Forwarded with permission from: Security UPDATE <Security_UPDATE (at) list.windowsitpro.com> PLEASE VISIT OUR SPONSORS, WHO BRING YOU SECURITY UPDATE FOR FREE: Hosted Security for Small and Medium-Sized Businesses http://list.windowsitpro.com/t?ctl=565E8:57B62BBB09A692791757267EB3FEAFE0 Protecting Organizations from Spyware: Free Whitepaper http://list.windowsitpro.com/t?ctl=565EA:57B62BBB09A692791757267EB3FEAFE0 Managing Risk Through Security http://list.windowsitpro.com/t?ctl=565E7:57B62BBB09A692791757267EB3FEAFE0 === CONTENTS =================================================== IN FOCUS: How Banks Could Help Minimize Phishing NEWS AND FEATURES - Strange Twist of Logic: Use Our Technology or Else! - Microsoft Retires MBSA 1.2, Suggests Shavlik Tools for Legacy Support - Recent Security Vulnerabilities GIVE AND TAKE - Security Matters Blog: Windows Server 2003 Needs at Least One Service Pack - FAQ: View File Ownership in PowerShell - Product Evaluations from the Real World - Share Your Security Tips PRODUCTS - Memory Stick Security RESOURCES AND EVENTS FEATURED WHITE PAPER ANNOUNCEMENTS === SPONSOR: St. Bernard Software ============================== Hosted Security for Small and Medium-Sized Businesses Is effective security out of reach for your small or medium-sized business? Imagine having a team of IT experts who only focus on security as part of your staff. Download this free must-have white paper today and find out how you can eliminate your company's security risks. http://list.windowsitpro.com/t?ctl=565E8:57B62BBB09A692791757267EB3FEAFE0 === IN FOCUS: How Banks Could Help Minimize Phishing =========== by Mark Joseph Edwards, News Editor, mark at ntsecurity / net One of the fastest growing and biggest problems in the security world today is phishing. Criminals who yearn to take advantage of the trend are swarming like mosquitoes on a warm and muggy summer evening--and they need to be swatted out of existence, fast. Today it's easy for a crook to set up a Web site with nearly any domain name they want. They take advantage of the situation by registering domains very similar to legitimate commercial domains. Banks and their customers are the biggest targets. In fact, data from the Anti-Phishing Working Group shows that since May 2006, 20,000 new phishing scams have been reported every month. The data also shows that the overwhelming majority of those scams targeted customers of various financial institutions. Phishing scams fool so many people that a mega-million-dollar antiphishing industry has popped up to produce products and services to help protect people. The tools provide decent proactive defense, but they aren't foolproof, and many people don't use them. Is there another way to help protect the public against the bank phishing plague? Recently, F-Secure's Mikko Hypponen wrote a brief article for "Foreign Policy" magazine (at the URL below) that proposes an idea that's so obvious I find it really difficult to figure out why no one has acted on it before. http://list.windowsitpro.com/t?ctl=565F3:57B62BBB09A692791757267EB3FEAFE0 The idea was originally sent to him by a reader of F-Secure's blog back in October 2006 (see the URL below). The idea is simple: The Internet Corporation for Assigned Names and Numbers (ICANN) could establish a new top-level domain (TLD) called something like .bank and allow only legitimate, verified financial institutions to register a name in that level. http://list.windowsitpro.com/t?ctl=565ED:57B62BBB09A692791757267EB3FEAFE0 Hypponen expands on the idea by suggesting that as an added precaution against scammers--who would undoubtedly attempt to falsify information in an effort to register a name in that TLD--banks and other financial institutions could be charged a hefty fee for new registrations. Hypponen suggests something like $50,000 per domain. I think that other requirements centered around verification of credentials could be put in place too; these could be kept secret from the public so that scammers aren't sure exactly what they are. If a .bank TLD were available and had enough publicity, people would quickly become aware that their financial institutions should be using this TLD and could avoid bank Web sites that didn't use it. This would help put a serious damper on phishing scams. Of course, a .bank TLD wouldn't stop phishing entirely. Several techniques could still be used to fool or take advantage of unsuspecting bank customers; for example, DNS poisoning, man-in-the- middle attacks, cross-site scripting, browser-based URL spoofing, and Trojan horses and keyloggers. So security tools and user education would still be important. Nevertheless, a new TLD would help. As for creating the TLD, if I understand correctly, it's not up to ICANN to start the process. Instead, some independent entity must request its creation. So, for example, banks (and other financial institutions) could unite towards that effort, establish an entity that would handle applications for domain name registration requests (and the related services), and formally petition ICANN to create the new TLD. ICANN would then review the proposal and decide whether to proceed with delegating the new TLD to the DNS root zone. I hope this happens. It seems like an idea whose time has come and an easy way for banks to help secure their customer interactions. === Calling All Windows IT Pro Innovators! Have you developed a solution that uses Windows technology to solve a business problem in an innovative way? Enter your solution in the 2007 Windows IT Pro Innovators Contest! Grand-prize winners will receive airfare and a conference pass to Windows and Exchange Connections in Las Vegas, November 5-8, 2007, plus more great prizes and a feature article about the winning solutions in the November 2007 issue of Windows IT Pro. Contest runs through August 1, 2007. To enter, click here: http://list.windowsitpro.com/t?ctl=565F4:57B62BBB09A692791757267EB3FEAFE0 === SPONSOR: Websense ========================================== Protecting Organizations from Spyware: Free Whitepaper Combat phishing and pharming with complete protection against complex Internet threats by filtering at multiple points on the gateway, network, and endpoints. http://list.windowsitpro.com/t?ctl=565EA:57B62BBB09A692791757267EB3FEAFE0 === SECURITY NEWS AND FEATURES ================================= Strange Twist of Logic: Use Our Technology or Else! The Digital Millennium Copyright Act (DMCA) has been used against countless numbers of individuals and companies, forcing them to stop infringing on intellectual property rights. Now, in a strange twist of logic, the DMCA is being wielded as a club in an attempt to force the use of intellectual property. http://list.windowsitpro.com/t?ctl=565F7:57B62BBB09A692791757267EB3FEAFE0 Microsoft Retires MBSA 1.2, Suggests Shavlik Tools for Legacy Support Microsoft ended support for its Baseline Security Analyzer and recommends that customers who need to scan legacy products use Shavlik NetChk Limited, which produces output that can be opened and read by MBSA 2.0.1. http://list.windowsitpro.com/t?ctl=565F5:57B62BBB09A692791757267EB3FEAFE0 Recent Security Vulnerabilities If you subscribe to this newsletter, you also receive Security Alerts, which inform you about recently discovered security vulnerabilities. You can also find information about these discoveries at http://list.windowsitpro.com/t?ctl=565EE:57B62BBB09A692791757267EB3FEAFE0 === SPONSOR: Neverfail ========================================= Managing Risk Through Security Every business faces risk. Have you properly assessed your company's risk and put a focus on business continuity? Attend this free Web seminar and learn how you can ensure seamless recovery of your key systems and keep your users continuously connected. On-demand Web seminar. http://list.windowsitpro.com/t?ctl=565E7:57B62BBB09A692791757267EB3FEAFE0 === GIVE AND TAKE ============================================== SECURITY MATTERS BLOG: Windows Server 2003 Needs at Least One Service Pack by Mark Joseph Edwards, http://list.windowsitpro.com/t?ctl=565FC:57B62BBB09A692791757267EB3FEAFE0 If you're running Windows Server 2003 without at least SP1, you can no longer install security updates. http://list.windowsitpro.com/t?ctl=565F8:57B62BBB09A692791757267EB3FEAFE0 FAQ: View File Ownership in PowerShell by John Savill, http://list.windowsitpro.com/t?ctl=565FA:57B62BBB09A692791757267EB3FEAFE0 Q: How can I view the owner for a file from PowerShell? Find the answer at http://list.windowsitpro.com/t?ctl=565F6:57B62BBB09A692791757267EB3FEAFE0 PRODUCT EVALUATIONS FROM THE REAL WORLD Share your product experience with your peers. Have you discovered a great product that saves you time and money? Do you use something you wouldn't wish on anyone? Tell the world! If we publish your opinion, we'll send you a Best Buy gift card! Send information about a product you use and whether it helps or hinders you to whatshot@private SHARE YOUR SECURITY TIPS AND GET $100 Share your security-related tips, comments, or problems and solutions in Security Pro VIP's Reader to Reader column. Email your contributions to r2r@private If we print your submission, you'll get $100. We edit submissions for style, grammar, and length. === PRODUCTS =================================================== by Renee Munshi, products@private Memory Stick Security Gemalto North America announced Protiva Secure Digital Companion (SDC), a USB flash memory device that generates one-time passwords (OTPs) for authentication, generates digital certificates for authentication or for signing and encrypting documents, and encrypts data stored on the device. When used with Gemalto's Protiva system, SDC can provide OTP strong authentication based on a standard developed by the Open Authentication Initiative (OATH). Protiva SDC also can be used with Citrix Access Suite for strong authentication and secure VPN access and is compatible with Windows 2000/XP/Server 2003. For more information, go to http://list.windowsitpro.com/t?ctl=56600:57B62BBB09A692791757267EB3FEAFE0 === RESOURCES AND EVENTS ======================================= For more security-related resources, visit http://list.windowsitpro.com/t?ctl=565F9:57B62BBB09A692791757267EB3FEAFE0 Are your malware definitions completely up-to-date? If they are, then you're halfway home to total malware protection. Windows Vista might be the most secure Microsoft OS ever released, but malware is constantly evolving, and sometimes out-of-the-box security just isn't enough. In this exclusive podcast, Windows IT Pro Editorial and Strategy Director Karen Forster interviews Microsoft Product Manager Josue Fontanez about Forefront Client Security, Microsoft's unified malware protection package. http://list.windowsitpro.com/t?ctl=565E9:57B62BBB09A692791757267EB3FEAFE0 Gain control over the growing amount of file data in your enterprise. Learn how File Area Networks (FANs) can help you centralize file consolidation, migration, replication, and failover. Download this eBook and start streamlining your file management projects today! http://list.windowsitpro.com/t?ctl=565EB:57B62BBB09A692791757267EB3FEAFE0 Is your company addressing the risks of email without diluting its benefits? Download this guide today and find out what you can do to realize dramatic, quantifiable ROI and move your company quickly from analyzing options and seeking budget approval to solving the problem with a solution that will pay for itself many times over. http://list.windowsitpro.com/t?ctl=565EC:57B62BBB09A692791757267EB3FEAFE0 Discover the New Releases with Microsoft and Industry Experts at IT Pro Connections--Amsterdam IT Pro Connections offers the deepest and most relevant education for Microsoft IT professionals, especially in this time of important new products and technologies. Now is the time for you to quickly come up to speed. Get prepared for the newest technologies and products through the real-world experience of our expert presenters. "Insider" details help you make sense of new technologies, apply them to your environment, and master them faster and more effectively. Immerse yourself in the latest Microsoft technologies: Windows PowerShell, Exchange Server 2007, Windows Vista, Windows Server "Longhorn," Sharepoint Server and Communications Server, System Center Family (Operations Manager and Configuration Manager), Windows XP, Forefront, and more--with experts from Microsoft and world-renowned subject matter experts! 19-20 June 2007 Post-Conference Workshops 21 June 2007 Amsterdam, The Netherlands Amsterdam RAI http://list.windowsitpro.com/t?ctl=565E5:57B62BBB09A692791757267EB3FEAFE0 http://list.windowsitpro.com/t?ctl=565FE:57B62BBB09A692791757267EB3FEAFE0 === FEATURED WHITE PAPER ======================================= Are you familiar with the new government regulations affecting email? Learn about the dozens of issues surrounding the security of email in business today and make sure that your company is in compliance. Download your copy of this must-have white paper today! http://list.windowsitpro.com/t?ctl=565E6:57B62BBB09A692791757267EB3FEAFE0 === ANNOUNCEMENTS ============================================== Introducing a Unique Security Resource Security Pro VIP is an online information center that delivers new articles every week on topics such as perimeter security, authentication, and system patches. Subscribers also receive tips, cautionary advice, direct access to our editors, and a host of other benefits! Order now at an exclusive charter rate and save up to $50! http://list.windowsitpro.com/t?ctl=565F0:57B62BBB09A692791757267EB3FEAFE0 Introducing a Unique Exchange and Outlook Resource Exchange & Outlook Pro VIP is an online information center that delivers new articles every week on messaging topics such as administration, migration, security, and performance. Subscribers also receive tips, cautionary advice, direct access to our editors, and a host of other benefits! Order now at an exclusive charter rate and save up to $50! http://list.windowsitpro.com/t?ctl=565EF:57B62BBB09A692791757267EB3FEAFE0 ================================================================ Security UDPATE is brought to you by the Windows IT Pro Web site's Security page (first URL below) and Security Pro VIP (second URL below). http://list.windowsitpro.com/t?ctl=565FB:57B62BBB09A692791757267EB3FEAFE0 http://list.windowsitpro.com/t?ctl=565FF:57B62BBB09A692791757267EB3FEAFE0 Subscribe to Security UPDATE at http://list.windowsitpro.com/t?ctl=565F2:57B62BBB09A692791757267EB3FEAFE0 Be sure to add Security_UPDATE@private to your antispam software's list of allowed senders. To contact us: About Security UPDATE content -- letters@private About technical questions -- http://list.windowsitpro.com/t?ctl=565FD:57B62BBB09A692791757267EB3FEAFE0 About your product news -- products@private About your subscription -- windowsitproupdate@private About sponsoring Security UPDATE -- salesopps@private View the Windows IT Pro privacy policy at http://list.windowsitpro.com/t?ctl=565F1:57B62BBB09A692791757267EB3FEAFE0 Windows IT Pro, a division of Penton Media, Inc. 221 East 29th Street, Loveland, CO 80538 Attention: Customer Service Department Copyright 2007, Penton Media, Inc. All rights reserved. _____________________________________________________ Attend Black Hat USA, July 28-August 2 in Las Vegas, the world's premier technical event for ICT security experts. Featuring 30 hands-on training courses and 90 Briefings presentations with lots of new content and new tools. Network with 4,000 delegates from 70 nations. Visit product displays by 30 top sponsors in a relaxed setting. Rates increase on June 1 so register today. http://www.blackhat.com
This archive was generated by hypermail 2.1.3 : Wed May 16 2007 - 23:50:31 PDT