Hosted Security: A solution for small and medium-sized businesses
http://list.windowsitpro.com/t?ctl=6592A:4160B336D0B60CB1C579E2AD1DA94BD0
Fix the most pervasive hole in your Windows network
http://list.windowsitpro.com/t?ctl=6592B:4160B336D0B60CB1C579E2AD1DA94BD0
Messaging Security for Small/Mid-Sized Orgs
http://list.windowsitpro.com/t?ctl=65929:4160B336D0B60CB1C579E2AD1DA94BD0
=== CONTENTS ===================================================
IN FOCUS: Quechup Highlights Importance of End User Education
NEWS AND FEATURES
- Citrix Enhances XML Security with Quicktree Acquisition
- Acunetix Releases Free XSS Web Site Scanner
- Vista and the vPro Chip: A New Emphasis on Security?
- Recent Security Vulnerabilities
GIVE AND TAKE
- Security Matters Blog: Bind 8 Put Out to Pasture
- FAQ: AD Database Integrity
- Share Your Security Tips
PRODUCTS
- Compliance Tool Adds Policy Cloning
- Product Evaluations from the Real World
RESOURCES AND EVENTS
FEATURED WHITE PAPER
ANNOUNCEMENTS
=== SPONSOR: St. Bernard Software ==============================
Hosted Security: A solution for small and medium-sized businesses
Is effective security out of reach for your small or medium-sized
business? Imagine having a team of IT experts who only focus on
security as part of your staff. Download this white paper today and
find out how you can eliminate your company's security risks.
http://list.windowsitpro.com/t?ctl=6592A:4160B336D0B60CB1C579E2AD1DA94BD0
=== IN FOCUS: Quechup Highlights Importance of End User Education
by Mark Joseph Edwards, News Editor, mark at ntsecurity / net
I've touched upon the subject of end user education a number of times
over the years in this newsletter. Last week I came across an
interesting story that once again points out that such education is
paramount, as are strict company policies that restrict Internet use
from systems that store company data, including privately owned
computers.
A relatively new social networking site, Quechup, is operated by iDate
and is essentially yet another online dating site. If you sign up, you
might take time to read Quechup's privacy policy (at the URL below),
which is puzzling if not outright ridiculous.
http://list.windowsitpro.com/t?ctl=65941:4160B336D0B60CB1C579E2AD1DA94BD0
It reads in part, "Please note that by visiting Quechup.com.com you are
accepting the practices described in this privacy policy and conditions
of use." I fail to comprehend how someone could possibly agree to a
policy they can't even review until after they land on the site where
it is stored.
Scanning the privacy policy led me to no information about how Quechup
might gather information from my computer and use it to Quechup's
advantage. However I did find a clause that reads, "you are not
licensed to add a Quechup.com member to your mail list (email or
physical mail) without their express written consent after adequate
disclosure." I found that clause extremely interesting, and you'll see
why in a moment.
If you sign up for an account, you're presented with the following
message (as of September 6, 2007): "Congratulations! Welcome to
Quechup. Find out which of your friends are already members. Choose the
address book with the most contacts and we'll search for matches so you
can add them to your friends network and invite non Quechup members to
join you. By inviting contacts you confirm you have consent from them
to send an invitation. We will not spam or sell addresses from your
contacts. See our privacy policy. Your username or password will not be
stored or saved."
Reading that text carefully, you might draw the conclusion that you
have total control over who among your contacts becomes invited to use
Quechup. But according to an anonymous blogger, Quechup actually
harvests email addresses from your email address books, including those
stored in Google Gmail, Yahoo! Mail, MSN Hotmail, Microsoft Outlook,
and Outlook Express. After harvesting all your addresses, Quechup
proceeds to send messages to them inviting them to join Quechup. Making
matters even worse, Quechup reportedly causes the invitations to appear
to come from you!
You can read more about this problem at the anonymous blogger's Web
site at the first URL below, then read something of a defense of
Quechup at another blogger's site, at the second URL below.
http://list.windowsitpro.com/t?ctl=6593F:4160B336D0B60CB1C579E2AD1DA94BD0
http://list.windowsitpro.com/t?ctl=65932:4160B336D0B60CB1C579E2AD1DA94BD0
Quechup's choice of wording in areas of its site is far less than
crystal clear, and its behavior is dangerous to businesses because the
company harvests what very well might be extremely private contact
information. This could lead to embarrassing moments in which business
contacts suddenly receive invites to a dating site that appear to come
from your employees. Imagine this happening from a company PC on your
network or maybe a privately owned PC that contains address information
that's used for company business. It isn't a pretty picture.
So once again, we see that end user education is extremely important.
If you're going to allow some amount of personal Internet use from
company networks or allow users to store company data on private
computers, then you're faced with a considerable risk, as Quechup's
practices make clear. It might be safer to disallow some or all
personal Internet use or limit it to a select few computers specially
designated for such use.
=== SPONSOR: BeyondTrust =======================================
Fix the most pervasive hole in your Windows network
The easiest security fix in your Windows network is to remove the
use of admin privileges. BeyondTrust enables users without
administrative privileges to run all required applications, processes
and ActiveX controls. By removing the need to grant end users
administrative rights, IT departments can eliminate what is otherwise
the Achilles heel of the desktop--end users with administrative power
that can be exploited by malware and malicious users to change security
settings, disable other security solutions such as anti-virus and more.
Free Download!
http://list.windowsitpro.com/t?ctl=6592B:4160B336D0B60CB1C579E2AD1DA94BD0
=== SECURITY NEWS AND FEATURES =================================
Citrix Enhances XML Security with Quicktree Acquisition
Citrix announced that it has acquired Quicktree, maker of XML
security technology. Citrix plans to integrate the technology into its
AppExpert policy framework.
http://list.windowsitpro.com/t?ctl=65935:4160B336D0B60CB1C579E2AD1DA94BD0
Acunetix Releases Free XSS Web Site Scanner
Acunetix released a free version of its more powerful Web site
security scanner. The free scanner checks for cross-site scripting
vulnerabilities.
http://list.windowsitpro.com/t?ctl=65938:4160B336D0B60CB1C579E2AD1DA94BD0
Vista and the vPro Chip: A New Emphasis on Security?
If Microsoft's customers want security, then third-party vendors
whose success is tied to Vista sales also need to demonstrate how their
products contribute to security.
http://list.windowsitpro.com/t?ctl=65939:4160B336D0B60CB1C579E2AD1DA94BD0
Recent Security Vulnerabilities
If you subscribe to this newsletter, you also receive Security
Alerts, which inform you about recently discovered security
vulnerabilities. You can also find information about these
discoveries at
http://list.windowsitpro.com/t?ctl=6592F:4160B336D0B60CB1C579E2AD1DA94BD0
=== SPONSOR: Symantec ==========================================
Messaging Security for Small/Mid-Sized Orgs
About 75% of corporate intellectual property resides in email. The
challenges facing this vital business application range from spam to
the costly impact of downtime and the need for effective, centralized
email storage systems. Join us for a free Web seminar and learn the key
features of a holistic approach to managing email security,
availability, and control. On-Demand Web Seminar.
http://list.windowsitpro.com/t?ctl=65929:4160B336D0B60CB1C579E2AD1DA94BD0
=== GIVE AND TAKE ==============================================
SECURITY MATTERS BLOG: Bind 8 Put Out to Pasture
by Mark Joseph Edwards, http://list.windowsitpro.com/t?ctl=6593D:4160B336D0B60CB1C579E2AD1DA94BD0
If you're among those who still use Bind 8, you should upgrade to
Bind 9. On-going patch support for Bind 8 will no longer be available.
http://list.windowsitpro.com/t?ctl=65937:4160B336D0B60CB1C579E2AD1DA94BD0
FAQ: AD Database Integrity
by John Savill, http://list.windowsitpro.com/t?ctl=6593B:4160B336D0B60CB1C579E2AD1DA94BD0
Q: How can I check Active Directory (AD) database integrity?
Find the answer at
http://list.windowsitpro.com/t?ctl=65936:4160B336D0B60CB1C579E2AD1DA94BD0
SHARE YOUR SECURITY TIPS AND GET $100
Share your security-related tips, comments, or problems and
solutions in Security Pro VIP's Reader to Reader column. Email your
contributions to r2r@securityprovip.com. If we print your submission,
you'll get $100. We edit submissions for style, grammar, and length.
=== PRODUCTS ===================================================
by Renee Munshi, products@windowsitpro.com
Compliance Tool Adds Policy Cloning
Shavlik Technologies announced availability of Shavlik NetChk
Compliance 3.0. A new policy cloning and distribution feature lets
businesses create or import policies or configurations and then
automatically clone and distribute them to other systems across the
network. The Custom Checks Wizard helps companies expand upon the
system checks available out of the box. A change management feature
manages the data related to policy and configuration changes and
reports on these changes to help businesses address IT and regulatory
agency auditing requirements. For more information, go to
http://list.windowsitpro.com/t?ctl=65943:4160B336D0B60CB1C579E2AD1DA94BD0
PRODUCT EVALUATIONS FROM THE REAL WORLD
Share your product experience with your peers. Have you discovered a
great product that saves you time and money? Do you use something you
wouldn't wish on anyone? Tell the world! If we publish your opinion,
we'll send you a Best Buy gift card! Send information about a product
you use and whether it helps or hinders you to
whatshot@windowsitpro.com.
=== RESOURCES AND EVENTS =======================================
For more security-related resources, visit
http://list.windowsitpro.com/t?ctl=6593A:4160B336D0B60CB1C579E2AD1DA94BD0
The Web Isn't Fun Anymore: How Websense Technology Protects Against
Internet-Based Threats
Thanks to its wealth of information, the Internet has become not
only a vital business tool but also an important part of our personal
lives. However, it does have a dark side. This white paper examines
technologies that help guard against Internet-based threats.
http://list.windowsitpro.com/t?ctl=6592E:4160B336D0B60CB1C579E2AD1DA94BD0
Building the Foundation of Virtualization. Visit
www.windowsitpro.com/virtualization to see a list of articles, forums,
cost-cutting stories, and white papers about virtualization.
http://list.windowsitpro.com/t?ctl=6593E:4160B336D0B60CB1C579E2AD1DA94BD0
File Area Networks: Your First Look at FAN Technology
Regain control over the burgeoning file data in your enterprise.
Learn how FANs can help you centralize file consolidation, migration,
replication, and failover. Download this eBook and start streamlining
your file management today!
http://list.windowsitpro.com/t?ctl=6592D:4160B336D0B60CB1C579E2AD1DA94BD0
=== FEATURED WHITE PAPER =======================================
Enterprise Messaging Management for Microsoft Exchange
Learn how Symantec and IBM deliver a comprehensive archiving
solution to capture and store email, files, instant messages,
databases, and VoIP as well as many other document formats, all while
helping to reduce storage costs and simplify management. Understand the
challenges of your Exchange environment and the Symantec and IBM
capabilities that can help you solve them.
http://list.windowsitpro.com/t?ctl=6592C:4160B336D0B60CB1C579E2AD1DA94BD0
=== ANNOUNCEMENTS ==============================================
Windows IT Pro: Buy 1, Get 1
With Windows IT Pro's real-life solutions, news, tips and tricks,
and access to over 10,000 articles online, subscribing is like hiring
your very own team of Windows consultants. Subscribe now, and get 2
years for the price of 1!
http://list.windowsitpro.com/t?ctl=65930:4160B336D0B60CB1C579E2AD1DA94BD0
Save 50% Off Scripting Pro VIP
Scripting Pro VIP is the IT administrator's source for scripting
information, tools, and downloadable code. Subscribers also get access
to our editors to help answer technical questions, as well as a host of
other unique benefits. Order now at an exclusive charter rate and save
$50!
http://list.windowsitpro.com/t?ctl=65931:4160B336D0B60CB1C579E2AD1DA94BD0
================================================================
Security UDPATE is brought to you by the Windows IT Pro Web site's
Security page (first URL below) and Security Pro VIP (second URL
below).
http://list.windowsitpro.com/t?ctl=6593C:4160B336D0B60CB1C579E2AD1DA94BD0
http://list.windowsitpro.com/t?ctl=65942:4160B336D0B60CB1C579E2AD1DA94BD0
Subscribe to Security UPDATE at
http://list.windowsitpro.com/t?ctl=65934:4160B336D0B60CB1C579E2AD1DA94BD0
Unsubscribe by clicking
http://list.windowsitpro.com/u?id=4160B336D0B60CB1C579E2AD1DA94BD0
Be sure to add Security_UPDATE@list.windowsitpro.com
to your antispam software's list of allowed senders.
To contact us:
About Security UPDATE content -- letters@windowsitpro.com
About technical questions -- http://list.windowsitpro.com/t?ctl=65940:4160B336D0B60CB1C579E2AD1DA94BD0
About your product news -- products@windowsitpro.com
About your subscription -- windowsitproupdate@windowsitpro.com
About sponsoring Security UPDATE -- salesopps@windowsitpro.com
View the Windows IT Pro privacy policy at
http://list.windowsitpro.com/t?ctl=65933:4160B336D0B60CB1C579E2AD1DA94BD0
Windows IT Pro, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department
Copyright 2007, Penton Media, Inc. All rights reserved.
No comments:
Post a Comment