Security UPDATE--So Long ORDB; So Long 2006--December 27, 2006

IN FOCUS: So Long ORDB; So Long 2006

NEWS AND FEATURES
- ElcomSoft's Proactive Password Auditor Now Supports DEP, Vista, and More
- Websense to Begin Offering Information Leak Prevention
- Train to Be a Certified Ethical Hacker
- Recent Security Vulnerabilities

GIVE AND TAKE
- Security Matters Blog: Stupid Security Tricks?
- FAQ: Windows Vista Security Guide
- Share Your Security Tips

PRODUCTS
- New Protection for OWA Users' Attachments
- Wanted: Your Reviews of Products

RESOURCES AND EVENTS

FEATURED WHITE PAPER

ANNOUNCEMENTS

=== SPONSOR: Bit9

Comparing Approaches for Desktop Software Lockdown
Prevent installation and execution of unauthorized software on the computers on your network. Download this free whitepaper today for a comparison of different techniques for detecting and preventing unauthorized code. Protect against the emerging risks today!
http://www.windowsitpro.com/go/whitepapers/bit9/lockdown/?code=SECTop1227

=== IN FOCUS: So Long ORDB; So Long 2006

Remember the days, years ago, when we could use just about any mail server we wanted to send legitimate email? That ability was especially helpful in certain instances, particularly when our regular mail server went down or we found ourselves unable to reach our regular mail server while traveling. The ability for anyone to use a given mail server of course meant that the server was an open relay, and the days of open relays are nearly gone, thanks to spammers.

Spammers' abuse of open relays quickly led to a new "best practice" of administrators no longer leaving their mail servers wide open for use by anyone (for the most part anyway). At the same time, people formed groups that began tracking open relays with the intent of providing lists of those servers to others who wanted to use them to help detect potential spam.

One such group, Open Relay Database (ORDB), has been a long-standing resource for administrators in their efforts to eliminate spam. But alas, last week ORDB announced that it's shutting down.

The nonprofit organization--founded 5 1/2 years ago--provided a valuable service to the Internet community by making its database available via several methods, including simple and fast DNS queries.

When ORDB went live in 2001, private individuals and network administrators at companies of all sizes around the world began to use it as one of several methods of gauging whether a message might be spam. The logic of using ORDB was simply that if a message passed through an open relay, then it was likely spam because spammers abuse open relays.

Community support for the integration of ORDB was significant. Integration methods were made available for many popular mail servers including Postfix, Sendmail, qmail, Exim, Lotus Domino, and Microsoft Exchange Server. But although integration support was strong, the operators of ORBD say that they think the usefulness of ORDB has reached its end.

A message posted on the organization's Web site said that "the general consensus within the team is that open relay \[blacklists\] are no longer the most effective way of preventing spam from entering your network as spammers have changed tactics in recent years, as have the anti-spam community."

http://ordb.org/news/?id=38

The ORDB mailing lists and the organization's DNS servers--the latter of which provided the means to check whether a mail server was an open relay--were shut down December 18. The ORDB team said that the Web site itself will be taken down as of December 31.

So long, ORDB, and thanks for all your hard work.

While ORDB blacklisted only open relays, other blacklist services continue to provide open relay databases and more. Such services can be used to check for a variety of other conditions about a given email message. For example, many blacklist operators now think that running a mail server on a dynamic IP address is taboo, so some provide databases of dynamic IP addresses in use around the world. The logic behind blacklisting mail servers that use dynamic IP addresses is that bots routinely turn the computers of dial-up users into prolific senders of spam, building behemoth mail server networks for spammers.

Other types of data offered by blacklist providers can include lists of open proxies, Web sites that host vulnerable mailer scripts, servers and networks that are known to be used to send spam, hijacked networks used to send spam, and more.

Quite some time ago, I wrote about the spam problem and mentioned a useful report that shows which blacklists are most effective for Jeff Makey. You can view his frequently updated report at the URL below. Many of the blacklists in Makey's report have proven effective in my own tests, and I think you'll find some of them effective for you too.

http://www.sdsc.edu/~jeff/spam/cbc.html

This is the last edition of Security Update for 2006. We've come a long way since the newsletter began in late 1998. We've published more than 400 editions, brought you well over a thousand security-related news stories, pointed you to several hundred feature articles by various authors, and fielded countless email messages from you, our readers. We look forward to bringing you even more in the year ahead. And with that said, I wish you all a happy new year.

=== SPONSOR: St. Bernard Software

Defending Against Inappropriate Content, Spyware, IM, and P2P at the Perimeter
Examine the threats of allowing unwanted or offensive content into your network and learn about the technologies and methodologies to defend against inappropriate content, spyware, IM, and P2P.
http://www.windowsitpro.com/whitepapers/stbernard/internetaccess/index.cfm?code=SECMid1227

=== SECURITY NEWS AND FEATURES

ElcomSoft's Proactive Password Auditor Now Supports DEP, Vista, and More
ElcomSoft released Proactive Password Auditor 1.7. The new version works on systems that use Data Execution Prevention (DEP) and also supports Windows Vista platforms. Other improvements in the new version include a "Rainbow Attack" mode for NT LAN Manager (NTLM) and LM authentication and full Unicode compliance.
http://www.windowsitpro.com/Article/ArticleID/94685.html

Websense to Begin Offering Information Leak Prevention
Websense is set to add information leak prevention technology to its offerings with the acquisition of PortAuthority Technologies. Websense said it will pay approximately $90 million in cash to acquire the company.
http://www.windowsitpro.com/Article/ArticleID/94684.html

Train to Be a Certified Ethical Hacker
New Horizons launched its new Certified Ethical Hacker Program, which aims to certify individuals in ethical hacking from a vendor-neutral perspective.
http://www.windowsitpro.com/Article/ArticleID/94683.html

Recent Security Vulnerabilities
If you subscribe to this newsletter, you also receive Security Alerts, which inform you about recently discovered security vulnerabilities. You can also find information about these discoveries at
http://www.windowsitpro.com/departments/departmentid/752/752.html

=== SPONSOR: Thawte

Understanding and Leveraging Code Signing Technologies
Learn all you need to know about code signing technology, including the goals and benefits of code signing, how code signing works and the underlying cryptographic and security concepts and building blocks.
http://www.windowsitpro.com/go/ebooks/codesigning?code=SECHot1227

=== GIVE AND TAKE

SECURITY MATTERS BLOG: Stupid Security Tricks?
by Mark Joseph Edwards, http://www.windowsitpro.com/securitymatters

I'm not sure whether this new trend is stupendous or just plain stupid. You be the judge when you read about it in this blog article.
http://www.windowsitpro.com/Article/ArticleID/94653

FAQ: Windows Vista Security Guide
by John Savill, http://www.windowsitpro.com/windowsnt20002003faq

Q: What is the Windows Vista Security Guide?

Find the answer at
http://www.windowsitpro.com/Article/ArticleID/94620

SHARE YOUR SECURITY TIPS AND GET $100
Share your security-related tips, comments, or problems and solutions in the Windows IT Security print newsletter's Reader to Reader column. Email your contributions to [email protected]. If we print your submission, you'll get $100. We edit submissions for style, grammar, and length.

=== PRODUCTS

New Protection for OWA Users' Attachments
Messageware announced the release of AttachView 8.0. AttachView converts email attachments in Microsoft Outlook Web Access (OWA) into secure Web pages so that users don't unintentionally leave them behind in a computer's Web browser cache. Other new features are the ability to block certain users and locations from printing attachments (so they can't be accidentally left on a public printer) and a new design that reduces bandwidth between Exchange Server systems, which should result in a significant performance increase for larger corporations. For more information, go to
http://www.messageware.com

WANTED: your reviews of products you've tested and used in production. Send your experiences and ratings of products to [email protected] and get a Best Buy gift certificate.

=== RESOURCES AND EVENTS

Find the buried treasure by uncovering the secrets to Web filtering. Complete this quiz correctly and you could be a winner! http://popquiz.windowsitpro.com/stbernardtreasurehunt/

Expert Ben Smith describes the benefits of using server virtualization to make computers more efficient. Download the exclusive podcast today! http://www.windowsitpro.com/go/podcasts/hp/virtualization/?code=1227emailannc

Do you have visibility and control over your software license use? Most organizations face a number of serious challenges, including understanding vendor licensing models, cost overruns, missed deadlines, business opportunities, and lost user productivity. Learn to address these challenges, and prepare for audits. Register for the free Web seminar, available now! http://www.windowsitpro.com/go/seminars/macrovision/softwarelicensing/?partnerref=1227emailannc

We're giving away a PS3--Register for any Web seminar before December 31 and you could win! Visit http://www.windowsitpro.com/events to see a full listing of on-demand Web seminars that you can register for!

You know you need to manage your email data; how do you do it? What steps are you taking? What additional measures should you enact? What shouldn't you do? Get answers to these questions and get control of your vital messaging data. Download the free eBook today! http://www.windowsitpro.com/go/ebooks/ilumin/discovery/?code=1227emailannc

Get a solid introduction to Data Protection Manager (DPM), now shipping with Microsoft System Center. Download the full ebook today to learn how to use DPM to augment tape-based backups. http://www.windowsitpro.com/go/ebooks/microsoft/dpm/?code=1227emailannc

=== FEATURED WHITE PAPER

Can you trust users to protect critical PC business data? One in 3 users write down their passwords--leaving data at risk, even with encryption-only protection. True PC data protection requires organizational control of your data. Download this free white paper today to find out how to accomplish your PC data security goals without inhibiting employee productivity. http://www.windowsitpro.com/go/whitepapers/beachhead/encryption/?code=1227featwp

BONUS: Register for any white paper from Windows IT Pro in the month of December, and be entered to win a Wii! Visit http://www.windowsitpro.com/whitepapers for more information and a complete white paper listing.

=== ANNOUNCEMENTS

Holiday Offer--Save $40 off Windows IT Pro Don't miss Windows IT Pro magazine in 2007! As a subscriber, you'll have full access to must-have content covering Windows Vista deployment, virtualization & disaster recovery, Active Directory enhancements, Office 2007 launch, SharePoint fundamentals and much more. Order now and save $40: https://store.pentontech.com/index.cfm?s=1&promocode=eu206cuw

Make Your Mark on the IT Community! Nominate yourself or a peer to become an "IT Pro of the Month." This is your chance to get the recognition you deserve! Winners will receive over $600 in IT resources and be featured in Windows IT Pro magazine and the TechNet Flash email newsletter. It's easy to enter--accepting January nominations now for a limited time! Submit your nomination today: http://www.windowsitpro.com/go/itpromonth