Security UPDATE--Resurrection of the Frog--June 7, 2006

1. In Focus: Resurrection of the Frog

2. Security News and Features

- Recent Security Vulnerabilities

- Windows Vista: Advancements on the Security Front

- ASLR Makes Vista a Moving Target

- Nmap 4.0 Does Windows

3. Security Toolkit

- Security Matters Blog

- FAQ

- Security Forum Featured Thread

- Share Your Security Tips

4. New and Improved

- Security Appliances Add SMB-Friendly Features

==== Sponsor: SolarWinds ====

SolarWinds.Net Toolsets Focus On Security

Whether you are responsible for a small campus or the entire nation, the SolarWinds.Net Network Performance Monitor lets you take control of network management. The advanced security tools allow you to not only test your Internet security with the SNMP Brute Force Attack and Dictionary Attack utilities, but also validate the security on your Cisco routers with the Router Security Check. The Remote TCP Reset remotely displays all active sessions on a device and the Password Decryption lets you decrypt Type 8 Cisco Passwords. This toolset can also monitor and alert on availability, bandwidth utilization, CPU load, memory and disk space utilization. Try a free trial of SolarWinds Engineer's Edition Toolset, including advanced security tools today!

http://www.solarwinds.net/Tools/Engineer/index.htm?CMP=NLC-T7Y804562439

==== 1. In Focus: Resurrection of the Frog ====

by Mark Joseph Edwards, News Editor, mark at ntsecurity / net

Two weeks ago, I wrote about the demise of Blue Security's Blue Frog antispam service. You recall that the company decided to terminate the service in the face of overwhelming attacks on its servers by spammers. Even after Blue Frog was terminated, the attackers attacked again. I questioned whether Blue Security made the right decision in terminating Blue Frog. Some of you wrote to express your opinions, and I'll share some of those this week, then fill you in on what I think is some good news.

One reader wrote, "I don't know how you \[can\] claim that Blue Frog was 'an incredibly effective method of fighting spam' when it has this kind of outcome. If it was effective, Blue Security wouldn't have had to surrender. An effective solution would have been one where the problem was resolved and no new problems were produced."

I think this opinion is a bit idealistic. Sure, Blue Frog had some problems, but the service did stop spam. Blue Security reported that 6 out of 10 of the world's top spammers completely stopped sending spam to users of Blue Frog.

Another reader wrote "Look, it was a terrible, horrible, miserable idea doomed to failure. Nothing wrong with opting out automatically. Nothing wrong with making spammers lives miserable. \[But there is\] everything wrong with having a 'Do Not Email' list. All a spammer had to do was check his own database against \[Blue Security's\] database and they had all the email addresses of Blue's subscribers."

In response, I'll quote well-known security expert Marcus Ranum, with whom I agree on this matter. Last year, Ranum wrote an extensive analysis of Blue Frog (at the URL below) that included his opinion about its hashed "do not email" list. Ranum wrote, "... there is no evidence that \[spammers\] care about the accuracy of their lists--since it costs them nothing to send the messages in the first place, there is no reason for them to concern themselves with ensuring that their lists are accurate. Furthermore, if the Blue Security registry were used by an offender to improve their recipient list, they would be including in that list a significant number of the honeypot addresses, which would prove the fact that they were intent on ignoring the do not email registry."

http://www.ranum.com/security/computer_security/editorials/bluesecurity

Finally, another reader wrote, "Unfortunately, the only ones organized and motivated sufficiently to win this \[cyberwar\] are those with monetary interests in doing so. A spam company, backed by grey market or even criminal enterprises, can devote all its resources to launching and sustaining DOS attacks against Blue Security or any other would-be Blue Frog indefinitely, while Blue Security will eventually need to justify itself to shareholders. Blue Frog demonstrated its effectiveness, and showed us a way to beat spam. But I think that only the formation of free companies, in the sense of mercenaries, will enable our side to continue this fight."

That leads me to the good news. A new open-source project, Okopipi, has been formed to perform the same basic service as Blue Frog. Okopipi will work similarly to Blue Frog, but its overall architecture will be different.

Okopipi (the local name for the South American Blue Poison Dart Frog) will be based at least in part on Blue Frog's code, which was made available as open source prior to the service's demise. However, unlike Blue Frog, Okopipi will use a peer-to-peer model with hidden decentralized servers that will help safeguard against potential Denial of Service (DoS) attacks. Spammers might be able to discover and attack a few nodes of the network, but in theory they won't be able to discover all nodes and thus won't be able to bring down the entire network.

You can learn more about Okopipi, which is just starting to ramp up, at the URL below. If you're a programmer, consider joining the effort to develop the software; if you have design or management talents, consider lending your guidance to those who will take part in the project.

http://www.okopipi.org

Now just for a second, while keeping in mind that Windows is used on roughly 80 percent of all desktops around the world, imagine that Okopipi were distributed with every copy of Windows. Imagine the impact that those millions of users could have on stamping out spam. Imagine Microsoft philanthropically backing the Okopipi project. Wow, what a great dream.

==== Sponsor: AlertLogic ====

Ensure that you're being effective with your internal network security. Are your DIY options protecting you against worms, BotNets, Trojans and hackers? Make sure! Live Event: Tuesday, May 23

http://www.windowsitpro.com/go/seminars/alertlogic/outsourcing/?partnerref=SECMid0607

==== 2. Security News and Features ====

Recent Security Vulnerabilities

If you subscribe to this newsletter, you also receive Security Alerts, which inform you about recently discovered security vulnerabilities. You can also find information about these discoveries at

http://www.windowsitpro.com/departments/departmentid/752/752.html

Windows Vista: Advancements on the Security Front

Microsoft published a new white paper that details many of Windows Vista's new security features and architectural enhancements, some of which could go a long way toward easing security administration and software development. http://www.windowsitpro.com/Article/ArticleID/50454

ASLR Makes Vista a Moving Target

Microsoft added new memory technology, Address Space Layout Randomization (ASLR), to Windows Vista Beta 2 that aims to make some types of attacks much harder to accomplish.

http://www.windowsitpro.com/Article/ArticleID/50453

Nmap 4.0 Does Windows

The recent release of Nmap 4.0 represents more than two years of upgrades, module overhauls, and feature tweaks, making this version of the venerable tool faster and more reliable than earlier versions, especially when run on Windows. Read about it in this article on our Web site.

http://www.windowsitpro.com/Article/ArticleID/50062

==== Resources and Events ====

Special Offer: Download any white paper from Windows IT Pro before June 20, and you could win a pair of Bose Triport Headphones. View the full selection of papers today at

http://www.windowsitpro.com/whitepapers

Learn how consolidation and updating selected technologies will help you build an infrastructure that can handle change effectively.

http://www.windowsitpro.com/go/essential/hp/infrastructure/?code=0607emailannc

Cut your Windows XP migration time by 60% or more when you learn how to efficiently migrate your applications into the Windows Installer (.msi) format. On-demand Web seminar

http://www.windowsitpro.com/go/seminars/WindowsXP?partnerref=0607emailannc

Learn about the advantages of each alternative to traditional file servers and tape storage solutions, and make the best choice for your enterprise needs. On-demand Web seminar

http://www.windowsitpro.com/go/seminar/symantec/storagebackup/?partnerref=0607emailannc

Get free pocket reference guides about things you need to know about today's technology, including the top 10 error messages that can ruin your day. Download one or all today!

http://www.windowsitpro.com/needtoknow

==== Featured White Paper ====

Explore how the standardization of storage hardware will change market dynamics, focusing on the growth of iSCSI SANs and "glue software."

http://www.windowsitpro.com/go/whitepapers/lefthand/iscsi/?code=0607featwp

==== Hot Spot ====

Try it Free: Access & Control PCs from your USB

NetOp Remote Control provides the most complete, scalable, and secure remote control software available. Access PCs from your desktop, PocketPC or USB! NEW On Demand option provides tiny, temporary, download with no user installation or firewall configuration and NO per session charges. Free evaluation & support.

http://www.crossteccorp.com/tryNRC/?utm_source=hot042606&utm_medium=newsletter&utm_campaign=form

==== 3. Security Toolkit ====

Security Matters Blog: Security Focus on Apple

by Mark Joseph Edwards, http://www.windowsitpro.com/securitymatters

I'm not surprised to see that there is a new security mailing list centered around Apple products. Read this blog article for a list of acceptable topics of discussion as well as a link to join the new list.

http://www.windowsitpro.com/Article/ArticleID/50457

FAQ

by John Savill, http://www.windowsitpro.com/windowsnt20002003faq

Q: What is the auto apply quota feature in the Windows Server 2003 R2 File Server Resource Manager (FSRM)?

Find the answer at http://www.windowsitpro.com/Article/ArticleID/50370

Security Forum Featured Thread: C Drive Invisible, Yet Readable

A forum participant wants to make the C drive invisible, yet readable so that it's hidden from users but they can access all the programs on the computer and the server. Join the discussion at

http://forums.windowsitpro.com/web/forum/messageview.aspx?catid=42&threadid=47795&enterthread=y

Share Your Security Tips and Get $100

Share your security-related tips, comments, or problems and solutions in the Windows IT Security print newsletter's Reader to Reader column. Email your contributions to [email protected]. If we print your submission, you'll get $100. We edit submissions for style, grammar, and length.

==== Announcements ====

(from Windows IT Pro and its partners)

Monthly Online Pass--only $14.95 per month!

Includes instant online access to every article ever written in the Windows IT Security newsletter. Order now:

https://store.pentontech.com/index.cfm?s=1&promocode=eu2566um

June Special--Save $100 off the Exchange & Outlook Administrator newsletter

Get endless solutions to help you migrate, optimize, administer, backup, recover, and secure your message system. Subscribe to Exchange & Outlook Administrator today and save $100:

https://store.pentontech.com/index.cfm?s=1&promocode=eu2366ue

==== 4. New and Improved ====

by Renee Munshi, [email protected]

Security Appliances Add SMB-Friendly Features

Arxceo announced version 3.0 of the Ally ip100 and Ally IP1000 security appliances, which are designed to secure networks from information gathering, vulnerability exploitation, zero-day worm attacks, and other malicious network traffic. The new version delivers greater ease-of-use, increased reporting capabilities, improved firmware upgrade processes, and better granularity for blacklist management. In addition, the Ally ip100 can now be powered from the USB port of a PC or laptop and the Ally IP1000 has a lower price. For more information, go to

http://www.arxceo.com

Tell Us About a Hot Product and Get a Best Buy Gift Card!

Have you used a product that changed your IT experience by saving you time or easing your daily burden? Tell us about the product, and we'll send you a Best Buy Gift Card if we write about the product in a Windows IT Pro What's Hot column. Send your product suggestion with information about how the product has helped you to [email protected].

==== Contact Us ====

About the newsletter -- [email protected]

About technical questions -- http://www.windowsitpro.com/forums

About product news -- [email protected]

About your subscription -- [email protected]

About sponsoring Security UPDATE -- [email protected]