News

Wednesday, January 03, 2007

2007 Through the Looking Glass

PLEASE VISIT OUR SPONSORS, WHO BRING YOU SECURITY UPDATE FOR FREE:

Clean Up Your Company's Email Act: Using Filters to Block Threats

http://list.windowsitpro.com/t?ctl=453A3:886699

Discover Atempo's leading PC backup solution.

http://list.windowsitpro.com/t?ctl=453A9:886699

Making the Case for E-mail Archiving and Litigation Readiness

http://list.windowsitpro.com/t?ctl=453A1:886699


=== CONTENTS ===================================================

IN FOCUS: 2007 Through the Looking Glass

NEWS AND FEATURES
- Opera Software Teams Up to Provide Anti-Fraud Protection
- Check Point on Track to Buy NFR Security
- Antispam Solutions for Business
- Recent Security Vulnerabilities

GIVE AND TAKE
- Security Matters Blog: Need Rainbow Tables?
- FAQ: Vista's Administrator Account
- Share Your Security Tips

PRODUCTS
- Environmental Monitoring Goes Wireless
- Wanted: Your Reviews of Products

RESOURCES AND EVENTS

FEATURED WHITE PAPER

ANNOUNCEMENTS


=== SPONSOR: St. Bernard Software ==============================

Clean Up Your Company's Email Act: Using Filters to Block Threats
Do you want to block unwanted or undesirable email? Download this
free whitepaper to learn how to manage the content of information
crossing your network.

http://list.windowsitpro.com/t?ctl=453A3:886699


=== IN FOCUS: 2007 Through the Looking Glass =============
by Mark Joseph Edwards, News Editor, mark at ntsecurity / net

It's 2007 now, so let's take a peek at what the year ahead might hold
in store for the world in terms of information security.

First on the list is the most obvious item, Windows Vista. Microsoft
calls Vista its most secure OS to date. That's probably true given the
insecurity of previous Windows OSs. But while Vista does seem more
secure than previous versions of Windows, it hasn't yet become the
primary target of the blackest of the black hats. But that's about to
change.

Recently a vulnerability in Windows was discovered that affects Windows
2000, Windows XP, Windows Server 2003, and Windows Vista. The
vulnerability is located in the Client-Server Runtime Subsystem (CSRSS)
and lets someone elevate his or her privileges to the level of
Administrator.

For the most part, the news stories and technical reports I've read
present this vulnerability as a minor problem, apparently because in
order to exploit it, a user must already be authenticated to the
system. So the thinking is that unless someone can be tricked into
running it, there isn't much risk. But that thinking is shortsighted.

What most of the news stories overlook is the fact that in the business
world, a significant number of intrusions are perpetrated by people
inside a company (e.g., users who can readily authenticate to a
system). Seen in that light, this vulnerability--and any other
vulnerability that lets someone elevate privileges--is indeed serious.

We're probably going to see more vulnerabilities of a similar caliber
(or worse) affecting Vista. I think we'll see a lot of Vista
vulnerabilities, with most of them discovered via exploits snagged from
the wilds of the Internet--exploits either in active circulation or for
sale on sites around the world. Look for this trend to naturally pick
up momentum in the third and fourth quarters of the year.

Right along with Vista exploits will be increased exploitation of RSS
and Atom feeds, along with exploits of multimedia content, particularly
because Vista includes ample support for these technologies. Web sites
will be silently cracked, their content will be replaced, and their
feeds will be hijacked, and site operators won't discover the tampering
until users complain or until they're publicly embarrassed by the
media. Similarly, I think we'll also see a significant increase in
exploits launched via popular sites such as YouTube, MySpace, and
popular network-enabled games.

Another important trend will probably be a much stronger push for
digital identities and various protection mechanisms against identity
theft. As for the latter issue, user education will probably remain low
on the list of remedies even though it's the best solution available.
Watch for many more news stories about huge personal data breaches in
2007.

Identity theft, spam, and malware will of course continue to grow into
bigger problems than they already are. We probably won't see any
significant dents made in those problems in 2007. Vendors don't seem to
be keen on rooting out problems but instead prefer to sell Band-Aids,
so to speak. Here's one good example: Remember Blue Security? That tiny
company came up with a fantastic mechanism (called Blue Frog) to fight
spam, and it was hugely successful! Unfortunately, the company caved in
to retaliation from spammers, and not one of the most powerful
companies in the industry has stepped up to take up where Blue Security
left off. I seriously doubt that any of them will either. There appears
to be little if any desire to disassemble the engines that drive
product sales. Sad, but true.

Finally, botnets will become a much bigger problem in 2007, and I
suspect that the problem will eventually lead to some very serious
quakes on the Internet.


=== SPONSOR: Atempo ============================================

Discover Atempo's leading PC backup solution.
Stop losing valuable information stored on your employees' laptops!
The financial impact of information loss and system failure can be very
high and recovering data or a corrupted system is complicated and time
consuming. In today's enterprise, the workforce is highly mobile, and
business-critical information is most often stored on globe-trotting
laptops. Atempo LiveBackup can put an end to your mobile data
headaches. This automatic and continuous backup software keeps laptop
data protected up to the moment of failure and empowers end-users to
recover files by themselves.

http://list.windowsitpro.com/t?ctl=453A9:886699


=== SECURITY NEWS AND FEATURES =================================

Opera Software Teams Up to Provide Anti-Fraud Protection
Opera Software announced the latest release of its popular Web
browser, Opera 9.1, which includes a new Fraud Protection feature.

http://list.windowsitpro.com/t?ctl=453AC:886699

Check Point on Track to Buy NFR Security
Security solution provider Check Point Technologies said it's made a
deal to buy NFR Security for approximately $20 million. Established in
1996 by well-known security expert Marcus Ranum, NFR Security provides
intrusion detection and prevention technologies.

http://list.windowsitpro.com/t?ctl=453AD:886699

Antispam Solutions for Business
Many organizations are looking to replace their first-generation
spam software solutions either with a spam-filtering appliance or by
entrusting spam-filtering tasks to a hosted service. This Buyer's Guide
can help you decide which solution is best for you.

http://list.windowsitpro.com/t?ctl=453B0:886699

Recent Security Vulnerabilities
If you subscribe to this newsletter, you also receive Security
Alerts, which inform you about recently discovered security
vulnerabilities. You can also find information about these
discoveries at

http://list.windowsitpro.com/t?ctl=453A4:886699


=== SPONSOR: Symantec ==========================================

Making the Case for E-mail Archiving and Litigation Readiness
Are your messages easily accessible, yet secure, in the case of an
e-discovery request? With the phenomenal email volume growth, and
increasing costs when companies fail to comply, you can't afford to
lose an email. Download this free whitepaper today and implement a
strong email retention and management system today!

http://list.windowsitpro.com/t?ctl=453A1:886699


=== GIVE AND TAKE ==============================================

SECURITY MATTERS BLOG: Need Rainbow Tables?
by Mark Joseph Edwards, http://list.windowsitpro.com/t?ctl=453B4:886699

Rainbow tables help with the discovery of passwords by speeding up
testing time. You could compute your own tables, buy precomputed
tables, or download tables that are made available free to everyone.
Learn more in this blog article.

http://list.windowsitpro.com/t?ctl=453AF:886699


FAQ: Vista's Administrator Account
by John Savill, http://list.windowsitpro.com/t?ctl=453B2:886699


Q: Where is the Administrator account in Windows Vista?

Find the answer at

http://list.windowsitpro.com/t?ctl=453AE:886699

SHARE YOUR SECURITY TIPS AND GET $100
Share your security-related tips, comments, or problems and
solutions in Security Pro VIP's Reader to Reader column. Email your
contributions to r2r@securityprovip.com. If we print your submission,
you'll get $100. We edit submissions for style, grammar, and length.


=== PRODUCTS ===================================================
by Renee Munshi, products@windowsitpro.com

Environmental Monitoring Goes Wireless
AVTECH Software announced Room Alert 26W, part of the Room Alert
hardware line for IT environment and facilities monitoring. The new
model uses wireless technology for communications between sensors and
the main Room Alert 26W unit. The secure, private protocol that the
sensors use to send alerts to the main unit is ZigBee compatible and
approved in North America, Europe, the UK, Australia, New Zealand, and
the Pacific Rim. Room Alert 26W monitors physical conditions such as
temperature, humidity, and power and can immediately alert IT staff to
problems and/or log events. For more information, go to

http://list.windowsitpro.com/t?ctl=453B7:886699

WANTED: your reviews of products you've tested and used in
production. Send your experiences and ratings of products to
whatshot@windowsitpro.com and get a Best Buy gift certificate.


=== RESOURCES AND EVENTS =======================================
For more security-related resources, visit

http://list.windowsitpro.com/t?ctl=453B1:886699

Are you an Oracle professional who has cross-platform responsibilities,
or do you need to transfer your skill set to SQL Server? If so,
register for free to attend the Cross Platform Data online event
January 30 and 31 and February 1. In a seminar featuring SQL
Server/Oracle experts Andrew Sisson from Scalability Experts and
Douglas McDowell from Solid Quality Learning, you'll learn key concepts
about SQL Server 2005, including how to deploy SQL Server's BI
capabilities on Oracle, proof points demonstrating that SQL Server is
enterprise-ready, and how to successfully deploy Oracle on the Windows
platform.

http://list.windowsitpro.com/t?ctl=453AB:886699

Find the buried treasure by uncovering the secrets to Web filtering.
Complete this quiz correctly and you could be a winner!

http://list.windowsitpro.com/t?ctl=453AA:886699

When your systems go down, your users' productivity grinds to a halt.
User downtime is one of the fastest growing concerns among businesses.
This free Web seminar teaches you how to keep your users continuously
connected and your business up and running. View the on-demand Web
seminar now!

http://list.windowsitpro.com/t?ctl=4539E:886699

Integrate fax services with business applications for major increases
in ROI. Find out how fax technology can benefit your bottom line and
improve business processes. Download the free ebook today!

http://list.windowsitpro.com/t?ctl=453A0:886699

Randy Franklin Smith outlines five evaluation points to consider when
choosing your antispyware solution in this free podcast. Download it
today!

http://list.windowsitpro.com/t?ctl=4539F:886699


=== FEATURED WHITE PAPER =======================================

Disaster recovery isn't just a theory for most businesses--it's a harsh
business reality. Improve your own disaster recovery efforts today and
learn from real-life disaster survivors. Make sure that your plan is
ready before a disaster strikes--download this free white paper today!

http://list.windowsitpro.com/t?ctl=453A2:886699


=== ANNOUNCEMENTS ==============================================

Special Invitation for VIP Access
Become a VIP subscriber and get continuous, inside access to ALL the
content published in Windows IT Pro magazine, SQL Server Magazine,
Exchange & Outlook Pro VIP, Scripting Pro VIP, and Security Pro VIP.
Subscribe now and SAVE $100:

http://list.windowsitpro.com/t?ctl=453A6:886699

Ring in the New Year with Windows IT Pro
Don't miss Windows IT Pro magazine in 2007! As a subscriber, you'll
have full access to must-have coverage relating to Windows Vista
deployment, virtualization and disaster recovery, Active Directory
enhancements, Office 2007 launch, SharePoint fundamentals, and much
more. Order now and save 58% off the cover price:

http://list.windowsitpro.com/t?ctl=453A5:886699


================================================================

Security UDPATE is brought to you by the Windows IT Pro Web site's
Security page (first URL below) and Security Pro VIP (second URL
below).

http://list.windowsitpro.com/t?ctl=453B3:886699

http://list.windowsitpro.com/t?ctl=453B6:886699

Subscribe to Security UPDATE at

http://list.windowsitpro.com/t?ctl=453A8:886699

Unsubscribe by clicking

http://list.windowsitpro.com/u?id=4160B336D0B60CB170FF5A38056DBC2A

Be sure to add Security_UPDATE@list.windowsitpro.com
to your antispam software's list of allowed senders.

To contact us:
About Security UPDATE content -- letters@windowsitpro.com
About technical questions -- http://list.windowsitpro.com/t?ctl=453B5:886699

About your product news -- products@windowsitpro.com
About your subscription -- windowsitproupdate@windowsitpro.com
About sponsoring Security UPDATE -- salesopps@windowsitpro.com

View the Windows IT Pro privacy policy at

http://list.windowsitpro.com/t?ctl=453A7:886699

Windows IT Pro, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department

Copyright 2007, Penton Media, Inc. All rights reserved.

No comments:

Blog Archive