[ISN] Security UPDATE -- Security Information on the Web -- August 10, 2005

InfoSec News isn at c4i.org
Thu Aug 11 03:16:44 EDT 2005


This email newsletter comes to you free and is supported by the 
following advertisers, which offer products and services in which 
you might be interested. Please take a moment to visit these 
advertisers' Web sites and show your support for Security UPDATE. 

Rapid and Reliable Recovery from Symantec

Using Security Compliance Software to Improve Business Efficiency and 
Reduce Costs


1. In Focus: Security Information on the Web

2. Security News and Features
   - Recent Security Vulnerabilities
   - F-Secure Reports First Viruses for Microsoft Command Shell
   - Bluetooth Security Essentials

3. Security Toolkit
   - Security Matters Blog
   - FAQ

4. New and Improved
   - Improved FTP Client


==== Sponsor: Rapid and Reliable Recovery from Symantec ====

As a leader in Information Security, Symantec now delivers rapid and 
reliable system and data recovery solutions, including Symantec 
LiveState Recovery 3.0. 
   With Symantec LiveState Recovery, you can perform a full system 
restoration, a complete bare metal recovery or restore individual files 
and folders in minutes. When disaster strikes, quickly restore failed 
systems to a specified point-in-time without manually rebuilding and 
reinstalling from scratch. 
   Symantec LiveState Recovery is a disk-based backup solution designed 
to capture a server's entire live state, including files, 
configurations and settings, in one easy-to-manage file. Administrators 
can capture full and incremental snapshots throughout the day without 
interrupting user productivity or application usage. Save backups to 
virtually any disk storage device including SAN, NAS, or RAID array.
   See http://list.windowsitpro.com/t?ctl=107B0:4FB69 for more information.


==== 1. In Focus: Security Information on the Web ====
   by Mark Joseph Edwards, News Editor, mark at ntsecurity / net

Recently I did a little poking around the Internet for security 
information sources that I don't already regularly read. Over the past 
few days, I've discovered a few sites that you might find useful. 

When I heard that Mozilla Foundation was starting Mozilla Corporation, 
I went to read about that and subsequently came across a huge list of 
Mozilla-related blogs. Many of them are written by developers and 
contain some information related to security or are written by people 
involved directly with Mozilla product security. So if you use Mozilla 
software, take time to go through the extensive list at MozillaZine, 
where you'll find dozens of useful blogs. 

Another place you can find a huge list of blogs is at Microsoft's Web 
site. The company hosts some blogs on the Microsoft Developer Network 
(MSDN). I didn't count how many are listed there, but I can tell you 
there are a lot! The first URL lists the most recent posts; the second 
URL lists the blogs by blog name.

You can also visit the Microsoft Community Blog site, where you can find 
even more blogs, all of which are written by Microsoft employees. If 
you use the search facility at that site to search for "security," 
you'll find that 25 blogs contain that word in either their title or 
description. I subscribe to the Really Simple Syndication (RSS) feeds 
of many of them, and they usually contain interesting information, 
although I will warn you that you might have to endure the occasional 
post about somebody's weekend or vacation adventures. 

Another blog you might be interested in is written by the Microsoft 
Internet Explorer (IE) development team. Keep an eye on that one if 
you're interested in the upcoming IE 7.0 (at the first URL below). 
Likewise you can keep tabs on the development of Windows Vista and its 
RSS features by reading the blog of the developers on Microsoft's RSS 
team (at the second URL below).

You probably know who Mark Russinovich is, but did you know he has a 
blog? I didn't realize that until last week. So now I subscribe to his 
RSS feed. It's a very interesting blog, and as you probably suspect, it 
does contain very technical discussion and information. Be sure to 
check it out. 

Another interesting site I recently found is Spamfo.co.uk, which offers 
information pertaining to spam, including a lot of recent news items. 
If spam is a real bother to you, you might want to check in on the site 
once in a while. 

Last, but certainly not least, is Risks Digest, which has information 
about security problems and a wide variety of other risks. You might 
already know about it because it's been around for 20 years. In 
essence, Risks Digest is a moderated discussion forum on Usenet 
(comp.risks) that's republished on various Web sites and can be 
obtained via email as well as in a Resource Description Framework (RDF) 
feed, which should work in most popular RSS feed reader applications. 
You can preview recent digests at the Web site below. 

When you take time to review these sites, you'll find that not only do 
they contain useful information but that there are probably far more 
interesting information sources than you can possibly read in a 
reasonable period of time. Nevertheless, you could at least bookmark 
the sites that interest you and refer to them when the need arises. 


==== Sponsor: BindView ====

Using Security Compliance Software to Improve Business Efficiency and 
Reduce Costs 
   Learn To Sort Through Sarbanes-Oxley, HIPAA And More Legislation 
Quicker And Easier! In this free white paper, get the tips you've been 
looking for to save time and money in achieving IT security and 
regulatory compliance. Find out how you can simplify these manually 
intensive, compliance-related tasks that reduce IT efficiency. Turn 
these mandates into automated and cost effective solutions. Download 
your copy today!


==== 2. Security News and Features ====

Recent Security Vulnerabilities
   If you subscribe to this newsletter, you also receive Security 
Alerts, which inform you about recently discovered security 
vulnerabilities. You can also find information about these 
discoveries at

Identity Theft Ring Discovered
   Sunbelt Software uncovered an identity-theft ring. Sunbelt CEO Alex 
Eckelberry said that the ring was discovered by Senior Spyware Research 
Analyst Patrick Jordan, who joined the company a week ago.

F-Secure Reports First Viruses for Microsoft Command Shell
   Microsoft released a beta of its new command-line shell MSH (code-
named Monad) in June, and already viruses have been developed that take 
advantage of the new technology. According to security solutions 
provider F-Secure, a virus writer published five sample viruses in a 
Web-based "magazine" dedicated to writers of computer viruses. 

Bluetooth Security Essentials
   As with its better-known cousin Wi-Fi, security questions have 
arisen about Bluetooth, and in recent months, terms such as Bluejacking 
and Bluesnarfing have entered the security professional's lexicon. John 
Howie takes a look at Bluetooth, including its security features and 
potential risks, and walks through the process of securing a Bluetooth 


==== Resources and Events ====

Sort Through Sarbanes-Oxley, HIPAA Legislation and More--Quicker And 
   In this free Web seminar, get the tips you've been looking for to 
save time and money in achieving IT security and regulatory compliance. 
Find out how you can simplify these manually intensive, compliance-
related tasks that reduce IT efficiency. Plus--sign up today and you'll 
receive a free white paper by Charles Kolodgy of IDC on using security 
compliance software to improve business efficiency and reduce costs.

Integrate Fax Services with Business Applications for Big ROI
   In this free eBook you'll discover all you need to know about fax 
technology! You'll learn how to improve business processes by 
minimizing manual faxing and integrating faxing into your business 
workflow for improved ROI. The eBook will also look at the how-to of 
the desktop fax client, fax automation, faxing hardware and software 
technologies, and the future of faxing. Let this important guide help 
you stay on top of fax server technology within your business 

The 15-Minute Failover Solution for Exchange
   Do you rest confidently knowing your Exchange and BlackBerry 
backup/restore solution meets your high-availability requirements? If 
not, you won't want to miss this free Web seminar. Join industry guru 
Paul Robichaux and learn all about choosing the appropriate technology, 
balancing the cost and the skill set, assessing the knowledge level 
required, the complexity added to your existing environment, and how 
much availability each technology gives you. Attend and you could win a 
$50 gift certificate to Best Buy!

Reduce Downtime With Continuous Data Protection
   Continuous or real-time backup systems help avoid the danger of 
losing data if your system fails after the point of backup by providing 
real-time protection. In this free Web seminar, learn how to integrate 
them with your existing backup infrastructure, how to apply continuous 
protection technologies to your Windows-based servers, and more. Sign 
up today and learn how you can quickly roll back data not just to the 
last snapshot or backup, but to any point in time!

Compliance vs. Recovery: Can You Have Your Cake and Eat It Too?
   In this free Web seminar, discover the issues involved with 
integrating your compliance system with backup and recovery, including 
backup schedules, the pros and cons of outsourcing your backup media 
storage and management, the DR implications of having to back up all 
that compliance data, and the possibility of using alternative backup 
methods to provide backup and compliance in a single system. You'll 
learn what to watch out for when combining the two functions and how to 
assess whether your backup/restore mechanisms are equal to the 


==== Featured White Paper ====

Converting a Microsoft Access Application to Oracle HTML DB
   Get the most efficient, scaleable and secure approach to managing 
information using an Oracle Database with a Web application as the user 
interface. In this free white paper, learn how you can use an Oracle 
HTML Database to convert a Microsoft Access application into a Web 
application that can be used by multiple users concurrently. You'll 
learn how to improve the original application by adding hit 
highlighting and an authorization scheme to provide access control to 
different types of users.


==== 3. Security Toolkit ==== 

Security Matters Blog: Shortsighted Bankers Add to the Fraud Problem
   by Mark Joseph Edwards, http://list.windowsitpro.com/t?ctl=107AF:4FB69

A friend received a surprising email message that demonstrates just how 
shortsighted bankers can be. Read this blog item to learn how much 
information was revealed in the email message and why such messages are 
a really bad idea. 

   by John Savill, http://list.windowsitpro.com/t?ctl=107AC:4FB69 

Q: What happened to the "No Override" option in Group Policy Management 
Console (GPMC)?

Find the answer at 


==== Announcements ====
   (from Windows IT Pro and its partners)

Try a Sample Issue of the Windows IT Security Newsletter!
   Security Administrator is now Windows IT Security. We've expanded 
our content to include even more fundamentals on building and 
maintaining a secure enterprise. Each issue also features product 
coverage of the best security tools available and expert advice on the 
best way to implement various security components. Plus, paid 
subscribers get online access to our entire online security article 
database! Sign up to try a sample issue today:

Windows IT Pro Gives IT Professionals What They Need
   The August issue is a must have! Subscribe now and find out the best 
ways to plan for Longhorn, what you need to know about VBScripts, and 
how to make sense of SQL Server. If you order today, you'll also gain 
exclusive access to the entire Windows IT Pro online article database 
(over 9000 articles) and save 44% off the cover price!


==== 4. New and Improved ====
   by Renee Munshi, products at windowsitpro.com

Improved FTP Client
   Ipswitch announced the worldwide availability of Ipswitch WS_FTP 
Professional 2006, a new version of Ipswitch's FTP client for sending 
data. Advanced Encryption Standard (AES) ciphers now use 256 bits in 
concert with OpenPGP and Secure Sockets Layer (SSL) over FTP transfers. 
HTTP and HTTP Secure (HTTPS) transfers allow users to connect more 
easily to many external and remote data stores. Ipswitch WS_FTP 
Professional 2006 in English, French, and German is available directly 
from Ipswitch's Web site for $54.95 ($89.95 including a 1-year service 

Tell Us About a Hot Product and Get a T-Shirt!
   Have you used a product that changed your IT experience by saving 
you time or easing your daily burden? Tell us about the product, and 
we'll send you a T-shirt if we write about the product in a future 
Windows IT Pro What's Hot column. Send your product suggestions with 
information about how the product has helped you to 
   whatshot at windowsitpro.com.

Editor's note: Share Your Security Discoveries and Get $100
   Share your security-related discoveries, comments, or problems and 
solutions in the Windows IT Security print newsletter's Reader to 
Reader column. Email your contributions (500 words or less) to 
r2rwinitsec at windowsitpro.com. If we print your submission, you'll 
get $100. We edit submissions for style, grammar, and length.


==== Sponsored Links ====

Professional and secure remote control from all major platforms

Argent versus MOM 2005
   Experts Pick the Best Windows Monitoring Solution


==== Contact Us ==== 

About the newsletter -- letters at windowsitpro.com
About technical questions -- http://www.windowsitpro.com/forums
About product news -- products at windowsitpro.com
About your subscription -- windowsitproupdate at windowsitpro.com
About sponsoring Security UPDATE -- emedia_opps at windowsitpro.com


This email newsletter is brought to you by Windows IT Security, 
the leading publication for IT professionals securing the Windows 
enterprise from external intruders and controlling access for 
internal users. Subscribe today.

View the Windows IT Pro privacy policy at

Windows IT Pro, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department

Copyright 2005, Penton Media, Inc. All rights reserved.

More information about the ISN mailing list