|
[networknewsletters]
||
[Date Prev]
[02-2005 Date Index]
[Date Next]
||
[Thread Prev]
[02-2005 Thread Index]
[Thread Next]
Security UPDATE -- Safer Mobile Surfing -- February 9, 2005
- From: Educational CyberPlayGround <admin@xxxxxxxxxxxxxxx>
- To: NetworkNewsletters@xxxxxxxxxxxxx
- Date: Tue, 15 Feb 2005 12:55:16 -0500
**************************************************************
-- Educational CyberPlayGround Community
http://www.edu-cyberpg.com/
-- Network Newsletters Mailing List ©1994
-- Subscribe - Unsubscribe - Email Preferences
http://www.edu-cyberpg.com/Community/NetworkNewsletters.html
-- Advertise on Network Newsletters Mailing List
http://www.edu-cyberpg.com/Community/Subguidelines.html
-- Mailing Lists
http://www.edu-cyberpg.com/Community/
**************************************************************
====================
1. In Focus: Safer Mobile Surfing
2. Security News and Features
- Recent Security Vulnerabilities
- February the 13th: Microsoft Issues Massive Number of Security Fixes
- Microsoft to Purchase Sybari Software
- Weakness in Windows XP SP2 Overflow Protection
- SOHO Firewall Appliances
3. Security Matters Blog
- Stop Users from Bypassing Group Policy
- Two More Months to Opt Out of Windows XP SP2
4. Instant Poll
5. Security Toolkit
- FAQ
- Security Forum Featured Thread
6. New and Improved
- Spam Firewall for Large Organizations
====================
==== 1. In Focus: Safer Mobile Surfing ====
by Mark Joseph Edwards, News Editor, mark at ntsecurity / net
I'm sure you read lots of different security-related blogs and Web
sites. There are a bunch of them out there, and the number seems to
keep right on growing. I've got dozens of them in my RSS reader, and I
often find new ones that I want to read now and then.
One interesting blog that I found some time ago is called Secureme. Not
only is it informative, but the writing style is subtly humorous at
times too. When I look at the "avatars" of the blog writers at the
site, I'm not quite sure what's missing: a flashy mirrored disco ball
and colored lights, or Santa's workshop. When you go to the blog,
you'll see what I mean.
http://list.windowsitpro.com/t?ctl=1651:4FB69
An interesting recent post at the blog ("No SSH server, no problem!"
January 13) covered two tools, The Onion Router (TOR) and Privoxy, both
of which can be used in a variety of situations, such as using them
together to better protect your Internet communications when you're on
the road. For example, if you're using a hotel's in-house network or a
public wireless network, you could use TOR and Privoxy to help protect
your network traffic.
TOR is a routing technology that encrypts and routes your Internet
traffic through a number of TOR servers before the traffic reaches its
destination. Privoxy is a proxy server that helps protect your Internet
privacy by removing or obscuring various content, such as your DNS
queries, browser type, OS type, and more. You can configure Privoxy to
communicate with TOR so that all your Web traffic is routed through the
TOR network.
I tried the two tools, and they seem to work all right. Setting up a
TOR client is incredibly simple. Just install it, run it, and make sure
there are open ports on your firewall to pass traffic. That's it!
Privoxy is equally simple, except that to make it work with TOR, you'll
need to add one line to the Privoxy configuration, which is explained
in the TOR documentation. You can learn more about TOR and Privoxy and
download copies at their respective Web sites.
http://list.windowsitpro.com/t?ctl=1653:4FB69
http://list.windowsitpro.com/t?ctl=1652:4FB69
Until next time, have a great week.
==== 2. Security News and Features ====
Recent Security Vulnerabilities
If you subscribe to this newsletter, you also receive Security
Alerts, which inform you about recently discovered security
vulnerabilities. You can also find information about these discoveries
at
http://list.windowsitpro.com/t?ctl=163B:4FB69
February the 13th: Microsoft Issues Massive Number of Security Fixes
Yesterday, Microsoft issued a massive number of security bulletins
and fixes as part of its regularly scheduled monthly security update
release. The company released 12 security bulletins for various
products, including several Windows versions, Exchange Server, Office
XP, Windows Media Player, MSN Messenger, and SharePoint. Eight of the
bulletins are rated as "critical," the company's most serious rating.
http://list.windowsitpro.com/t?ctl=163D:4FB69
Microsoft to Purchase Sybari Software
Microsoft announced yesterday that it has signed a definitive
agreement to acquire Sybari Software, a New York-based company that
develops antivirus, antispam, and content-filtering technologies. The
acquisition will include all of Sybari's staff and technologies.
http://list.windowsitpro.com/t?ctl=163C:4FB69
Weakness in Windows XP SP2 Overflow Protection
Security company Positive Technologies released a white paper that
explains what it considers to be weaknesses in the heap overflow
protection and data execution protection in Windows XP Service Pack 2
(SP2). The two technologies are designed to help prevent intruders from
taking advantage of unchecked buffers to launch malicious code within
the OS.
http://list.windowsitpro.com/t?ctl=1643:4FB69
SOHO Firewall Appliances
Even if you have a home office or work for a small company, you
still need to protect your valuable data and network. Firewalls have
become a de facto standard for all organizations--large and small--as a
frontline perimeter-based defense against attackers who want to steal
your information, hijack your resources, and otherwise vandalize your
network. Jeff Fellinge looks at several solutions in this Buyer's
Guide.
http://list.windowsitpro.com/t?ctl=1641:4FB69
====================
==== Resources and Events ====
InfoSec World 2005, April 4-6, 2005, Orlando, FL
InfoSec World 2005 is where connections are made. Expand your
knowledge with the hottest topics and get real-world strategies and
tested techniques for meeting your toughest information security
challenges. With a full spectrum of events, InfoSec World offers an
array of stimulating programs, presentations, activities, networking
opportunities and more!
http://list.windowsitpro.com/t?ctl=164C:4FB69
Ensure Successful Token Authentication
What's more secure than password protection? Attend this free Web
seminar and learn how to protect your network and make your mobile and
remote users more secure with token authentication. Discover ways to
evaluate, test, and roll out token authentication to protect your
investment, while making a solid business case to justify the costs.
Register now!
http://list.windowsitpro.com/t?ctl=1637:4FB69
Windows Connections Conference Spring 2005
Mark your calendar for Windows Connections Spring 2005, April 17-20,
2005, at the Hyatt Regency in San Francisco. Sessions jam-packed with
tips and techniques you need to know to ensure success in today's
enterprise deployments. Get the complete brochure online or call 203-
268-3204 or 800-505-1201 for more information.
http://list.windowsitpro.com/t?ctl=1654:4FB69
Configuring Blade Servers for Your Application Needs
Blade servers pack a lot of function into a small space, conserve
power and are flexible. In this free Web seminar, industry guru David
Chernicoff details the best use of 1P, 2P and 4P configurations using
single and multiple enclosures; integrating with NAS and SAN and
managing the entire enterprise from a single console. Register now and
take advantage of blade servers' power and flexibility.
http://list.windowsitpro.com/t?ctl=1638:4FB69
====================
==== 3. Security Matters Blog ====
by Mark Joseph Edwards, http://list.windowsitpro.com/t?ctl=164A:4FB69
Check out these recent entries in the Security Matters blog:
Stop Users from Bypassing Group Policy
I read a really interesting thread on the Focus on Microsoft mailing
list. A list member said his users found a way to bypass Group Policy
so that they could install unauthorized software on their machines. The
users entered their logon credentials, then as soon as they were
authenticated to the domain, they unplugged the network cable so that
Group Policy Objects (GPOs) weren't downloaded to their machines.
However, there are ways to foil this strategy.
http://list.windowsitpro.com/t?ctl=1644:4FB69
Two More Months to Opt Out of Windows XP SP2
According to Microsoft's TechNet Flash newsletter, "the mechanism to
temporarily disable delivery of Windows XP SP2 is available only for a
period of 240 days (8 months) from August 16, 2004. At the end of this
period (after April 12, 2005), Windows XP SP2 will be delivered to all
Windows XP and Windows XP Service Pack 1 systems."
http://list.windowsitpro.com/t?ctl=1645:4FB69
==== 4. Instant Poll ====
Results of Previous Poll:
Is comment spam a problem on your company's blogs or Web forums?
The voting has closed in this Windows IT Pro Security Hot Topic
nonscientific Instant Poll. Here are the results from the 13 votes:
- 23% Yes it was, but we solved it by requiring registration
- 0% Yes, but we'll implement the new "rel" tag format to stop it
- 0% Yes, but we don't plan to do anything about it
- 77% No
New Instant Poll:
If your company uses Windows XP, do you use XP SP2?
Go to the Security Hot Topic and submit your vote for
- Yes
- No, but we intend to
- No, and we don't intend to
http://list.windowsitpro.com/t?ctl=1646:4FB69
==== 5. Security Toolkit ====
FAQ
by John Savill, http://list.windowsitpro.com/t?ctl=1647:4FB69
Q: How can I view a list of all applications on my computer that start
at boot-up?
Find the answer at http://list.windowsitpro.com/t?ctl=1642:4FB69
Security Forum Featured Thread: ISAPI Extension Access to DCOM
Application Server
Nicola has an Internet Server API (ISAPI) DLL that connects to a
Distributed COM (DCOM) application server. The setup includes a
Microsoft IIS server configured with integrated security and anonymous
access disabled, a domain group to collect all the domain users that
should be able to use the procedures in the DLL, and DCOM configured
with an administrator account and launch/access permissions for the
domain group. The setup works if the domain group is included in the
local Administrators group, but Nicola doesn't want to put the domain
group in the local Administrators group and wonders if there's some
other configuration that will work. Join the discussion at
http://list.windowsitpro.com/t?ctl=1639:4FB69
====================
==== Contact Us ====
About the newsletter -- letters@xxxxxxxxxxxxxxxx
About technical questions -- http://list.windowsitpro.com/t?ctl=164D:4FB69
About product news -- products@xxxxxxxxxxxxxxxx
About your subscription -- windowsitproupdate@xxxxxxxxxxxxxxxx
About sponsoring Security UPDATE -- emedia_opps@xxxxxxxxxxxxxxxx
====================
This email newsletter is brought to you by Security Administrator, the
leading publication for IT professionals securing the Windows
enterprise from external intruders and controlling access for internal
users. Subscribe today.
http://list.windowsitpro.com/t?ctl=163F:4FB69
View the Windows IT Pro privacy policy at
http://list.windowsitpro.com/t?ctl=163E:4FB69
Windows IT Pro, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department
Copyright 2005, Penton Media, Inc. All rights reserved.
<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>
EDUCATIONAL CYBERPLAYGROUND
http://www.edu-cyberpg.com
Copyright statements to be included when reproducing
annotations from Network Newsletter.
The single phrase below is the copyright notice to be used when
reproducing any portion of this report, in any format.
> From Network Newsletter copyright
> Educational CyberPlayGround.
http://www.edu-cyberpg.com/Community/NetworkNewsletters.html
Net Happenings, K12 Newsletters, Network Newsletters
http://www.edu-cyberpg.com/Community/
FREE EDUCATION VENDOR DIRECTORY LISTING
http://www.edu-cyberpg.com/Directory/
HOT LIST REGISTRY OF K12 SCHOOLS ONLINE
http://www.edu-cyberpg.com/Schools/
<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>
|
|
