[ISN] Security UPDATE -- Browser History: What Happened? -- April 27, 2005

InfoSec News isn at c4i.org
Fri Apr 29 05:27:11 EDT 2005


This email newsletter comes to you free and is supported by the 
following advertisers, which offer products and services in which 
you might be interested. Please take a moment to visit these 
advertisers' Web sites and show your support for Security UPDATE. 

Simplify Software, Desktop and Server Management

Phishing, viruses, bot-nets and more: How to prevent the "Perfect 
Storm" from devastating your email system


1. In Focus - Browser History: What Happened?

2. Security News and Features
   - Recent Security Vulnerabilities
   - Firefox 1.0.3--Nine Security Fixes
   - Credit Card Companies to Enforce Payment Card Industry Standard
   - Putting OpenVPN to Work

3. Security Toolkit
   - Security Matters Blog
   - FAQ
   - Security Forum Featured Thread

4. New and Improved
   - Fast Security


==== Sponsor: KACE ====

Simplify Software, Desktop and Server Management
   KBOX by KACE is a simple, affordable solution that delivers complete 
inventory, software deployment, patch management, software update, 
reporting and more. Finally there's a complete solution that lets you 
act on your information. It's all in the (K)BOX. This self-contained 
appliance is a snap to implement and use and costs less than you'd 
expect. Find out why leading companies are choosing KBOX by KACE every 
day and learn how you can take advantage of our 45-day return policy 
that guarantees your satisfaction.


==== 1. In Focus - Browser History: What Happened? ====
   by Mark Joseph Edwards, News Editor, mark at ntsecurity / net

Occasionally, you might need to trace a user's Web-browsing path. 
Manual forensic analysis, which involves digging through cookie files, 
the browser's cache, and browser history data, isn't easy. 

For a good rundown on forensic analysis of browser activity, you should 
consider reading "Web Browser Forensics, Part 1," by Keith J. Jones and 
Rohyt Belani of Red Cliff Consulting. The article, published on the 
SecurityFocus Web site, offers a brief usage overview of some very 
useful tools: in particular, Pasco, Internet Explorer History Viewer, 
Web Historian, and Forensic Toolkit.

Pasco is an open-source tool that can be used to reconstruct browser 
use from Microsoft Internet Explorer's (IE's) index.dat files. The 
files contain data such as which URLs were visited and when. Pasco is a 
command-line tool that creates a text-based output file. 

Internet Explorer History Viewer, available from Phillips Ponder, has 
been around for a while. It too can reconstruct IE usage and has the 
added benefits of being able to read Netscape history data and find 
fragments of deleted files in the Windows Recycle Bin. IE History costs 

The free Web Historian, provided by Red Cliff Consulting, is more 
powerful than the previous two tools. It can help you analyze the 
historic usage of Internet Explorer, Mozilla, Firefox, Netscape, Opera, 
and Apple Computer's Safari. 

Forensic Toolkit (FTK), from AccessData, is the most powerful of the 
bunch, and at $995, it better be. It too can reconstruct browser use 
history, but it's also billed as a tool that can perform "complete and 
thorough forensics examinations." Among other tasks, Forensic Toolkit 
can index entire drives, allows quick text searches, and supports more 
than 270 file types. 

Now let's suppose for a minute that you don't want anybody to be able 
to perform such analysis on your systems. For example, if your laptop 
is stolen or lost, do you want whoever ends up with it to be able to 
find out detailed information about you by analyzing your surfing 
habits? To prevent someone else from accessing your data, you could 
implement disk encryption. 

You can also manually delete browser details (IE History and Cache) 
fairly easily, but you have to remember to do that, and you also need 
to erase the disk sectors to ensure that the data can't be recovered. I 
know that many standalone tools can do both these tasks quickly and 
effortlessly. Privacy Eraser is one example (which I haven't yet 

Are any such tools that include centralized management available for an 
enterprise? If you know of any, please send me an email with the 
details or a URL. 


Don't miss a Web chat with Randy Franklin Smith on the topic "The 
Security Event Log: The Unofficial Guide." It will take place May 4, 
12:00 P.M. Eastern (9:00 A.M. Pacific). For more information, go to

And, finally, you have less than one week left to vote for your 
favorite products in Windows IT Pro's annual Readers' Choice Awards. 
Voting ends May 2, so vote now at 


==== Sponsor: Postini ====

Phishing, viruses, bot-nets and more: How to prevent the "Perfect 
Storm" from devastating your email system
   Unfortunately, fragmented appliance-based and software-based anti-
spam solutions operating inside the email gateway can't prevent a 
potentially devastating impact on your email system and users. In this 
free white paper learn how you can protect your email boundary and stop 
attacks with a multi-layered approach that effectively prevents the 
perfect storm from ever reaching your email gateway. Download your copy 


==== 2. Security News and Features ====

Recent Security Vulnerabilities
   If you subscribe to this newsletter, you also receive Security 
Alerts, which inform you about recently discovered security 
vulnerabilities. You can also find information about these 
discoveries at

Firefox 1.0.3--Nine Security Fixes
   Mozilla Organization released Firefox 1.0.3 to correct nine security 
vulnerabilities. Interestingly enough, all the problems corrected in 
the new release relate to vulnerabilities that could be exploited via 

Credit Card Companies to Enforce Payment Card Industry Standard
   Most major credit card companies have adopted the Payment Card 
Industry (PCI) Data Security Standard, which was jointly developed by 
VISA and MasterCard. Adopters of the standard include American Express, 
Diners Club, Discover, and JCB International.

Putting OpenVPN to Work
   You're probably familiar with Microsoft's RRAS VPN solutions, as 
well as commercial VPNs from vendors such as Cisco Systems and Nortel 
Networks, but you might not be aware of an open-source program called 
OpenVPN. Jeff Fellinge explains how to implement OpenVPN in this 
article on our Web site. 


==== Resources and Events ====

Protect the Rest of Your Exchange Infrastructure
   There is more to data protection for Exchange than protecting mail 
and mail servers. In this free Web seminar, you'll learn some methods 
for anticipating, avoiding, and overcoming technical problems that can 
affect your Exchange environment, including corruption or errors in 
Active Directory, DNS problems, configuration errors, service pack 
installation, and more. Register now!

Get Ready for SQL Server 2005 Roadshow in a City Near You
   Get the facts about migrating to SQL Server 2005. SQL Server experts 
will present real-world information about administration, development, 
and business intelligence to help you implement a best-practices 
migration to SQL Server 2005 and improve your database computing 
environment. Attend and receive a 1-year membership to PASS and 1-year 
subscription to SQL Server Magazine. Register now!

Ensure SQL Server High Availability
   In this free Web seminar, discover how to maintain business 
continuity of your IT systems during routine maintenance and unplanned 
disasters. Learn critical factors for establishing a secure and highly 
available environment for SQL Server including overcoming the 
technology barriers that affect SQL Server high availability and 
Microsoft's out-of-the-box high-availability technologies such as 
clustering, log shipping, and replication. Register now!

Configuring Blade Servers for Your Application Needs
   Blade servers pack a lot of function into a small space, conserve 
power, and are flexible. In this free, on-demand Web seminar, industry 
guru David Chernicoff details the best use of 1P, 2P, and 4P 
configurations using single and multiple enclosures; integrating with 
NAS and SAN; and managing the entire enterprise from a single console. 
Register now and take advantage of blade servers' power and 

Discover All You Need to Know About 64-bit Computing in the Enterprise
   In this free, on-demand Web seminar, industry guru Michael Otey 
explores the need for 64-bit computing and looks at the type of 
applications that can make the best use of it. He'll explain why the 
most important factor in the 64-bit platform is increased memory. 
Discover the best platform for high performance and learn how you can 
successfully differentiate, migrate, and manage between 32-bit and 64-
bit technology. Register now!


==== Featured White Paper ====

Get Rapid and Reliable Data and System Recovery
   Even under the best circumstances, performing a bare metal recovery 
from tape is tedious and unreliable. In this free white paper, learn 
how you can achieve unprecedented speed and reliability in recovering 
systems and data.


==== Hot Release ====

Security Event Management – It shouldn't cost a fortune to save a 
   Activeworx Security Center dramatically reduces the time, effort & 
cost required to collect, analyze, report & escalate critical security 
data. Activeworx consolidates multi-vendor security log data - 
providing an affordable solution for detailed event correlation to 
detect both known and unknown threats. Free Trial. 


==== 3. Security Toolkit ==== 

Security Matters Blog 
   by Mark Joseph Edwards, http://list.windowsitpro.com/t?ctl=87E3:4FB69

Perils of Wardriving
   It's fairly common knowledge that some people set up Wi-Fi hotspots 
using the Wi-Fi cards in their own computers in hopes that someone will 
connect. Once a connection is made, an intrusion attempt begins against 
the machine that connected. Obviously it's not very smart to use any 
old Wi-Fi hotspot you come across just because it's there. 

   by John Savill, http://list.windowsitpro.com/t?ctl=87DF:4FB69 

Q: How can I configure the Windows Server 2003 Service Pack 1 (SP1) 
Windows Firewall from a command line? 

Find the answer at

Security Forum Featured Thread 
   A forum participant is looking for methods or products that can 
block all access to X-rated Web sites on his company's laptop computers 
and for security policy templates to use as a model for developing an 
acceptable-use policy. Join the discussion at: 


==== Announcements ====
   (from Windows IT Pro and its partners)

Check Out the New Windows IT Security Newsletter!
   Security Administrator is now Windows IT Security. We've expanded 
our content to include even more fundamentals on building and 
maintaining a secure enterprise. Each issue also features product 
coverage of the best security tools available and expert advice on the 
best way to implement various security components. Plus, paid 
subscribers get online access to our entire security article database! 
Click here to try a sample issue today:

Windows IT Security Monthly Pass = Quick Answers!
   Sign up today for your Windows IT Security Monthly Pass and get 24/7 
online access to every article on the Windows IT Security Web site, 
including exclusive subscriber-only content. That's a database of more 
than 1900 security articles to help you get all the answers you need, 
when you need them! Sign up now:


==== 4. New and Improved ====
   by Renee Munshi, products at windowsitpro.com

Fast Security
   Metanetworks Technologies offers the MTP-1G Gigabit Ethernet and 
MTP-10G 10 Gigabit Ethernet cards, specifically designed to support 
existing open-source network security and monitoring applications, such 
as Intrusion Detection Systems (IDSs). The MTP-1G passes Gigabit 
Ethernet traffic and the MTP-10G passes 10 Gigabit Ethernet traffic 
between the card's two ports with 400 ns latency while performing wire-
speed, stateful packet inspection. When determining whether to capture 
or block packets, the cards can apply up to 1500 wire-speed stateful 
policies per packet. When the cards capture packets, the cards present 
the packets to the OS as standard NICs in promiscuous mode. For more 
information, go to

Tell Us About a Hot Product and Get a T-Shirt!
   Have you used a product that changed your IT experience by saving 
you time or easing your daily burden? Tell us about the product, and 
we'll send you a T-shirt if we write about the product in a future 
Windows IT Pro What's Hot column. Send your product suggestions with 
information about how the product has helped you to 
   whatshot at windowsitpro.com.

Editor's note: Share Your Security Discoveries and Get $100
   Share your security-related discoveries, comments, or problems and 
solutions in the Windows IT Security print newsletter's Reader to 
Reader column. Email your contributions (500 words or less) to 
r2rwinitsec at windowsitpro.com. If we print your submission, you'll 
get $100. We edit submissions for style, grammar, and length.


==== Sponsored Links ====

Quest Software
   Heading to Exchange from Notes or GroupWise? Get Expert Help!

Best Practices for Establishing and Enforcing a Security Policy in Your 
   Is your company prepared to fend off threats? Download this free 
white paper!


==== Contact Us ==== 

About the newsletter -- letters at windowsitpro.com
About technical questions -- http://list.windowsitpro.com/t?ctl=87E9:4FB69
About product news -- products at windowsitpro.com
About your subscription -- windowsitproupdate at windowsitpro.com
About sponsoring Security UPDATE -- emedia_opps at windowsitpro.com


This email newsletter is brought to you by Windows IT Security, 
the leading publication for IT professionals securing the Windows 
enterprise from external intruders and controlling access for 
internal users. Subscribe today.

View the Windows IT Pro privacy policy at

Windows IT Pro, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department

Copyright 2005, Penton Media, Inc. All rights reserved.

More information about the ISN mailing list