News

Wednesday, April 04, 2007

How Security Ripple Effects Affect You

PLEASE VISIT OUR SPONSORS, WHO BRING YOU SECURITY UPDATE FOR FREE:

Email Discovery and Compliance

http://list.windowsitpro.com/t?ctl=50AB4:4160B336D0B60CB1E912146D0A03E85B

Free White Paper: Address the Insider Threat

http://list.windowsitpro.com/t?ctl=50AC9:4160B336D0B60CB1E912146D0A03E85B


Double-Take Software: Recovery Made Easy

http://list.windowsitpro.com/t?ctl=50AB0:4160B336D0B60CB1E912146D0A03E85B


=== CONTENTS ===================================================

IN FOCUS: How Security Ripple Effects Affect You

NEWS AND FEATURES
- Animated Cursors Being Used to Infiltrate Windows
- Kaspersky on Keyloggers
- SANS Launches Security Certification for Programmers
- Recent Security Vulnerabilities

GIVE AND TAKE
- Security Matters Blog: Linux on the Desktop
- FAQ: Extracting Standalone Update Files
- From the Forum: Are XP Guest Logons Hack Attempts?
- Tell Us About the Products You Love!
- Share Your Security Tips
- Microsoft Learning Paths for Security: Securing Your Messaging
Infrastructure

PRODUCTS
- Free Internet Security Product for Home Use

RESOURCES AND EVENTS

FEATURED WHITE PAPER

ANNOUNCEMENTS


=== SPONSOR: iLumin ============================================

Email Discovery and Compliance
In this free white paper get the tools you need to effectively
comply with messaging archiving statutes and regulations. You'll learn
about the benefits of messaging archiving such as: indexing, storing
and purging of these records according to corporate or other policies,
automatic migrating of messaging system content to other storage media,
and the ability to make the messaging system serve as a corporate
knowledge store, allowing users to mine data for a variety of purposes
and more. Download your copy now!

http://list.windowsitpro.com/t?ctl=50AB4:4160B336D0B60CB1E912146D0A03E85B


=== IN FOCUS: How Security Ripple Effects Affect You ===========
by Mark Joseph Edwards, News Editor, mark at ntsecurity / net

Like so many things, network security is subject to ripple effects such
that one action (or lack of action) can cause a significant change
elsewhere. One case in point is software development. When developers
write less-than-secure code, that impact is far reaching. For the
enterprise, at a minimum, it typically means a lot more work for
administrators. Of course, the impact can be much more severe and reach
nearly every corner of the enterprise--information could leak, systems
could be hijacked, the corporate image could suffer, and the list goes
on.

The obvious solution is to get programmers to write better code. A news
story on our Web site, "SANS Launches Security Certification for
Programmers" (you can link to it in the Security News and Features
section below), discusses a new testing and certification program that
could have a positive ripple effect. If you're a programmer, even as a
hobby, be sure to read the story and click the links. You'll find some
practice tests that might help you, and you'll find out how you can
become certified.

Another case in point is inadequate system security resulting in
malware infestation and spam. When companies don't protect their
systems adequately, those systems are bound to become infiltrated by
malware. Most blackhats these days don't develop and spread malware
just to idle or destroy a few companies' data or systems. Today's
malware has a wider range of purposes, one of which is to make money by
sending spam. So when your company slacks off on security and becomes
infected with malware, that could very well result in an increase in
spam for people all over the world.

I read an interesting story last week at The Register (URL below) about
systems inside the networks of very well-known companies sending spam.
Obviously those companies aren't taking care of security as best they
could. Among the guilty companies identified were HP, Oracle, and Best
Buy.

http://list.windowsitpro.com/t?ctl=50ABB:4160B336D0B60CB1E912146D0A03E85B

The Register's story is based on data collected by Support
Intelligence, a security monitoring solution provider. Support
Intelligence operates a number of spam traps and analyzes the headers
of email messages received by those traps. That header data includes
the IP addresses of the mail servers used to transmit the message, and
those addresses can be used to identify the operator of the network
that uses the addresses.

Support Intelligence's blog says that the company is using its spam
trap data to identify Fortune 1000 companies that have bots operating
inside their networks. Support Intelligence goes on to say that it will
continue publishing its findings "until corporate America is clean."

If Fortune 1000 companies clean up their networks, everyone will most
likely receive far less spam, and that's a good thing. However the same
holds true for any other company, and it's a real shame that companies
have to be publicly embarrassed by news outlets such as The Register
and companies such as Support Intelligence before they'll do what they
should already be doing. That holds especially true for companies such
as Oracle and HP, both of which would like us to think of them as
pinnacles of best practice and leaders in various areas of security.

If you're interested in this particular spam monitoring trend, keep an
eye on the Support Intelligence blog, at the URL below.

http://list.windowsitpro.com/t?ctl=50AC8:4160B336D0B60CB1E912146D0A03E85B


=== SPONSOR: NetIQ =============================================

Free White Paper: Address the Insider Threat
Learn how to develop a comprehensive management system that
virtually eliminates the risk of an insider threat. Co-authored by
NetIQ and Dr. Eric Cole, this informative white paper identifies the
key business processes that must be secured and ready to build a
solution to contain the insider threat.

http://list.windowsitpro.com/t?ctl=50AC9:4160B336D0B60CB1E912146D0A03E85B

=== SECURITY NEWS AND FEATURES =================================

Animated Cursors Being Used to Infiltrate Windows
Microsoft issued an advisory about exploits that take advantage of a
flaw in the way animated cursor (.ani) files are handled in Windows.
The company followed the advisory with a patch (a week ahead of the
regularly scheduled monthly Microsoft patches) for the vulnerability.

http://list.windowsitpro.com/t?ctl=50ABE:4160B336D0B60CB1E912146D0A03E85B

Kaspersky on Keyloggers
Kaspersky Lab released the first of a two-part report about
keyloggers, which pose a considerable threat when they go undetected.

http://list.windowsitpro.com/t?ctl=50ABD:4160B336D0B60CB1E912146D0A03E85B

SANS Launches Security Certification for Programmers
SANS Institute launched the Software Security Institute, a
certification program designed to help assess software developers'
ability to write secure code.

http://list.windowsitpro.com/t?ctl=50ABF:4160B336D0B60CB1E912146D0A03E85B

Recent Security Vulnerabilities
If you subscribe to this newsletter, you also receive Security
Alerts, which inform you about recently discovered security
vulnerabilities. You can also find information about these
discoveries at

http://list.windowsitpro.com/t?ctl=50AB7:4160B336D0B60CB1E912146D0A03E85B


=== SPONSOR: Double-Take Software ==============================

Double-Take Software: Recovery Made Easy
Upcoming Webinar--The Big Picture in Disaster Recovery, with Double-
Take Software, VMware, and Silver Peak. Join this webinar to learn how
to tie together virtualization, replication and WAN acceleration for
better business continuity. April 25, 2007 at 11 a.m. Eastern Time--
Register Now!

http://list.windowsitpro.com/t?ctl=50AB0:4160B336D0B60CB1E912146D0A03E85B


=== GIVE AND TAKE ==============================================

SECURITY MATTERS BLOG: Linux on the Desktop
by Mark Joseph Edwards, http://list.windowsitpro.com/t?ctl=50AC6:4160B336D0B60CB1E912146D0A03E85B

Dell said it will soon start offering Linux on desktop and notebook
systems. My recent experience with Linux on Dell notebooks has been
interesting.

http://list.windowsitpro.com/t?ctl=50AC0:4160B336D0B60CB1E912146D0A03E85B

FAQ: Extracting Standalone Update Files
by John Savill, http://list.windowsitpro.com/t?ctl=50AC4:4160B336D0B60CB1E912146D0A03E85B


Q: How can I extract the files from a Windows Vista Microsoft Update
Standalone Package (MSU)?

Find the answer at

http://list.windowsitpro.com/t?ctl=50AC1:4160B336D0B60CB1E912146D0A03E85B

FROM THE FORUM: Are XP Guest Logons Hack Attempts?
A forum participant writes, "I'm no newbie to using event viewer,
and typically it's an important tool for my daily assessment of what's
going on with my [Windows] XP computer. I realize [that] occasionally
XP will use the system account to log on and do routine maintenance.
But have any of you ever seen XP cite instances of 'guest' logging in
and out, especially when the 'guest' account is disabled?" Join the
discussion at

http://list.windowsitpro.com/t?ctl=50AAF:4160B336D0B60CB1E912146D0A03E85B

TELL US ABOUT THE PRODUCTS YOU LOVE!
What products are you using that save you time or make your workload
a little lighter? What hot product discoveries have you made that other
IT pros need to know about? Let the world know about your experiences
in Windows IT Pro's monthly What's Hot department. If we publish your
story in What's Hot, we'll send you a Best Buy gift card! Send
information about your favorite product and how it has helped you to
whatshot@windowsitpro.com.

SHARE YOUR SECURITY TIPS AND GET $100
Share your security-related tips, comments, or problems and
solutions in Security Pro VIP's Reader to Reader column. Email your
contributions to r2r@securityprovip.com. If we print your submission,
you'll get $100. We edit submissions for style, grammar, and length.

MICROSOFT LEARNING PATHS FOR SECURITY: Securing Your Messaging
Infrastructure
These resources provide guidance on securing your messaging
infrastructure, including best practices for message hygiene
technologies and configuration strategies. You'll also get an in-depth
look at the Microsoft Forefront line of business security products,
which help protect application servers such as Microsoft Exchange
Server 2007, Microsoft Office SharePoint Server 2007, and Microsoft
Office Communications Server 2007.

http://list.windowsitpro.com/t?ctl=50AC2:4160B336D0B60CB1E912146D0A03E85B


=== PRODUCTS ===================================================
by Renee Munshi, products@windowsitpro.com

Free Internet Security Product for Home Use
eEye Digital Security announced the release of its latest version of
Blink Personal Internet Security with Anti-virus and is offering a free
one-year subscription for personal or home office use in the United
States and Canada. Blink Personal has multiple antivirus engines,
detects and removes spyware and adware, guards against phishing and
identity theft, has system and application firewalls, prevents
intrusion and protects against remote attacks, detects missing patches
for applications and OSs, and detects configuration settings that lower
system security. eEye says the offer is for a limited time, for one
installation per customer. To download Blink Personal, go to

http://list.windowsitpro.com/t?ctl=50ABC:4160B336D0B60CB1E912146D0A03E85B


=== RESOURCES AND EVENTS =======================================
For more security-related resources, visit

http://list.windowsitpro.com/t?ctl=50AC3:4160B336D0B60CB1E912146D0A03E85B

Do you have visibility and control over your software licenses? Most
organizations face serious challenges, including complex and confusing
vendor licensing models, cost overruns, missed deadlines and business
opportunities, and lost user productivity. Learn to address these
challenges and prepare for audits. Register for this free on-demand Web
seminar, available now!

http://list.windowsitpro.com/t?ctl=50AB1:4160B336D0B60CB1E912146D0A03E85B

Having customers depend on your IT services in order to communicate,
purchase, or manage orders is great for your business. But what happens
when your applications or Web sites become unavailable? Download this
free white paper and learn how to eliminate application downtime
disruptions and ensure the continuity of your business.

http://list.windowsitpro.com/t?ctl=50AB2:4160B336D0B60CB1E912146D0A03E85B

You know you need to manage your email data, but how do you do it? What
steps do you need to take? What additional measures should you enact?
What shouldn't you do? Get answers to these and other questions and get
control of your vital messaging data. Download this free eBook today!

http://list.windowsitpro.com/t?ctl=50AB6:4160B336D0B60CB1E912146D0A03E85B

Are all your malware definitions completely up-to-date? If they are,
then you're halfway home to total malware protection. Windows Vista
might be the most secure Microsoft OS ever released, but malware is
constantly evolving, and sometimes out-of-the-box security just isn't
enough. In this exclusive podcast, Windows IT Pro Editorial and
Strategy Director Karen Forster interviews Microsoft Product Manager
Josue Fontanez about Forefront Client Security, Microsoft's unified
malware protection package.

http://list.windowsitpro.com/t?ctl=50AB3:4160B336D0B60CB1E912146D0A03E85B


=== FEATURED WHITE PAPER =======================================

How do compliance regulations really affect your IT infrastructure? You
need to design your retention, retrieval, privacy, and security
policies to ensure that your organization is compliant. Download this
free eBook today and make certain that your organization complies with
regulations!

http://list.windowsitpro.com/t?ctl=50AB5:4160B336D0B60CB1E912146D0A03E85B


=== ANNOUNCEMENTS ==============================================

Introducing a Unique Security Resource
Security Pro VIP is an online information center that delivers new
articles every week on topics such as perimeter security,
authentication, and system patches. Subscribers also receive tips,
cautionary advice, direct access to our editors, and a host of other
benefits! Order now at an exclusive charter rate and save up to $50!

http://list.windowsitpro.com/t?ctl=50AB8:4160B336D0B60CB1E912146D0A03E85B

Grab Your Share of the Spotlight!
Nominate yourself or a peer to become IT Pro of the Month. This is
your chance to get the recognition you deserve! Winners will receive
over $600 in IT resources and be featured in Windows IT Pro. It's easy
to enter--we're accepting May nominations now, but only for a limited
time! Submit your nomination today:

http://list.windowsitpro.com/t?ctl=50AC7:4160B336D0B60CB1E912146D0A03E85B


================================================================

Security UDPATE is brought to you by the Windows IT Pro Web site's
Security page (first URL below) and Security Pro VIP (second URL
below).

http://list.windowsitpro.com/t?ctl=50AC5:4160B336D0B60CB1E912146D0A03E85B

http://list.windowsitpro.com/t?ctl=50ACB:4160B336D0B60CB1E912146D0A03E85B

Subscribe to Security UPDATE at

http://list.windowsitpro.com/t?ctl=50ABA:4160B336D0B60CB1E912146D0A03E85B

Unsubscribe by clicking

http://list.windowsitpro.com/u?id=4160B336D0B60CB1E912146D0A03E85B

Be sure to add Security_UPDATE@list.windowsitpro.com
to your antispam software's list of allowed senders.

To contact us:
About Security UPDATE content -- letters@windowsitpro.com
About technical questions -- http://list.windowsitpro.com/t?ctl=50ACA:4160B336D0B60CB1E912146D0A03E85B

About your product news -- products@windowsitpro.com
About your subscription -- windowsitproupdate@windowsitpro.com
About sponsoring Security UPDATE -- salesopps@windowsitpro.com

View the Windows IT Pro privacy policy at

http://list.windowsitpro.com/t?ctl=50AB9:4160B336D0B60CB1E912146D0A03E85B

Windows IT Pro, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department

Copyright 2007, Penton Media, Inc. All rights reserved.

No comments:

Blog Archive