[ISN] Security UPDATE -- Phishing and Pharming -- June 22, 2005

InfoSec News isn at c4i.org
Thu Jun 23 05:10:22 EDT 2005


This email newsletter comes to you free and is supported by the 
following advertisers, which offer products and services in which 
you might be interested. Please take a moment to visit these 
advertisers' Web sites and show your support for Security UPDATE. 

Download NOW and be the First-to-Know

Testing Your Security Configuration


1. In Focus: Phishing and Pharming

2. Security News and Features
   - Recent Security Vulnerabilities
   - Three Previous Microsoft Security Bulletins Re-released
   - Setting Up Windows Server Update Services

3. Instant Poll

4. Security Toolkit
   - Security Matters Blog
   - FAQ

5. New and Improved
   - Rugged and Encrypted Laptop


==== Sponsor: TNT Software ====

Download NOW and be the First-to-Know
   Download ELM Enterprise Manager from TNT Software NOW and be the 
First-to-Know when changing conditions indicate security threats. ELM 
is the comprehensive monitoring, alerting and reporting solution that 
gives IT Managers confidence that their systems are continuously 
watched, and that they will be immediately alerted when suspicious 
activities occur. Security breaches can be minimized when real-time 
monitoring and alerting strategies are deployed. To experience the 
benefits of fortifying your security perimeter with ELM Enterprise 
Manager, take a FREE full featured, 10 system, 30 day evaluation test 
drive NOW.


==== 1. In Focus: Phishing and Pharming ====
   by Mark Joseph Edwards, News Editor, mark at ntsecurity / net

You've undoubtedly heard of "phishing," luring users (typically through 
email messages) to phony Web sites that imitate legitimate Web sites to 
try to trick users into divulging private information such as logon 
IDs, passwords, and account numbers. Phishing can lead to unauthorized 
monetary charges against your merchant accounts, unauthorized use of 
your services, and more. 

Tools such as CoreStreet's SpoofStick (at first URL below) and the 
Netcraft Toolbar (at second URL below) can help in some cases. Both 
tools are add-ons for Microsoft Internet Explorer (IE) and Mozilla 
Firefox that try to determine and display the real domain of the site 
you're visiting. 

Recently, hackers are combining phishing with DNS poisoning or DNS 
hijacking--also known as "pharming." In a pharming attack, the attacker 
changes DNS records of the servers at an ISP or at the company that's 
the target of the attack or modifies a client system's HOSTS file or 
DNS settings. Obviously, protecting against such attacks means devising 
some method of establishing trust in DNS query results. The two tools I 
mentioned above don't help much against pharming. 

I know of three ways to help prevent pharming attacks. The first method 
is for a company to use a service, such as one recently announced by 
MarkMonitor, to monitor the company's DNS servers for unauthorized 
changes. When unauthorized changes are detected, MarkMonitor alerts the 
company so that it can begin working to correct the situation. 

A second method, which is also new, is to use Next Generation 
Security's (NGSEC's) AntiPharming tool, which works at the client level 
(rather than the server level) to prevent unauthorized changes to a 
system's HOSTS file and local DNS settings. It also listens on the 
system's network interfaces to capture DNS query responses and then 
doublechecks those responses against "three secure DNS servers." The 
tool comes with three DNS servers preconfigured, and you can modify 
those server addresses as you see fit. The tool is available free for 
personal use and requires a fee for commercial use. 

Another new solution, Identity Cues from Green Armor Solutions, works 
at the Web site level. The first time a user logs on to an Identity 
Cues-protected Web site, the product generates colored visual cues that 
will then appear each time the user logs on to the site. A spoofed Web 
site won't be able to generate the same cues, so a user sent to a 
spoofed site will immediately know that he or she isn't visiting the 
legitimate Web site. Identity Cues is definitely a novel concept. 

All three approaches sound like good ideas and would go a long way 
towards thwarting phishing and pharming. I suspect that there are other 
ways to help prevent pharming, but at this point I'm unaware of any 
other solutions. If you know of any, please send me an email message 
that fills me in on the details. 


Calling All Windows IT Pro Innovators!
   Have you developed a solution that uses Windows technology to
solve a business problem in an innovative way? Enter your solution
in the Windows IT Pro Innovators Contest! Grand-prize winners will
receive a host of great prizes and a write-up in the November 2005
issue. Contest extended to July 1, 2005! To enter, click here:


==== Sponsor: Microsoft ====

Testing Your Security Configuration
   Over a decade ago the Department of Defense (DoD) released a 
statement saying, "Hack your network, or the hackers will do it for 
you." Today, vulnerability-scanning hackers, Internet-traveling worms, 
and roving bots are common. This free white paper will discuss how to 
identify and fix vulnerabilities, discover and use vulnerability 
assessment tools, evaluate your security investment and more. Download 
your free copy now!


==== 2. Security News and Features ====

Recent Security Vulnerabilities
   If you subscribe to this newsletter, you also receive Security 
Alerts, which inform you about recently discovered security 
vulnerabilities. You can also find information about these 
discoveries at

Three Previous Microsoft Security Bulletins Re-released
   Microsoft released ten security bulletins this month. Did you know 
the company also re-released three older security bulletins? Find out 
what they are and whether you need to load them in this story on our 
Web site. 

Setting Up Windows Server Update Services
   Patch management is a headache for security administrators at most 
organizations. Microsoft has developed an improved patch-management 
product, called Windows Server Updates Services. WSUS offers benefits 
for organizations of all sizes, thanks to its flexibility, advanced 
features, and ease of deployment. John Howie walks you through the 
process of installing and configuring WSUS for your organization, 
obtaining updates, and configuring clients to use WSUS to obtain 


==== Resources and Events ====

Anti-spam product not working?
   Many email administrators are experiencing increased frustration 
with their current anti-spam products as they battle new and more 
dangerous email threats. In-house software, appliances and even some 
services may no longer work effectively, require too much IT staff time 
to update and maintain, or satisfy the needs of different users.  In 
this free Web seminar, learn how you can search for a better way to 
protect your email systems and users.

Back By Popular Demand - SQL Server 2005 Roadshow in a City Near You
   Get the facts about migrating to SQL Server 2005. SQL Server experts 
will present real-world information about administration, development, 
and business intelligence to help you implement a best-practices 
migration to SQL Server 2005 and improve your database computing 
environment. Attend and receive a 1-year membership to PASS and 1-year 
subscription to SQL Server Magazine. Register now!

Token Authentication: Getting It Right
   Perhaps you need tokens for management or mobile workers or your 
only applications that need token support are VPN, extranet access, or 
PC security. In this free Web seminar, join industry guru Randy 
Franklin Smith and learn how you can make a solid business case to 
management that justifies tokens. You'll also discover what the right 
combination of token devices and middleware can do. Plus - receive 
checklists of key evaluation and testing points for rollout time. 
Register now!

Recover Your Active Directory
   Get answers to all your Active Directory recovery questions here! 
Join industry guru Darren Mar-Elia in this free Web Seminar and 
discover how to use native recovery tools and methods, how to implement 
a lag site to delay replication, limitations to native recovery 
approaches and more. Learn how you can develop an effective AD backup 
strategy - Register today!

The Essential Guide to Exchange Preventative Maintenance
   Database health is the weakest link in most Microsoft Exchange 
Server environments. Download this Essential Guide now and find out how 
the ideal solution is an automated, end-to-end maintenance and 
management tool that provides a centralized view of the entire managed 
infrastructure. Get your free copy now!


==== Featured White Paper ====

Avoiding Availability Pitfalls in Microsoft Exchange Environments
   Many solutions are targeted at making Exchange email environments 
more reliable, however a wide range of potential difficulties still 
lurk, waiting to interrupt service and, ultimately, your business. In 
this free white paper, discover the more common pitfalls that can 
lessen Exchange availability and the recommendations for what you can 
do to avoid the problem and better plan your Microsoft Exchange 
messaging environment.


==== Hot Release ====

FREE Download - The Next Generation of End-point Security is Available 
   NEW NetOp Desktop Firewall's fast 100% driver-centric design offers 
a tiny footprint that protects machines from all types of malware even 
before Windows loads and without slowing them down. NetOp provides 
process & application control, real-time centralized management, 
automatic network detection & profiles and more. Try it FREE.


==== 3. Instant Poll ====

Results of Previous Poll: How will you use WSUS in your enterprise?
   The voting has closed in this Windows IT Pro Security Hot Topic 
nonscientific Instant Poll. Here are the results from the 32 votes.
   - 56% As my patch management infrastructure
   -  6% As a backup to SMS 2003 or other patch management 
   -  0% As a reporting tool to check on compliance with patches
   - 38% I won't be using WSUS

New Instant Poll: Does your network firewall provide stateful 
application-layer inspection in addition to the traditional stateful 
packet inspection?
   Go to the Security Hot Topic and submit your vote for 
   - Yes
   - No

==== 4. Security Toolkit ==== 

Security Matters Blog: Security Checklists and Scripts
   by Mark Joseph Edwards, http://list.windowsitpro.com/t?ctl=CC37:4FB69

   If you're looking for security checklists and helper scripts for 
Windows platforms, there are several available from Corp-Sec, a 
nonprofit group of IT professionals. In addition to those resources, 
you can also find scripts that help with incident response, a list of 
security mailing lists that you might want to join, whitepapers, and 

   by John Savill, http://list.windowsitpro.com/t?ctl=CC33:4FB69 

Q: What's port 445 used for in Windows 2000 and later versions? 

Find the answer at


==== Announcements ====
   (from Windows IT Pro and its partners)

Why Do You Need the Windows IT Pro Master CD?
   There are three good reasons to order our latest Windows IT Pro 
Master CD. One, because it's a lightning-fast, portable tool that lets 
you search for solutions by topic, author, or issue. Two, because it 
includes our Top 100 Windows IT Pro Tips. Three, because you'll also 
receive exclusive, subscriber-only access to our entire online article 
database. Click here to discover even more reasons:

Monthly Online Pass = Quick Security Answers!
   Sign up today for your Monthly Online Pass and get 24/7 access to 
the entire online Windows IT Security article database, including 
exclusive subscriber-only content. That's a database of over 1,900 
Security articles to help you get all the answers you need, when you 
need them. Sign up now for just US$14.95 per month:


==== 5. New and Improved ====
   by Renee Munshi, products at windowsitpro.com

Rugged and Encrypted Laptop
   Getac's MobileForce M220 ruggedized notebook computer is now 
available with Enova X-Wall 40-bit real-time cryptographic gateways. 
Once the encryption is activated, users and potential hackers must 
manually enter a 5-character alphanumeric preboot password to load the 
OS and view the contents of the drive. This password resides only in a 
Secret Key on the hard disk drive (not in the registry), making the 
drive seem unformatted if stolen and installed in another computer. The 
M220 with Enova X-Wall LX-40 security is designed for accounting and 
insurance audit, military, police, fire, homeland security, medical, 
and banking applications. It's priced at $3995 with significant volume 
and other discounts available. For more information, go to

Tell Us About a Hot Product and Get a T-Shirt!
   Have you used a product that changed your IT experience by saving 
you time or easing your daily burden? Tell us about the product, and 
we'll send you a T-shirt if we write about the product in a future 
Windows IT Pro What's Hot column. Send your product suggestions with 
information about how the product has helped you to 
   whatshot at windowsitpro.com.

Editor's note: Share Your Security Discoveries and Get $100
   Share your security-related discoveries, comments, or problems and 
solutions in the Windows IT Security print newsletter's Reader to 
Reader column. Email your contributions (500 words or less) to 
r2rwinitsec at windowsitpro.com. If we print your submission, you'll 
get $100. We edit submissions for style, grammar, and length.


==== Sponsored Links ====

Quest Software
   Eleven things you must know about quick AD recovery!


==== Contact Us ==== 

About the newsletter -- letters at windowsitpro.com
About technical questions -- http://list.windowsitpro.com/t?ctl=CC39:4FB69
About product news -- products at windowsitpro.com
About your subscription -- windowsitproupdate at windowsitpro.com
About sponsoring Security UPDATE -- emedia_opps at windowsitpro.com


This email newsletter is brought to you by Windows IT Security, 
the leading publication for IT professionals securing the Windows 
enterprise from external intruders and controlling access for 
internal users. Subscribe today.

View the Windows IT Pro privacy policy at

Windows IT Pro, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department

Copyright 2005, Penton Media, Inc. All rights reserved.

More information about the ISN mailing list