|
[networknewsletters]
||
[Date Prev]
[10-2004 Date Index]
[Date Next]
||
[Thread Prev]
[10-2004 Thread Index]
[Thread Next]
Security UPDATE -- Strengthen Browser Security with Third-Party Solutions--October 6, 2004
- From: Educational CyberPlayGround <admin@xxxxxxxxxxxxxxx>
- To: NetworkNewsletters@xxxxxxxxxxxxx
- Date: Tue, 12 Oct 2004 12:30:54 -0400
*************************************************************
Educational CyberPlayGround http://www.edu-cyberpg.com/
Network Newsletters Mailing List
**************************************************************
Network Newsletters Mailing List Service
<http://www.edu-cyberpg.com/Community/Subguidelines.html>
Subscribe | Unsubscribe | Change Email Preferences -
<http://www.edu-cyberpg.com/Community/K12Newsletters.html>
**************************************************************
>
>Subject: [ISN] Security UPDATE -- Strengthen Browser Security with
> Third-Party Solutions--October 6, 2004
>
>
>
>====================
>
>1. In Focus: Strengthen Browser Security with Third-Party Solutions
>
>2. Security News and Features
> - Recent Security Vulnerabilities
> - JPEG GDI+ Trojan Unleashed
> - More JPEG GDI+ Exploits
> - Welcome to the "You've Been Hacked" Blog
>
>3. Security Matters Blog
> - Trojans with a Twist
>
>4. Instant Poll
>
>5. Security Toolkit
> - FAQ
> - Security Forum Featured Thread
>
>6. New and Improved
> - Spam Solution Adds User Quarantine Features
>
>====================
>1. In Focus: Strengthen Browser Security with Third-Party Solutions
> by Mark Joseph Edwards, News Editor, mark at ntsecurity / net
>
>If you subscribe to our WinInfo email newsletter, then you've probably
>read stories by Paul Thurrott that discuss how Microsoft will handle
>improvements to Internet Explorer (IE) in the future. If you don't
>subscribe to the newsletter and want to, then visit the home page below,
>where you'll find a link to the subscription form.
> http://list.windowsitpro.com/cgi-bin3/DM/y/ehkw0MfYqv0Kma0BL3Q0AV
>
>As you know, it's been quite some time since Microsoft released a new
>version of the browser. Meanwhile, other browsers, such as Opera
>Software's Opera and Mozilla Firefox, have added considerable new
>features and functionality. But Microsoft has decided that it will
>introduce future IE improvements via service packs--it won't offer newer
>versions of the Web browser as standalone software because the company
>considers IE an integral part of the OS.
>
>The recent Windows XP Service Pack 2 (SP2) offers improvements to the
>underlying security of the OS and various components, including IE.
>Microsoft isn't planning to offer similar improvements to Windows 2000
>and earlier OSs.
>
>Many of you can't upgrade to XP yet for a variety of reasons, but in the
>meantime, you still want to improve overall system security. You can
>gain some of XP SP2's improvements by using third-party products. In at
>least one case--Windows Firewall--third-party products are typically
>superior. Because Windows Firewall allows all outbound connections
>without any means to control them, it's probably a wise idea to use a
>third-party firewall on systems on which you require precise control
>over network traffic.
>
>To improve the IE security on Windows 2000 and previous OSs, three
>options immediately come to mind, although there are probably others.
>One option lets you keep using IE as your primary browser; the other two
>options recommend that you use another browser as your primary browser
>and use IE only when you have to for whatever reason. I describe the
>options below in no particular order.
>
>One option is to add PivX's Qwik-Fix Pro to your systems to help you
>modify IE zones to lock down the browser and prevent malware from
>exploiting the system. Another option is to purchase a browser such as
>Winferno Software's Secure IE 2004, which is an IE replacement that
>offers better security than IE versions prior to XP SP2's. The third
>option is to use a free third-party browser such as Mozilla Firefox or
>Opera Software's Opera, both of which offer functionality similar to
>that found in IE under XP SP2.
> http://list.windowsitpro.com/cgi-bin3/DM/y/ehkw0MfYqv0Kma0BL3R0AW
> http://list.windowsitpro.com/cgi-bin3/DM/y/ehkw0MfYqv0Kma0BL3S0AX
> http://list.windowsitpro.com/cgi-bin3/DM/y/ehkw0MfYqv0Kma0BDPj0AH
> http://list.windowsitpro.com/cgi-bin3/DM/y/ehkw0MfYqv0Kma0BL3T0AY
>
>Qwik-Fix Pro and Secure IE 2004 cost money, which of course is
>reasonable to expect. Opera is available for free if you're willing to
>view banner advertising while you use it; if you buy it, you can use it
>ad-free. Firefox is open source and as such is available for free and
>without banner advertising.
>
>====================
>
>==== 2. Security News and Features ====
>
>Recent Security Vulnerabilities
> If you subscribe to this newsletter, you also receive Security
>Alerts, which inform you about recently discovered security
>vulnerabilities. You can also find information about these
>discoveries at
> http://list.windowsitpro.com/cgi-bin3/DM/y/ehkw0MfYqv0Kma0BL3U0AZ
>
>JPEG GDI+ Trojan Unleashed
> It was only a matter of time before someone unleashed malware that
>exploits the JPEG GDI+ vulnerability. Over the last two weeks,
>various people have released proof-of-concept code. Now someone has
>unleashed a JPEG file that causes a buffer overrun and runs shell
>code on the affected system.
> http://list.windowsitpro.com/cgi-bin3/DM/y/ehkw0MfYqv0Kma0BL3V0Aa
>
>More JPEG GDI+ Exploits
> As could probably be expected, intruders have begun using AOL Instant
>Messenger (AIM) and other methods to exploit unsuspecting users who
>have the JPEG GDI+ vulnerability. At least two new Trojan Horse
>programs have been unleashed.
> http://list.windowsitpro.com/cgi-bin3/DM/y/ehkw0MfYqv0Kma0BL3W0Ab
>
>Welcome to the "You've Been Hacked" Blog
> We've added a second security blog, "You've Been Hacked," hosted by
>Brett Hill. Over the next few months, Hill will host a frank
>discussion of security issues related to Microsoft OSs, services, and
>products. As the blog title suggests, the blog will focus on what to
>do if you think you've been hacked. We want to hear from you about
>your experiences, questions, and concerns.
> http://list.windowsitpro.com/cgi-bin3/DM/y/ehkw0MfYqv0Kma0BL3X0Ac
>
>====================
>
>
>==== 3. Security Matters Blog ====
> by Mark Joseph Edwards,
> http://list.windowsitpro.com/cgi-bin3/DM/y/ehkw0MfYqv0Kma0BL3Z0Ae
>
>Check out this recent entry in the Security Matters blog:
>
>Trojans with a Twist
> Trojan horse programs are a bad enough problem because they can allow
>remote access to a user's computer. One would think that having a
>firewall in place would prevent a Trojan from opening back doors in
>case of infection. But Windows Firewall won't prevent the
>Win32.Surila.K Trojan from opening a back door on your system.
>
>==== 4. Instant Poll ====
>
>Results of Previous Poll:
>Have you experienced difficulty determining which of your systems need
>the latest Microsoft security patches (MS04-027 and MS04-028)?
> The voting has closed in this Windows IT Pro Security Hot Topic
>nonscientific Instant Poll. Here are the results from the 20 votes.
> - 65% Yes
> - 20% No
> - 15% I'm not sure
> (Deviations from 100 percent are due to rounding.)
>
>New Instant Poll:
>Have you been affected by a recent JPEG GDI+ exploit?
> Go to the Security Hot Topic and submit your vote for
> - Yes
> - No, we've patched our systems
> - No, we've patched our systems and removed vulnerable JPEG images
> - No
> - I'm not certain
> http://list.windowsitpro.com/cgi-bin3/DM/y/ehkw0MfYqv0Kma0BLi70Ax
>
>==== 5. Security Toolkit ====
>
>FAQ
> by John Savill,
> http://list.windowsitpro.com/cgi-bin3/DM/y/ehkw0MfYqv0Kma0BL3a0Al
>
>Q: Has Microsoft updated any of the Windows Support Tools in Windows XP
>Service Pack 2 (SP2)?
>
>Find the answer at
> http://list.windowsitpro.com/cgi-bin3/DM/y/ehkw0MfYqv0Kma0BL3b0Am
>
>Security Forum Featured Thread: Disabling .vbs Files in an OU
> A forum participant is looking for a way to use a policy to disable
>the use of some .vbs files in an Active Directory (AD) organizational
>unit (OU) while allowing the use of some .vbs files that he approves
>of. His understanding is that he can implement only an "all or
>nothing" policy and wonders whether anyone knows a way around this
>limitation. Join the discussion at
> http://list.windowsitpro.com/cgi-bin3/DM/y/ehkw0MfYqv0Kma0BL3c0An
>
>====================
>
>==== 6. New and Improved ====
> by Renee Munshi, mailto:products@xxxxxxxxxxxxxxxx
>
>Spam Solution Adds User Quarantine Features
> Trend Micro announced new End User Quarantine (EUQ) features for
>Trend Micro Spam Prevention Solution (SPS) to reduce Help-desk
>burdens, to help corporate users manage their own "approved senders"
>lists, and to improve accuracy and effectiveness. EUQ, a free add-on,
>quarantines suspicious "graymail" messages (i.e., messages not
>clearly identifiable as spam) into Microsoft Exchange Server folders
>for each user. Thus, SPS users have instant access to potentially
>important messages and can individually approve any problematic
>senders. EUQ improves SPS's reporting and management capabilities and
>decreases the number of false positives while increasing the spam
>detection rate.
> http://list.windowsitpro.com/cgi-bin3/DM/y/ehkw0MfYqv0Kma0BL3e0Ap
>
>Tell Us About a Hot Product and Get a T-Shirt!
> Have you used a product that changed your IT experience by saving you
>time or easing your daily burden? Tell us about the product, and
>we'll send you a T-shirt if we write about the product in a future
>Windows IT Pro What's Hot column. Send your product suggestions with
>information about how the product has helped you to
>mailto:whatshot@xxxxxxxxxxxxxxxxx
>
>Editor's note: Share Your Security Discoveries and Get $100
> Share your security-related discoveries, comments, or problems and
>solutions in the Security Administrator print newsletter's Reader to
>Reader column. Email your contributions (500 words or less) to
>mailto:r2rsecadmin@xxxxxxxxxxxxxxxxx If we print your submission, you'll
>get $100. We edit submissions for style, grammar, and length.
>
>====================
>
>==== Contact Us ====
>
>About the newsletter -- mailto:letters@xxxxxxxxxxxxxxxx
>About technical questions --
>http://list.windowsitpro.com/cgi-bin3/DM/y/ehkw0MfYqv0Kma0BKxi0A2
>About product news -- mailto:products@xxxxxxxxxxxxxxxx
>About your subscription -- mailto:securityupdate@xxxxxxxxxxxxxxxx
>About sponsoring Security UPDATE -- mailto:emedia_opps@xxxxxxxxxxxxxxxx
>
>====================
>
>This email newsletter is brought to you by Windows IT Pro,
>the leading publication for IT professionals deploying Windows and
>related technologies. Subscribe today.
> http://list.windowsitpro.com/cgi-bin3/DM/y/ehkw0MfYqv0Kma0BKxj0A3
>
>View the Windows IT Pro privacy policy at
>http://list.windowsitpro.com/cgi-bin3/DM/y/ehkw0MfYqv0Kma0BLPu0Aa
>
>Windows IT Pro, a division of Penton Media, Inc.
>221 East 29th Street, Loveland, CO 80538
>Attention: Customer Service Department
>
>Copyright 2004, Penton Media, Inc. All rights reserved.
<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>
EDUCATIONAL CYBERPLAYGROUND
http://www.edu-cyberpg.com
Net Happenings, K12 Newsletters, Network Newsletters
http://www.edu-cyberpg.com/Community/index.html
FREE EDUCATION VENDOR DIRECTORY LISTING
http://www.edu-cyberpg.com/Directory/default.asp
HOT LIST OF SCHOOLS ONLINE
http://www.edu-cyberpg.com/Schools/default.asp
Educational CyberPlayGround Services
http://www.edu-cyberpg.com/PS/Home_Products.html
<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>
|
|
