[ISN] Security UPDATE--Search Engines Increase Web Site Security--January 19, 2005

InfoSec News isn at c4i.org
Thu Jan 20 04:45:22 EST 2005


This email newsletter comes to you free and is supported by the
following advertisers, which offer products and services in which you
might be interested. Please take a moment to visit these advertisers'
Web sites and show your support for Security UPDATE.

Free White Paper: Email Encryption and Compliance

Exchange & Outlook Administrator


1. In Focus: Search Engines Increase Web Site Security

2. Security News and Features
   - Recent Security Vulnerabilities
   - The Scoop on Microsoft's Malicious Software Removal Tool
   - AMD Adds Holographic Security Labels to Processors
   - Review: Security Explorer 4.8

3. Security Matters Blog
   - The Race to Protect Customers
   - A Matter of Daze

4. Security Toolkit
   - FAQ
   - Security Forum Featured Thread

5. New and Improved
   - Secure Middleware Repriced and Repackaged


==== Sponsor: Postini ====

Free White Paper: Email Encryption and Compliance
   New regulations, legal liability issues and evolving threats have
recently bumped the issue of secure email transmission to the top of
IT security managers "To Do" list. In this free white paper you'll
learn how simple and cost effective is it to implement TLS-based
secure email transmission. Download this whitepaper now to find out
how to support the dual goals of securing email transmission while
preserving the administrator's ability to filter out spam, viruses and
prevent email content policy violations.


==== 1. In Focus: Search Engines Increase Web Site Security ====
   by Mark Joseph Edwards, News Editor, mark at ntsecurity / net

Back in July 2004, I mentioned a whitepaper, "Demystifying Google
Hacks," by Debasis Mohanty. The paper outlines several ways in which
someone can use a particular search syntax in Google to query for
sites that might have known vulnerabilities. The paper is at the first
URL below. The Security UPDATE in which I wrote about it is at the
second URL below.

For example, Google supports query syntax that uses the commands
intitle:, inurl:, allinurl:, filetype:, intext:, and more. Google
isn't the only search engine that supports this sort of query syntax.
MSN Search, AlltheWeb, Yahoo! Search, and others support a similar
syntax to varying degrees.

As you know, the Santy worm, which takes advantage of search engine
queries to find vulnerable sites, was released around the Christmas
holidays. Recently, someone posted a message to a popular
techno-gadget-related blog site stating that he'd found a search query
that can locate vulnerable Webcams.

If worm writers and other people are using search engines to find
vulnerabilities, you might want to try the same techniques to check
your own Web sites for vulnerabilities. Instead of typing or pasting
query after query into search engines, you can use scripts to store
queries and automate the actual querying and result-gathering process.
Another solution is to use a tool specifically designed for the task.
Foundstone (now a division of McAfee) recently released a new version
of its SiteDigger tool (2.0) that automates the process of using
Google to scan for vulnerabilities in a given site.

SiteDigger 2.0 has several added capabilities. Foundstone boasts that
it now provides "10 times more results." The tool also has an improved
user interface, an expanded Help file, an improved results page, and
improvements for signature updates. The company also said that
SiteDigger 2.0 produces less false positives, which means it's less
prone to alert you to problems that don't really exist. The new tool
can also perform raw searches, and as you might expect, it can detect
some of the latest vulnerabilities, such as overly exposed Webcams.

SiteDigger requires the Microsoft .NET Framework and also relies on
the Google API, so you'll need to obtain the API license key, which is
a simple process. More information about how to get the license key
can be found at Foundstone's SiteDigger Web page.

I wonder why Foundstone limits SiteDigger to Google queries. I think
the tool would be even more useful if the company added support for
other major search engines. Nevertheless, it's a useful tool as it
stands. Get yourself a copy and check it out.


==== Sponsor: Exchange & Outlook Administrator ====

   Try a Sample Issue of Exchange & Outlook Administrator!
   If you haven't seen Exchange & Outlook Administrator, you're
missing out on key information that will go a long way towards
preventing serious messaging problems and downtime. Request a sample
issue today, and discover tools you won't find anywhere else to help
you migrate, optimize, administer, backup, recover, and secure
Exchange and Outlook. Order now!


==== 2. Security News and Features ====

Recent Security Vulnerabilities
   If you subscribe to this newsletter, you also receive Security
Alerts, which inform you about recently discovered security
vulnerabilities. You can also find information about these discoveries

The Scoop on Microsoft's Malicious Software Removal Tool
   Microsoft's Malicious Software Removal Tool (MSRT) is now available
and will be updated on the second Tuesday of each month, according to
Microsoft. The tool is essentially a consolidation of the company's
other malware cleaning tools. The new all-in-one tool is currently
designed to remove the Blaster, MyDoom, Sasser, Zindos, Nachi, Gaobot,
Doomjuice, and Berbew forms of malware.

AMD Adds Holographic Security Labels to Processors
   To help thwart illegitimate copies of its Processor-in-a-Box (PIB)
technology, Advanced Micro Devices (AMD) has added new holographic
labels to ensure authenticity.

Review: Security Explorer 4.8
   ScriptLogic's Security Explorer 4.8 lets administrators quickly and
easily audit and adjust permission attributes for NTFS file systems,
registries, and shares on local or remote computers. The program
executes quickly and displays exactly what you want: directories,
files, and their associated permissions. Read Jeff Fellinge's review
on our Web site.


==== Announcements ====
   (from Windows IT Pro and its partners)

True High-Availability for Microsoft Exchange Web Seminar--February 3
   Discover solutions that minimize the likelihood of downtime in your
Exchange implementation and help to ensure continuous Exchange
application availability. In this free Web seminar, learn how you can
ensure high-availability through the use of tools that analyze and
proactively monitor the health of your entire Exchange environment.
Register now!

Got NDS? Get The Essential Guide to an NDS-to-Active Directory
   Migrating from NDS or eDirectory to AD can present complexities and
pitfalls. For a smooth transition, you must prepare for the challenge
and simplify your migration processes. The Essential Guide to an
NDS-to-Active Directory Migration shows you how to perform a
successful migration with minimal impact on your organization.
Download this guide today.

Windows Connections Conference Spring 2005
   Mark your calendar for Windows Connections Spring 2005, April
17-20, 2005, at the Hyatt Regency in San Francisco. Sessions
jam-packed with tips and techniques you need to know to ensure success
in today's enterprise deployments. Get the complete brochure online or
call 203-268-3204 or 800-505-1201 for more information.

Sensible Best Practices for Exchange Availability Web Seminar--January
   If you're discouraged about not having piles of money for improving
the availability of your Exchange server, join Exchange MVP Paul
Robichaux for this free Web seminar and learn how to maximize your
existing configuration. Survive unexpected outages, plan for the
unplannable, and evaluate what your real business requirements are
without great expense. Register now!


==== 3. Security Matters Blog ====
   by Mark Joseph Edwards, http://www.windowsitpro.com/securitymatters

Check out these recent entries in the Security Matters blog:

The Race to Protect Customers
   Ever wonder what goes on inside a company that provides security
solutions on "Patch Tuesday"? Learn about the scramble that takes
place in order to protect customers before exploits are turned loose
on the unsuspecting public.

A Matter of Daze
   The day after "Patch Tuesday" can reasonably be called "Exploit
Wednesday" because, invariably, someone will learn how to take
advantage of the published vulnerabilities and release loads of
technical information within 24 hours.

==== 4. Security Toolkit ====

FAQ, by John Savill, http://www.windowsitpro.com/windowsnt20002003faq

Q: I have Zone Labs' ZoneAlarm firewall installed, and it's reporting
a problem with Microsoft Application Error Reporting. What's causing
this error?

Find the answer at

Security Forum Featured Thread: File-Based Restrictions in Folders
   A forum participant writes that his company has a shared folder
that contains all the company's official business files, including a
lot of multimedia files (such as .mpg and .avi files) that need to be
backed up. He wants to know if there is any way to restrict users from
putting personal .mpg, .avi, .mp3, and other files into particular
folders on his server so that these personal files won't fill his tape
backups? Join the discussion at:


==== Events Central ====
   (A complete Web and live events directory brought to you by Windows
IT Pro at http://www.windowsitpro.com/events )

Ensure Successful Token Authentication
   Take the first steps toward leaving passwords behind and
implementing tokens for your users and systems. Register now for this
free Web seminar and find out how you can future-proof your
investment, while making a solid business case to justify the costs.
Discover pitfalls to avoid, the right combinations to use, key
evaluation and testing points and critical success factors for rollout
time. Sign up today and become an expert on the range of technologies
and applications supported by today's token technologies!


==== 5. New and Improved ====
   by Renee Munshi, products at windowsitpro.com

Secure Middleware Repriced and Repackaged
   SSH Communications Security offers a new pricing model and new
versions of its SSH Tectia secure middleware solution. One new version
of SSH Tectia Server lets large enterprises begin protecting their
business applications without any desktop-software investment. When
SSH Tectia is used to protect one business application, SSH Tectia
Connector client software licenses will be provided free of charge.
This new pricing model enables customers to start with one application
and expand their licenses as their business needs grow and helps
companies more quickly comply with requirements such as
Sarbanes-Oxley. The second targeted version of SSH Tectia Server is
designed for secure system administration, enabling system
administrators to remotely administer application servers and other
resources using a secure connection. For more information about SSH
Tectia and its pricing, go to

Tell Us About a Hot Product and Get a T-Shirt!
   Have you used a product that changed your IT experience by saving
you time or easing your daily burden? Tell us about the product, and
we'll send you a T-shirt if we write about the product in a future
Windows IT Pro What's Hot column. Send your product suggestions with
information about how the product has helped you to
whatshot at windowsitpro.com.

Editor's note: Share Your Security Discoveries and Get $100
   Share your security-related discoveries, comments, or problems and
solutions in the Security Administrator print newsletter's Reader to
Reader column. Email your contributions (500 words or less) to
r2rsecadmin at windowsitpro.com. If we print your submission, you'll get
$100. We edit submissions for style, grammar, and length.


==== Sponsored Links ====

Argent versus MOM 2005
   Experts Pick the Best Windows Monitoring Solution


==== Contact Us ====

About the newsletter -- letters at windowsitpro.com
About technical questions -- http://www.windowsitpro.com/forums
About product news -- products at windowsitpro.com
About your subscription -- windowsitproupdate at windowsitpro.com
About sponsoring Security UPDATE -- emedia_opps at windowsitpro.com


This email newsletter is brought to you by Security Administrator, the
leading publication for IT professionals securing the Windows
enterprise from external intruders and controlling access for internal
users. Subscribe today.

View the Windows IT Pro privacy policy at

Windows IT Pro, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department

Copyright 2005, Penton Media, Inc. All rights reserved.

More information about the ISN mailing list