Forwarded with permission from: Security UPDATE <Security_UPDATE (at) list.windowsitpro.com> PLEASE VISIT OUR SPONSORS, WHO BRING YOU SECURITY UPDATE FOR FREE: Filtering the Spectrum of Internet Threats http://list.windowsitpro.com/t?ctl=5F7AC:57B62BBB09A69279CE595C847DD6A4C3 Automated GLBA Security Compliance: Free Report http://list.windowsitpro.com/t?ctl=5F7BB:57B62BBB09A69279CE595C847DD6A4C3 ALERT: Web 2.0 Hacking - Attack Scenarios and Examples - White Paper http://list.windowsitpro.com/t?ctl=5F7B1:57B62BBB09A69279CE595C847DD6A4C3 === CONTENTS =================================================== IN FOCUS: Microsoft's DRM Cracked Again NEWS AND FEATURES - Symantec Releases AntiBot to Fight Bot Infection - Mozilla Releases Firefox 2.0.0.5 - Recent Security Vulnerabilities GIVE AND TAKE - Security Matters Blog: How Does Your Company Stack Up with ISO 27001? - FAQ: Viewing the Owner of a File from PowerShell - Share Your Security Tips PRODUCTS - Manage Your Passwords for Hard Drive Encryption - Wanted: Your Reviews of Products RESOURCES AND EVENTS FEATURED WHITE PAPER ANNOUNCEMENTS === SPONSOR: St. Bernard Software ============================== Filtering the Spectrum of Internet Threats Examine the threats of allowing unwanted or offensive content into your network and learn about the technologies and methodologies to defend against inappropriate content, spyware, IM, and P2P. Download this free white paper now! http://list.windowsitpro.com/t?ctl=5F7AC:57B62BBB09A69279CE595C847DD6A4C3 === IN FOCUS: Microsoft's DRM Cracked Again ============= by Mark Joseph Edwards, News Editor, mark at ntsecurity / net It's happened before, it happened last week, and it will happen again in the future. Digital Rights Management (DRM) is destined to perpetually remain a vulnerable target because no one writes flawless code and hackers are incredibly persistent in tracking down flaws. Last week, a person using the nickname Divine Tao posted a message about a new DRM crack to the Doom9 forum--a place where media enthusiasts share information about digital media conversion techniques. The Doom9 site bills itself as "the definitive DVD backup resource." In the message (at the URL below), Divine Tao "introduces a new tool for uncovering the individual keys from Microsoft's DRM blackbox components (IBX), up to version 11.0.6000.6324. Lacking the source code to the extant programs, I can only offer this output of my own efforts." Divine Tao then includes several links to download the tool at various mirror sites. Other participants in the forum confirm that the tool works to get around Microsoft's DRM on both Vista and Windows XP. http://list.windowsitpro.com/t?ctl=5F7BE:57B62BBB09A69279CE595C847DD6A4C3 You might recall that previous efforts to crack Microsoft's DRM resulted in a tool called FairUse4WM that was published in August 2006. Soon after the release of the tool, Microsoft released software updates that prevented it from working. This latest crack provides an update to FairUse4WM that makes it work again. Of course, Microsoft will probably release another update to patch whatever flaws are being exploited now. Microsoft filed suit last year after the release of FairUse4WM seeking to discover who the developer of the tool is. However, the company apparently dropped that suit. Incidentally, the person who originally published FairUse4WM used the nickname "viodentia," and as observers have pointed out, "Divine Tao" happens to be an anagram of that name. So someone might be playing mind games with Microsoft, or maybe the same person released both tools. Some companies, such as Apple and EMI, have started releasing unprotected copyrighted media content at a slightly higher price that many people seem willing to pay. Selling unprotected content for an extra cost seems like a reasonable approach to a problem nagging a lot of video and music fans. Fair use arguments aside, most readers of this newsletter probably don't have to worry about their content being potentially put at risk by this latest FairUse4WM tool release. However, you probably don't want a tool such as FairUse4WM on your network for liability reasons. Therefore, you should try to ensure that the tool doesn't become stored on your computers and used for illegal purposes. So head over to Doom9, get a copy of the tool, build MD5 checksums or other file identification information, and scan your systems for signs that the tool might be present. Or use your existing security tools and policy compliance solutions to accomplish the same thing. === SPONSOR: Qualys ============================================ Automated GLBA Security Compliance: Free Report Compliance and knowledge of every aspect of the GLBA is mandatory. Through web services, on demand security is automated and immediate compliance to the GLBA safeguard guidelines is achieved. Learn how comprehensive GLBA compliance is managed through internal and external audits. http://list.windowsitpro.com/t?ctl=5F7BB:57B62BBB09A69279CE595C847DD6A4C3 === SECURITY NEWS AND FEATURES ================================= Symantec Releases AntiBot to Fight Bot Infection Symantec's latest tool, AntiBot, monitors system behavior to detect telltale signs of bot activity. http://list.windowsitpro.com/t?ctl=5F7BA:57B62BBB09A69279CE595C847DD6A4C3 Mozilla Releases Firefox 2.0.0.5 The latest release fixes eight security problems, and Mozilla strongly recommends that everyone install it as soon as possible. http://list.windowsitpro.com/t?ctl=5F7B7:57B62BBB09A69279CE595C847DD6A4C3 Recent Security Vulnerabilities If you subscribe to this newsletter, you also receive Security Alerts, which inform you about recently discovered security vulnerabilities. You can also find information about these discoveries at http://list.windowsitpro.com/t?ctl=5F7B2:57B62BBB09A69279CE595C847DD6A4C3 === SPONSOR: SPI Dynamics ====================================== ALERT: Web 2.0 Hacking - Attack Scenarios and Examples - White Paper Web 2.0 Apps provide hackers with a wealth of information they can use to formulate attacks. XSS, Web App Worms and Feed Injection attacks have become even more dangerous now. Download this SPI Dynamics white paper. http://list.windowsitpro.com/t?ctl=5F7B1:57B62BBB09A69279CE595C847DD6A4C3 === GIVE AND TAKE ============================================== SECURITY MATTERS BLOG: How Does Your Company Stack Up with ISO 27001? by Mark Joseph Edwards, http://list.windowsitpro.com/t?ctl=5F7C0:57B62BBB09A69279CE595C847DD6A4C3 ISO 27001 is a standard for security techniques and information security management systems. Wondering how your company compares to the standards and to other companies? Take a survey and find out. http://list.windowsitpro.com/t?ctl=5F7B9:57B62BBB09A69279CE595C847DD6A4C3 FAQ: Viewing the Owner of a File from PowerShell by John Savill, http://list.windowsitpro.com/t?ctl=5F7BD:57B62BBB09A69279CE595C847DD6A4C3 Q: How can I view the owner for a file from PowerShell? Find the answer at http://list.windowsitpro.com/t?ctl=5F7B8:57B62BBB09A69279CE595C847DD6A4C3 SHARE YOUR SECURITY TIPS AND GET $100 Share your security-related tips, comments, or problems and solutions in Security Pro VIP's Reader to Reader column. Email your contributions to r2r@private If we print your submission, you'll get $100. We edit submissions for style, grammar, and length. === PRODUCTS =================================================== by Renee Munshi, products@private Manage Your Passwords for Hard Drive Encryption Access Smart announced an alliance with PC Dynamics to integrate Access Smart's Power LogOn Password Manager and Password Administrator with PC Dynamics' SafeHouse data privacy software. With the SafeHouse software, users can encrypt a portion of their hard drive to use for confidential data. Power LogOn stores the password for the hard drive encryption, and other passwords, encrypted on a smart card. SafeHouse retails for $39.99. Power LogOn Password Manager and a smart card start at $53 with volume discounts available. For more information about Access Smart, go to the first URL below. For more information about PC Dynamics, go to the second URL below. http://list.windowsitpro.com/t?ctl=5F7C3:57B62BBB09A69279CE595C847DD6A4C3 http://list.windowsitpro.com/t?ctl=5F7C4:57B62BBB09A69279CE595C847DD6A4C3 WANTED: your reviews of products you've tested and used in production. Send your experiences and ratings of products to whatshot@private and get a Best Buy gift certificate. === RESOURCES AND EVENTS ======================================= For more security-related resources, visit http://list.windowsitpro.com/t?ctl=5F7BC:57B62BBB09A69279CE595C847DD6A4C3 Learn how to effectively achieve ROI with your log management system in a matter of months without costly or daunting investments. This Web seminar addresses how to ensure that your organization gets the most out of its log management investment, key requirements and architectural differences to consider when you're looking at solutions, and caveats and risks to be on watch for as you spec out your requirements and design. http://list.windowsitpro.com/t?ctl=5F7AD:57B62BBB09A69279CE595C847DD6A4C3 IT departments tend to spend a lot of time and energy on creating and managing firewall rules and router tables while overlooking a direct channel between the Internet and computers on the corporate network. When no filtering solution is in place, this connection is managed entirely by the user. But can you really trust your users to make the right decisions? Here are five steps to building a world-class end-to- end Web filtering solution. http://list.windowsitpro.com/t?ctl=5F7B0:57B62BBB09A69279CE595C847DD6A4C3 Learn how Symantec and IBM deliver a comprehensive archiving solution for email, files, instant messages, databases, and VoIP, as well as many other document formats, while helping you reduce storage costs and simplifying management. Understand the challenges surrounding an Exchange environment and the Symantec and IBM capabilities to solve them. http://list.windowsitpro.com/t?ctl=5F7AF:57B62BBB09A69279CE595C847DD6A4C3 === FEATURED WHITE PAPER ======================================= Increase customer confidence with the latest breakthrough in online security: Extended Validation SSL. Extended Validation triggers a green address bar in Microsoft Internet Explorer 7.0 that proves site identity. Learn how to get the green bar and higher sales by reading the technical white paper "Maximizing Site Visitor Trust Using Extended Validation SSL." http://list.windowsitpro.com/t?ctl=5F7AE:57B62BBB09A69279CE595C847DD6A4C3 === ANNOUNCEMENTS ============================================== Windows IT Pro: Buy 1, Get 1 With Windows IT Pro's real-life solutions, news, tips, tricks, AND access to over 10,000 articles online, subscribing is like hiring your very own team of Windows consultants. Subscribe now, and get 2 years for the price of 1! http://list.windowsitpro.com/t?ctl=5F7B3:57B62BBB09A69279CE595C847DD6A4C3 Got a Tough Exchange or Outlook Question? Rely on Exchange & Outlook Pro VIP, the new online resource with in- depth articles on administration, migration, security, and performance. Subscribers get direct access to our top-flight editors, so subscribe and receive personalized solutions to your toughest technical questions. It beats a support call to Microsoft! http://list.windowsitpro.com/t?ctl=5F7B4:57B62BBB09A69279CE595C847DD6A4C3 ================================================================ Security UDPATE is brought to you by the Windows IT Pro Web site's Security page (first URL below) and Security Pro VIP (second URL below). http://list.windowsitpro.com/t?ctl=5F7BF:57B62BBB09A69279CE595C847DD6A4C3 http://list.windowsitpro.com/t?ctl=5F7C2:57B62BBB09A69279CE595C847DD6A4C3 Subscribe to Security UPDATE at http://list.windowsitpro.com/t?ctl=5F7B6:57B62BBB09A69279CE595C847DD6A4C3 Be sure to add Security_UPDATE@private to your antispam software's list of allowed senders. To contact us: About Security UPDATE content -- letters@private About technical questions -- http://list.windowsitpro.com/t?ctl=5F7C1:57B62BBB09A69279CE595C847DD6A4C3 About your product news -- products@private About your subscription -- windowsitproupdate@private About sponsoring Security UPDATE -- salesopps@private View the Windows IT Pro privacy policy at http://list.windowsitpro.com/t?ctl=5F7B5:57B62BBB09A69279CE595C847DD6A4C3 Windows IT Pro, a division of Penton Media, Inc. 221 East 29th Street, Loveland, CO 80538 Attention: Customer Service Department Copyright 2007, Penton Media, Inc. All rights reserved. _____________________________________________________ Attend Black Hat USA, July 28-August 2 in Las Vegas, the world's premier technical event for ICT security experts. Featuring 30 hands-on training courses and 90 Briefings presentations with lots of new content and new tools. Network with 4,000 delegates from 70 nations. Visit product displays by 30 top sponsors in a relaxed setting. Rates increase on June 1 so register today. http://www.blackhat.com
This archive was generated by hypermail 2.1.3 : Thu Jul 26 2007 - 00:19:17 PDT