Forwarded with permission from: Security UPDATE <Security_UPDATE (at) list.windowsitpro.com> PLEASE VISIT OUR SPONSORS, WHO BRING YOU SECURITY UPDATE FOR FREE: Risky Business: Managing Risk Through Security http://list.windowsitpro.com/t?ctl=5BC1B:57B62BBB09A692792C2D52B49BBB78C8 Keep Unsecured Machines Off Your Network http://list.windowsitpro.com/t?ctl=5BC1D:57B62BBB09A692792C2D52B49BBB78C8 Automated GLBA Security Compliance: Free Report http://list.windowsitpro.com/t?ctl=5BC2B:57B62BBB09A692792C2D52B49BBB78C8 === CONTENTS =================================================== IN FOCUS: MPack Runs Rampant NEWS AND FEATURES - Latest ZLOB Plays on People's Desire for Online Video - HP to Provide Web Application Security - PatchLink Moves to Unify Protection and Control - Recent Security Vulnerabilities GIVE AND TAKE - Security Matters Blog: Hack the Beta--Win a Game Box - FAQ: Preparing AD for Exchange 2007 - From the Forum: Preventing Power Users from Creating Shares - Share Your Security Tips PRODUCTS - Continuous Authentication and Encryption - Wanted: Your Reviews of Products RESOURCES AND EVENTS FEATURED WHITE PAPER ANNOUNCEMENTS === SPONSOR: Neverfail ========================================= Risky Business: Managing Risk Through Security Every business faces risk. Have you properly assessed your company's risk and put a focus on business continuity? Attend this free Web seminar and learn how you can ensure seamless recovery of your key systems and keep your users continuously connected. On-demand Web seminar. http://list.windowsitpro.com/t?ctl=5BC1B:57B62BBB09A692792C2D52B49BBB78C8 === IN FOCUS: MPack Runs Rampant ============= by Mark Joseph Edwards, News Editor, mark at ntsecurity / net The need to secure your Web servers has never been higher. In the past, many people worried about potential damage to their company's reputation should their site be broken into. After all, a defacement negatively affects not only a Web site but also a company's public image. But there's another more dangerous aspect to keep in mind: Your site might be turned into a vicious attack vector, making you responsible for damaging any number of innocent peoples' computers. Anyone with a public-facing Web site has a serious responsibility to protect its visitors. And if you're hosting other peoples' Web sites, your level of responsibility is exponentially higher. A case in point that clearly demonstrates the need for vigilance is the relatively new MPack tool--not to be confused with the compression software of the same name. MPack is an automated, intelligent, server-based attack tool that is being used to infect untold numbers of computers. It's basically like Metasploit, except that targets are pushed towards MPack en masse. The tool is PHP-based and is a flexible attack platform complete with a back-end management and monitoring interface. The server components are used to deliver exploit payloads to browsers, and people place links to an MPack server into Web pages all over the Internet. The primary motive of MPack is to generate income through criminal activity. Its creators have been selling the tool for about $700 since at least December 2006 along with attack modules that evolve as new attack types become possible. According to Panda Labs, new modules cost anywhere from $50 to $150 depending on the level of exploitation a module can carry out. Recently, intruders using MPack established domains to host Web sites to contain links to attack code and broke into numerous Web hosting accounts (and quite possibly privately operated Web sites) to include attack code in the pages of those unsuspecting, compromised Web sites. The attack code typically consists of IFRAME tags that tell a visitor's browser to load a malicious Web page inside an existing Web page. The browser can be instructed to load a malicious Web page without the user having to take any action other than to visit the compromised Web site, and the IFRAME can be coded to not even be noticeable on the compromised site. So the visitor might remain completely unaware that exploitation is taking place. The malicious Web page contains code that, when run, can determine the visitor's OS and browser type and then deliver corresponding exploit code. Code exists to exploit Windows, Linux, BSD, and Mac OS systems as well as at least seven browsers and various components, such as Apple QuickTime, WinZip, and other common tools. MPack can also be made to instruct a vulnerable computer to download malicious files. From there, a huge range of possibilities opens up. Panda Labs reports that one Web server recently inspected contains 7,644 Web pages infected with links to MPack-based exploits. Exactly how many sites and pages have been infected remains unknown; however one trusted source told me that at least one major hosting company (which I won't name) found that its servers were compromised through a combination of exploits, and as a result, a large number of index.php files were overwritten to contain exploits based on MPack. In that incident, I was able to take a look at several of the affected sites because I know the operators of those sites. The intruders made a puzzling choice to completely overwrite every file that contained the string "index" with a simple IFRAME tag to launch exploits. Since all the index pages for the affected sites suddenly started showing up empty, the break-in became obvious sooner rather than later. I have no idea why the intrusion was made so obvious. Had the intruders inserted an IFRAME tag into existing HTML instead of overwriting pages entirely, the intrusion could have gone undetected for a very long time, and the number of infected computers would have risen tremendously. If you're interested in more details about MPack, Panda Labs published a detailed analysis of the MPack attack platform, available at the URL below in PDF format. http://list.windowsitpro.com/t?ctl=5BC20:57B62BBB09A692792C2D52B49BBB78C8 === SPONSOR: St. Bernard Software ============================== Keep Unsecured Machines Off Your Network Tune into the hottest up-to-date network security protection through this exclusive podcast featuring Windows IT Pro editor Karen Forster and Microsoft's Ian Hameroff. Learn how Network Access Control (NAC) and Network Access Protection (NAP) work and what technologies are involved, as well as what third-party products are poised to work with these technologies. http://list.windowsitpro.com/t?ctl=5BC1D:57B62BBB09A692792C2D52B49BBB78C8 === SECURITY NEWS AND FEATURES ================================= Latest ZLOB Plays on People's Desire for Online Video While ZLOB has been tracked in more than 1,000 renditions since late 2005, several security firms reported that the latest ZLOB outbreak takes social engineering to a new extreme to lure people into its trap. http://list.windowsitpro.com/t?ctl=5BC28:57B62BBB09A692792C2D52B49BBB78C8 HP to Provide Web Application Security HP will acquire SPI Dynamics, maker and provider of Web application security assessment software and services. http://list.windowsitpro.com/t?ctl=5BC27:57B62BBB09A692792C2D52B49BBB78C8 PatchLink Moves to Unify Protection and Control PatchLink will acquire SecureWave, thereby taking another step towards unified protection and control. http://list.windowsitpro.com/t?ctl=5BC29:57B62BBB09A692792C2D52B49BBB78C8 Recent Security Vulnerabilities If you subscribe to this newsletter, you also receive Security Alerts, which inform you about recently discovered security vulnerabilities. You can also find information about these discoveries at http://list.windowsitpro.com/t?ctl=5BC22:57B62BBB09A692792C2D52B49BBB78C8 === SPONSOR: Qualys ============================================ Automated GLBA Security Compliance: Free Report Compliance and knowledge of every aspect of the GLBA is mandatory. Through web services, on demand security is automated and immediate compliance to the GLBA safeguard guidelines is achieved. Learn how comprehensive GLBA compliance is managed through internal and external audits. http://list.windowsitpro.com/t?ctl=5BC2B:57B62BBB09A692792C2D52B49BBB78C8 === GIVE AND TAKE ============================================== SECURITY MATTERS BLOG: Hack the Beta--Win a Game Box by Mark Joseph Edwards, http://list.windowsitpro.com/t?ctl=5BC2F:57B62BBB09A692792C2D52B49BBB78C8 Here's an opportunity to put a beta security product through the wringer and possibly win one of several game boxes in the process. http://list.windowsitpro.com/t?ctl=5BC1E:57B62BBB09A692792C2D52B49BBB78C8 FAQ: Preparing AD for Exchange 2007 by John Savill, http://list.windowsitpro.com/t?ctl=5BC2D:57B62BBB09A692792C2D52B49BBB78C8 Q: How do I manually prepare my AD forest and domain for Exchange Server 2007? Find the answer at http://list.windowsitpro.com/t?ctl=5BC2A:57B62BBB09A692792C2D52B49BBB78C8 FROM THE FORUM: Preventing Power Users from Creating Shares A forum participant wants to disallow power users from creating or modifying shares. He's looked through Group Policy Objects (GPOs) and can't find a way to remove the Shares snap-in under Computer Management or just lock it out. If prevention isn't possible, is there a way to turn on auditing for share creation? To join the discussion, go to http://list.windowsitpro.com/t?ctl=5BC1A:57B62BBB09A692792C2D52B49BBB78C8 SHARE YOUR SECURITY TIPS AND GET $100 Share your security-related tips, comments, or problems and solutions in Security Pro VIP's Reader to Reader column. Email your contributions to r2r@private If we print your submission, you'll get $100. We edit submissions for style, grammar, and length. === PRODUCTS =================================================== by Renee Munshi, products@private Continuous Authentication and Encryption 2factor announced Real Privacy Management (RPM), a two-factor private-key software solution that can be deployed standalone or inside a software application, device, or chip. RPM continuously generates new 256-bit secret keys that are used to mutually authenticate each party and to encrypt/decrypt every data transmission in real time. 2factor also announced SecureWeb, a small auto-loading applet that invokes a secure instance of the user's default browser. SecureWeb runs RPM to authenticate and encrypt sensitive transactions. For more information, go to http://list.windowsitpro.com/t?ctl=5BC33:57B62BBB09A692792C2D52B49BBB78C8 WANTED: your reviews of products you've tested and used in production. Send your experiences and ratings of products to whatshot@private and get a Best Buy gift certificate. === RESOURCES AND EVENTS ======================================= For more security-related resources, visit http://list.windowsitpro.com/t?ctl=5BC2C:57B62BBB09A692792C2D52B49BBB78C8 Black Hat USA 2007, July 28-August 2 in Las Vegas, is the world's premier technical event for ICT security experts. Choose from 30 hands- on training courses and 90 briefings presentations with lots of new content and new tools. Network with 4,000 delegates from 70 nations. Visit product displays by 30 top sponsors in a relaxed setting. http://list.windowsitpro.com/t?ctl=5BC32:57B62BBB09A692792C2D52B49BBB78C8 Improve the security of Linux and UNIX computers by letting them authenticate and authorize users through Microsoft Active Directory. This white paper shows how you can lower costs, improve security, simplify user account management, and demonstrate compliance with regulatory requirements. http://list.windowsitpro.com/t?ctl=5BC1F:57B62BBB09A692792C2D52B49BBB78C8 Gain control over the growing amount of file data in your enterprise. Learn how file area networks can help you centralize file consolidation, migration, replication, and failover. Download this eBook and start streamlining your file management projects today! http://list.windowsitpro.com/t?ctl=5BC21:57B62BBB09A692792C2D52B49BBB78C8 === FEATURED WHITE PAPER ======================================= One of the main concerns in the IT industry today is security. This white paper, written by Microsoft MVP for Terminal Services Claudio Rodrigues, takes a deep look at security concerns, the available solutions, their drawbacks, and a new complementary way of addressing today's security issues. http://list.windowsitpro.com/t?ctl=5BC1C:57B62BBB09A692792C2D52B49BBB78C8 === ANNOUNCEMENTS ============================================== Introducing a Unique Exchange and Outlook Resource Exchange & Outlook Pro VIP is an online information center that delivers new articles every week on messaging topics such as administration, migration, security, and performance. Subscribers also receive tips, cautionary advice, direct access to our editors, and a host of other benefits. Order now at an exclusive charter rate and save up to $50! http://list.windowsitpro.com/t?ctl=5BC24:57B62BBB09A692792C2D52B49BBB78C8 Special Invitation for VIP Access Become a VIP subscriber and get continuous inside access to all the content published in Windows IT Pro, SQL Server Magazine, Exchange & Outlook Pro VIP, Scripting Pro VIP, and Security Pro VIP. Subscribe now! http://list.windowsitpro.com/t?ctl=5BC23:57B62BBB09A692792C2D52B49BBB78C8 ================================================================ Security UDPATE is brought to you by the Windows IT Pro Web site's Security page (first URL below) and Security Pro VIP (second URL below). http://list.windowsitpro.com/t?ctl=5BC2E:57B62BBB09A692792C2D52B49BBB78C8 http://list.windowsitpro.com/t?ctl=5BC31:57B62BBB09A692792C2D52B49BBB78C8 Subscribe to Security UPDATE at http://list.windowsitpro.com/t?ctl=5BC26:57B62BBB09A692792C2D52B49BBB78C8 Be sure to add Security_UPDATE@private to your antispam software's list of allowed senders. To contact us: About Security UPDATE content -- letters@private About technical questions -- http://list.windowsitpro.com/t?ctl=5BC30:57B62BBB09A692792C2D52B49BBB78C8 About your product news -- products@private About your subscription -- windowsitproupdate@private About sponsoring Security UPDATE -- salesopps@private View the Windows IT Pro privacy policy at http://list.windowsitpro.com/t?ctl=5BC25:57B62BBB09A692792C2D52B49BBB78C8 Windows IT Pro, a division of Penton Media, Inc. 221 East 29th Street, Loveland, CO 80538 Attention: Customer Service Department Copyright 2007, Penton Media, Inc. All rights reserved. _____________________________________________________ Attend Black Hat USA, July 28-August 2 in Las Vegas, the world's premier technical event for ICT security experts. Featuring 30 hands-on training courses and 90 Briefings presentations with lots of new content and new tools. Network with 4,000 delegates from 70 nations. Visit product displays by 30 top sponsors in a relaxed setting. Rates increase on June 1 so register today. http://www.blackhat.com
This archive was generated by hypermail 2.1.3 : Wed Jun 27 2007 - 22:14:33 PDT