A Penton Media Property
May 21, 2008
If you want to view this on the web go to:
http://ct.email.windowsitpro.com/rd/cts?d=33-8009-803-202-62923-794420-0-0-0-1-2-207
----------------------------------------
ADVERTISEMENT
Oracle Corporation
Oracle Database 11g Application Development
Oracle Database 11g has the same features and functionality on Windows
as on Linux and UNIX. However, significant work has been done to take
advantage of Windows-specific operating system features to improve
scalability.This paper will also discuss the support of a cluster file
system, 64-bit file I/O, and raw files increasing performance and
manageability.
http://ct.email.windowsitpro.com/rd/cts?d=33-8009-803-202-62923-794421-0-0-0-1-2-207
----------------------------------------
IN FOCUS
--OpenSSL Vulnerabilities and the Ripple Effect
by Mark Joseph Edwards, News Editor
Most of you probably agree that open source is a great concept. Nearly
anybody can take such code, modify it, and use it as they see fit. In
many cases people even offer their changes back into the core code base
from which the code was taken, which means everyone who downloads the
code base will have the benefit of other people's changes. At the same
time, that type of openness is a double-edged sword that can be quite
dangerous.
A good case in point is the OpenSSL code used by the developers of the
Debian OS. Back in mid-2006 someone made changes to the random number
generator code in OpenSSL and then uploaded the changes into the
unstable version of Debian that was in development at the time. That
development code eventually became Debian Etch, which is the current
stable release version of the OS.
The changes made to OpenSSL weakened its cryptographic strength and no
one detected this problem until last week. So for about the past two
years OpenSSL and other tools that rely on it have been vulnerable due
to weak cryptographic keys. According to Debian's related security
advisory, "Luciano Bello discovered that the random number generator in
Debian's [OpenSSL] package is predictable. This is caused by an
incorrect Debian-specific change to the [OpenSSL] package
(CVE-2008-0166). As a result, cryptographic key material may be
guessable."
Since the change was made to Debian-related code, any OS that is now
based on Debian is probably affected by the vulnerability. The last time
I checked there were well over a dozen Debian-based OSs, including the
widely used Ubuntu, Knoppix, and Xandros platforms.
Complicating the matter further is the fact that there is another ripple
effect to consider -- it's not just Debian-based systems that might be
affected by the vulnerability. If SSL keys were generated on a
vulnerable system and those keys were then imported into some other OS,
then those systems are affected too. And that's not all. Other
encryption keys might be affected, including keys used for Secure Shell
(SSH), Secure Sockets Layer/Transport Layer Security (SSL/TLS), OpenVPN,
DNS Security Extensions (DNSSEC), and X.509 certificates.
That just about covers every mainstream encryption-related tool in use
today! So the problem is not trivial and should not be taken lightly. As
you might suspect, brute-force cracking attacks are now underway against
SSH services (typically running on port 22 unless you moved SSH to some
other port)--and based on the information I've seen, those attacks are
on the rise (see the URL below). The current attacks typically involve
dictionary-related username and password guessing.
isc.sans.org/portreport.html?sort=records
(http://ct.email.windowsitpro.com/rd/cts?d=33-8009-803-202-62923-794422-0-0-0-1-2-207)
The solution is to upgrade your OpenSSL packages as well as any other
packages based on OpenSSL, and then regenerate any weak keys. And, if
you're a user of Debian or Ubuntu and you use 'apt' to perform updates
then you'll find that the package installer will handle regenerating
keys for you. Even so, double check your keys after upgrading. Be sure
to check into the ssl-vulnkey tool that comes with the new 'ssh-server'
package if you use SSH and perform an upgrade. It'll help you identify
vulnerable SSH keys. There's also a Perl script available that can help
you detect weak keys (see the first URL below). At the second URL below
you'll find a method of automatically blocking hosts that attempt
dictionary attacks on your SSH services. The latter method uses the
DenyHosts tool at the third URL below.
lists.debian.org/debian-security-announce/2008/msg00152.html
(http://ct.email.windowsitpro.com/rd/cts?d=33-8009-803-202-62923-794423-0-0-0-1-2-207)
www.howtoforge.com/preventing_ssh_dictionary_attacks_with_denyhosts
(http://ct.email.windowsitpro.com/rd/cts?d=33-8009-803-202-62923-794424-0-0-0-1-2-207)
denyhosts.sourceforge.net (http://ct.email.windowsitpro.com/rd/cts?d=33-8009-803-202-62923-794425-0-0-0-1-2-207)
This particular vulnerability points out how one small code change can
have a far-reaching ripple effect. In most cases changes are for the
better. However, in this particular instance that's not the case.
Obviously those who intend to take part in open-source code development
need to be extra careful, especially when working with security-related
code that is a core part of many other tools.
----------------------------------------
ADVERTISEMENT
Symantec
Messaging Management
Fundamentals eBook - Best Practices & Service Comparison
Email and messaging infrastructures are the backbone of today's business
operations, they are so essential that if they go down, an
organization's business stops. With this level of importance put on
these systems, protecting your email and messaging infrastructures is
the primary goal of email and messaging management solutions. Email and
management solutions can mitigate the risks related to information loss,
leakage, or unauthorized data access. Read this eBook to learn about the
best practices of designing an email and messaging management
infrastructure in Exchange-centric environments.
http://ct.email.windowsitpro.com/rd/cts?d=33-8009-803-202-62923-794426-0-0-0-1-2-207
----------------------------------------
SECURITY NEWS AND FEATURES
--Web Apps Are the Source of Most Vulnerabilities
A new report reveals that Web applications are the most common source of
vulnerabilities. While this shouldn't come as much of a surprise given
the importance of the Web, it should serve as an alarm for Web
developers.
To view the full article go to:
http://ct.email.windowsitpro.com/rd/cts?d=33-8009-803-202-62923-794427-0-0-0-1-2-207
--U.S. And Canada Put a Damper on Hardware Pirates
Since 2005, U.S. and Canadian law enforcement agencies have sent 10
hardware pirates to jail and seized tens of thousands of counterfeit
Cisco network routers, switches, interface cards, and other modules
posing as legitimate Cisco Systems equipment.
To view the full article go to:
http://ct.email.windowsitpro.com/rd/cts?d=33-8009-803-202-62923-794428-0-0-0-1-2-207
--Hewlett-Packard to Buy EDS
According to the Wall Street Journal, Hewlett-Packard was close to
finalizing a deal to purchase EDS. The acquisition has been confirmed
and it could mean tougher competition for IBM.
To view the full article go to:
http://ct.email.windowsitpro.com/rd/cts?d=33-8009-803-202-62923-794429-0-0-0-1-2-207
--Recent Security Vulnerabilities
If you subscribe to this newsletter, you also receive Security Alerts,
which inform you about recently discovered security vulnerabilities. You
can also find information about these discoveries at
www.windowsitpro.com/departments/departmentid/752/752.html
(http://ct.email.windowsitpro.com/rd/cts?d=33-8009-803-202-62923-794430-0-0-0-1-2-207)
GIVE AND TAKE
--SECURITY MATTERS BLOG: Heads Up: Zero Day in IE 7 and 8
by Mark Joseph Edwards
Details of a zero-day vulnerability in Internet Explorer 7 and 8 have
been posted to the Web. The particular exploit takes advantage of a
problem with the security centered around printing links in a given Web
page. Learn more in this blog entry.
windowsitpro.com/blog/index.cfm?action=BlogIndex&DepartmentID=949
(http://ct.email.windowsitpro.com/rd/cts?d=33-8009-803-202-62923-794431-0-0-0-1-2-207)
--FAQ: Cold Boot Encryption Attacks and BitLocker
by John Savill
Q. What is the BitLocker exposure via cold boot attack?
Find the answer at
windowsitpro.com/article/articleid/99144
(http://ct.email.windowsitpro.com/rd/cts?d=33-8009-803-202-62923-794432-0-0-0-1-2-207)
--FROM THE FORUM: Webmail security risks?
We're reviewing our IT policies and specifically talking about user
access to non-business Webmail (employees at work checking HotMail,
Yahoo, GMail, etc.). The general question is what business risks does
this create? I can immediately think of
1) a method of maliciously or accidentally sending company information
out either as email or sometimes as direct network storage (I think
GMail has something called a G-Drive?),
2) opportunity of malicious software getting in,
3) possible business communication that is stored outside our normal
systems that may not be subject to records retention policies, and
4) on the same legal line of thought, communication that may be treated
as informal, but could still be business related and discoverable in a
legal case.
Can anyone offer any other potential risks? I'm brainstorming so I
welcome any thoughts even if they are very remote possibilities or
something similar to what I've already mentioned.
Also, I know there are tools that can address some of these risks, but
right now, I'm only interested in identifying the risks.
Lend a hand at the URL below:
forums.windowsitpro.com/web/forum/messageview.aspx?catid=42&threadid=90196&enterthread=y
(http://ct.email.windowsitpro.com/rd/cts?d=33-8009-803-202-62923-794433-0-0-0-1-2-207)
--Vote in the 2008 Windows IT Pro Community Choice Awards!
Final voting for the Windows IT Pro Community Choice Awards is now open!
Voting in this awards program is open to all Windows IT Pro Web site
visitors, but vendors whose products are nominated are prohibited from
voting. Enter the voting tool at:
www.surveymonkey.com/s.aspx?sm=_2fz97tv4rU5iY2IsYDbyCRg_3d_3d
(http://ct.email.windowsitpro.com/rd/cts?d=33-8009-803-202-62923-794434-0-0-0-1-2-207)
Voting closes May 23 at 11:45 p.m. Mountain Time.
--SHARE YOUR SECURITY TIPS AND GET $100
Share your security-related tips, comments, or problems and solutions in
Security Pro VIP's Reader to Reader column. Email your contributions to
r2r@securityprovip.com (mailto:r2r@securityprovip.com). If we print your
submission, you'll get $100. We edit submissions for style, grammar, and
length.
PRODUCTS
--Comodo Offers Free PC Cleaning in Response to Increased Viruses and
Trojan Attacks
by Lavon Peters, Security Editor
The recent increase in the number of viruses and Trojan attacks has led
Comodo, a leading security company, to offer unprecedented free PC
cleaning. According to the company, this offer is "no catches" and "no
kidding"--unlike other companies' offers of free automated user-managed
tools, Comodo is providing trained security experts to remotely rid
machines of malware. Melih Abdulhayoglu, Comodo's CEO and chief security
architect, says that "by offering a free malware cleaning service, [the
company] aim[s] to create a community of confident consumers with clean
PCs." For more information, or to take advantage of this offer, contact
Comodo at 201-963-9471 or visit
www.personalfirewall.comodo.com/avsmart/malware-removal.html
(http://ct.email.windowsitpro.com/rd/cts?d=33-8009-803-202-62923-794435-0-0-0-1-2-207.
RESOURCES AND EVENTS
Gain Enhanced Insight Into and Control Over Your IT Systems
Microsoft System Center Configuration Manager 2007 shipped recently.
System Center Configuration Manager 2007 is the solution to
comprehensively assess, deploy, and update your servers, clients, and
devices - across physical, virtual, distributed, and mobile
environments. View this Web seminar for the latest and greatest features
and product enhancements in the Systems Center Configuration Manager SP1
and R2.
windowsitpro.com/Downloads/Index.cfm?fuseaction=ShowDownload&uuid=af2d59de-1461-478a-827f-0b6963d64478&code=051408er
(http://ct.email.windowsitpro.com/rd/cts?d=33-8009-803-202-62923-794436-0-0-0-1-2-207)
So You Think You're Compliant...
According to Gartner, 30 percent of enterprises will experience at least
one audit per year. There's no way for you to be entirely sure that your
organization is in compliance with software regulations. Join this Web
seminar to learn all about a new solution that can help you avoid
audits, control licenses, maximize key user productivity, and more.
www.windowsitpro.com/go/seminars/macrovision/softwareregulations/?partnerref=51408e&r
(http://ct.email.windowsitpro.com/rd/cts?d=33-8009-803-202-62923-794437-0-0-0-1-2-207)
BI Newsletter
Want to keep abreast of the latest SQL Server business intelligence (BI)
news, views, tips, and techniques? Subscribe to Essential BI UPDATE, a
new twice-monthly BI email newsletter from SQL Server Magazine. You'll
get how-to information, industry trends, commentary by experts, valuable
insight into BI Reporting Services, and more. Subscribe today--it's
free!
www.sqlmag.com/email (http://ct.email.windowsitpro.com/rd/cts?d=33-8009-803-202-62923-794438-0-0-0-1-2-207)
FEATURED WHITE PAPER
Guide to Log Management: Comparing On-Premise and On-Demand Solutions
In the past five years both governmental and industry specific
regulations have included log management as a required control within an
infrastructure. This white paper examines and compares two methods to
log management. Choosing a solution for something as complex and
critical as log management is difficult and requires careful
consideration. Read this paper today!
www.windowsitpro.com/Whitepapers/Index.cfm?fuseaction=ShowWP&WPID=96231bb9-0985-4d4b-96c9-b6f357a89e09&code=051408er
(http://ct.email.windowsitpro.com/rd/cts?d=33-8009-803-202-62923-794439-0-0-0-1-2-207)
ANNOUNCEMENTS
Rev Up Your IT Know-How with Our Recharged Magazine!
The improved Windows IT Pro is packed with trusted content and enhanced
with a fresh new look! Subscribe today to
--Stay ahead of industry trends with comprehensive coverage of topics
such as
Vista and virtualization
--Solve tough technical problems with advice from veteran IT experts
such as Guido Grillenmeier and Mark Minasi
--Find real-world solutions easily with fast facts and quick tips
store.pentontech.com/index.cfm?s=1&promocode=EU2085R1&
(http://ct.email.windowsitpro.com/rd/cts?d=33-8009-803-202-62923-794440-0-0-0-1-2-207)
Windows IT Pro Master CD: Take the Experts with You!
Find the solutions you need within the thousands of searchable articles,
helpful bonus content, and loads of expert advice on the Windows IT Pro
Master CD. A Master CD subscription buys you portable access to the
entire Windows IT Pro article database plus exclusive access to all the
new articles we publish only on WindowsITPro.com every day. It's like
having a team of consultants in your pocket! Get real-world solutions
fast--order the Windows IT Pro Master CD today.
store.pentontech.com/index.cfm?s=1&promocode=EU2284WC&
(http://ct.email.windowsitpro.com/rd/cts?d=33-8009-803-202-62923-794441-0-0-0-1-2-207)
CONTACT US
Security UDPATE is brought to you by the Windows IT Pro Web site's
Security page (first URL below) and Security Pro VIP (second URL
below).
http://ct.email.windowsitpro.com/rd/cts?d=33-8009-803-202-62923-794442-0-0-0-1-2-207
http://ct.email.windowsitpro.com/rd/cts?d=33-8009-803-202-62923-794443-0-0-0-1-2-207
You are subscribed to this newsletter as boy.blogger@gmail.com
Manage your Security UPDATE subscription at
http://ct.email.windowsitpro.com/rd/cts?d=33-8009-803-202-62923-794444-0-0-0-1-2-207.
Be sure to add Security_UPDATE@email.windowsitpro.com
to your spam filter's list of allowed senders.
To contact us:
About Security UPDATE content -- mailto:letters@windowsitpro.com
About technical questions -- http://ct.email.windowsitpro.com/rd/cts?d=33-8009-803-202-62923-794446-0-0-0-1-2-207
About your product news -- mailto:products@windowsitpro.com
About your subscription -- mailto:windowsitproupdate@windowsitpro.com
About sponsoring Security UPDATE -- mailto:salesopps@windowsitpro.com
View the Windows IT Pro privacy policy at
http://ct.email.windowsitpro.com/rd/cts?d=33-8009-803-202-62923-794447-0-0-0-1-2-207
Windows IT Pro, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department
Copyright 2008, Penton Media, Inc. All rights reserved.
No comments:
Post a Comment