Trends in Malware: 2007 Security Threat Report
http://list.windowsitpro.com/t?ctl=68979:4160B336D0B60CB1D0082DE0A32CC473
How Websense Technology Protects Against Internet-Based Threats
http://list.windowsitpro.com/t?ctl=6896B:4160B336D0B60CB1D0082DE0A32CC473
Gain Control of Software Usage and Reduce Audit Risks
http://list.windowsitpro.com/t?ctl=68965:4160B336D0B60CB1D0082DE0A32CC473
=== CONTENTS ===================================================
IN FOCUS: New Services and Devices Bring New Security Risks
NEWS AND FEATURES
- Danish Company Offers Free Web Application Firewall
- Sun to Synchronize Java Security Updates
- Mobile Device Security: Whose Data Is It, Anyway?
- Recent Security Vulnerabilities
GIVE AND TAKE
- Security Matters Blog: SSHFS Mounts Remote Linux File Systems;
Worm Author Gets Job Offers
- FAQ: Use Group Policy to Check for Server Core
- From the Forum: Domain User Application Problems
- Share Your Security Tips
PRODUCTS
- Out-of-Email-Stream Encryption Solution
- Wanted: Your Reviews of Products
RESOURCES AND EVENTS
FEATURED WHITE PAPER
ANNOUNCEMENTS
=== SPONSOR: Sophos ============================================
Trends in Malware: 2007 Security Threat Report
A sharp rise in web threats is the latest twist in cyber criminals'
continually evolving efforts to steal information for financial gain.
We review the year so far and predict the threat landscape for the
second half of 2007.
http://list.windowsitpro.com/t?ctl=68979:4160B336D0B60CB1D0082DE0A32CC473
=== IN FOCUS: New Services and Devices Bring New Security Risks
by Mark Joseph Edwards, News Editor, mark at ntsecurity / net
The booming dot com era is certainly long gone, but even so, every
month, more new Internet services make their debut, and not quite as
frequently, new devices and gadgets are brought to market. Inevitably,
some of these items will make their way into your network environment,
often carrying with them considerable security risks.
A good case in point popped up last week. A relatively new company
called Pudding Media announced its new VoIP solution called
ThePudding.com. The company intends to employ a lure typical of many
new online services. Anyone will be able to use ThePudding.com's VoIP
service for free to make calls in North America because the company
intends to profit through the insertion of targeted advertising. Sounds
reasonable, but there's a new twist.
According to the company's privacy policy (at the URL below), "Our
technology detects spoken keywords during a conversation and brings you
rich media, news and offers, related to the very topics you talk about
during your calls. The conversation keywords are not kept in our system
after they are processed, and the conversation can not be
reconstructed."
http://list.windowsitpro.com/t?ctl=68972:4160B336D0B60CB1D0082DE0A32CC473
Therein resides the risk. One of your employees or contractors might
decide to use the VoIP service, thinking that by doing so they could
save themselves or your business money. If the person discussed
sensitive information, it could leak out.
Pudding Media says it won't store keywords, and you might decide to
trust the company. But there already are known ways to potentially
eavesdrop on VoIP calls. Because this particular VoIP solution will, by
design, be able to listen to conversations to discover keywords to use
for targeted advertising, it stands to reason that the solution will
have such capabilities built right into the VoIP software. And if
that's the case, listening in might become even easier for intruders.
Whether to allow the use of ThePudding.com is a decision you need to
make before the service explodes into widespread use. You can read
numerous stories about the service by checking Yahoo! News at the URL
below.
http://list.windowsitpro.com/t?ctl=68971:4160B336D0B60CB1D0082DE0A32CC473
The overall point I'd like to make here is that if you hadn't learned
about the service, you wouldn't even know that such a risk exists. So
it's probably a good idea to read lots of news, follow the trends,
research the overall computing industry to some extent, weigh the
security impact of your findings on your environment, and take
appropriate actions sooner rather than later.
To stay up to date on news and trends, you can use some of the more
obvious sources, such as major magazines and newspapers and even the
news aggregation features of major search engines. However, a few more
specialized sites can help you learn about trends faster than weeding
through a huge pile of news. Next week, I'll tell you about some of the
sites I use to follow trends. So stay tuned.
=== SPONSOR: Websense ==========================================
How Websense Technology Protects Against Internet-Based Threats
The Internet--with its wealth of information and features that have
become integrated into our everyday lives--has become a necessary tool
for business and also provides a vast array of options for personal
use. However, it does have a dark side. This whitepaper will examine
technologies that will help guard against Internet-based threats.
http://list.windowsitpro.com/t?ctl=6896B:4160B336D0B60CB1D0082DE0A32CC473
=== SECURITY NEWS AND FEATURES =================================
Danish Company Offers Free Web Application Firewall
Danish security company Armorlogic released a free version of its
Profense Web application firewall. Based on OpenBSD, the product runs
on your hardware and is a scaled-down version of the company's full-
featured firewall.
http://list.windowsitpro.com/t?ctl=68976:4160B336D0B60CB1D0082DE0A32CC473
Sun to Synchronize Java Security Updates
Sun Microsystems said it will synchronize its security updates
across its most widely used Java SE product release families. The
company will also begin offering advance notification of security
updates.
http://list.windowsitpro.com/t?ctl=68975:4160B336D0B60CB1D0082DE0A32CC473
Mobile Device Security: Whose Data Is It, Anyway?
Businesses have a duty to protect their corporate information, but
employees who provide their own mobile devices don't want the company
imposing intrusive policies on their access. The solution requires a
tradeoff between convenience and risk.
http://list.windowsitpro.com/t?ctl=68974:4160B336D0B60CB1D0082DE0A32CC473
Recent Security Vulnerabilities
If you subscribe to this newsletter, you also receive Security
Alerts, which inform you about recently discovered security
vulnerabilities. You can also find information about these
discoveries at
http://list.windowsitpro.com/t?ctl=6896C:4160B336D0B60CB1D0082DE0A32CC473
=== SPONSOR: Macrovision =======================================
Gain Control of Software Usage and Reduce Audit Risks
Take the necessary steps for application management, from conversion
of legacy applications to MSI to customizing applications to fit
corporate standards. Don't overlook an important component of an OS
migration--join us for the free on-demand Web seminar.
http://list.windowsitpro.com/t?ctl=68965:4160B336D0B60CB1D0082DE0A32CC473
=== GIVE AND TAKE ==============================================
SECURITY MATTERS BLOG: SSHFS Mounts Remote Linux File Systems; Worm
Author Gets Job Offers
by Mark Joseph Edwards, http://list.windowsitpro.com/t?ctl=6897B:4160B336D0B60CB1D0082DE0A32CC473
Learn about a tool that I recently came across, SSHFS, which is
based on SSH and which lets you locally mount remote Linux file
systems. Also learn about a worm author that got offers for several
high paying jobs that he could take after he gets out of prison!
http://list.windowsitpro.com/t?ctl=68969:4160B336D0B60CB1D0082DE0A32CC473
FAQ: Use Group Policy to Check for Server Core
by John Savill, http://list.windowsitpro.com/t?ctl=68978:4160B336D0B60CB1D0082DE0A32CC473
Q: How can I check for a Windows Server 2008 Server Core installation
as part of a Group Policy application?
Find the answer at
http://list.windowsitpro.com/t?ctl=68973:4160B336D0B60CB1D0082DE0A32CC473
FROM THE FORUM: Domain User Application Problems
A forum participant uses Windows Server 2003 Small Business Server
(SBS) with Active Directory (AD) for a network of about 20 users and
lots of applications. However, he often finds that users don't have
enough rights to run some of the applications. He wonders whether
there's an out-of-the-box solution. Join the discussion at
http://list.windowsitpro.com/t?ctl=68964:4160B336D0B60CB1D0082DE0A32CC473
SHARE YOUR SECURITY TIPS AND GET $100
Share your security-related tips, comments, or problems and
solutions in Security Pro VIP's Reader to Reader column. Email your
contributions to r2r@securityprovip.com. If we print your submission,
you'll get $100. We edit submissions for style, grammar, and length.
=== PRODUCTS ===================================================
by Renee Munshi, products@windowsitpro.com
Out-of-Email-Stream Encryption Solution
Kryptiva announced the availability of Kryptiva's Email Encryption
Architecture, which consists of two primary components. The Kryptiva
Packaging Plugin integrates into a user's current email application,
and the Kryptiva Packaging Server is installed on a local server on the
network and integrates with LDAP services. These components pull email
messages out of the email traffic stream and package outgoing ones for
authentication and encryption, and decrypt incoming ones. Customers
must obtain an SSL certificate from a recognized Certificate Authority
(CA), but the Email Encryption Architecture itself is free for U.S. and
Canadian companies. Add-on services will be available for purchase in
2008. For more information, go to
http://list.windowsitpro.com/t?ctl=6897E:4160B336D0B60CB1D0082DE0A32CC473
WANTED: your reviews of products you've tested and used in
production. Send your experiences and ratings of products to
whatshot@windowsitpro.com and get a Best Buy gift certificate.
=== RESOURCES AND EVENTS =======================================
For more security-related resources, visit
http://list.windowsitpro.com/t?ctl=68977:4160B336D0B60CB1D0082DE0A32CC473
If there's a "killer app," it's email. Business communications rely on
it, and increasingly, mobile users and clients lower the tolerance for
email downtime. View this Web seminar and hear from Paul Robichaux, who
will share information to help you meet your enterprise's high-
availability needs. Tune in for useful tips and a guide to available
disaster recovery planning resources.
http://list.windowsitpro.com/t?ctl=68967:4160B336D0B60CB1D0082DE0A32CC473
Learn how Symantec and IBM deliver a comprehensive archiving solution
to capture and store email, files, instant messages, databases, VoIP,
and many other document formats while helping to reduce storage costs
and simplify management. View this Web seminar to better understand the
challenges of your Exchange environment and the Symantec and IBM
capabilities that can help you solve them.
http://list.windowsitpro.com/t?ctl=68968:4160B336D0B60CB1D0082DE0A32CC473
To stay competitive these days, IT leaders are required to take a
primary role in delivering business value. Gain insight into business
intelligence and Microsoft application platform optimization solutions
in this full-day business intelligence virtual conference on October 4,
2007.
http://list.windowsitpro.com/t?ctl=6896A:4160B336D0B60CB1D0082DE0A32CC473
=== FEATURED WHITE PAPER =======================================
Is effective security out of reach for your small or midsized business?
Imagine having a team of IT experts who focus on security as part of
your staff. Learn how a hosted security solution can be an option for
small and midsized businesses. Download this white paper today and find
out how you can eliminate your company's security risks.
http://list.windowsitpro.com/t?ctl=68966:4160B336D0B60CB1D0082DE0A32CC473
=== ANNOUNCEMENTS ==============================================
Got a Tough Exchange or Outlook Question?
Rely on Exchange & Outlook Pro VIP, the new online resource with in-
depth articles on administration, migration, security, and performance.
Subscribers get direct access to our top-flight editors, so subscribe
and receive personalized solutions to your toughest technical
questions. It beats a support call to Microsoft!
http://list.windowsitpro.com/t?ctl=6896E:4160B336D0B60CB1D0082DE0A32CC473
Discover the New SQL Server Magazine
Don't miss the relaunched SQL Server Magazine, coming this month!
Besides a new look, we have even more coverage of administration and
performance, development and Web apps, BI and Reporting Services, and
SQL Server fundamentals. Subscribe now and save 58% off the cover
price.
http://list.windowsitpro.com/t?ctl=6896D:4160B336D0B60CB1D0082DE0A32CC473
================================================================
Security UDPATE is brought to you by the Windows IT Pro Web site's
Security page (first URL below) and Security Pro VIP (second URL
below).
http://list.windowsitpro.com/t?ctl=6897A:4160B336D0B60CB1D0082DE0A32CC473
http://list.windowsitpro.com/t?ctl=6897D:4160B336D0B60CB1D0082DE0A32CC473
Subscribe to Security UPDATE at
http://list.windowsitpro.com/t?ctl=68970:4160B336D0B60CB1D0082DE0A32CC473
Unsubscribe by clicking
http://list.windowsitpro.com/u?id=4160B336D0B60CB1D0082DE0A32CC473
Be sure to add Security_UPDATE@list.windowsitpro.com
to your antispam software's list of allowed senders.
To contact us:
About Security UPDATE content -- letters@windowsitpro.com
About technical questions -- http://list.windowsitpro.com/t?ctl=6897C:4160B336D0B60CB1D0082DE0A32CC473
About your product news -- products@windowsitpro.com
About your subscription -- windowsitproupdate@windowsitpro.com
About sponsoring Security UPDATE -- salesopps@windowsitpro.com
View the Windows IT Pro privacy policy at
http://list.windowsitpro.com/t?ctl=6896F:4160B336D0B60CB1D0082DE0A32CC473
Windows IT Pro, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department
Copyright 2007, Penton Media, Inc. All rights reserved.
No comments:
Post a Comment