A Penton Media Property
July 30, 2008
If you want to view this on the web go to:
http://ct.email.windowsitpro.com/rd/cts?d=33-11491-803-202-62923-1185009-0-0-0-1-2-207
----------------------------------------
ADVERTISEMENT
Windows IT Pro
In-Depth Guide for Customer Premise Equipment
Check out VoIP News' in-depth comparison of leading Enterprise PBX
Vendors including Avaya, Cisco and Shoretel covers features, services,
pricing, support and more. This guide for customer premise equipment
focuses on the needs of medium and large businesses.
http://ct.email.windowsitpro.com/rd/cts?d=33-11491-803-202-62923-1185010-0-0-0-1-2-207
----------------------------------------
IN FOCUS
--New Method of Attacking Disk Encryption
by Mark Joseph Edwards, News Editor
So you've got that spiffy new Windows Vista system built, complete with
BitLocker encryption, which you hope is going to keep your data out of
the hands of folks with prying eyes. And you've also got your Mac OS X
systems all locked down with FileVault, and your Linux systems are
tightly secured with dm-crypt. Do you think your data is safe and
secure? Maybe that's not such a good assumption, and here's why....
A team of eight researchers from Princeton University, Electronic
Frontier Foundation, and Wind River Systems recently released a new
white paper that explains in detail how they were able to defeat all of
the disk encryption systems that I just mentioned. The technique to
defeat such encryption centers around two important facts: Encryption
keys are often stored in memory, and memory doesn't necessarily lose its
contents immediately when a system is powered off. Because of those two
facts a serious weakness exists that can be readily exploited to gain
access to the encryption keys, and thus your data.
Normally, unpowered DRAM memory chips lose their contents after a
several seconds. But if those chips can be kept very cool, then they
might retain their contents for up to an hour or more. That gives
someone plenty of time to read the memory in the chips and recover
encryption keys.
But wait, maybe you've got Trusted Platform Module (TPM) chips in your
systems. The chips assist cryptographic software, which can use TPM to
generate and control access to encryption keys. BitLocker can use TPM if
it's present, and as it turns out your systems can be even more
vulnerable due to TPM! According to the white paper, "TPM sometimes
makes [a system] less secure, allowing an attacker to gain access to the
data even if the machine is stolen while it is completely powered off."
What does all this mean for the security of your data? The obvious
answer is that even with strong encryption in use, your data is safe
only in direct proportion to the level of physical security that you can
provide. And, if someone gets their hands on one of your systems while
it's still powered up---even if you're logged out, or have locked the
desktop via screensaver or other similar methods---then your data might
be available to the thief. Furthermore, even if you put the system into
hibernation mode, or suspend the OS to disk, then your data might still
be vulnerable. It's as simple (and devastating) as that.
One of the eight researchers, Ed Felton, explained the risk like this:
"This is deadly for disk encryption products because they rely on
keeping master decryption keys in DRAM. This was thought to be safe
because the operating system would keep any malicious programs from
accessing the keys in memory, and there was no way to get rid of the
operating system without cutting power to the machine, which 'everybody
knew' would cause the keys to be erased."
So much for wishful thinking, eh? This attack vector isn't just some new
fuzzy theory. This is a clear real-world possibility, and the team backs
up their research with five sets of code that demonstrate how to get
your hands on encryption keys present in DRAM. You and anybody else can
get a copy of that code and test recovery methods if you want to. The
code is available along with the white paper, guides, and videos at the
URL below.
http://ct.email.windowsitpro.com/rd/cts?d=33-11491-803-202-62923-1185011-0-0-0-1-2-207 (http://ct.email.windowsitpro.com/rd/cts?d=33-11491-803-202-62923-1185012-0-0-0-1-2-207)
If you're serious about using the best disk encryption available, then
consider using a disk drive or disk controller that can encrypt the data
without ever moving encryption keys outside of the disk or controller's
logic circuits. Seagate and Fujitsu are two vendors I am aware of who
provide that type of hardware for desktops, servers, and laptops. Check
into Seagate's Momentus drives for desktops and servers and their
Cheetah drives for laptops. Also check into Fujitsu's MHZ2 CJ series of
drives for laptops.
----------------------------------------
ADVERTISEMENT
Windows IT Pro
Insider Threats - Who Can You Trust?
Although an organization might allow an employee privileged access, why
should they trust that person? Mass media hysterics about external
security threats has caused many of us to temporarily forget the most
important rule-of-thumb about security - 80% of the threat to any
organization comes from inside. Read this paper to identify the key
business processes in your organization that must be secured, and you
will be highly equipped to build a solution that will contain an insider
threat.
http://ct.email.windowsitpro.com/rd/cts?d=33-11491-803-202-62923-1185013-0-0-0-1-2-207
----------------------------------------
SECURITY NEWS AND FEATURES
--Exploits on the Loose for DNS Flaw
Security researcher Dan Kaminsky was preempted this week when exploit
code was released for the DNS security problems that he intended to
reveal at the upcoming Black Hat security conference.
To view the full article go to:
http://ct.email.windowsitpro.com/rd/cts?d=33-11491-803-202-62923-1185014-0-0-0-1-2-207
--Large ISPs Still Vulnerable to DNS Attack
According to Neal Krawetz of Hacker Factor, several large ISPs still
haven't patched their DNS servers to guard against a critical
vulnerability that was made public two weeks ago.
To view the full article go to:
http://ct.email.windowsitpro.com/rd/cts?d=33-11491-803-202-62923-1185015-0-0-0-1-2-207
--New Thunderbird Release Fixes 8 Security Problems
Mozilla released Thunderbird 2.0.0.16 to fix 8 security problems, all of
which are rated as moderate or low risks.
To view the full article go to:
http://ct.email.windowsitpro.com/rd/cts?d=33-11491-803-202-62923-1185016-0-0-0-1-2-207
--Mozilla Claims Guinness World Record
Mozilla Foundation said that they recently set the world record for the
most downloads in a 24-hour period when in early July the company
delivered 8,002,530 downloads to users all around the globe.
To view the full article go to:
http://ct.email.windowsitpro.com/rd/cts?d=33-11491-803-202-62923-1185017-0-0-0-1-2-207
--Recent Security Vulnerabilities
If you subscribe to this newsletter, you also receive Security Alerts,
which inform you about recently discovered security vulnerabilities. You
can also find information about these discoveries at
http://ct.email.windowsitpro.com/rd/cts?d=33-11491-803-202-62923-1185018-0-0-0-1-2-207
(http://ct.email.windowsitpro.com/rd/cts?d=33-11491-803-202-62923-1185019-0-0-0-1-2-207)
GIVE AND TAKE
--SECURITY MATTERS BLOG: Spammer: Jail Escape, Murder, Suicide
by Mark Joseph Edwards
Convicted spammer Eddie Davidson was convicted and sentenced to serve 21
months in jail. Then he escaped, murdered 2 people, wounded another, and
killed himself.
http://ct.email.windowsitpro.com/rd/cts?d=33-11491-803-202-62923-1185020-0-0-0-1-2-207
(http://ct.email.windowsitpro.com/rd/cts?d=33-11491-803-202-62923-1185021-0-0-0-1-2-207)
--FAQ: Get a Copy of XP SP3
by John Savill
Q. Where can I obtain Windows XP SP3?
Find the answer at
http://ct.email.windowsitpro.com/rd/cts?d=33-11491-803-202-62923-1185022-0-0-0-1-2-207
(http://ct.email.windowsitpro.com/rd/cts?d=33-11491-803-202-62923-1185023-0-0-0-1-2-207)
--SHARE YOUR SECURITY TIPS AND GET $100
Share your security-related tips, comments, or problems and solutions.
Email your contributions to r2r@windowsitpro.com
(mailto:r2r@windowsitpro.com). If we print your submission, you'll get
$100. We edit submissions for style, grammar, and length.
PRODUCTS
--Innovative Thumb Drive Eliminates Reimaging
by Lavon Peters, Security Editor
Security appliance vendor Astaro recently released the Astaro Smart
Installer, which is a USB flash drive that servers and hardware
appliances recognize as an external CD-ROM drive loaded with a bootable
image. This device lets customers install Astaro software appliances and
reimage Astaro hardware appliances. The Astaro Smart Installer is
available for Astaro Security Gateway and Astaro Web Gateway products.
For more information, contact Astaro at 877-427-8276 or visit
http://ct.email.windowsitpro.com/rd/cts?d=33-11491-803-202-62923-1185024-0-0-0-1-2-207 (http://ct.email.windowsitpro.com/rd/cts?d=33-11491-803-202-62923-1185025-0-0-0-1-2-207.
--Next-Generation Malware Protection
by Lavon Peters, Security Editor
To address increasing malware threats, Sunbelt Software released a new
security solution called VIPRE Antivirus + Antispyware. VIPRE combines
antivirus, antispyware, and anti-rootkit technologies. A fully
functional 15-day trial version is available. A one-year single-user
subscription is $29.95; a three-user subscription is $39.95. A home
version is available for $49.95 per year, which covers all the computers
in a household. An enterprise version will be available in August. For
more information, contact Sunbelt Software at 888-688-8457 or visit
http://ct.email.windowsitpro.com/rd/cts?d=33-11491-803-202-62923-1185026-0-0-0-1-2-207 (http://ct.email.windowsitpro.com/rd/cts?d=33-11491-803-202-62923-1185027-0-0-0-1-2-207.
RESOURCES AND EVENTS
A Modern Approach to On-Demand Email and Data Security
Learn about the drawbacks associated with securing a shared,
multi-tenant environment and the benefits of using a "hybrid" on-demand,
on-premises solution for email and data security. Download this free
white paper today.
http://ct.email.windowsitpro.com/rd/cts?d=33-11491-803-202-62923-1185028-0-0-0-1-2-207
(http://ct.email.windowsitpro.com/rd/cts?d=33-11491-803-202-62923-1185029-0-0-0-1-2-207)
Latest Advancements in SSL Technologies
Learn the benefits of strong Secure Sockets Layer (SSL) encryption,
Extended Validation SSL, and security trust marks and what these
offerings can do for your site in this white paper on the latest
advancements in SSL technologies.
http://ct.email.windowsitpro.com/rd/cts?d=33-11491-803-202-62923-1185030-0-0-0-1-2-207
(http://ct.email.windowsitpro.com/rd/cts?d=33-11491-803-202-62923-1185031-0-0-0-1-2-207)
WinConnections Conference Fall 2008
Don't miss the premier event for Microsoft IT professionals in Las
Vegas, November 10-13. Register and book your room by August 25 and
receive a FREE room night (based on a three-night minimum stay).
http://ct.email.windowsitpro.com/rd/cts?d=33-11491-803-202-62923-1185032-0-0-0-1-2-207 (http://ct.email.windowsitpro.com/rd/cts?d=33-11491-803-202-62923-1185033-0-0-0-1-2-207)
FEATURED WHITE PAPER
The True Impact of Messaging and Web Threats
This white paper discusses how employing a layered and integrated
defensive strategy is the most effective approach to dealing with spam,
viruses, Trojans, worms, and other forms of malware. Read this paper and
learn about the trends you can anticipate in the messaging threat
landscape.
http://ct.email.windowsitpro.com/rd/cts?d=33-11491-803-202-62923-1185034-0-0-0-1-2-207
(http://ct.email.windowsitpro.com/rd/cts?d=33-11491-803-202-62923-1185035-0-0-0-1-2-207)
ANNOUNCEMENTS
Master SharePoint with 3 eLearning Seminars--hosted by Windows IT Pro
Join MVPs Dan Holme and Michael Noel to learn how to build a better
SharePoint infrastructure and enable powerful collaboration. On October
1, 2008, at 11:00 AM EDT, direct from your computer, these SharePoint
gurus will guide you through three info-packed sessions: 21st Century
File Sharing: Configuring & Managing Document Libraries; Building
Code-Free SharePoint Applications and Business Intelligence Lite; and
Forms-Based Authentication and Extranet Deployment Options for
SharePoint 2007. All for only $99! Seats are limited to allow for lots
of live Q&A at the end. Register today!
http://ct.email.windowsitpro.com/rd/cts?d=33-11491-803-202-62923-1185036-0-0-0-1-2-207
(http://ct.email.windowsitpro.com/rd/cts?d=33-11491-803-202-62923-1185037-0-0-0-1-2-207)
Know a Developer?
Pass on the SharePoint Mastery series, built especially for developers,
with speaker and Microsoft MVP Andrew Connell!
http://ct.email.windowsitpro.com/rd/cts?d=33-11491-803-202-62923-1185038-0-0-0-1-2-207
(http://ct.email.windowsitpro.com/rd/cts?d=33-11491-803-202-62923-1185039-0-0-0-1-2-207)
Access All Our Security Resources!
With the online VIP Monthly Pass, you can have all the security
solutions in Windows IT Pro and SQL Server Magazine right at your
fingertips, PLUS VIP-only content on hot topics such as Vista,
SharePoint, and more. You'll also receive a full digital copy of the
latest issue of Windows IT Pro!
http://ct.email.windowsitpro.com/rd/cts?d=33-11491-803-202-62923-1185040-0-0-0-1-2-207
(http://ct.email.windowsitpro.com/rd/cts?d=33-11491-803-202-62923-1185041-0-0-0-1-2-207)
CONTACT US
Security UDPATE is brought to you by the Windows IT Pro Web site's
Security page (first URL below) and Security Pro VIP (second URL
below).
http://ct.email.windowsitpro.com/rd/cts?d=33-11491-803-202-62923-1185042-0-0-0-1-2-207
http://ct.email.windowsitpro.com/rd/cts?d=33-11491-803-202-62923-1185043-0-0-0-1-2-207
You are subscribed to this newsletter as boy.blogger@gmail.com
Manage your Security UPDATE subscription at
http://ct.email.windowsitpro.com/rd/cts?d=33-11491-803-202-62923-1185044-0-0-0-1-2-207.
Be sure to add Security_UPDATE@email.windowsitpro.com
to your spam filter's list of allowed senders.
To contact us:
About Security UPDATE content -- mailto:letters@windowsitpro.com
About technical questions -- http://ct.email.windowsitpro.com/rd/cts?d=33-11491-803-202-62923-1185046-0-0-0-1-2-207
About your product news -- mailto:products@windowsitpro.com
About your subscription -- mailto:windowsitproupdate@windowsitpro.com
About sponsoring Security UPDATE -- mailto:salesopps@windowsitpro.com
View the Windows IT Pro privacy policy at
http://ct.email.windowsitpro.com/rd/cts?d=33-11491-803-202-62923-1185047-0-0-0-1-2-207
Windows IT Pro, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department
Copyright 2008, Penton Media, Inc. All rights reserved.
No comments:
Post a Comment