Security UPDATE--Phishing Prevention Guide--September 29, 2004

==== This Issue Sponsored By ====

BindView Corporation

http://www.bindview.com/events/GetEvents.cfm?NUM=1206&AD=NS-0929SecUp1007WBNR-Q304

Free Solution Brief: Security Protection Strategies for Windows NT4 Devices

http://www.eeye.com/ctrack.asp?ref=ItPro040929

1. In Focus: Phishing Prevention Guide

2. Security News and Features

- Recent Security Vulnerabilities

- New Tools Help with JPEG GDI+ Updates

- McAfee Buys Foundstone; Symantec Buys @stake

- TruSecure, Betrusted, and Ubizen Merge

3. Security Matters Blog

- True to the Image: JPEG Exploits on the Loose

- Snort Rules to Detect JPEG GDI+ Exploits

4. Security Toolkit

- FAQ

- Security Forum Featured Thread

5. New and Improved

- Identity-Based Internal Firewall

- Secure Your Meetings

==== Sponsor: BindView Corporation ====

What do your peers know about security and compliance that you don't? Could you use insight into ways others are preparing for looming regulatory compliance deadlines? IT professionals from two hospitals will discuss practical and tactical steps of what they are doing to prepare for audits, speed remediation and document progress in a free Web event. Their processes and tasks are relevant to a variety of industries. Learn from their experiences during the Webinar "Security Compliance That Works: Case Studies from the Trenches," sponsored by BindView Corporation. Register at

http://www.bindview.com/events/GetEvents.cfm?NUM=1206&AD=NS-0929SecUp1007WBNR-Q304

==== 1. In Focus: Phishing Prevention Guide ====

by Mark Joseph Edwards, News Editor, mark at ntsecurity / net

A phishing scam typically involves an impostor who pretends to be a legitimate entity and tries to coax customers of that entity into divulging their private financial information. The victims are both the legitimate entity, which might suffer a tarnished image as a result, and its duped customers, who might suffer significant financial loss or other problems related to identity theft.

I've written about phishing in the past and have mentioned the Anti-Phishing Working Group, which hosts a Web site ( http://www.antiphishing.org ) that contains various information related to phishing. At the site, you can find an archive that includes many, but probably not all, of the more prevalent phishing attacks--some of which are still underway.

The group also provides a couple of useful references that describe how to avoid phishing and what to do if you've been fooled into giving out your personal financial information. If you're interested in how the term "phishing" came to be used, you can read an interesting historical reference about that at http://www.antiphishing.org/word_phish.html .

Although the group's Web site is a good resource, one thing that it doesn't include is a detailed analysis of how phishing attacks are perpetrated. Some of the intricacies involved are readily apparent or can be surmised, but other tactics might not be so obvious. It's sometimes difficult to determine what lengths a given scammer might go to.

If you want a detailed examination of phishing, a new resource might help you. Next Generation Security (NGS) Software (a security software, consulting, and researching firm) recently released an extensive, 42-page white paper. "The Phishing Guide--Understanding and Preventing Phishing Attacks" includes information about how such scams are delivered to potential victims, what the attack vectors are, and how they work. The guide also includes details about how to counter such threats at the client, server, and enterprise levels. The guide looks at phishing from the perpetrator's perspective and the legitimate enterprise's perspective and includes advice for entities that want to defend themselves against becoming victims of such attacks. The guide is available in PDF format at http://www.ngssoftware.com/papers/NISR-WP-Phishing.pdf .

==== Sponsor: eEye Digital Security ====

Free Solution Brief: Security Protection Strategies for Windows NT4 Devices

Do you have legacy applications running on NT4? Did you know that Microsoft will no longer support the platform with security hot-fixes leaving many organizations without a credible protection strategy? Download this free solution brief to learn how to protect the Windows platform without relying on patching.

http://www.eeye.com/ctrack.asp?ref=ItPro040929

==== 2. Security News and Features ====

Recent Security Vulnerabilities

If you subscribe to this newsletter, you also receive Security Alerts, which inform you about recently discovered security vulnerabilities. You can also find information about these discoveries at

http://www.windowsitpro.com/departments/departmentid/752/752.html

New Tools Help with JPEG GDI+ Updates

Eric Brunsen and Tom Liston each released a new tool that can help you locate all copies of affected DLLs on your systems to determine which copies might need to be updated to defend against the recently discovered vulnerability described in Microsoft Security Bulletin MS04-028 (Buffer Overrun in JPEG Processing (GDI+) Could Allow Code Execution--833987). http://www.windowsitpro.com/article/articleid/44003/44003.html

McAfee Buys Foundstone; Symantec Buys @stake

Two well-known companies, Foundstone and @stake, have been purchased by industry giants, further consolidating the security market space. McAfee announced that it has reached an agreement to acquire Foundstone for $86 million in cash. The purchase parameters of Symantec's @stake acquisition weren't immediately made public.

http://www.windowsitpro.com/article/articleid/44000/44000.html

TruSecure, Betrusted, and Ubizen Merge

In still more industry consolidation, TruSecure, Betrusted, and Ubizen announced a merger that will create a new company called Cybertrust. If the merger receives shareholder and regulatory approval, Cybertrust will combine the resources of TruSecure, Betrusted, and Ubizen, which is a majority-owned subsidiary of Betrusted.

http://www.windowsitpro.com/article/articleid/44021/44021.html

==== Announcements ====

(from Windows IT Pro and its partners)

New Web Seminar! Best Practices for Systems Management

In this free Web seminar, you'll discover the most effective practices to monitor and manage your OSs and how they can be put into practice in your environment. Our expert panel will deliver the tips and techniques you need to improve service levels and maximize the usage of your IT staff. Register now!

http://www.windowsitpro.com/seminars/systemsmanagement/index.cfm?code=0927emailannc

Can Your Antispam Content Filter Inside Your Firewall Cope with New Email Threats and Intrusions?

Stopping these new techniques requires detection and prevention in real time at the SMTP connection point. In this free Web seminar, learn how you can prevent these new and evolving intrusions from harming your email system, while improving your email server performance, reducing IT infrastructure costs, and restoring worker productivity. Register now!

http://www.windowsitpro.com/seminars/intrusionprevention/index.cfm?code=0927emailannc

IT Security Solutions Roadshow--Best Practices for Securing Your Business from McAfee and Microsoft

Join us for this free half-day event that will give you the practical hands-on experience you need to help secure your organization. Take your security to the next level with topics such as antivirus, intrusion prevention, vulnerability discovery and management, and more. Attend and enter to win tickets to a professional sports game. Register now!

http://www.windowsitpro.com/roadshows/security/index.cfm?code=0927emailannc

==== Hot Release ====

Introducing Patch Management by Symantec

Symantec, your trusted partner in Security & Anti-Virus now delivers automated Patch Management, for a free trial, visit us at

http://sea.symantec.com/ipatchtw

==== 3. Security Matters Blog ====

by Mark Joseph Edwards, http://www.windowsitpro.com/securitymatters

Check out these recent entries in the Security Matters blog:

True to the Image: JPEG Exploits on the Loose

You've probably noticed that recently, within about 48 hours after Microsoft releases a new security patch, somebody releases working "proof of concept" code to exploit the vulnerability Microsoft has patched. Very soon thereafter, somebody twists the code to serve as an attack mechanism against the unsuspecting public. True to that scenario, at least two code examples that exploit the recently announced JPEG graphics device interface plus (GDI+) vulnerability have been released to various security mailing lists.

Snort Rules to Detect JPEG GDI+ Exploits

If you use Snort, you might want to make sure that your rules include detection of the JPEG graphics device interface plus (GDI+) vulnerability. If you don't have rules in place for such detection, then read this blog entry, which contains three new rules.

==== 4. Security Toolkit ====

FAQ: Should I run Windows XP Service Pack 2's (SP2's) Windows Firewall, a third-party firewall, or both?

by John Savill, http://www.windowsitpro.com/windowsnt20002003faq

A. Microsoft tells me that many Windows customers have asked this question. A Microsoft source has provided an answer, which you can read at http://www.windowsitpro.com/article/articleid/43846/43846.html .

Security Forum Featured Thread

A reader writes that he's running Windows 2000 Service Pack 4 (SP4) with all the latest updates. He's installed smart-card readers and wants users to use them only for signing email, not for logon. But since he installed the readers, the logon screen reads "Insert card or press Ctrl-Alt-Delete to log on." He wants to know if he can remove the smart-card portion of the logon prompt? Join the discussion at

http://www.windowsitpro.com/forums/messageview.cfm?catid=42&threadid=125898

==== Events Central ====

(A complete Web and live events directory brought to you by Windows IT Pro at http://www.windowsitpro.com/events )

New! 5 Ways for Windows Administrators to Ensure Regulatory Compliance

Windows administrators nationwide are struggling to secure the data in Active Directory and to demonstrate compliance with the many different regulations and requirements. Join us for a free Web seminar designed to help Windows administrators understand how new government regulations affect their environment and how they can address these new requirements. Register now!

http://www.windowsitpro.com/seminars/securitycompliance/index.cfm?code=927emailannc

==== 5. New and Improved ====

by Renee Munshi, [email protected]

Identity-Based Internal Firewall

Trusted Network Technologies released Identity, described as an identity-based firewall for internal networks. Identity integrates 2-factor (user and system) session-level identification with in-line enforcement of access control policies to ensure that only authorized users can connect to protected systems and applications. Identity features include the ability to manage access policies for groups that you create or import from Active Directory (AD), scheduled access-policy implementation, and in-depth reporting for auditing and regulatory compliance. For more information, go to

http://www.trustednetworktech.com

Secure Your Meetings

Juniper Networks offers the NetScreen-SM 3000 series, a secure meeting appliance. NetScreen-SM 3000 provides application sharing for up to 250 concurrent users per system; policy-based authentication, authorization, and auditing (AAA) and password management; granular group- and role-based authorizations to control access; detailed audit logs and recording of each event; unified policy and configuration management for Secure Meeting clusters; delegated administration and scheduling; clustering and failover; customizable UI; and support for attendees using Windows, Mac OS X, and Linux platforms. For more information, go to

http://www.juniper.net

Tell Us About a Hot Product and Get a T-Shirt!

Have you used a product that changed your IT experience by saving you time or easing your daily burden? Tell us about the product, and we'll send you a T-shirt if we write about the product in a future Windows IT Pro What's Hot column. Send your product suggestions with information about how the product has helped you to [email protected].

Editor's note: Share Your Security Discoveries and Get $100

Share your security-related discoveries, comments, or problems and solutions in the Security Administrator print newsletter's Reader to Reader column. Email your contributions (500 words or less) to [email protected]. If we print your submission, you'll get $100. We edit submissions for style, grammar, and length.

==== Contact Us ====

About the newsletter -- [email protected]

About technical questions -- http://www.windowsitpro.com/forums

About product news -- [email protected]

About your subscription -- [email protected]

About sponsoring Security UPDATE -- [email protected]