
   Security Pro VIP is an online information center that delivers new 
articles every week on topics such as perimeter security, 
authentication, and system patches. Subscribers also receive tips, 
cautionary advice, direct access to our editors, and a host of other 
benefits! Order now at an exclusive charter rate and save up to $50! 
   http://list.windowsitpro.com/t?ctl=5484E:57B62BBB09A692798684B08A92833E46

Introducing a Unique Exchange and Outlook Resource 
   Exchange & Outlook Pro VIP is an online information center that 
delivers new articles every week on messaging topics such as 
administration, migration, security, and performance. Subscribers also 
receive tips, cautionary advice, direct access to our editors, and a 
host of other benefits! Order now at an exclusive charter rate and save 
up to $50! 
   http://list.windowsitpro.com/t?ctl=5484D:57B62BBB09A692798684B08A92833E46


================================================================

Security UDPATE is brought to you by the Windows IT Pro Web site's 
Security page (first URL below) and Security Pro VIP (second URL 
below).
   http://list.windowsitpro.com/t?ctl=5485C:57B62BBB09A692798684B08A92833E46
   http://list.windowsitpro.com/t?ctl=54861:57B62BBB09A692798684B08A92833E46

Subscribe to Security UPDATE at
   http://list.windowsitpro.com/t?ctl=54851:57B62BBB09A692798684B08A92833E46

Be sure to add Security_UPDATE@private 
to your antispam software's list of allowed senders.

To contact us: 
   About Security UPDATE content -- letters@private
   About technical questions -- http://list.windowsitpro.com/t?ctl=5485F:57B62BBB09A692798684B08A92833E46
   About your product news -- products@private
   About your subscription -- windowsitproupdate@private
   About sponsoring Security UPDATE -- salesopps@private

View the Windows IT Pro privacy policy at
   http://list.windowsitpro.com/t?ctl=5484F:57B62BBB09A692798684B08A92833E46

Windows IT Pro, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department

Copyright 2007, Penton Media, Inc. All rights reserved.


__________________________
Subscribe to InfoSec News
http://www.infosecnews.org



This archive was generated by hypermail 2.1.3 : Wed May 02 2007 - 23:33:53 PDT