Forwarded with permission from: Security UPDATE <Security_UPDATE (at) list.windowsitpro.com> === CONTENTS =================================================== IN FOCUS: Untangle Security Suite Is Free for All NEWS AND FEATURES - BSA's New Million Dollar Reward? - New Trojan Heckles While It Works - MySpace Profiles Propagate Flux Bot - Recent Security Vulnerabilities GIVE AND TAKE - Security Matters Blog: Trojan.Srizbi in the Kernel - FAQ: Finding Vista's DLL Cache - Free Black Hat Briefings Show Passes! - Innovators Contests Reward Ingenious IT Solutions! - Share Your Security Tips PRODUCTS - Disk Eraser Supports Vista - Wanted: Your Reviews of Products RESOURCES AND EVENTS FEATURED WHITE PAPER ANNOUNCEMENTS === SPONSOR: Qualys ============================================ Unify Operational Security and Policy Compliance Different business units focus on different aspects of the total problem. Learn how an organization can centralize compliance management throughout the organization and in effect eliminate one-off inefficient solutions for each individual area of compliance. http://list.windowsitpro.com/t?ctl=5D90D:57B62BBB09A692791642447F9ECE4A4A === IN FOCUS: Untangle Security Suite Is Free for All ============= by Mark Joseph Edwards, News Editor, mark at ntsecurity / net Late last year, Metavize changed its name to Untangle and launched a new strategy for marketing its products, offering its unified threat management (UTM) solutions free of charge to companies with 10 or fewer employees. Untangle offered its solutions to larger companies for $75 per month. But the company will now give the software to anyone for free. The company will base its revenue on support packages along with "a set of premium products like additional applications, and additional functionality that extends the platform under a commercial license. So while the platform and most applications are free, we're selling applications like Remote Access Portal (an SSL VPN) or additional platform functionality like Active Directory integration and policy management," wrote Dirk Morris, founder and CTO at Untangle. This means that you have absolutely no excuse not to have a decent gateway security platform protecting your network. You can now get your hands on a unified platform of 12 vital security tools with no software acquisition cost. The platform filters email for spam, spyware, phishing scams, viruses, and other attacks and filters Web content. It also includes a firewall, intrusion prevention system (IPS), protocol controls, VPN, routing, and reporting. The tools are based on tried and tested open source solutions, such as Snort, SpamAssassin, Vipul's Razor, Clam AntiVirus (ClamAV), and OpenVPN. Although you can easily get any of those tools and more on your own, Untangle makes them available in a customized unified platform, which is definitely an advantage. If you want to buy Untangle's support and other tools such as Active Directory (AD) integration, prices are based on the number of users you need to support. The company maintains a forum, mailing list, and wiki to help you network with other users of the tools. Untangle also offers preinstalled server appliances if you want to go that route. Overall, I think Untangle's offer is affordable and attractive. If you're interested, take a look at the demos and screen shots at the first URL below. The GUI demo is especially helpful. It requires Java to run, and it lets you log on to a live demo server running on Untangle's network, so you can go through every aspect of the management interface and get a feel for using the platform. If you'd rather watch a Flash video demo of the interface, see the second URL below. http://list.windowsitpro.com/t?ctl=5D902:57B62BBB09A692791642447F9ECE4A4A http://list.windowsitpro.com/t?ctl=5D91D:57B62BBB09A692791642447F9ECE4A4A To get a more thorough overview of the applications, visit the first URL below. If you want to try the platform, go to the second URL below, where you can download an ISO image that lets you make an installation CD-ROM, or you can order a CD-ROM and Untangle will ship it to you for free. You can also get the source code in an installable ISO format, as a tarball, or via Subversion. Go to the third URL below and look for the Get the Code section in the Developers box on the left. http://list.windowsitpro.com/t?ctl=5D909:57B62BBB09A692791642447F9ECE4A4A http://list.windowsitpro.com/t?ctl=5D904:57B62BBB09A692791642447F9ECE4A4A http://list.windowsitpro.com/t?ctl=5D905:57B62BBB09A692791642447F9ECE4A4A === SPONSOR: BeyondTrust ======================================= Eliminate the Achilles Heel of the Desktop - Admin Rights BeyondTrust enables users without administrative privileges to run all required applications, processes and ActiveX controls. By removing the need to grant end users administrative rights, IT departments can eliminate what is otherwise the Achilles heel of the desktop - end users with administrative power that can be exploited by malware and malicious users to change security settings, disable other security solutions such as anti-virus and more. Free Download! http://list.windowsitpro.com/t?ctl=5D903:57B62BBB09A692791642447F9ECE4A4A === SECURITY NEWS AND FEATURES ================================= BSA's New Million Dollar Reward? Business Software Alliance--an organization that goes after companies that violate software licenses--said it will offer up to $1 million for qualified piracy reports. But don't start planning your earlier retirement just yet. http://list.windowsitpro.com/t?ctl=5D917:57B62BBB09A692791642447F9ECE4A4A New Trojan Heckles While It Works PandaLabs reported the discovery of a new Trojan that talks as it destroys your system. http://list.windowsitpro.com/t?ctl=5D918:57B62BBB09A692791642447F9ECE4A4A MySpace Profiles Propagate Flux Bot MySpace profile pages are once again being used to launch malicious code. This time the code turns a computer into a member of a botnet by installing FluxBot, also known as Fast Flux. http://list.windowsitpro.com/t?ctl=5D915:57B62BBB09A692791642447F9ECE4A4A Recent Security Vulnerabilities If you subscribe to this newsletter, you also receive Security Alerts, which inform you about recently discovered security vulnerabilities. You can also find information about these discoveries at http://list.windowsitpro.com/t?ctl=5D90C:57B62BBB09A692791642447F9ECE4A4A === SPONSOR: Double-Take Software ============================== Recovery Made Easy. On-Demand Webinar: Tying Together Virtualization, Replication and WAN Acceleration for Better Business Continuity In this discussion, industry experts from VMware, Double-Take Software, and Silver Peak discuss how virtualization, data replication and WAN acceleration technologies can be easily combined to form a complementary solution for an effective end-to-end disaster recovery solution. http://list.windowsitpro.com/t?ctl=5D900:57B62BBB09A692791642447F9ECE4A4A === GIVE AND TAKE ============================================== SECURITY MATTERS BLOG: Trojan.Srizbi in the Kernel by Mark Joseph Edwards, http://list.windowsitpro.com/t?ctl=5D91C:57B62BBB09A692791642447F9ECE4A4A Have you read about the Srizbi Trojan? It runs in kernel mode and is supposedly a bit difficult to remove. http://list.windowsitpro.com/t?ctl=5D907:57B62BBB09A692791642447F9ECE4A4A FAQ: Finding Vista's DLL Cache by John Savill, http://list.windowsitpro.com/t?ctl=5D91A:57B62BBB09A692791642447F9ECE4A4A Q: Where is the Windows File Protection dllcache folder in Vista? Find the answer at http://list.windowsitpro.com/t?ctl=5D916:57B62BBB09A692791642447F9ECE4A4A FREE BLACK HAT BRIEFINGS SHOW PASSES! Includes all Black Hat Briefings sessions August 1-2 at Caesar's Palace in Las Vegas, materials, meals, receptions, and exhibits. Does not include travel and lodging, Training sessions July 28-31, or DEFCON admission. Two tickets available. $1495 value--first come, first served. E-mail mevans@private INNOVATORS CONTESTS REWARD INGENIOUS IT SOLUTIONS! If you've developed a creative IT solution to a tough business problem, you deserve recognition for your achievement! Enter your solution in either the Windows IT Pro or SQL Server Magazine Innovators contests, and if you win, your solution will be showcased in one of the Windows IT Pro publications--plus you could win a trip to Windows or SQL Server Connections in Las Vegas this November. Contest runs through August 1, 2007--so enter today by clicking one of the links below. Click here for the Windows IT Pro Innovators contest: http://list.windowsitpro.com/t?ctl=5D913:57B62BBB09A692791642447F9ECE4A4A Click here for the SQL Server Magazine Innovators contest: http://list.windowsitpro.com/t?ctl=5D914:57B62BBB09A692791642447F9ECE4A4A Click these links to read about past winners of Innovators awards: "2006: A Great Year for Windows IT Innovation" http://list.windowsitpro.com/t?ctl=5D90A:57B62BBB09A692791642447F9ECE4A4A "SQL Server Pros Keep On Innovating" http://list.windowsitpro.com/t?ctl=5D912:57B62BBB09A692791642447F9ECE4A4A SHARE YOUR SECURITY TIPS AND GET $100 Share your security-related tips, comments, or problems and solutions in Security Pro VIP's Reader to Reader column. Email your contributions to r2r@private If we print your submission, you'll get $100. We edit submissions for style, grammar, and length. === PRODUCTS =================================================== by Renee Munshi, products@private Disk Eraser Supports Vista Paragon Software Group announced the release of Disk Wiper 8.5, which erases confidential personal or corporate information from hard disks when you need to retire or upgrade them. Version 8.5 works with Windows Vista and supports virtual operations and file system integrity-checking. A script generator stores the sequence of virtual operations to be performed, thereby letting you automate disk wiping. Disk Wiper 8.5 supports 10 disk sanitization methods, including the US Department of Defense DoD 5220.22-M and US Navy NAVSO P-5239-26 standards. For more information, go to http://list.windowsitpro.com/t?ctl=5D91F:57B62BBB09A692791642447F9ECE4A4A WANTED: your reviews of products you've tested and used in production. Send your experiences and ratings of products to whatshot@private and get a Best Buy gift certificate. === RESOURCES AND EVENTS ======================================= For more security-related resources, visit http://list.windowsitpro.com/t?ctl=5D919:57B62BBB09A692791642447F9ECE4A4A Storage demands are continuing to grow throughout the IT landscape. For an effective solution, IT is turning to Windows file server and storage consolidation. Explore how to save money by using existing hardware, how to implement a scalable NAS cluster based on a shared data framework, and how to leverage your existing network infrastructure and management processes using a shared date architecture. http://list.windowsitpro.com/t?ctl=5D906:57B62BBB09A692791642447F9ECE4A4A Migrating to a new OS? Make sure you don't overlook any of the necessary steps, from converting applications to MSI packages to customizing them to fit corporate standards. Join us for this free on- demand Web seminar. http://list.windowsitpro.com/t?ctl=5D901:57B62BBB09A692791642447F9ECE4A4A More and more companies are deploying storage area networks (SANs) as storage needs continue to proliferate. SANs offer many unique capabilities that improve data protection, performance, and scaling and reduce storage management time. This Web seminar reviews best practices for deploying SQL Server in an intelligent iSCSI SAN and shows how an iSCSI SAN provides dramatic improvements in deploying, optimizing, backing up, and recovering SQL databases. http://list.windowsitpro.com/t?ctl=5D90B:57B62BBB09A692791642447F9ECE4A4A === FEATURED WHITE PAPER ======================================= File fragmentation is a serious problem. As a disk becomes fragmented, the workload on the OS and hardware increases. It becomes more difficult for applications to read and write data, file corruption becomes a distinct possibility, the computer's performance degrades, and its reliability is endangered. In this white paper we look at the effect of disk defragmentation on your users. http://list.windowsitpro.com/t?ctl=5D908:57B62BBB09A692791642447F9ECE4A4A === ANNOUNCEMENTS ============================================== Windows IT Pro--Buy 1, Get 1 With Windows IT Pro's real-life solutions, news, tips, tricks, AND access to over 10,000 articles online, subscribing is like hiring your very own team of Windows consultants. Subscribe now, and get 2 years for the price of 1! http://list.windowsitpro.com/t?ctl=5D90E:57B62BBB09A692791642447F9ECE4A4A Got a Tough Exchange or Outlook Question? Exchange & Outlook Pro VIP is the new online resource with in-depth articles on administration, migration, security, and performance. Subscribers get direct access to our top-flight editors, so subscribe and receive personalized solutions to your toughest technical questions. Beats a support call to Microsoft, so subscribe now! http://list.windowsitpro.com/t?ctl=5D90F:57B62BBB09A692791642447F9ECE4A4A ================================================================ Security UDPATE is brought to you by the Windows IT Pro Web site's Security page (first URL below) and Security Pro VIP (second URL below). http://list.windowsitpro.com/t?ctl=5D91B:57B62BBB09A692791642447F9ECE4A4A http://list.windowsitpro.com/t?ctl=5D920:57B62BBB09A692791642447F9ECE4A4A Subscribe to Security UPDATE at http://list.windowsitpro.com/t?ctl=5D911:57B62BBB09A692791642447F9ECE4A4A Be sure to add Security_UPDATE@private to your antispam software's list of allowed senders. To contact us: About Security UPDATE content -- letters@private About technical questions -- http://list.windowsitpro.com/t?ctl=5D91E:57B62BBB09A692791642447F9ECE4A4A About your product news -- products@private About your subscription -- windowsitproupdate@private About sponsoring Security UPDATE -- salesopps@private View the Windows IT Pro privacy policy at http://list.windowsitpro.com/t?ctl=5D910:57B62BBB09A692791642447F9ECE4A4A Windows IT Pro, a division of Penton Media, Inc. 221 East 29th Street, Loveland, CO 80538 Attention: Customer Service Department Copyright 2007, Penton Media, Inc. All rights reserved. _____________________________________________________ Attend Black Hat USA, July 28-August 2 in Las Vegas, the world's premier technical event for ICT security experts. Featuring 30 hands-on training courses and 90 Briefings presentations with lots of new content and new tools. Network with 4,000 delegates from 70 nations. Visit product displays by 30 top sponsors in a relaxed setting. Rates increase on June 1 so register today. http://www.blackhat.com
This archive was generated by hypermail 2.1.3 : Thu Jul 12 2007 - 03:09:47 PDT