ALERT: "How a Hacker Launches a SQL Injection Attack!" White Paper
http://list.windowsitpro.com/t?ctl=5A013:4160B336D0B60CB1B685B7C1C9F0478B
CIPA--Keeping Students Safe on the Net
http://list.windowsitpro.com/t?ctl=5A022:4160B336D0B60CB1B685B7C1C9F0478B
Managing Risk Through Security
http://list.windowsitpro.com/t?ctl=5A00C:4160B336D0B60CB1B685B7C1C9F0478B
=== CONTENTS ===================================================
IN FOCUS: Security Fixes to Be Patented
NEWS AND FEATURES
- Solution to IIS Security Bug Is to Upgrade?
- Google's Data Mining Reveals Web Server Security Trends
- Watchfire to Become Part of IBM
- Recent Security Vulnerabilities
GIVE AND TAKE
- Security Matters Blog: It All Started 30 Years Ago; Microsoft
Releases 6 Security Bulletins for June
- FAQ: Vista's Symbolic Link Capabilities
- From the Forum: How to Block an IP Address in Windows 2003
- Share Your Security Tips
PRODUCTS
- Wireless Intrusion Prevention in Service Form
- Product Evaluations from the Real World
RESOURCES AND EVENTS
FEATURED WHITE PAPER
ANNOUNCEMENTS
=== SPONSOR: SPI Dynamics ======================================
ALERT: "How a Hacker Launches a SQL Injection Attack!" White Paper
It's as simple as placing additional SQL commands into a Web Form
input box giving hackers complete access to all your backend systems!
Firewalls and IDS will not stop such attacks because SQL Injections are
NOT seen as intruders. Download this *FREE* white paper from SPI
Dynamics for a complete guide to protection!
http://list.windowsitpro.com/t?ctl=5A013:4160B336D0B60CB1B685B7C1C9F0478B
=== IN FOCUS: Security Fixes to Be Patented ====================
by Mark Joseph Edwards, News Editor, mark at ntsecurity / net
Finding security vulnerabilities can sometimes be a tough, thankless
job. But that might be about to change when people start patenting
security fixes.
Researchers spend untold amounts of time finding vulnerabilities, and
in the somewhat distant past, there was no reward for that effort other
than a possible public acknowledgment from the vendor whose product
contained the vulnerability and the satisfaction of knowing that yet
another security hole was closed, which benefits everyone who uses the
product.
Then came companies such as 3Com and iDefense, which began paying for
vulnerability information. Discoverers receive cash for their hard
work, and 3Com and iDefense earn income too by selling the information
to their network of customers in one fashion or another.
Now, yet another dimension is about to be added to the mix. In the
latest evolution of vulnerability discovery, a company called
Intellectual Weapons is offering to work with researchers to develop
fixes for security vulnerabilities and then patent those fixes.
Intellectual Weapons would then be in a position to license or sell the
patent to vendors that need it. Of course, marketing a patent also
requires aggressive enforcement of the patent, and the company says it
does expect "major battles," which might occur when someone else
discovers the same vulnerability or when a vendor designs around the
intellectual property in the patent.
The company says that it would give the discoverer 50 percent of any
income generated by the patent. So how much does Intellectual Weapons
intend to charge a vendor for some form of rights to the patents it
obtains? According to a published FAQ, "The vendor [will be] asked to
pay something close to the true value of the vulnerability, i.e. the
cost to them if it goes unchecked." Exactly how that cost will be
measured remains to be seen.
In developing this concept into a business, Intellectual Weapons
obviously saw gigantic dollar signs. The company cites numerous
instances in which small companies have gained millions of dollars
through patent infringement litigation. For example, according to
Intellectual Weapons, Eolas won $520 million and Stac Electronics won
$120 million from Microsoft.
Clearly, there is big money to be made through patenting inventions,
and I suspect that money is Intellectual Weapons' primary motive. I
think the company name speaks pretty loudly. I also think that what the
company is doing might change the patent process to some extent, if
only to set some significant legal precedents over time. Furthermore,
it could instigate other companies who routinely provide temporary
third-party fixes to patent their methodology too, or even cause such
companies to stop providing such fixes. Overall, something about this
entire idea bothers me.
To read more about Intellectual Weapons' proposed plan of operation
visit the URL below.
http://list.windowsitpro.com/t?ctl=5A024:4160B336D0B60CB1B685B7C1C9F0478B
What's your opinion on this plan? Post your comments with this article
at
http://list.windowsitpro.com/t?ctl=5A01A:4160B336D0B60CB1B685B7C1C9F0478B
Or post your thoughts on the Security Forum at
http://list.windowsitpro.com/t?ctl=5A012:4160B336D0B60CB1B685B7C1C9F0478B
=== SPONSOR: Cyberoam ==========================================
CIPA--Keeping Students Safe on the Net
Protecting students from the millions of sites that house
pornography, adult chat rooms, violence & hacking can provide not just
a safe surfing atmosphere to minors in schools and libraries, but also
qualify the institutions for federal E-rate funding through CIPA
compliance.
http://list.windowsitpro.com/t?ctl=5A022:4160B336D0B60CB1B685B7C1C9F0478B
=== SECURITY NEWS AND FEATURES =================================
Solution to IIS Security Bug Is to Upgrade?
An authentication bug in Microsoft IIS 5.x surfaced last December,
and recently Microsoft said that the fix is to upgrade to IIS 6.0.
http://list.windowsitpro.com/t?ctl=5A019:4160B336D0B60CB1B685B7C1C9F0478B
Google's Data Mining Reveals Web Server Security Trends
Google recently launched its Online Security Blog, in which new
information reveals which server platforms host the most malware,
including drive-by downloads.
http://list.windowsitpro.com/t?ctl=5A01D:4160B336D0B60CB1B685B7C1C9F0478B
Watchfire to Become Part of IBM
IBM announced its intention to acquire privately held security and
compliance testing company Watchfire.
http://list.windowsitpro.com/t?ctl=5A01B:4160B336D0B60CB1B685B7C1C9F0478B
Recent Security Vulnerabilities
If you subscribe to this newsletter, you also receive Security
Alerts, which inform you about recently discovered security
vulnerabilities. You can also find information about these
discoveries at
http://list.windowsitpro.com/t?ctl=5A014:4160B336D0B60CB1B685B7C1C9F0478B
=== SPONSOR: Neverfail =========================================
Managing Risk Through Security
Every business faces risk. Have you properly assessed your company's
risk and put a focus on business continuity? Attend this free Web
seminar and learn how you can ensure seamless recovery of your key
systems and keep your users continuously connected. On-demand Web
seminar.
http://list.windowsitpro.com/t?ctl=5A00C:4160B336D0B60CB1B685B7C1C9F0478B
=== GIVE AND TAKE ==============================================
SECURITY MATTERS BLOG: It All Started 30 Years Ago; Microsoft Releases
6 Security Bulletins for June
by Mark Joseph Edwards, http://list.windowsitpro.com/t?ctl=5A021:4160B336D0B60CB1B685B7C1C9F0478B
Who would have guessed that events in the summer of 1977 would lead us
to where we are today? For some interesting history and nostalgia about
Apple plus information about Microsoft's latest security bulletin
release, go to
http://list.windowsitpro.com/t?ctl=5A010:4160B336D0B60CB1B685B7C1C9F0478B
FAQ: Vista's Symbolic Link Capabilities
by John Savill, http://list.windowsitpro.com/t?ctl=5A01F:4160B336D0B60CB1B685B7C1C9F0478B
Q: How do I create symbolic links in Windows Vista?
Find the answer at
http://list.windowsitpro.com/t?ctl=5A01C:4160B336D0B60CB1B685B7C1C9F0478B
FROM THE FORUM: How to Block an IP Address in Windows 2003
A forum participant has a VoIP switch hosted in the US. An intruder
repeatedly tried to access all his SIP accounts one by one, so he
changed the passwords to keep the intruder out, but the intruder kept
coming back. The intruder's IP address was known, so the forum
participant blocked it in Microsoft IIS. He wants to know how he can
block the IP address in Windows Server 2003 to help prevent other
possible types of access by the intruder. Join the discussion at
http://list.windowsitpro.com/t?ctl=5A00B:4160B336D0B60CB1B685B7C1C9F0478B
SHARE YOUR SECURITY TIPS AND GET $100
Share your security-related tips, comments, or problems and
solutions in Security Pro VIP's Reader to Reader column. Email your
contributions to r2r@securityprovip.com. If we print your submission,
you'll get $100. We edit submissions for style, grammar, and length.
=== PRODUCTS ===================================================
by Renee Munshi, products@windowsitpro.com
Wireless Intrusion Prevention in Service Form
VeriSign and AirMagnet launched VeriSign Wireless Intrusion
Prevention Service (IPS), which uses AirMagnet's Enterprise solution to
shield corporate wireless networks from theft and other security
threats. By combining AirMagnet technology with VeriSign Teraguard,
companies can integrate IPS for both wireless and wired networks.
VeriSign designs and deploys the wireless IPS devices and then monitors
them 24x7. VeriSign Wireless IPS is a new offering in VeriSign's
Managed Security Services portfolio. For more information, go to
http://list.windowsitpro.com/t?ctl=5A00A:4160B336D0B60CB1B685B7C1C9F0478B
PRODUCT EVALUATIONS FROM THE REAL WORLD
Share your product experience with your peers. Have you discovered a
great product that saves you time and money? Do you use something you
wouldn't wish on anyone? Tell the world! If we publish your opinion,
we'll send you a Best Buy gift card! Send information about a product
you use and whether it helps or hinders you to
whatshot@windowsitpro.com.
=== RESOURCES AND EVENTS =======================================
For more security-related resources, visit
http://list.windowsitpro.com/t?ctl=5A01E:4160B336D0B60CB1B685B7C1C9F0478B
Join Paul Robichaux as he presents a checklist you can use to help
guide your Exchange 2000/2003/2007 disaster recovery planning. Learn
what you should do first, last, and in between to solidify your
Exchange infrastructure and be assured of a successful disaster
recovery operation. On-demand Web seminar
http://list.windowsitpro.com/t?ctl=5A00E:4160B336D0B60CB1B685B7C1C9F0478B
IT Pro Connections in Amsterdam, 19-20 June 2007, offers the deepest,
most relevant education for Microsoft IT professionals. The real-world
experience of expert presenters will help you prepare for the newest
technologies and products. Insider details help you make sense of new
technologies, learn how to apply them to your environment, and master
them quickly and effectively. Immerse yourself in PowerShell, Exchange
Server 2007, Vista, Windows Server 2008, SharePoint Server, Live
Communications Server, the System Center family, XP, Forefront, and
more, with experts from Microsoft and world-renowned subject matter
experts! Post-conference workshops 21 June 2007.
http://list.windowsitpro.com/t?ctl=5A025:4160B336D0B60CB1B685B7C1C9F0478B
Learn how to achieve ROI with your log management system in a matter of
months without costly or complex investments. This Web seminar explains
how to ensure that your organization gets the most out of its log
management investment, the key requirements and architectural
differences you need to consider, and the caveats and risks to watch
for when you spec out your requirements and design.
http://list.windowsitpro.com/t?ctl=5A00D:4160B336D0B60CB1B685B7C1C9F0478B
Disaster recovery isn't just theory for most businesses--it's a harsh
business reality. Improve your own disaster recovery efforts today and
learn from real-life disaster survivors. Make sure that your plan is
ready before a disaster strikes--download this free white paper today!
http://list.windowsitpro.com/t?ctl=5A011:4160B336D0B60CB1B685B7C1C9F0478B
=== FEATURED WHITE PAPER =======================================
This paper begins with a brief review of the difference between high
availability and disaster recovery, then describes the related features
of Exchange 2007 with an eye toward how they map to specific types of
failures and outages. Finally, it examines a solution that delivers
additional value beyond what Microsoft offers in Exchange 2007.
http://list.windowsitpro.com/t?ctl=5A00F:4160B336D0B60CB1B685B7C1C9F0478B
=== ANNOUNCEMENTS ==============================================
Introducing a Unique Exchange and Outlook Resource
Exchange & Outlook Pro VIP is an online information center that
delivers new articles every week on messaging topics such as
administration, migration, security, and performance. Subscribers also
receive tips, cautionary advice, direct access to our editors, and a
host of other benefits! Order now at an exclusive charter rate and save
up to $50!
http://list.windowsitpro.com/t?ctl=5A016:4160B336D0B60CB1B685B7C1C9F0478B
Special Invitation for VIP Access
Become a VIP subscriber and get continuous, inside access to ALL the
content published in Windows IT Pro, SQL Server Magazine, Exchange &
Outlook Pro VIP, Scripting Pro VIP, and Security Pro VIP. Subscribe
now!:
http://list.windowsitpro.com/t?ctl=5A015:4160B336D0B60CB1B685B7C1C9F0478B
================================================================
Security UDPATE is brought to you by the Windows IT Pro Web site's
Security page (first URL below) and Security Pro VIP (second URL
below).
http://list.windowsitpro.com/t?ctl=5A020:4160B336D0B60CB1B685B7C1C9F0478B
http://list.windowsitpro.com/t?ctl=5A026:4160B336D0B60CB1B685B7C1C9F0478B
Subscribe to Security UPDATE at
http://list.windowsitpro.com/t?ctl=5A018:4160B336D0B60CB1B685B7C1C9F0478B
Unsubscribe by clicking
http://list.windowsitpro.com/u?id=4160B336D0B60CB1B685B7C1C9F0478B
Be sure to add Security_UPDATE@list.windowsitpro.com
to your antispam software's list of allowed senders.
To contact us:
About Security UPDATE content -- letters@windowsitpro.com
About technical questions -- http://list.windowsitpro.com/t?ctl=5A023:4160B336D0B60CB1B685B7C1C9F0478B
About your product news -- products@windowsitpro.com
About your subscription -- windowsitproupdate@windowsitpro.com
About sponsoring Security UPDATE -- salesopps@windowsitpro.com
View the Windows IT Pro privacy policy at
http://list.windowsitpro.com/t?ctl=5A017:4160B336D0B60CB1B685B7C1C9F0478B
Windows IT Pro, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department
Copyright 2007, Penton Media, Inc. All rights reserved.
No comments:
Post a Comment