[ISN] Security UPDATE -- Phishing and Pharming -- June 22, 2005
isn at c4i.org
Thu Jun 23 05:10:22 EDT 2005
This email newsletter comes to you free and is supported by the
following advertisers, which offer products and services in which
you might be interested. Please take a moment to visit these
advertisers' Web sites and show your support for Security UPDATE.
Download NOW and be the First-to-Know
Testing Your Security Configuration
1. In Focus: Phishing and Pharming
2. Security News and Features
- Recent Security Vulnerabilities
- Three Previous Microsoft Security Bulletins Re-released
- Setting Up Windows Server Update Services
3. Instant Poll
4. Security Toolkit
- Security Matters Blog
5. New and Improved
- Rugged and Encrypted Laptop
==== Sponsor: TNT Software ====
Download NOW and be the First-to-Know
Download ELM Enterprise Manager from TNT Software NOW and be the
First-to-Know when changing conditions indicate security threats. ELM
is the comprehensive monitoring, alerting and reporting solution that
gives IT Managers confidence that their systems are continuously
watched, and that they will be immediately alerted when suspicious
activities occur. Security breaches can be minimized when real-time
monitoring and alerting strategies are deployed. To experience the
benefits of fortifying your security perimeter with ELM Enterprise
Manager, take a FREE full featured, 10 system, 30 day evaluation test
==== 1. In Focus: Phishing and Pharming ====
by Mark Joseph Edwards, News Editor, mark at ntsecurity / net
You've undoubtedly heard of "phishing," luring users (typically through
email messages) to phony Web sites that imitate legitimate Web sites to
try to trick users into divulging private information such as logon
IDs, passwords, and account numbers. Phishing can lead to unauthorized
monetary charges against your merchant accounts, unauthorized use of
your services, and more.
Tools such as CoreStreet's SpoofStick (at first URL below) and the
Netcraft Toolbar (at second URL below) can help in some cases. Both
tools are add-ons for Microsoft Internet Explorer (IE) and Mozilla
Firefox that try to determine and display the real domain of the site
Recently, hackers are combining phishing with DNS poisoning or DNS
hijacking--also known as "pharming." In a pharming attack, the attacker
changes DNS records of the servers at an ISP or at the company that's
the target of the attack or modifies a client system's HOSTS file or
DNS settings. Obviously, protecting against such attacks means devising
some method of establishing trust in DNS query results. The two tools I
mentioned above don't help much against pharming.
I know of three ways to help prevent pharming attacks. The first method
is for a company to use a service, such as one recently announced by
MarkMonitor, to monitor the company's DNS servers for unauthorized
changes. When unauthorized changes are detected, MarkMonitor alerts the
company so that it can begin working to correct the situation.
A second method, which is also new, is to use Next Generation
Security's (NGSEC's) AntiPharming tool, which works at the client level
(rather than the server level) to prevent unauthorized changes to a
system's HOSTS file and local DNS settings. It also listens on the
system's network interfaces to capture DNS query responses and then
doublechecks those responses against "three secure DNS servers." The
tool comes with three DNS servers preconfigured, and you can modify
those server addresses as you see fit. The tool is available free for
personal use and requires a fee for commercial use.
Another new solution, Identity Cues from Green Armor Solutions, works
at the Web site level. The first time a user logs on to an Identity
Cues-protected Web site, the product generates colored visual cues that
will then appear each time the user logs on to the site. A spoofed Web
site won't be able to generate the same cues, so a user sent to a
spoofed site will immediately know that he or she isn't visiting the
legitimate Web site. Identity Cues is definitely a novel concept.
All three approaches sound like good ideas and would go a long way
towards thwarting phishing and pharming. I suspect that there are other
ways to help prevent pharming, but at this point I'm unaware of any
other solutions. If you know of any, please send me an email message
that fills me in on the details.
Calling All Windows IT Pro Innovators!
Have you developed a solution that uses Windows technology to
solve a business problem in an innovative way? Enter your solution
in the Windows IT Pro Innovators Contest! Grand-prize winners will
receive a host of great prizes and a write-up in the November 2005
issue. Contest extended to July 1, 2005! To enter, click here:
==== Sponsor: Microsoft ====
Testing Your Security Configuration
Over a decade ago the Department of Defense (DoD) released a
statement saying, "Hack your network, or the hackers will do it for
you." Today, vulnerability-scanning hackers, Internet-traveling worms,
and roving bots are common. This free white paper will discuss how to
identify and fix vulnerabilities, discover and use vulnerability
assessment tools, evaluate your security investment and more. Download
your free copy now!
==== 2. Security News and Features ====
Recent Security Vulnerabilities
If you subscribe to this newsletter, you also receive Security
Alerts, which inform you about recently discovered security
vulnerabilities. You can also find information about these
Three Previous Microsoft Security Bulletins Re-released
Microsoft released ten security bulletins this month. Did you know
the company also re-released three older security bulletins? Find out
what they are and whether you need to load them in this story on our
Setting Up Windows Server Update Services
Patch management is a headache for security administrators at most
organizations. Microsoft has developed an improved patch-management
product, called Windows Server Updates Services. WSUS offers benefits
for organizations of all sizes, thanks to its flexibility, advanced
features, and ease of deployment. John Howie walks you through the
process of installing and configuring WSUS for your organization,
obtaining updates, and configuring clients to use WSUS to obtain
==== Resources and Events ====
Anti-spam product not working?
Many email administrators are experiencing increased frustration
with their current anti-spam products as they battle new and more
dangerous email threats. In-house software, appliances and even some
services may no longer work effectively, require too much IT staff time
to update and maintain, or satisfy the needs of different users. In
this free Web seminar, learn how you can search for a better way to
protect your email systems and users.
Back By Popular Demand - SQL Server 2005 Roadshow in a City Near You
Get the facts about migrating to SQL Server 2005. SQL Server experts
will present real-world information about administration, development,
and business intelligence to help you implement a best-practices
migration to SQL Server 2005 and improve your database computing
environment. Attend and receive a 1-year membership to PASS and 1-year
subscription to SQL Server Magazine. Register now!
Token Authentication: Getting It Right
Perhaps you need tokens for management or mobile workers or your
only applications that need token support are VPN, extranet access, or
PC security. In this free Web seminar, join industry guru Randy
Franklin Smith and learn how you can make a solid business case to
management that justifies tokens. You'll also discover what the right
combination of token devices and middleware can do. Plus - receive
checklists of key evaluation and testing points for rollout time.
Recover Your Active Directory
Get answers to all your Active Directory recovery questions here!
Join industry guru Darren Mar-Elia in this free Web Seminar and
discover how to use native recovery tools and methods, how to implement
a lag site to delay replication, limitations to native recovery
approaches and more. Learn how you can develop an effective AD backup
strategy - Register today!
The Essential Guide to Exchange Preventative Maintenance
Database health is the weakest link in most Microsoft Exchange
Server environments. Download this Essential Guide now and find out how
the ideal solution is an automated, end-to-end maintenance and
management tool that provides a centralized view of the entire managed
infrastructure. Get your free copy now!
==== Featured White Paper ====
Avoiding Availability Pitfalls in Microsoft Exchange Environments
Many solutions are targeted at making Exchange email environments
more reliable, however a wide range of potential difficulties still
lurk, waiting to interrupt service and, ultimately, your business. In
this free white paper, discover the more common pitfalls that can
lessen Exchange availability and the recommendations for what you can
do to avoid the problem and better plan your Microsoft Exchange
==== Hot Release ====
FREE Download - The Next Generation of End-point Security is Available
NEW NetOp Desktop Firewall's fast 100% driver-centric design offers
a tiny footprint that protects machines from all types of malware even
before Windows loads and without slowing them down. NetOp provides
process & application control, real-time centralized management,
automatic network detection & profiles and more. Try it FREE.
==== 3. Instant Poll ====
Results of Previous Poll: How will you use WSUS in your enterprise?
The voting has closed in this Windows IT Pro Security Hot Topic
nonscientific Instant Poll. Here are the results from the 32 votes.
- 56% As my patch management infrastructure
- 6% As a backup to SMS 2003 or other patch management
- 0% As a reporting tool to check on compliance with patches
- 38% I won't be using WSUS
New Instant Poll: Does your network firewall provide stateful
application-layer inspection in addition to the traditional stateful
Go to the Security Hot Topic and submit your vote for
==== 4. Security Toolkit ====
Security Matters Blog: Security Checklists and Scripts
by Mark Joseph Edwards, http://list.windowsitpro.com/t?ctl=CC37:4FB69
If you're looking for security checklists and helper scripts for
Windows platforms, there are several available from Corp-Sec, a
nonprofit group of IT professionals. In addition to those resources,
you can also find scripts that help with incident response, a list of
security mailing lists that you might want to join, whitepapers, and
by John Savill, http://list.windowsitpro.com/t?ctl=CC33:4FB69
Q: What's port 445 used for in Windows 2000 and later versions?
Find the answer at
==== Announcements ====
(from Windows IT Pro and its partners)
Why Do You Need the Windows IT Pro Master CD?
There are three good reasons to order our latest Windows IT Pro
Master CD. One, because it's a lightning-fast, portable tool that lets
you search for solutions by topic, author, or issue. Two, because it
includes our Top 100 Windows IT Pro Tips. Three, because you'll also
receive exclusive, subscriber-only access to our entire online article
database. Click here to discover even more reasons:
Monthly Online Pass = Quick Security Answers!
Sign up today for your Monthly Online Pass and get 24/7 access to
the entire online Windows IT Security article database, including
exclusive subscriber-only content. That's a database of over 1,900
Security articles to help you get all the answers you need, when you
need them. Sign up now for just US$14.95 per month:
==== 5. New and Improved ====
by Renee Munshi, products at windowsitpro.com
Rugged and Encrypted Laptop
Getac's MobileForce M220 ruggedized notebook computer is now
available with Enova X-Wall 40-bit real-time cryptographic gateways.
Once the encryption is activated, users and potential hackers must
manually enter a 5-character alphanumeric preboot password to load the
OS and view the contents of the drive. This password resides only in a
Secret Key on the hard disk drive (not in the registry), making the
drive seem unformatted if stolen and installed in another computer. The
M220 with Enova X-Wall LX-40 security is designed for accounting and
insurance audit, military, police, fire, homeland security, medical,
and banking applications. It's priced at $3995 with significant volume
and other discounts available. For more information, go to
Tell Us About a Hot Product and Get a T-Shirt!
Have you used a product that changed your IT experience by saving
you time or easing your daily burden? Tell us about the product, and
we'll send you a T-shirt if we write about the product in a future
Windows IT Pro What's Hot column. Send your product suggestions with
information about how the product has helped you to
whatshot at windowsitpro.com.
Editor's note: Share Your Security Discoveries and Get $100
Share your security-related discoveries, comments, or problems and
solutions in the Windows IT Security print newsletter's Reader to
Reader column. Email your contributions (500 words or less) to
r2rwinitsec at windowsitpro.com. If we print your submission, you'll
get $100. We edit submissions for style, grammar, and length.
==== Sponsored Links ====
Eleven things you must know about quick AD recovery!
==== Contact Us ====
About the newsletter -- letters at windowsitpro.com
About technical questions -- http://list.windowsitpro.com/t?ctl=CC39:4FB69
About product news -- products at windowsitpro.com
About your subscription -- windowsitproupdate at windowsitpro.com
About sponsoring Security UPDATE -- emedia_opps at windowsitpro.com
This email newsletter is brought to you by Windows IT Security,
the leading publication for IT professionals securing the Windows
enterprise from external intruders and controlling access for
internal users. Subscribe today.
Windows IT Pro, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department
Copyright 2005, Penton Media, Inc. All rights reserved.
More information about the ISN