|
[networknewsletters]
||
[Date Prev]
[10-2006 Date Index]
[Date Next]
||
[Thread Prev]
[10-2006 Thread Index]
[Thread Next]
Security Update: Two More Portable Anonymous Web Browsers
- From: Educational CyberPlayGround <admin@xxxxxxxxxxxxxxx>
- To: NetworkNewsletters@xxxxxxxxxxxxx
- Date: Mon, 09 Oct 2006 22:39:06 -0400
<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>
Network Newsletters Mailing List ©1994
Subscribe - Unsubscribe - Email Preferences
http://www.edu-cyberpg.com/Community/NetworkNewsletters.html
Educational CyberPlayGround Community Mailing Lists
http://www.edu-cyberpg.com/Community/
Advertise Network Newsletters Guidelines
http://www.edu-cyberpg.com/Community/Subguidelines.html
<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>
******************************************************************
ARE YOU CRANKY? SCANKY? ARE YOU INFECTED??
Everyone Needs Security Information
http://www.edu-cyberpg.com/Technology/SECURITY.html
FREE and it checks your computer to see if you're
vulnerable and/or have been infected by a virus or Trojan Horse.
******************************************************************
=== CONTENTS ===================================================
IN FOCUS: Two More Portable Anonymous Web Browsers
NEWS AND FEATURES
- Two IE Vulnerabilities Allow Unwanted Code Execution
- EMC Forms New Security Division
- Recent Security Vulnerabilities
GIVE AND TAKE
- Security Matters Blog: New Tool: WindowsZones
- FAQ: Join Vista to a Domain
- Microsoft Learning Paths for Security: Identity and Access
Management
- KNOW YOUR IT SECURITY Contest
PRODUCTS
- Keep an Eye on Your Files
- Wanted: Your Reviews of Products
RESOURCES AND EVENTS
FEATURED WHITE PAPER
=== IN FOCUS: Two More Portable Anonymous Web Browsers =========
by Mark Joseph Edwards, News Editor, mark at ntsecurity / net
A few weeks ago after I wrote about Browzar (see the article at the URL
below), a few people wrote to criticize the tool. That's to be
expected, and I do respect their opinions even though they differ from
mine. Since then, I've been looking around for other browsers that can
help protect privacy above and beyond the typical browser features of
being able to manually clear history and cache data. So far I've found
two tools that fit the bill.
http://list.windowsitpro.com/t?ctl=39EEC:7EB890
The first tool, PortableApps.com's Mozilla Firefox - Portable Edition
(at the URL below) is based on Mozilla Foundation's Firefox code but
was independently developed by John T. Haller. First released in June
2004, Firefox Portable seems to be kept up to date, including the
addition of any necessary security fixes soon after vulnerabilities are
found.
http://list.windowsitpro.com/t?ctl=39EF7:7EB890
Firefox Portable is designed specifically to be copied onto portable
media. You can install it on a small USB flash drive (or CD-ROM) and
use it on nearly any PC that doesn't have its USB ports or CD-ROM drive
locked down. Like regular Firefox, the portable version lets you
install extensions and themes, but unlike Firefox, Firefox Portable
helps prevent storage of usage information. Your download history is
deleted when you shut the browser down cleanly (but not, for example,
when you terminate the FirefoxPortable.exe process manually), URL
history and form data storage are disabled by default, and no disk
cache is used by default. However, you can configure Firefox Portable
to write such data to the portable media (if the media is writeable)
and use cache if you like.
I tested Firefox Portable, and it works just fine. The self-extracting
executable dumps all the required files into one directory tree that
you select. The installed size is about 16.5MB. Note that Firefox
Portable won't run if another instance of Firefox is already running.
The second tool I found is Torpark (at the URL below). Developed by
Hacktivismo, which "[operates] under the aegis of the [infamous] Cult
of the Dead Cow (cDc)," Torpark is relatively new and based on the
Firefox Portable code. It includes a very interesting added benefit in
that it uses the The Onion Router (Tor) network.
http://list.windowsitpro.com/t?ctl=39EFD:7EB890
In case you aren't aware of it, Tor (at the URL below) is software that
builds a network of relatively anonymous servers by chaining them
together automatically to encrypt and route traffic to and from its
destination. At its core, a Tor client acts as a Sockets (Socks) proxy.
http://list.windowsitpro.com/t?ctl=39EFE:7EB890
According to the developers, "Torpark comes pre-configured, requires no
installation, can run off a USB memory stick, and leaves no tracks
behind in the browser or computer." Sounds pretty good, right? There is
however one drawback: Tor can be very slow at times. Tor volunteer
server operators can regulate how much bandwidth they devote to their
Tor server, and it seems that many Tor server operators allocate only a
small amount. But if you really need anonymous Web surfing ability,
some lag time is probably worth it.
I tested Torpark and it's really easy to use. The installation process
is the same as for Portable Firefox except that Torpark also installs
the Tor client. The installed size is about 27MB. The custom Web
interface includes all the regular Firefox controls along with two
additional buttons: one to enable or disable use of the Tor network (so
you can use Torpark without Tor to just browse without encryption) and
another to flush the Tor circuit. The latter feature causes Tor to
chain together a new set of Tor servers to use as your path out to the
Internet. Flushing the circuit doesn't always result in a faster
circuit, but at times it might, so the feature is helpful.
I'll also point out for the Browzar detractors that neither Firefox
Portable nor Torpark include any spyware or adware. Both let you
customize the search tool just like Firefox does.
=== SECURITY NEWS AND FEATURES =================================
Two IE Vulnerabilities Allow Unwanted Code Execution
Two new vulnerabilities were recently discovered in Microsoft
Internet Explorer (IE). One allows intruders to install shell code and
take subsequent actions, including installing malware.
http://list.windowsitpro.com/t?ctl=39EF1:7EB890
The other, located in the DirectAnimation ActiveX control, also lets
unwanted code be run on an affected system.
http://list.windowsitpro.com/t?ctl=39EEF:7EB890
EMC Forms New Security Division
EMC has completed the acquisition of RSA Security and has acquired
Network Intelligence. EMC will form a new security division based on
the RSA brand. Former chief executive officer at RSA, Art Coviello,
will lead the division as president and will serve as an executive vice
president at EMC. Network Intelligence will become a business unit of
the new division.
http://list.windowsitpro.com/t?ctl=39EF2:7EB890
Other Recent Security Vulnerabilities
If you subscribe to this newsletter, you also receive Security
Alerts, which inform you about recently discovered security
vulnerabilities. You can also find information about these
discoveries at
http://list.windowsitpro.com/t?ctl=39EEB:7EB890
=== GIVE AND TAKE ==============================================
SECURITY MATTERS BLOG: New Tool: WindowsZones
by Mark Joseph Edwards, http://list.windowsitpro.com/t?ctl=39EFA:7EB890
WindowsZones is a new tool that claims to be able to protect
Internet applications against zero-day exploits and to move those
applications between security zones on the fly.
http://list.windowsitpro.com/t?ctl=39EF0:7EB890
FAQ: Join Vista to a Domain
by John Savill, http://list.windowsitpro.com/t?ctl=39EF5:7EB890
Q: How do I join my Windows Vista machine to a domain?
Find the answer at
http://list.windowsitpro.com/t?ctl=39EEE:7EB890
MICROSOFT LEARNING PATHS FOR SECURITY: Identity and Access Management
Use the resources listed on the Microsoft Learning Paths Web page to
get in-depth information about identity and access management. Find out
how to provide a secure environment for managing user identities,
authentication methods, and access rights across an organization's
internal and external users.
http://list.windowsitpro.com/t?ctl=39EF3:7EB890
KNOW YOUR IT SECURITY Contest
Sponsored by Microsoft Learning Paths for Security
Share your security-related tips, comments, or solutions in 500 words
or less, and you could be one of 13 lucky winners of a Windows Mobile
phone. Tell us how you do patch management, share a security script,
write about a security article you've read or a Web cast you've viewed.
Submit your entry between now and December 13. We'll select the 13 best
entries, and the winners will receive a Windows Mobile phone--plus,
we'll publish the winning entries in the Windows IT Security
newsletter. Email your contributions to tipswinitsec@xxxxxxxxxxxxxxxxx
Prizes are courtesy of Microsoft Learning Paths for Security:
http://list.windowsitpro.com/t?ctl=39EF3:7EB890
=== PRODUCTS ===================================================
by Renee Munshi, products@xxxxxxxxxxxxxxxx
Keep an Eye on Your Files
IS Decisions announces FileAudit 3.0, which lets you track accesses
of and changes to Windows files. New features in FileAudit 3.0 include
a redesigned GUI, which you can use from the FileAudit console or from
Windows Explorer; the ability to display access history in printable
reports that you can schedule to run automatically, the ability to
schedule archiving of access events occurring on one or more systems to
a database; and the ability to filter events (e.g., by type, user,
timeframe). Pricing starts at $125 per audited system. For more
information, go to
http://list.windowsitpro.com/t?ctl=39EF6:7EB890
WANTED: your reviews of products you've tested and used in
production. Send your experiences and ratings of products to
whatshot@xxxxxxxxxxxxxxxx and get a Best Buy gift certificate.
=== RESOURCES AND EVENTS =======================================
For more security-related resources, visit
http://list.windowsitpro.com/t?ctl=39EF4:7EB890
Exchange & Office 2007 Roadshow Coming to EMEA!
Get the facts about deploying Exchange and Office 2007! You'll come
away with a clear understanding of how to implement a best-practices
migration to Exchange Server 2007 and how you and your end users can
get the most out of Office 2007, and you'll learn more about Windows
Vista.
http://list.windowsitpro.com/t?ctl=39EE9:7EB890
Enterprises on average store identity information in 63 places. Learn
about provisioning, synchronization, single sign-on, identity and
access management, LDAP, and directory interop solutions from
independent expert Gil Kirkpatrick at TechX World in Washington DC,
Chicago, Dallas, and San Francisco next month. Three other content
tracks cover OS interoperability, data integration/interoperability,
and virtualization.
http://list.windowsitpro.com/t?ctl=39EF8:7EB890
Whether you're an outsourced-IT provider, part of an in-house IT
service staff, or simply provide remote support, this can't-miss Web
seminar will help you discover how the right technologies can expand
your services. You'll learn how to tap into a $30 billion market for IT
services and expand your geographic reach. Live Web seminar: Tuesday,
October 17
http://list.windowsitpro.com/t?ctl=39EE7:7EB890
Dramatically simplify Exchange troubleshooting with an in-depth look at
built-in troubleshooting tools and third-party applications. Join us as
we analyze a typical troubleshooting process, address the problems
faced while using standard tools, and learn how automated
troubleshooting can address these challenges. View this free Web
seminar now!
http://list.windowsitpro.com/t?ctl=39EE3:7EB890
Mark Joseph Edwards discusses emerging spyware threats, including
rootkits, keyloggers, and distribution methods. On-demand Web seminar
http://list.windowsitpro.com/t?ctl=39EE6:7EB890
=== FEATURED WHITE PAPER =======================================
Branch offices need flexibility and autonomy in implementing IT
solutions; corporate requirements require centralized management,
security, and compliance initiatives. Learn to resolve these conflicts
and reduce your operational costs for branch offices with limited IT
resources. Download the free white paper today!
http://list.windowsitpro.com/t?ctl=39EE4:7EB890
Copyright 2006, Penton Media, Inc. All rights reserved.
<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>
Copyright statements to be included when reproducing
annotations from Network Newsletters
The single phrase below is the copyright notice to be used when
reproducing any portion of this report, in any format:
EDUCATIONAL CYBERPLAYGROUND
http://www.edu-cyberpg.com
Network Newsletters copyright
http://www.edu-cyberpg.com/Community/NetworkNewsletters.html
FREE EDUCATION VENDOR DIRECTORY LISTING
http://www.edu-cyberpg.com/Directory/
HOT LIST REGISTRY OF K12 SCHOOLS ONLINE
http://www.edu-cyberpg.com/Schools/
<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>~~~~~<>
|
