[ISN] Security UPDATE -- Safer Mobile Surfing -- February 9, 2005

InfoSec News isn at c4i.org
Fri Feb 11 03:38:51 EST 2005


This email newsletter comes to you free and is supported by the 
following advertisers, which offer products and services in which you 
might be interested. Please take a moment to visit these advertisers' 
Web sites and show your support for Security UPDATE. 

Evaluate ScriptLogic Cloak & Get A Free T-Shirt

An Evaluation of the Total Cost of Ownership of Email Security 


1. In Focus: Safer Mobile Surfing

2. Security News and Features
   - Recent Security Vulnerabilities
   - February the 13th: Microsoft Issues Massive Number of Security Fixes
   - Microsoft to Purchase Sybari Software
   - Weakness in Windows XP SP2 Overflow Protection
   - SOHO Firewall Appliances

3. Security Matters Blog
   - Stop Users from Bypassing Group Policy
   - Two More Months to Opt Out of Windows XP SP2

4. Instant Poll

5. Security Toolkit
   - FAQ
   - Security Forum Featured Thread

6. New and Improved
   - Spam Firewall for Large Organizations


==== Sponsor: ScriptLogic ====

Evaluate Cloak & Get A Free T-Shirt
   If you're a security-conscious administrator, ScriptLogic has a new 
product that's a must-have, no matter how large or small your company 
is. Cloak is an innovative software solution that enhances the NTFS by 
providing increased security, more accurate audits, and a streamlined 
experience for network users.  When you install Cloak on the Windows 
Server, users will only see the files and folders they have permission 
to access. Not only does Cloak filter network requests on file servers, 
it can also filter local activity, so it's ideal for Citrix Metaframe 
and Terminal Servers too! Download a 30-day evaluation today and get a 
free Cloak t-shirt. Go to


==== 1. In Focus: Safer Mobile Surfing ====
   by Mark Joseph Edwards, News Editor, mark at ntsecurity / net

I'm sure you read lots of different security-related blogs and Web 
sites. There are a bunch of them out there, and the number seems to 
keep right on growing. I've got dozens of them in my RSS reader, and I 
often find new ones that I want to read now and then.

One interesting blog that I found some time ago is called Secureme. Not 
only is it informative, but the writing style is subtly humorous at 
times too. When I look at the "avatars" of the blog writers at the 
site, I'm not quite sure what's missing: a flashy mirrored disco ball 
and colored lights, or Santa's workshop. When you go to the blog, 
you'll see what I mean.

An interesting recent post at the blog ("No SSH server, no problem!" 
January 13) covered two tools, The Onion Router (TOR) and Privoxy, both 
of which can be used in a variety of situations, such as using them 
together to better protect your Internet communications when you're on 
the road. For example, if you're using a hotel's in-house network or a 
public wireless network, you could use TOR and Privoxy to help protect 
your network traffic.

TOR is a routing technology that encrypts and routes your Internet 
traffic through a number of TOR servers before the traffic reaches its 
destination. Privoxy is a proxy server that helps protect your Internet 
privacy by removing or obscuring various content, such as your DNS 
queries, browser type, OS type, and more. You can configure Privoxy to 
communicate with TOR so that all your Web traffic is routed through the 
TOR network.

I tried the two tools, and they seem to work all right. Setting up a 
TOR client is incredibly simple. Just install it, run it, and make sure 
there are open ports on your firewall to pass traffic. That's it! 
Privoxy is equally simple, except that to make it work with TOR, you'll 
need to add one line to the Privoxy configuration, which is explained 
in the TOR documentation. You can learn more about TOR and Privoxy and 
download copies at their respective Web sites.

Until next time, have a great week.


==== Sponsor: Postini ====

An Evaluation of the Total Cost of Ownership of Email Security 
   Quantifying the Total Cost of Ownership (TCO) of email security 
solutions is a notoriously difficult task. Discover how Total Cost of 
Ownership is much more than the initial acquisition cost of a solution, 
and how you can save thousands of dollars each year without sacrificing 
accuracy, control or effectiveness in protecting your email systems. 
Download this free whitepaper now!


==== 2. Security News and Features ====

Recent Security Vulnerabilities
   If you subscribe to this newsletter, you also receive Security 
Alerts, which inform you about recently discovered security 
vulnerabilities. You can also find information about these discoveries 

February the 13th: Microsoft Issues Massive Number of Security Fixes
   Yesterday, Microsoft issued a massive number of security bulletins 
and fixes as part of its regularly scheduled monthly security update 
release. The company released 12 security bulletins for various 
products, including several Windows versions, Exchange Server, Office 
XP, Windows Media Player, MSN Messenger, and SharePoint. Eight of the 
bulletins are rated as "critical," the company's most serious rating.

Microsoft to Purchase Sybari Software
   Microsoft announced yesterday that it has signed a definitive 
agreement to acquire Sybari Software, a New York-based company that 
develops antivirus, antispam, and content-filtering technologies. The 
acquisition will include all of Sybari's staff and technologies.

Weakness in Windows XP SP2 Overflow Protection
   Security company Positive Technologies released a white paper that 
explains what it considers to be weaknesses in the heap overflow 
protection and data execution protection in Windows XP Service Pack 2 
(SP2). The two technologies are designed to help prevent intruders from 
taking advantage of unchecked buffers to launch malicious code within 
the OS. 

SOHO Firewall Appliances
   Even if you have a home office or work for a small company, you 
still need to protect your valuable data and network. Firewalls have 
become a de facto standard for all organizations--large and small--as a 
frontline perimeter-based defense against attackers who want to steal 
your information, hijack your resources, and otherwise vandalize your 
network. Jeff Fellinge looks at several solutions in this Buyer's 


==== Resources and Events ====

InfoSec World 2005, April 4-6, 2005, Orlando, FL
   InfoSec World 2005 is where connections are made. Expand your 
knowledge with the hottest topics and get real-world strategies and 
tested techniques for meeting your toughest information security 
challenges. With a full spectrum of events, InfoSec World offers an 
array of stimulating programs, presentations, activities, networking 
opportunities and more!

Ensure Successful Token Authentication
   What's more secure than password protection? Attend this free Web 
seminar and learn how to protect your network and make your mobile and 
remote users more secure with token authentication. Discover ways to 
evaluate, test, and roll out token authentication to protect your 
investment, while making a solid business case to justify the costs. 
Register now!

Windows Connections Conference Spring 2005
   Mark your calendar for Windows Connections Spring 2005, April 17-20, 
2005, at the Hyatt Regency in San Francisco. Sessions jam-packed with 
tips and techniques you need to know to ensure success in today's 
enterprise deployments. Get the complete brochure online or call 203-
268-3204 or 800-505-1201 for more information.

Configuring Blade Servers for Your Application Needs
   Blade servers pack a lot of function into a small space, conserve 
power and are flexible. In this free Web seminar, industry guru David 
Chernicoff details the best use of 1P, 2P and 4P configurations using 
single and multiple enclosures; integrating with NAS and SAN and 
managing the entire enterprise from a single console. Register now and 
take advantage of blade servers' power and flexibility.


==== 3. Security Matters Blog ====
   by Mark Joseph Edwards, http://list.windowsitpro.com/t?ctl=164A:4FB69

Check out these recent entries in the Security Matters blog:

Stop Users from Bypassing Group Policy
   I read a really interesting thread on the Focus on Microsoft mailing 
list. A list member said his users found a way to bypass Group Policy 
so that they could install unauthorized software on their machines. The 
users entered their logon credentials, then as soon as they were 
authenticated to the domain, they unplugged the network cable so that 
Group Policy Objects (GPOs) weren't downloaded to their machines. 
However, there are ways to foil this strategy. 

Two More Months to Opt Out of Windows XP SP2
   According to Microsoft's TechNet Flash newsletter, "the mechanism to 
temporarily disable delivery of Windows XP SP2 is available only for a 
period of 240 days (8 months) from August 16, 2004. At the end of this 
period (after April 12, 2005), Windows XP SP2 will be delivered to all 
Windows XP and Windows XP Service Pack 1 systems."

==== 4. Instant Poll ====

Results of Previous Poll:
Is comment spam a problem on your company's blogs or Web forums?

The voting has closed in this Windows IT Pro Security Hot Topic 
nonscientific Instant Poll. Here are the results from the 13 votes:
   - 23% Yes it was, but we solved it by requiring registration
   - 0% Yes, but we'll implement the new "rel" tag format to stop it
   - 0% Yes, but we don't plan to do anything about it
   - 77% No

New Instant Poll:
If your company uses Windows XP, do you use XP SP2?

Go to the Security Hot Topic and submit your vote for
   - Yes
   - No, but we intend to
   - No, and we don't intend to


==== 5. Security Toolkit ==== 

   by John Savill, http://list.windowsitpro.com/t?ctl=1647:4FB69 

Q: How can I view a list of all applications on my computer that start 
at boot-up? 

Find the answer at http://list.windowsitpro.com/t?ctl=1642:4FB69

Security Forum Featured Thread: ISAPI Extension Access to DCOM 
Application Server
   Nicola has an Internet Server API (ISAPI) DLL that connects to a 
Distributed COM (DCOM) application server. The setup includes a 
Microsoft IIS server configured with integrated security and anonymous 
access disabled, a domain group to collect all the domain users that 
should be able to use the procedures in the DLL, and DCOM configured 
with an administrator account and launch/access permissions for the 
domain group. The setup works if the domain group is included in the 
local Administrators group, but Nicola doesn't want to put the domain 
group in the local Administrators group and wonders if there's some 
other configuration that will work. Join the discussion at


==== Announcements ====
   (from Windows IT Pro and its partners)

Try a Sample Issue of Exchange & Outlook Administrator!
   If you haven't seen Exchange & Outlook Administrator, you're missing 
out on key information to help you migrate, optimize, administer, 
backup, recover, and secure Exchange and Outlook. Plus, paid 
subscribers receive exclusive online library access to every article 
we've ever published. Order now!


==== 6. New and Improved ====
   by Renee Munshi, products at windowsitpro.com

Spam Firewall for Large Organizations
   Barracuda Networks offers Barracuda Spam Firewall 800, a spam and 
virus appliance for large organizations and ISPs. Barracuda Spam 
Firewall 800 supports 30,000 active users and can handle nearly 1.3 
million messages per hour. It's designed for reliability, including 
redundant hot-swap power supplies, RAID 5 disk storage, dual gigabit 
Ethernet ports, and clustering capabilities. Barracuda Spam Firewall 
800 is priced at $17,999 for the appliance and $3999 per year for a 
subscription to the Energize Update service, which updates the 
appliance hourly with new spam rules and virus definitions. Barracuda 
also offers Spam Firewall models for smaller organizations. For more 
information, visit

Tell Us About a Hot Product and Get a T-Shirt!
   Have you used a product that changed your IT experience by saving 
you time or easing your daily burden? Tell us about the product, and 
we'll send you a T-shirt if we write about the product in a future 
Windows IT Pro What's Hot column. Send your product suggestions with 
information about how the product has helped you to 
whatshot at windowsitpro.com.

Editor's note: Share Your Security Discoveries and Get $100
   Share your security-related discoveries, comments, or problems and 
solutions in the Security Administrator print newsletter's Reader to 
Reader column. Email your contributions (500 words or less) to 
r2rsecadmin at windowsitpro.com. If we print your submission, you'll get 
$100. We edit submissions for style, grammar, and length.


==== Sponsored Links ====

Argent versus MOM 2005
   Experts Pick the Best Windows Monitoring Solution

Quest Software
   See Active Directory in a whole new light. And get a free 


==== Contact Us ==== 

About the newsletter -- letters at windowsitpro.com
About technical questions -- http://list.windowsitpro.com/t?ctl=164D:4FB69
About product news -- products at windowsitpro.com
About your subscription -- windowsitproupdate at windowsitpro.com
About sponsoring Security UPDATE -- emedia_opps at windowsitpro.com


This email newsletter is brought to you by Security Administrator, the 
leading publication for IT professionals securing the Windows 
enterprise from external intruders and controlling access for internal 
users. Subscribe today.

View the Windows IT Pro privacy policy at

Windows IT Pro, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department

Copyright 2005, Penton Media, Inc. All rights reserved.

More information about the ISN mailing list