Email Security for the 21st Century
http://list.windowsitpro.com/t?ctl=54849:4160B336D0B60CB10F1D967A1F62FFEB
Roadmap to Email Archiving and Compliance
http://list.windowsitpro.com/t?ctl=5484B:4160B336D0B60CB10F1D967A1F62FFEB
Enterprises Rate Important IP Telephony Features
http://list.windowsitpro.com/t?ctl=5485E:4160B336D0B60CB10F1D967A1F62FFEB
=== CONTENTS ===================================================
IN FOCUS: A Different Kind of Honeypot Project
NEWS AND FEATURES
- Dangerous QuickTime and Java Flaw Affects Windows
- Browser Toolbars Integrate Real-Time Anti-Malware Defenses
- Microsoft Prepares Forefront Client Security for May Release
- Recent Security Vulnerabilities
GIVE AND TAKE
- Security Matters Blog: Vbootkit Bypasses Vista Code Signing
- FAQ: Get Windows 2003 SP2
- From the Forum: Looking for Password Analyzer
- We Need Your Feedback About the Products You Use
- Share Your Security Tips
PRODUCTS
- Easier Management of Data Encryption Appliances
RESOURCES AND EVENTS
FEATURED WHITE PAPER
ANNOUNCEMENTS
=== SPONSOR: Ironport ==========================================
Email Security for the 21st Century
Protect your users and your network against email-borne threats.
This free eBook gives you the knowledge required to understand the real
threat that email-borne attacks pose, and how to address those attacks
in a way that reduces risk while ensuring users aren't impacted.
Download it today!
http://list.windowsitpro.com/t?ctl=54849:4160B336D0B60CB10F1D967A1F62FFEB
=== IN FOCUS: A Different Kind of Honeypot Project =============
by Mark Joseph Edwards, News Editor, mark at ntsecurity / net
Honeypots are excellent tools for preemptive forensic investigation.
They let you see what intruders are targeting in your network, monitor
their activity, capture their exploits, and more. So when I think of
honeypots, that's typically the image that comes to mind. But a new
type of honeypot project is aimed squarely at spammers.
Project Honey Pot is a community effort that aims to identify spammers
and email address harvesters and put them out of business by
eliminating their ability to deliver spam and thus hitting them where
it hurts most: in the pocketbook.
The way it works is relatively simple. Web developers insert special
code into their Web server platform that communicates with Project
Honey Pot servers. The code grabs unique email addresses (tied to the
IP address of the Web site visitor) from Project Honey Pot servers that
are then inserted into the Web site dynamically. The email addresses of
course are spam traps operated by Project Honey Pot. So when robots or
people harvest those addresses and mail arrives in those traps, the
project can track and identify the spammers.
Project Honey Pot also operates a new blacklist DNS system (called
http:BL), similar to those used by email DNS blacklist providers. Web
site developers can use Project Honey Pot's API to query the http:BL
DNS servers by using a Web site visitor's IP address. The DNS query
results reveal whether the visitor is a known harmless search engine
robot, a known spammer, or a known email harvester. Code written by the
Web developer can then take action based on the visitor's
categorization. For example, If the DNS query returns info that says
the visitor IP address is that of a spammer, code can prevent the
visitor from posting a comment and thus prevent comment spam.
Overall, I think the project is a pretty good idea. Integrating a spam
trap into your site isn't incredibly difficult. After you sign up for
an account, you can download ready-made code in one of several
languages, including Active Server Pages (ASP), PHP, Perl, Python,
ColdFusion, and more. You drop the code into your Web site and make a
link to it somewhere. If you run Apache, module code is available that
you can integrate directly to work with http:BL. You can also donate MX
records from your own domains that will be used to create spam traps
shared at Project Honey Pot.
So far, the project has identified more than 15,000 email address
harvesters and 2.5 million spam servers and currently operates more
than 2.2 million spam traps. Last week, the project announced that it
has filed a $1 billion lawsuit, the largest antispam suit ever, against
spammers for harvesting email addresses and spamming Project Honey Pot
members. The suit comes as a result of two years of tracking spammers.
You can read more about the suit at the first URL below (click the days
of the week on the left-hand side of the screen to see other recent
announcements, including integration information). If you're interested
in joining the project, visit the home page at the second URL below,
where you'll find a link to register along with links to a FAQ and
more.
http://list.windowsitpro.com/t?ctl=54859:4160B336D0B60CB10F1D967A1F62FFEB
http://list.windowsitpro.com/t?ctl=54860:4160B336D0B60CB10F1D967A1F62FFEB
===
You can win $100 by voting for the products you find most useful in
Windows IT Pro's Community Choice Awards! Give us your feedback to
qualify to win one of twelve $100 Amazon.com gift certificates. Voting
is open through May 21. Winners will be announced in the August 2007
issue of Windows IT Pro. Go to
http://list.windowsitpro.com/t?ctl=54848:4160B336D0B60CB10F1D967A1F62FFEB
=== SPONSOR: Sherpa Software ===================================
Roadmap to Email Archiving and Compliance
How will compliance regulations affect your IT infrastructure? Help
design your retention and retrieval, privacy and security policies to
make sure that your organization is compliant. Download the free eBook
today!
http://list.windowsitpro.com/t?ctl=5484B:4160B336D0B60CB10F1D967A1F62FFEB
=== SECURITY NEWS AND FEATURES =================================
Dangerous QuickTime and Java Flaw Affects Windows
At the recent CanSecWest conference, Shane Macaulay and Dino Dai
Zovi worked in tandem to successfully break into a MacBook Pro running
OS X by using a zero-day exploit. The security flaw is now believed to
also affect Windows platforms.
http://list.windowsitpro.com/t?ctl=54854:4160B336D0B60CB10F1D967A1F62FFEB
Browser Toolbars Integrate Real-Time Anti-Malware Defenses
Toolbars from Exploit Prevention Labs and Finjan help protect
against malicious content in Web sites and search results by scanning
Web page content in real time without the use of signature databases.
http://list.windowsitpro.com/t?ctl=54858:4160B336D0B60CB10F1D967A1F62FFEB
Microsoft Prepares Forefront Client Security for May Release
Microsoft will ship its long-awaited Forefront Client Security
product--a managed security solution for enterprises--in "the next
month or so," according to Microsoft CEO Steve Ballmer.
http://list.windowsitpro.com/t?ctl=54853:4160B336D0B60CB10F1D967A1F62FFEB
Recent Security Vulnerabilities
If you subscribe to this newsletter, you also receive Security
Alerts, which inform you about recently discovered security
vulnerabilities. You can also find information about these
discoveries at
http://list.windowsitpro.com/t?ctl=5484C:4160B336D0B60CB10F1D967A1F62FFEB
=== SPONSOR: ShoreTel ==========================================
Enterprises Rate Important IP Telephony Features
This comprehensive guide is invaluable for those evaluating VoIP and
shows how organizations can reduce cost and improve operations to help
you to plan and implement an IP phone system. Define system components
- Identify network requirements - Learn important standards - Learn
deployment options:
http://list.windowsitpro.com/t?ctl=5485E:4160B336D0B60CB10F1D967A1F62FFEB
=== GIVE AND TAKE ==============================================
SECURITY MATTERS BLOG: Vbootkit Bypasses Vista Code Signing
by Mark Joseph Edwards, http://list.windowsitpro.com/t?ctl=5485D:4160B336D0B60CB10F1D967A1F62FFEB
As expected, Vista isn't perfect. It's possible to load unsigned code
into the kernel. Vbootkit proves it.
http://list.windowsitpro.com/t?ctl=54855:4160B336D0B60CB10F1D967A1F62FFEB
FAQ: Get Windows 2003 SP2
by John Savill, http://list.windowsitpro.com/t?ctl=5485B:4160B336D0B60CB10F1D967A1F62FFEB
Q: Where can I download Windows Server 2003 SP2?
Find the answer at
http://list.windowsitpro.com/t?ctl=54856:4160B336D0B60CB10F1D967A1F62FFEB
FROM THE FORUM: Looking for Password Analyzer
A forum participant is looking for some sort of utility to run on a
server that would find weak user passwords and send an alert about
them. Join the discussion at
http://list.windowsitpro.com/t?ctl=54847:4160B336D0B60CB10F1D967A1F62FFEB
WE NEED YOUR FEEDBACK ABOUT THE PRODUCTS YOU USE!
Share your product experience with your peers. Have you discovered a
great product that saves you time and money? Do you use something you
wouldn't wish on anyone? Tell the world! If we publish your opinion,
we'll send you a Best Buy gift card! Send information about a product
you use and whether it helps or hinders you to
whatshot@windowsitpro.com.
SHARE YOUR SECURITY TIPS AND GET $100
Share your security-related tips, comments, or problems and
solutions in Security Pro VIP's Reader to Reader column. Email your
contributions to r2r@securityprovip.com. If we print your submission,
you'll get $100. We edit submissions for style, grammar, and length.
=== PRODUCTS ===================================================
by Renee Munshi, products@windowsitpro.com
Easier Management of Data Encryption Appliances
Decru announced the Decru SecureView framework to centralize
management of its encryption and key management appliances. The
appliances are used to encrypt stored data. The framework provides
secure management of up to 1,000 devices from one interface. Features
include administrator management, role-based access controls (RBAC),
configuration and patch management, rolling upgrades, performance and
access monitoring, and centralized graphical and command-line
interfaces to enable the automation of operations across groups of
appliances. For more information, go to
http://list.windowsitpro.com/t?ctl=54862:4160B336D0B60CB10F1D967A1F62FFEB
=== RESOURCES AND EVENTS =======================================
For more security-related resources, visit
http://list.windowsitpro.com/t?ctl=5485A:4160B336D0B60CB10F1D967A1F62FFEB
Windows + UNIX/Linux = You Need TechX World!
If you work in an environment that includes both Windows and UNIX or
Linux, TechX World is the place to go for practical strategies and
resources to add to your toolkit. This one-day technical training event
will teach you how to make the most of open-source tools on Windows and
how to manage and sync multiple directories. Register today!
http://list.windowsitpro.com/t?ctl=54857:4160B336D0B60CB10F1D967A1F62FFEB
Get Ready for Exchange & Office 2007 Roadshow--free!
The successful Microsoft-partnered Get Ready for Exchange & Office
2007 Roadshow is coming to Stockholm! Three independent, respected
technical speakers--Jim McBee, Mark Arnold, and Ben Schorr--will
deliver tracks on securing, managing, and deploying Exchange and Office
2007 and using Exchange Server 2007 capabilities to improve your
messaging environment. Register today for this free day-long event.
Your delegate bag will include Microsoft Exchange Server 2007 and
Office 2007 Beta 2 Software Kits.
Venue: Berns Hotel, Stockholm
Date: Monday, 14 May 2007
http://list.windowsitpro.com/t?ctl=54852:4160B336D0B60CB10F1D967A1F62FFEB
Get Ready for the Windows Server Longhorn Roadshow!
Seize control of your Windows infrastructure with Microsoft's
biggest server release since Windows 2003. Get a live, under-the-hood
look at Longhorn virtualization, deployment, Web services, and
breakthroughs in core reliability. This one-day event is filled with
demonstrations and in-depth discussions designed for IT pros who want a
deep understanding of Windows Server Longhorn.
http://list.windowsitpro.com/t?ctl=54850:4160B336D0B60CB10F1D967A1F62FFEB
=== FEATURED WHITE PAPER =======================================
Increase customer confidence with the latest breakthrough in online
security--Extended Validation SSL. Extended Validation triggers a green
address bar in Internet Explorer 7.0 that proves site identity. Get the
green bar and higher sales by reading the technical white paper
"Maximizing Site Visitor Trust Using Extended Validation SSL."
http://list.windowsitpro.com/t?ctl=5484A:4160B336D0B60CB10F1D967A1F62FFEB
=== ANNOUNCEMENTS ==============================================
Introducing a Unique Security Resource
Security Pro VIP is an online information center that delivers new
articles every week on topics such as perimeter security,
authentication, and system patches. Subscribers also receive tips,
cautionary advice, direct access to our editors, and a host of other
benefits! Order now at an exclusive charter rate and save up to $50!
http://list.windowsitpro.com/t?ctl=5484E:4160B336D0B60CB10F1D967A1F62FFEB
Introducing a Unique Exchange and Outlook Resource
Exchange & Outlook Pro VIP is an online information center that
delivers new articles every week on messaging topics such as
administration, migration, security, and performance. Subscribers also
receive tips, cautionary advice, direct access to our editors, and a
host of other benefits! Order now at an exclusive charter rate and save
up to $50!
http://list.windowsitpro.com/t?ctl=5484D:4160B336D0B60CB10F1D967A1F62FFEB
================================================================
Security UDPATE is brought to you by the Windows IT Pro Web site's
Security page (first URL below) and Security Pro VIP (second URL
below).
http://list.windowsitpro.com/t?ctl=5485C:4160B336D0B60CB10F1D967A1F62FFEB
http://list.windowsitpro.com/t?ctl=54861:4160B336D0B60CB10F1D967A1F62FFEB
Subscribe to Security UPDATE at
http://list.windowsitpro.com/t?ctl=54851:4160B336D0B60CB10F1D967A1F62FFEB
Unsubscribe by clicking
http://list.windowsitpro.com/u?id=4160B336D0B60CB10F1D967A1F62FFEB
Be sure to add Security_UPDATE@list.windowsitpro.com
to your antispam software's list of allowed senders.
To contact us:
About Security UPDATE content -- letters@windowsitpro.com
About technical questions -- http://list.windowsitpro.com/t?ctl=5485F:4160B336D0B60CB10F1D967A1F62FFEB
About your product news -- products@windowsitpro.com
About your subscription -- windowsitproupdate@windowsitpro.com
About sponsoring Security UPDATE -- salesopps@windowsitpro.com
View the Windows IT Pro privacy policy at
http://list.windowsitpro.com/t?ctl=5484F:4160B336D0B60CB10F1D967A1F62FFEB
Windows IT Pro, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department
Copyright 2007, Penton Media, Inc. All rights reserved.
No comments:
Post a Comment