Forwarded with permission from: Security UPDATE <Security_UPDATE (at) list.windowsitpro.com> PLEASE VISIT OUR SPONSORS, WHO BRING YOU SECURITY UPDATE FOR FREE: VeriSign's Extended Validation SSL Certificates http://list.windowsitpro.com/t?ctl=58F2D:57B62BBB09A69279FBC549C5DF4EA0E5 Top Ten Server Virtualization Considerations http://list.windowsitpro.com/t?ctl=58F38:57B62BBB09A69279FBC549C5DF4EA0E5 Protect Info from Phishing and Pharming Exploits http://list.windowsitpro.com/t?ctl=58F25:57B62BBB09A69279FBC549C5DF4EA0E5 === CONTENTS =================================================== IN FOCUS: Is Another Web-Based Super Worm on the Way? NEWS AND FEATURES - Google Buys GreenBorder, Gains Security Technology - Mozilla Releases Firefox Updates, Retires Firefox 1.5.0.x - Spam King Gets Slapped with 35 Criminal Charges - Recent Security Vulnerabilities GIVE AND TAKE - Security Matters Blog: PHP 5.2.3 Coming Soon--RC1 Available Now; Windows Media Player Plug-In for Firefox - FAQ: Disable IE Enhanced Security in Windows Server 2008 - From the Forum: Multiple Web Servers Behind One IP address with a Proxy Server? - Share Your Security Tips - Microsoft Learning Paths for Security: Reducing the Challenges and Complexities of Identity and Access Management PRODUCTS - Web Filter Gets Reporting Engine - Product Evaluations from the Real World RESOURCES AND EVENTS FEATURED WHITE PAPER ANNOUNCEMENTS === SPONSOR: VeriSign ========================================== VeriSign's Extended Validation SSL Certificates Increase customer confidence at transaction time with the latest breakthrough in online security--Extended Validation (EV) SSL Certificates from VeriSign. Extended Validation triggers the address bar to turn green when a visitor is using Microsoft Internet Explorer 7 and viewing a site with EV SSL Certificates. This green bar lets customers know that the site they are on is highly authenticated and secure. In a recent VeriSign study, 77% of the respondents indicated that they would be hesitant about shopping at, would check into problems with, or would abandon a site that once showed EV and no longer did. Learn more about Extended Validation by reading the technical white paper: Maximizing Site Visitor Trust Using Extended Validation SSL. http://list.windowsitpro.com/t?ctl=58F2D:57B62BBB09A69279FBC549C5DF4EA0E5 === IN FOCUS: Is Another Web-Based Super Worm on the Way? ====== by Mark Joseph Edwards, News Editor, mark at ntsecurity / net Over the years, we've seen a number of "super worms." For example, Nimda, Code Red, and SQL Slammer were devastatingly effective. They spread quickly, infected a huge number of systems, and cost much money to eradicate. Worm technology has certainly evolved, and in many cases it basically follows the path of least resistance. Since Web technology is dominant and Ajax (a combination of JavaScript and XML) is being more widely used every day, it seems rather natural that worms begin to target those technologies. In fact, back in 2005, someone created an Ajax-based worm (dubbed Samy) and turned it loose on MySpace. The worm worked by taking advantage of the browser when a MySpace user visited a particular MySpace page. The page loaded JavaScript worm code that used Ajax to spread itself to the MySpace user's page. And that cycle kept repeating itself. Within 24 hours, Samy had reportedly spread to more than 1 million MySpace pages! You can read a blow-by-blow description of how the worm worked at this URL: http://list.windowsitpro.com/t?ctl=58F3A:57B62BBB09A69279FBC549C5DF4EA0E5 Samy took advantage of several problems with Ajax technology, one of which is the familiar cross-site scripting (XSS) scenario in which a script from one site interacts with another site. If someone were to take a worm like Samy further by automating it to contain a longer list of sites vulnerable to XSS attacks, the effect could be far more significant. After all, if the Samy worm could infect over 1 million MySpace sites in only 24 hours, then a worm targeting many different sites would spread exponentially faster. Furthermore, such a worm could do a lot more than simply spread itself. It could, for example, easily be made to steal user credentials and post that information someplace for an intruder to receive. Recently, Petko Petkov showed how using a combination of available technologies would provide the means for a new super worm to be created. You might know about XSSed.com, a site that aggregates lists of other sites that contain XSS vulnerabilities. The lists are presented in an easy-to-parse format and include examples of how to exploit each XSS vulnerability. Having such a database available online is useful, even educational, but at the same time, it's a treasure trove for a malicious coder. Petkov showed that a new super worm could use XSSed.com as a base and technologies such as Dapper and Yahoo Pipes to spread itself at lightning speed. Dapper (at the first URL below) lets people grab content from nearly any Web site. The content can be automatically formatted into XML (and other formats). So, effectively, someone can use Dapper to create a list of sites vulnerable to XSS along with the sites' associated exploits, all in XML formatted code that a script can then use for attacks. Yahoo Pipes (at the second URL below) lets the malicious script obtain a list very quickly on the fly. http://list.windowsitpro.com/t?ctl=58F3F:57B62BBB09A69279FBC549C5DF4EA0E5 http://list.windowsitpro.com/t?ctl=58F3E:57B62BBB09A69279FBC549C5DF4EA0E5 With that data and technology available, a worm would spread incredibly quickly. The problem is compounded by the fact that neither Dapper nor Yahoo Pipes specifically is necessary for such a worm to work. The technology provided by those two services could easily be recreated on any number of sites around the Internet. So stopping such a worm isn't as simple as it might seem at first. The best defense of course is to not create Web sites that contain XSS vulnerabilities! You can read more about Petkov's ideas at the first URL below. The upcoming Black Hat USA 2007 conference will have at least three presentations that deal with Web worms (see the second URL below), including "Attacking Web Service Security: Message Oriented Madness, XML Worms and Web Service Security Sanity" by Brad Hill; "Premature Ajax-ulation" by Bryan Sullivan and Billy Hoffman; and "The Little Hybrid Web Worm that Could" by Billy Hoffman and John Terrill. So if you're going to Black Hat USA this year (July 28 - August 2 in Las Vegas), consider attending these presentations. http://list.windowsitpro.com/t?ctl=58F33:57B62BBB09A69279FBC549C5DF4EA0E5 http://list.windowsitpro.com/t?ctl=58F2C:57B62BBB09A69279FBC549C5DF4EA0E5 === SPONSOR: SWSoft ============================================ Top Ten Server Virtualization Considerations The playing field for server virtualization has become much more crowded over the last few years. This checklist provides a list of the main considerations and basic differences between the technologies to provide a starting point for technology evaluation. http://list.windowsitpro.com/t?ctl=58F38:57B62BBB09A69279FBC549C5DF4EA0E5 === SECURITY NEWS AND FEATURES ================================= Google Buys GreenBorder, Gains Security Technology Expanding its security tools further, Google has acquired GreenBorder Technologies, maker of security tools that protect browsers, IM clients, and email clients. http://list.windowsitpro.com/t?ctl=58F30:57B62BBB09A69279FBC549C5DF4EA0E5 Mozilla Releases Firefox Updates, Retires Firefox 1.5.0.x Mozilla Foundation released updates for Firefox that fix five vulnerabilities present in both the 2.0.0.x and 1.5.0.x versions and said that unless a serious problem is discovered in the 1.5.0.x series, no further updates to it will be made available. http://list.windowsitpro.com/t?ctl=58F2F:57B62BBB09A69279FBC549C5DF4EA0E5 Spam King Gets Slapped with 35 Criminal Charges Robert Alan Solloway, infamous as a prolific spammer, has been arrested in Seattle and charged with several federal offenses. The arrest warrant charges Solloway with 35 counts of mail fraud, wire fraud, email-based fraud, identity theft, and money laundering. http://list.windowsitpro.com/t?ctl=58F2E:57B62BBB09A69279FBC549C5DF4EA0E5 Recent Security Vulnerabilities If you subscribe to this newsletter, you also receive Security Alerts, which inform you about recently discovered security vulnerabilities. You can also find information about these discoveries at http://list.windowsitpro.com/t?ctl=58F27:57B62BBB09A69279FBC549C5DF4EA0E5 === SPONSOR: Websense ========================================== Protect Info from Phishing and Pharming Exploits Combat phishing and pharming with complete protection against complex Internet threats by filtering at multiple points on the gateway, network, and endpoints. http://list.windowsitpro.com/t?ctl=58F25:57B62BBB09A69279FBC549C5DF4EA0E5 === GIVE AND TAKE ============================================== SECURITY MATTERS BLOG: PHP 5.2.3 Coming Soon--RC1 Available Now; Windows Media Player Plug-In for Firefox by Mark Joseph Edwards, http://list.windowsitpro.com/t?ctl=58F37:57B62BBB09A69279FBC549C5DF4EA0E5 PHP 5.2.3 will probably be released in the next week or two unless major problems are discovered in RC1. Get a link to test RC1 right now; plus get a link for a Microsoft-developed Windows Media Player (WMP) plug-in for Mozilla Firefox. http://list.windowsitpro.com/t?ctl=58F26:57B62BBB09A69279FBC549C5DF4EA0E5 FAQ: Disable IE Enhanced Security in Windows Server 2008 by John Savill, http://list.windowsitpro.com/t?ctl=58F35:57B62BBB09A69279FBC549C5DF4EA0E5 Q: How do I turn off Internet Explorer Enhanced Security Configuration in Windows Server 2008? Find the answer at http://list.windowsitpro.com/t?ctl=58F31:57B62BBB09A69279FBC549C5DF4EA0E5 FROM THE FORUM: Multiple Web Servers Behind One IP Address with a Proxy Server? A forum participant writes that he has a cable modem connection with a domain name mapped to his dynamic IP address. He has multiple Web servers on his network that he wants to make accessible to the Internet. When he had only one Web server, he could use port forwarding to make that site accessible, but now with several servers, he wonders if he needs to use a proxy server to forward requests to the appropriate site. He also wonders if an article is available that details how to set up a Windows Server 2003 machine as a proxy server. http://list.windowsitpro.com/t?ctl=58F21:57B62BBB09A69279FBC549C5DF4EA0E5 SHARE YOUR SECURITY TIPS AND GET $100 Share your security-related tips, comments, or problems and solutions in Security Pro VIP's Reader to Reader column. Email your contributions to r2r@private If we print your submission, you'll get $100. We edit submissions for style, grammar, and length. MICROSOFT LEARNING PATHS FOR SECURITY: Reducing the Challenges and Complexities of Identity and Access Management Learn how to reduce and control the challenges and complexities of enterprisewide identity and access management. Gain more control by providing a single view of a user's identity across the enterprise through the automation of common tasks. And learn how to use an integrated approach with smart cards, certificate and password management, and user provisioning. http://list.windowsitpro.com/t?ctl=58F32:57B62BBB09A69279FBC549C5DF4EA0E5 === PRODUCTS =================================================== by Renee Munshi, products@private Web Filter Gets Reporting Engine Barracuda Networks announced the immediate availability of new reporting capabilities in Barracuda Web Filter firmware 3.2. The updated firmware adds a set of reports based on criteria such as user behavior, traffic patterns over time, bandwidth usage, domain requests, Web site categories and log history and supports PDF, HTML, text, and CSV output formats. The 3.2 firmware release also lets existing Barracuda Web Filter customers compile reports on historical Web traffic. (Barracuda Web Filter can store approximately six months of Web traffic history.) Barracuda Web Filter customers with current Energize Updates subscriptions can upgrade to the new firmware release at no additional charge. For more information, go to http://list.windowsitpro.com/t?ctl=58F3D:57B62BBB09A69279FBC549C5DF4EA0E5 PRODUCT EVALUATIONS FROM THE REAL WORLD Share your product experience with your peers. Have you discovered a great product that saves you time and money? Do you use something you wouldn't wish on anyone? Tell the world! If we publish your opinion, we'll send you a Best Buy gift card! Send information about a product you use and whether it helps or hinders you to whatshot@private === RESOURCES AND EVENTS ======================================= For more security-related resources, visit http://list.windowsitpro.com/t?ctl=58F34:57B62BBB09A69279FBC549C5DF4EA0E5 Learn how to achieve ROI with your log management system in a matter of months without costly or daunting investments. Attend this Web seminar and learn how to ensure that your organization gets the most out of its log management investment, the key requirements and architectural differences you need to consider, and the caveats and risks to watch for when you spec out your requirements and design. http://list.windowsitpro.com/t?ctl=58F22:57B62BBB09A69279FBC549C5DF4EA0E5 Tune in to the hottest network security products by listening to this exclusive podcast featuring Windows IT Pro Editorial and Strategy Director Karen Forster and Microsoft's Ian Hameroff. Learn how Network Access Control (NAC) and Network Access Protection (NAP) work, the technologies that are involved, and which third-party products are poised to work with those technologies. http://list.windowsitpro.com/t?ctl=58F24:57B62BBB09A69279FBC549C5DF4EA0E5 Don't miss the 16th USENIX Security Symposium in Boston, August 6-10, 2007. Security '07 offers in-depth training by experts such as Richard Bejtlich (on TCP/IP Weapons School) and Dan Geer (on measuring security). The comprehensive technical program includes a keynote address by Steven Levy, senior editor and columnist at "Newsweek," on "How the iPod Shuffled the World as We Know It"; 23 refereed papers; and talks by Gary McGraw and Peter Gutmann. Don't miss the latest advances in the security of computer systems and networks. Register by July 16 and save! http://list.windowsitpro.com/t?ctl=58F3B:57B62BBB09A69279FBC549C5DF4EA0E5 === FEATURED WHITE PAPER ======================================= MSCS clustering can be a good option for local high availability, but it doesn't completely protect you from unplanned downtime. Download this free white paper and learn how extending your MSCS cluster offsite with a high-availability solution that integrates with CDP technology can protect against data corruption, including damage done by viruses or human error. http://list.windowsitpro.com/t?ctl=58F23:57B62BBB09A69279FBC549C5DF4EA0E5 === ANNOUNCEMENTS ============================================== Scripting Pro VIP--Just Download and Run Scripting Pro VIP is an online resource that delivers in-depth articles (with downloadable code!) every week on topics such as ADSI, ADO, and much more. Subscribers also receive tips, cautionary advice, direct access to our editors, and a host of other unique benefits! Order now at an exclusive charter rate and save up to $50! http://list.windowsitpro.com/t?ctl=58F29:57B62BBB09A69279FBC549C5DF4EA0E5 Special Invitation for VIP Access Become a VIP subscriber and get continuous, inside access to ALL the content published in Windows IT Pro, SQL Server Magazine, Exchange & Outlook Pro VIP, Scripting Pro VIP, and Security Pro VIP. Subscribe now!: http://list.windowsitpro.com/t?ctl=58F28:57B62BBB09A69279FBC549C5DF4EA0E5 ================================================================ Security UDPATE is brought to you by the Windows IT Pro Web site's Security page (first URL below) and Security Pro VIP (second URL below). http://list.windowsitpro.com/t?ctl=58F36:57B62BBB09A69279FBC549C5DF4EA0E5 http://list.windowsitpro.com/t?ctl=58F3C:57B62BBB09A69279FBC549C5DF4EA0E5 Subscribe to Security UPDATE at http://list.windowsitpro.com/t?ctl=58F2B:57B62BBB09A69279FBC549C5DF4EA0E5 Be sure to add Security_UPDATE@private to your antispam software's list of allowed senders. To contact us: About Security UPDATE content -- letters@private About technical questions -- http://list.windowsitpro.com/t?ctl=58F39:57B62BBB09A69279FBC549C5DF4EA0E5 About your product news -- products@private About your subscription -- windowsitproupdate@private About sponsoring Security UPDATE -- salesopps@private View the Windows IT Pro privacy policy at http://list.windowsitpro.com/t?ctl=58F2A:57B62BBB09A69279FBC549C5DF4EA0E5 Windows IT Pro, a division of Penton Media, Inc. 221 East 29th Street, Loveland, CO 80538 Attention: Customer Service Department Copyright 2007, Penton Media, Inc. All rights reserved. _____________________________________________________ Attend Black Hat USA, July 28-August 2 in Las Vegas, the world's premier technical event for ICT security experts. Featuring 30 hands-on training courses and 90 Briefings presentations with lots of new content and new tools. Network with 4,000 delegates from 70 nations. Visit product displays by 30 top sponsors in a relaxed setting. Rates increase on June 1 so register today. http://www.blackhat.com
This archive was generated by hypermail 2.1.3 : Wed Jun 06 2007 - 22:28:36 PDT