A Penton Media Property
April 16, 2008
If you want to view this on the web go to:
http://ct.email.windowsitpro.com/rd/cts?d=33-5865-803-202-62923-572037-0-0-0-1-2-207
IN FOCUS
--The Web Attack Surface Is Getting Bigger
by Mark Joseph Edwards, News Editor
There's no doubt that attack trends have shifted over the years.
Intruders are focusing more prominently on the Web as an inroad to
servers and desktop systems. Over the past couple of months, I've
written a few times about Web-related attacks.
In "Online Fraud Continues to Escalate," February 20 (at the URL below),
I mentioned one particular set of statistics that really grabbed my
attention. According to a report from Cyveillence, of all the phishing
pages discovered in first quarter 2007, 34 percent were hosted on
compromised existing Web sites. By fourth quarter 2007, that number rose
to 51 percent. In "Web Security Scanning Is Paramount," March 19 (at the
second URL below), I pointed out some supporting information as reported
by Dancho Danchev, who revealed that thousands of Web pages at numerous
high profile sites were infected with IFRAME tags that could potentially
inject malicious code into a Web user's computer.
windowsitpro.com/Windows/article/articleid/98332/online-fraud-continues-to-escalate.html
(http://ct.email.windowsitpro.com/rd/cts?d=33-5865-803-202-62923-572038-0-0-0-1-2-207)
windowsitpro.com/article/articleid/98663/web-security-scanning-is-paramount.html
(http://ct.email.windowsitpro.com/rd/cts?d=33-5865-803-202-62923-572039-0-0-0-1-2-207)
Last week, Symantec released a new Internet Security Threat Report (at
the URL below) that reveals a few more eye-opening statistics regarding
Web security. In the report, the company points out that of all the
vulnerabilities it documented in first half 2007, 61 percent affected
server-side Web applications. In second half 2007, 58 percent affected
Web applications. Clearly, Web servers are a huge attack surface.
www.symantec.com/business/theme.jsp?themeid=threatreport
(http://ct.email.windowsitpro.com/rd/cts?d=33-5865-803-202-62923-572040-0-0-0-1-2-207)
Also in the report, Symantec points out that, "During the last six
months of 2007, 11,253 site-specific cross-site scripting [XSS]
vulnerabilities were documented [by the XSSed project], compared to
6,961 between February and June." Cross-site scripting often leads to
session hijacking, which lets an attacker perform actions posing as the
affected user. If you haven't visited the XSSed Web site (first URL
below), you might consider doing so. It offers a lot of information
about affected sites and has a number of RSS feeds that you can use to
become aware of new XSS security problems. While you're at it, you might
want to have a look at XSSing.com (second URL below).
www.xssed.com (http://ct.email.windowsitpro.com/rd/cts?d=33-5865-803-202-62923-572041-0-0-0-1-2-207)
www.xssing.com (http://ct.email.windowsitpro.com/rd/cts?d=33-5865-803-202-62923-572042-0-0-0-1-2-207)
Browsers have their own share of problems. Symantec's report shows that
in 2007, there were 122 documented vulnerabilities in Mozilla Firefox,
57 in Microsoft Internet Explorer (IE), 47 in Apple Safari, and 19 in
Opera. And that's not counting those in add-ons and plug-ins, which also
pose significant security problems. According to the report, in 2007,
ActiveX controls had 400 vulnerabilities, the popular Apple QuickTime
plug-in had 37, Java had 17, Mozilla extensions had 4, Adobe Acrobat had
3, and Adobe Flash Player had 11. (A major update for Flash was released
last week; learn more at the URL below.)
windowsitpro.com/article/articleid/98843/flash-player-contains-several-vulnerabilities.html
(http://ct.email.windowsitpro.com/rd/cts?d=33-5865-803-202-62923-572043-0-0-0-1-2-207)
Obviously, Web browsers also provide a huge attack surface. Here's a
case in point that demonstrates the danger level: You recall that in
late March, the CanSecWest conference hosted its second annual PWN2OWN
contest that pitted attackers against Mac OS X, Windows Vista, and
Ubuntu Linux over a period of three days. OS X was the first to be
cracked, and as you might suspect, the crack was accomplished by using a
vulnerability in Safari. Later, Vista fell victim too. Again, browser
technology was at fault. By using a combination of JavaScript and a
Flash Player vulnerability, the attacker was able to break into the OS,
even with SP1 installed.
Even the latest protections and updates are bound to have chinks in
their armor. And, here we are on the brink of the software-as-a-service
(SaaS) explosion, plenty of which will become entirely Web based. Which
of course means that the attack surface will become even bigger.
We can easily predict that summary reports for 2008 and 2009 will most
likely be even worse than for 2007. Meanwhile, as a security
administrator, you've got your work cut out for you with both Web
servers and Web clients.
----------------------------------------
ADVERTISEMENT
----------------------------------------
SECURITY NEWS AND FEATURES
--RSA 2008
Another RSA Conference has come and gone. See our coverage of the
highlights:
"RSA 2008: Securing Virtual Machines (and Olympic Torches)"
windowsitpro.com/article/articleid/98833/rsa-2008-securing-virtual-machines-and-olympic-torches.html
(http://ct.email.windowsitpro.com/rd/cts?d=33-5865-803-202-62923-572044-0-0-0-1-2-207)
"Microsoft Talks Trust at RSA"
windowsitpro.com/article/articleid/98820/microsoft-talks-trust-at-rsa.html
(http://ct.email.windowsitpro.com/rd/cts?d=33-5865-803-202-62923-572045-0-0-0-1-2-207)
"RSA Conference 2008, Day 1"
windowsitpro.com/article/articleid/98832/rsa-conference-2008-day-1.html
(http://ct.email.windowsitpro.com/rd/cts?d=33-5865-803-202-62923-572046-0-0-0-1-2-207)
--IBM to Acquire Storage Company FilesX
IBM said that it will acquire FilesX, a privately held storage company
that provides continuous data protection solutions.
To view the full article go to:
http://ct.email.windowsitpro.com/rd/cts?d=33-5865-803-202-62923-572047-0-0-0-1-2-207
--Survey Says: Half of Consumers Are Clueless About Security
National Cyber Security Alliance (NCSA) polled approximately 2,250
consumers and discovered that a large majority have never heard of
botnets and nearly half have no idea how to protect their computers.
To view the full article go to:
http://ct.email.windowsitpro.com/rd/cts?d=33-5865-803-202-62923-572048-0-0-0-1-2-207
--HP Ships Virus-Laden USB Keys
HP Australia alerted customers that it somehow shipped two types of USB
floppy drive keys that were infected with viruses. Luckily, the viruses
are relatively harmless.
To view the full article go to:
http://ct.email.windowsitpro.com/rd/cts?d=33-5865-803-202-62923-572049-0-0-0-1-2-207
--Flash Player Contains Several Vulnerabilities
Adobe released an update for Flash Player 9.0.115.0 and earlier. The
company said that several critical security problems were discovered,
including input validation errors, DNS rebinding problems, and execution
of arbitrary code.
To view the full article go to:
http://ct.email.windowsitpro.com/rd/cts?d=33-5865-803-202-62923-572050-0-0-0-1-2-207
--Recent Security Vulnerabilities
If you subscribe to this newsletter, you also receive Security Alerts,
which inform you about recently discovered security vulnerabilities. You
can also find information about these discoveries at
www.windowsitpro.com/departments/departmentid/752/752.html
(http://ct.email.windowsitpro.com/rd/cts?d=33-5865-803-202-62923-572051-0-0-0-1-2-207)
GIVE AND TAKE
--SECURITY MATTERS BLOG: IE 8.0 Will Enable DEP/NX by Default
by Mark Joseph Edwards
Microsoft revealed one of the security enhancements that will become a
standard part of Internet Explorer 8.0.
windowsitpro.com/blog/index.cfm?action=BlogIndex&DepartmentID=949
(http://ct.email.windowsitpro.com/rd/cts?d=33-5865-803-202-62923-572052-0-0-0-1-2-207)
--FAQ: Storing Credentials on Specific DCs
by John Savill
Q: How can I check whether a user's password is, or can be, stored on a
specific read-only domain controller (RODC)?
Find the answer at
windowsitpro.com/article/articleid/98808
(http://ct.email.windowsitpro.com/rd/cts?d=33-5865-803-202-62923-572053-0-0-0-1-2-207)
--SHARE YOUR SECURITY TIPS AND GET $100
Share your security-related tips, comments, or problems and solutions in
Security Pro VIP's Reader to Reader column. Email your contributions to
r2r@securityprovip.com (mailto:r2r@securityprovip.com). If we print your
submission, you'll get $100. We edit submissions for style, grammar, and
length.
PRODUCTS
--New Internet Security Appliances
by Renee Munshi
Check Point Software Technologies announced three new UTM-1 Total
Security appliance models, including one whose price starts at $4,800.
UTM-1 Total Security 270 features 400Mbps firewall throughput, 100Mpbs
VPN throughput, two managed sites, and four ports; UTM-1 Total Security
570 has 1.1Gbps firewall throughput, 250Mpbs VPN throughput, three
managed sites, and four ports; and UTM-1 Total Security 3070 features
4.5Gbps firewall throughput, 1.1Gpbs VPN throughput, five managed sites,
and 10 ports. The appliances provide an application and network-layer
firewall, VPN, gateway antivirus and antispyware, intrusion prevention,
URL filtering, and antispam.
Check Point also announced the launch of Check Point Power-1, a new line
of Internet security appliances for multi-gigabit-per-second
environments that combine firewall, VPN, and intrusion prevention with
acceleration technologies. Power-1 5070 features 9Gbps of firewall
throughput, up to 14 ports, a removable hard drive, and dual
hot-swappable power supplies. Power-1 9070 features 14Gbps of firewall
throughput, up to 18 ports, dual removable hard drives, and dual
hot-swappable power supplies. Both models have high availability, load
balancing, and dynamic routing. Web application firewall, SSL VPN, and
UTM capabilities such as antivirus can be added. Prices start at
$36,500.
For more information, go to
www.checkpoint.com/ (http://ct.email.windowsitpro.com/rd/cts?d=33-5865-803-202-62923-572054-0-0-0-1-2-207)
RESOURCES AND EVENTS
Combat SQL Server Sprawl--Case Study Web Seminar, April 30
The success and growth of SQL Server has led to a phenomenon commonly
called "SQL Server sprawl"--the rampant, often uncontrolled
proliferation of SQL Server databases. Join this Web seminar on
Wednesday, April 30, 2008 (12:00 PM EDT) to learn an approach to
successfully combating SQL Server sprawl and improving application
availability and response time. Register now, before space fills up!
w.on24.com/r.htm?e=107436&s=1&k=6AFCC3D0C5BCB07FFC9106B64524DC30&partnerref=040908er
(http://ct.email.windowsitpro.com/rd/cts?d=33-5865-803-202-62923-572055-0-0-0-1-2-207)
Learn How to Justify Your Business Continuity and Risk Management Plans
Merging traditional disciplines such as high availability, disaster
recovery, and continuous operations to deal with planned and unplanned
downtime is the key to creating and justifying 24x7 business continuity.
This Web seminar will help you convince your management team that having
a business continuity plan is critical.
windowsitpro.com/Downloads/Index.cfm?fuseaction=ShowDownload&uuid=e67929dc-89c6-47e0-a5f8-f01b3d233723&code=040908er
(http://ct.email.windowsitpro.com/rd/cts?d=33-5865-803-202-62923-572056-0-0-0-1-2-207)
User Provisioning: Get the Biggest Bang for Your IT Buck
Is your user provisioning process as strong as it needs to be? Read this
white paper to learn how to increase IT efficiency and user
productivity, get stronger control over digital identities, and better
prepare for compliance audits.
windowsitpro.com/Whitepapers/Index.cfm?wpid=ef32d5a8-6839-4dea-aaef-1d9046d02bbd&fuseaction=ShowWP&code=040908er
(http://ct.email.windowsitpro.com/rd/cts?d=33-5865-803-202-62923-572057-0-0-0-1-2-207)
FEATURED WHITE PAPER
Case Study--Oracle Database on Windows
Read about the core integration capabilities available to users who
deploy an Oracle database and use its tools in Windows environments.
www.windowsitpro.com/go/wp/oracle/ovum/?code=040908er
(http://ct.email.windowsitpro.com/rd/cts?d=33-5865-803-202-62923-572058-0-0-0-1-2-207)
ANNOUNCEMENTS
SQL Server Magazine Master CD: Take the Experts with You!
Find the solutions you need within the thousands of searchable articles,
helpful bonus content, and loads of expert advice on the SQL Server
Magazine Master CD. A Master CD subscription buys you portable access to
the entire SQL Server Magazine article database plus exclusive access to
the new articles we publish on SQLMag.com every day. It's like having a
team of SQL Server consultants in your pocket! Get real-world solutions
fast--order the SQL Server Magazine Master CD today.
store.pentontech.com/index.cfm?s=9&promocode=EU2884SC&
(http://ct.email.windowsitpro.com/rd/cts?d=33-5865-803-202-62923-572059-0-0-0-1-2-207)
Check out all the info-packed publications offered by Windows IT Pro!
If you're receiving the HTML version of this email newsletter, click
"Our Publications" in the menu bar; otherwise, click the link below:
store.pentontech.com/index.cfm?s=1&cid=18000306&promotionid=18003253&code=
(http://ct.email.windowsitpro.com/rd/cts?d=33-5865-803-202-62923-572060-0-0-0-1-2-207)
CONTACT US
Security UDPATE is brought to you by the Windows IT Pro Web site's
Security page (first URL below) and Security Pro VIP (second URL
below).
http://ct.email.windowsitpro.com/rd/cts?d=33-5865-803-202-62923-572061-0-0-0-1-2-207
http://ct.email.windowsitpro.com/rd/cts?d=33-5865-803-202-62923-572062-0-0-0-1-2-207
You are subscribed to this newsletter as boy.blogger@gmail.com
Manage your Security UPDATE subscription at
http://ct.email.windowsitpro.com/rd/cts?d=33-5865-803-202-62923-572063-0-0-0-1-2-207.
Be sure to add Security_UPDATE@email.windowsitpro.com
to your spam filter's list of allowed senders.
To contact us:
About Security UPDATE content -- mailto:letters@windowsitpro.com
About technical questions -- http://ct.email.windowsitpro.com/rd/cts?d=33-5865-803-202-62923-572065-0-0-0-1-2-207
About your product news -- mailto:products@windowsitpro.com
About your subscription -- mailto:windowsitproupdate@windowsitpro.com
About sponsoring Security UPDATE -- mailto:salesopps@windowsitpro.com
View the Windows IT Pro privacy policy at
http://ct.email.windowsitpro.com/rd/cts?d=33-5865-803-202-62923-572066-0-0-0-1-2-207
Windows IT Pro, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department
Copyright 2008, Penton Media, Inc. All rights reserved.
No comments:
Post a Comment