Hosted Security for Small and Medium-Sized Businesses
http://list.windowsitpro.com/t?ctl=565E8:4160B336D0B60CB112AF8E9287889EFB
Protecting Organizations from Spyware: Free Whitepaper
http://list.windowsitpro.com/t?ctl=565EA:4160B336D0B60CB112AF8E9287889EFB
Managing Risk Through Security
http://list.windowsitpro.com/t?ctl=565E7:4160B336D0B60CB112AF8E9287889EFB
=== CONTENTS ===================================================
IN FOCUS: How Banks Could Help Minimize Phishing
NEWS AND FEATURES
- Strange Twist of Logic: Use Our Technology or Else!
- Microsoft Retires MBSA 1.2, Suggests Shavlik Tools for Legacy
Support
- Recent Security Vulnerabilities
GIVE AND TAKE
- Security Matters Blog: Windows Server 2003 Needs at Least One
Service Pack
- FAQ: View File Ownership in PowerShell
- Product Evaluations from the Real World
- Share Your Security Tips
PRODUCTS
- Memory Stick Security
RESOURCES AND EVENTS
FEATURED WHITE PAPER
ANNOUNCEMENTS
=== SPONSOR: St. Bernard Software ==============================
Hosted Security for Small and Medium-Sized Businesses
Is effective security out of reach for your small or medium-sized
business? Imagine having a team of IT experts who only focus on
security as part of your staff. Download this free must-have white
paper today and find out how you can eliminate your company's security
risks.
http://list.windowsitpro.com/t?ctl=565E8:4160B336D0B60CB112AF8E9287889EFB
=== IN FOCUS: How Banks Could Help Minimize Phishing ===========
by Mark Joseph Edwards, News Editor, mark at ntsecurity / net
One of the fastest growing and biggest problems in the security world
today is phishing. Criminals who yearn to take advantage of the trend
are swarming like mosquitoes on a warm and muggy summer evening--and
they need to be swatted out of existence, fast.
Today it's easy for a crook to set up a Web site with nearly any domain
name they want. They take advantage of the situation by registering
domains very similar to legitimate commercial domains. Banks and their
customers are the biggest targets. In fact, data from the Anti-Phishing
Working Group shows that since May 2006, 20,000 new phishing scams have
been reported every month. The data also shows that the overwhelming
majority of those scams targeted customers of various financial
institutions.
Phishing scams fool so many people that a mega-million-dollar
antiphishing industry has popped up to produce products and services to
help protect people. The tools provide decent proactive defense, but
they aren't foolproof, and many people don't use them.
Is there another way to help protect the public against the bank
phishing plague? Recently, F-Secure's Mikko Hypponen wrote a brief
article for "Foreign Policy" magazine (at the URL below) that proposes
an idea that's so obvious I find it really difficult to figure out why
no one has acted on it before.
http://list.windowsitpro.com/t?ctl=565F3:4160B336D0B60CB112AF8E9287889EFB
The idea was originally sent to him by a reader of F-Secure's blog back
in October 2006 (see the URL below). The idea is simple: The Internet
Corporation for Assigned Names and Numbers (ICANN) could establish a
new top-level domain (TLD) called something like .bank and allow only
legitimate, verified financial institutions to register a name in that
level.
http://list.windowsitpro.com/t?ctl=565ED:4160B336D0B60CB112AF8E9287889EFB
Hypponen expands on the idea by suggesting that as an added precaution
against scammers--who would undoubtedly attempt to falsify information
in an effort to register a name in that TLD--banks and other financial
institutions could be charged a hefty fee for new registrations.
Hypponen suggests something like $50,000 per domain.
I think that other requirements centered around verification of
credentials could be put in place too; these could be kept secret from
the public so that scammers aren't sure exactly what they are.
If a .bank TLD were available and had enough publicity, people would
quickly become aware that their financial institutions should be using
this TLD and could avoid bank Web sites that didn't use it. This would
help put a serious damper on phishing scams.
Of course, a .bank TLD wouldn't stop phishing entirely. Several
techniques could still be used to fool or take advantage of
unsuspecting bank customers; for example, DNS poisoning, man-in-the-
middle attacks, cross-site scripting, browser-based URL spoofing, and
Trojan horses and keyloggers. So security tools and user education
would still be important. Nevertheless, a new TLD would help.
As for creating the TLD, if I understand correctly, it's not up to
ICANN to start the process. Instead, some independent entity must
request its creation. So, for example, banks (and other financial
institutions) could unite towards that effort, establish an entity that
would handle applications for domain name registration requests (and
the related services), and formally petition ICANN to create the new
TLD. ICANN would then review the proposal and decide whether to proceed
with delegating the new TLD to the DNS root zone.
I hope this happens. It seems like an idea whose time has come and an
easy way for banks to help secure their customer interactions.
===
Calling All Windows IT Pro Innovators!
Have you developed a solution that uses Windows technology to solve
a business problem in an innovative way? Enter your solution in the
2007 Windows IT Pro Innovators Contest! Grand-prize winners will
receive airfare and a conference pass to Windows and Exchange
Connections in Las Vegas, November 5-8, 2007, plus more great prizes
and a feature article about the winning solutions in the November 2007
issue of Windows IT Pro. Contest runs through August 1, 2007.
To enter, click here:
http://list.windowsitpro.com/t?ctl=565F4:4160B336D0B60CB112AF8E9287889EFB
=== SPONSOR: Websense ==========================================
Protecting Organizations from Spyware: Free Whitepaper
Combat phishing and pharming with complete protection against
complex Internet threats by filtering at multiple points on the
gateway, network, and endpoints.
http://list.windowsitpro.com/t?ctl=565EA:4160B336D0B60CB112AF8E9287889EFB
=== SECURITY NEWS AND FEATURES =================================
Strange Twist of Logic: Use Our Technology or Else!
The Digital Millennium Copyright Act (DMCA) has been used against
countless numbers of individuals and companies, forcing them to stop
infringing on intellectual property rights. Now, in a strange twist of
logic, the DMCA is being wielded as a club in an attempt to force the
use of intellectual property.
http://list.windowsitpro.com/t?ctl=565F7:4160B336D0B60CB112AF8E9287889EFB
Microsoft Retires MBSA 1.2, Suggests Shavlik Tools for Legacy Support
Microsoft ended support for its Baseline Security Analyzer and
recommends that customers who need to scan legacy products use Shavlik
NetChk Limited, which produces output that can be opened and read by
MBSA 2.0.1.
http://list.windowsitpro.com/t?ctl=565F5:4160B336D0B60CB112AF8E9287889EFB
Recent Security Vulnerabilities
If you subscribe to this newsletter, you also receive Security
Alerts, which inform you about recently discovered security
vulnerabilities. You can also find information about these
discoveries at
http://list.windowsitpro.com/t?ctl=565EE:4160B336D0B60CB112AF8E9287889EFB
=== SPONSOR: Neverfail =========================================
Managing Risk Through Security
Every business faces risk. Have you properly assessed your company's
risk and put a focus on business continuity? Attend this free Web
seminar and learn how you can ensure seamless recovery of your key
systems and keep your users continuously connected. On-demand Web
seminar.
http://list.windowsitpro.com/t?ctl=565E7:4160B336D0B60CB112AF8E9287889EFB
=== GIVE AND TAKE ==============================================
SECURITY MATTERS BLOG: Windows Server 2003 Needs at Least One Service
Pack
by Mark Joseph Edwards, http://list.windowsitpro.com/t?ctl=565FC:4160B336D0B60CB112AF8E9287889EFB
If you're running Windows Server 2003 without at least SP1, you can no
longer install security updates.
http://list.windowsitpro.com/t?ctl=565F8:4160B336D0B60CB112AF8E9287889EFB
FAQ: View File Ownership in PowerShell
by John Savill, http://list.windowsitpro.com/t?ctl=565FA:4160B336D0B60CB112AF8E9287889EFB
Q: How can I view the owner for a file from PowerShell?
Find the answer at
http://list.windowsitpro.com/t?ctl=565F6:4160B336D0B60CB112AF8E9287889EFB
PRODUCT EVALUATIONS FROM THE REAL WORLD
Share your product experience with your peers. Have you discovered a
great product that saves you time and money? Do you use something you
wouldn't wish on anyone? Tell the world! If we publish your opinion,
we'll send you a Best Buy gift card! Send information about a product
you use and whether it helps or hinders you to
whatshot@windowsitpro.com.
SHARE YOUR SECURITY TIPS AND GET $100
Share your security-related tips, comments, or problems and
solutions in Security Pro VIP's Reader to Reader column. Email your
contributions to r2r@securityprovip.com. If we print your submission,
you'll get $100. We edit submissions for style, grammar, and length.
=== PRODUCTS ===================================================
by Renee Munshi, products@windowsitpro.com
Memory Stick Security
Gemalto North America announced Protiva Secure Digital Companion
(SDC), a USB flash memory device that generates one-time passwords
(OTPs) for authentication, generates digital certificates for
authentication or for signing and encrypting documents, and encrypts
data stored on the device. When used with Gemalto's Protiva system, SDC
can provide OTP strong authentication based on a standard developed by
the Open Authentication Initiative (OATH). Protiva SDC also can be used
with Citrix Access Suite for strong authentication and secure VPN
access and is compatible with Windows 2000/XP/Server 2003. For more
information, go to
http://list.windowsitpro.com/t?ctl=56600:4160B336D0B60CB112AF8E9287889EFB
=== RESOURCES AND EVENTS =======================================
For more security-related resources, visit
http://list.windowsitpro.com/t?ctl=565F9:4160B336D0B60CB112AF8E9287889EFB
Are your malware definitions completely up-to-date? If they are, then
you're halfway home to total malware protection. Windows Vista might be
the most secure Microsoft OS ever released, but malware is constantly
evolving, and sometimes out-of-the-box security just isn't enough. In
this exclusive podcast, Windows IT Pro Editorial and Strategy Director
Karen Forster interviews Microsoft Product Manager Josue Fontanez about
Forefront Client Security, Microsoft's unified malware protection
package.
http://list.windowsitpro.com/t?ctl=565E9:4160B336D0B60CB112AF8E9287889EFB
Gain control over the growing amount of file data in your enterprise.
Learn how File Area Networks (FANs) can help you centralize file
consolidation, migration, replication, and failover. Download this
eBook and start streamlining your file management projects today!
http://list.windowsitpro.com/t?ctl=565EB:4160B336D0B60CB112AF8E9287889EFB
Is your company addressing the risks of email without diluting its
benefits? Download this guide today and find out what you can do to
realize dramatic, quantifiable ROI and move your company quickly from
analyzing options and seeking budget approval to solving the problem
with a solution that will pay for itself many times over.
http://list.windowsitpro.com/t?ctl=565EC:4160B336D0B60CB112AF8E9287889EFB
Discover the New Releases with Microsoft and Industry Experts at IT Pro
Connections--Amsterdam
IT Pro Connections offers the deepest and most relevant education
for Microsoft IT professionals, especially in this time of important
new products and technologies. Now is the time for you to quickly come
up to speed. Get prepared for the newest technologies and products
through the real-world experience of our expert presenters. "Insider"
details help you make sense of new technologies, apply them to your
environment, and master them faster and more effectively.
Immerse yourself in the latest Microsoft technologies: Windows
PowerShell, Exchange Server 2007, Windows Vista, Windows Server
"Longhorn," Sharepoint Server and Communications Server, System Center
Family (Operations Manager and Configuration Manager), Windows XP,
Forefront, and more--with experts from Microsoft and world-renowned
subject matter experts!
19-20 June 2007
Post-Conference Workshops 21 June 2007
Amsterdam, The Netherlands
Amsterdam RAI
http://list.windowsitpro.com/t?ctl=565E5:4160B336D0B60CB112AF8E9287889EFB
http://list.windowsitpro.com/t?ctl=565FE:4160B336D0B60CB112AF8E9287889EFB
=== FEATURED WHITE PAPER =======================================
Are you familiar with the new government regulations affecting email?
Learn about the dozens of issues surrounding the security of email in
business today and make sure that your company is in compliance.
Download your copy of this must-have white paper today!
http://list.windowsitpro.com/t?ctl=565E6:4160B336D0B60CB112AF8E9287889EFB
=== ANNOUNCEMENTS ==============================================
Introducing a Unique Security Resource
Security Pro VIP is an online information center that delivers new
articles every week on topics such as perimeter security,
authentication, and system patches. Subscribers also receive tips,
cautionary advice, direct access to our editors, and a host of other
benefits! Order now at an exclusive charter rate and save up to $50!
http://list.windowsitpro.com/t?ctl=565F0:4160B336D0B60CB112AF8E9287889EFB
Introducing a Unique Exchange and Outlook Resource
Exchange & Outlook Pro VIP is an online information center that
delivers new articles every week on messaging topics such as
administration, migration, security, and performance. Subscribers also
receive tips, cautionary advice, direct access to our editors, and a
host of other benefits! Order now at an exclusive charter rate and save
up to $50!
http://list.windowsitpro.com/t?ctl=565EF:4160B336D0B60CB112AF8E9287889EFB
================================================================
Security UDPATE is brought to you by the Windows IT Pro Web site's
Security page (first URL below) and Security Pro VIP (second URL
below).
http://list.windowsitpro.com/t?ctl=565FB:4160B336D0B60CB112AF8E9287889EFB
http://list.windowsitpro.com/t?ctl=565FF:4160B336D0B60CB112AF8E9287889EFB
Subscribe to Security UPDATE at
http://list.windowsitpro.com/t?ctl=565F2:4160B336D0B60CB112AF8E9287889EFB
Unsubscribe by clicking
http://list.windowsitpro.com/u?id=4160B336D0B60CB112AF8E9287889EFB
Be sure to add Security_UPDATE@list.windowsitpro.com
to your antispam software's list of allowed senders.
To contact us:
About Security UPDATE content -- letters@windowsitpro.com
About technical questions -- http://list.windowsitpro.com/t?ctl=565FD:4160B336D0B60CB112AF8E9287889EFB
About your product news -- products@windowsitpro.com
About your subscription -- windowsitproupdate@windowsitpro.com
About sponsoring Security UPDATE -- salesopps@windowsitpro.com
View the Windows IT Pro privacy policy at
http://list.windowsitpro.com/t?ctl=565F1:4160B336D0B60CB112AF8E9287889EFB
Windows IT Pro, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department
Copyright 2007, Penton Media, Inc. All rights reserved.
No comments:
Post a Comment