Security UPDATE--More About OS Haste; BATV--August 2, 2006



St. Bernard Software

Core Security



IN FOCUS: More About OS Haste; BATV


- Security Vendor Claims Microsoft Is Shutting Out Competition

- Microsoft Closes Acquisition and Offers Whale of a Deal

- Sam Spade on the Spam Case - Recent Security Vulnerabilities


- Security Matters Blog: Firefox Now Available

- FAQ: Iterating a DC's Sites

- Take the Windows IT Pro Salary Survey

- "Securing Access at the Application Layer: Keeping Remote and Mobile Users Fully Functional" On-Demand Web Seminar

- Share Your Security Tips


- Authenticate Your OWA Users

- Tell Us About a Hot Product




=== SPONSOR: CrossTec


Are you spending too much time monitoring security logs?

Research shows that IT Security Managers can spend over four hours a day monitoring various security event logs and chasing after alerts. Activeworx saves you valuable time because it consolidates and manages logs from multiple vendors and devices. Activeworx Security Center is a cost-effective security information management solution that provides real-time security device log monitoring with correlated alerts, audit and compliance reports, and tools for advanced, in-depth forensic analysis. Activeworx reduces the time it takes to analyze event data from multiple sources and produces real-time reports that pinpoint network security breaches and vulnerabilities. These in-depth reports provide the details necessary for regulatory compliance reporting for Sarbanes-Oxley, HIPAA, and the Gramm-Leach-Bliley Act. Try Activeworx for free - fast install and free support.

=== IN FOCUS: More About OS Haste; BATV


by Mark Joseph Edwards, News Editor, mark at ntsecurity / net

I received another reader perspective on OS release frequency that I'll share with you this week, then I'll briefly share some information about Bounce Address Tag Validation that I think will interest you.

The reader pointed out that many companies upgrade OSs at the same time they upgrade hardware. The reasons he cited for doing so are that sometimes it's more cost-effective to buy the OS through an OEM (typically along with the new hardware) and that many companies lack the centralized management required to upgrade OSs on old hardware in an efficient manner. A shorter OS release cycle doesn't matter that much to companies who synchronize hardware and OS upgrades.

His points make good sense, especially given that Windows Vista will require more powerful hardware than many people have available in their network environments. So some companies that want to take full advantage of Vista will no doubt upgrade to new hardware and Vista at the same time.

Last week, I learned about a new email technology called Bounce Address Tag Validation (BATV), which is designed to prevent SMTP bounce abuse. Spammers sometimes use SMTP bounce to deliver email messages to their targets. To do so, a spammer addresses a message to any fake address and sets the From address to the real intended recipient. Then the spammer sends the email message to a third-party mail server. That mail server sees that the message isn't destined for a known user at a known domain hosted by the mail server and bounces the message back to the From address, thereby unwittingly delivering the spam message for the spammer.

Malicious attackers also abuse SMTP bouncing, but they send a huge volume of email so that the victim mail server or its network bandwidth is overwhelmed.

BATV is designed to prevent these attacks. It uses a specially encoded From address that can be authenticated. Because a mail header, which includes the From field, is sent before the message body, a mail server can authenticate a message from its header before accepting or rejecting the bulk of the message. Screening out bad messages effectively reduces the load on a mail server and the overall network bandwidth.

Another great advantage of BATV is that because each mail server would perform its own From address encoding, BATV can be implemented on a per-server basis without any restrictive dependencies, such as third-party databases, peer-to-peer data sharing, or recurring service access fees.

BATV is an Internet Engineering Task Force (IETF) draft proposal that began in late 2004. You can read the proposal, which of course includes the technical specifications, at the IETF Web site at the URL below. If you're interested in the technology, check with your mail server software provider to see if it supports BATV.

=== SPONSOR: St. Bernard Software


Examine the threats of allowing unwanted or offensive content into your network and learn about the technologies and methodologies to defend against inappropriate content, spyware, IM, and P2P.



Security Vendor Claims Microsoft Is Shutting Out Competition

Security solution provider Agnitum claims that Microsoft's kernel patch protection will shut out competing products unless competitors resort to hacker tactics.

Microsoft Closes Acquisition and Offers Whale of a Deal

Microsoft closed its acquisition of Whale Communications, which is now a wholly owned subsidiary. Microsoft is offering a significant discount on the newly acquired Whale security products.

Sam Spade on the Spam Case

Whether you're investigating a possible phishing scam or determining whether the email clogging your corporate mailboxes is legitimate or spam, you can turn to the classic Sam Spade tool. Jeff Fellinge gives an overview in this article on our Web site.

Recent Security Vulnerabilities

If you subscribe to this newsletter, you also receive Security Alerts, which inform you about recently discovered security vulnerabilities. You can also find information about these discoveries at

=== SPONSOR: Core Security


Manage Vulnerabilities. Defend Against Threats. Free White Paper.

Your IT and Security budgets are tight. This Yankee Group White Paper shows real-world case studies demonstrating the ROI potential using automated penetration testing.



SECURITY MATTERS BLOG: Firefox Now Available

by Mark Joseph Edwards,

Mozilla Foundation released an update to Firefox. The new version corrects a dozen security vulnerabilities, seven of which are critical. Some of the problems include privilege escalation, JavaScript engine vulnerabilities, and possible code execution.

FAQ: Iterating a DC's Sites

by John Savill,

Q: How can I determine which sites a domain controller (DC) covers?

Find the answer at


We need your help! Windows IT Pro is launching its third Windows IT Pro Industry Salary Survey, and we want to find out all about you and what makes you a satisfied IT pro. When you complete the survey (about 10 minutes of your time), you'll be entered in a drawing for one of five $100 American Express gift certificates. Look for the survey results--and how you stack up against your peers--in our December issue. To take the survey, go to

"Securing Access at the Application Layer: Keeping Remote and Mobile Users Fully Functional" on-demand Web seminar, with speakers Randy Franklin Smith and Judah Aspler. Register at


Share your security-related tips, comments, or problems and solutions in the Windows IT Security print newsletter's Reader to Reader column. Email your contributions to [email protected] If we print your submission, you'll get $100. We edit submissions for style, grammar, and length.



by Renee Munshi, [email protected]

Authenticate Your OWA Users

VASCO Data Security International has launched DIGIPASS easy pack, an authentication solution that works with Microsoft Outlook Web Access (OWA). With DIGIPASS easy pack, users log on to their Web mail account by entering a PIN and a one-time password generated by the provided DIGIPASS GO 3 device. DIGIPASS easy pack is designed to be affordable and easy to manage for small to midsized businesses (SMBs). It contains 10 DIGIPASS GO 3 devices and the most recent version of VASCO's VACMAN Middleware software and includes a year of maintenance support. You can also purchase additional DIGIPASS GO 3 devices. For more information, go to

Tell Us About a Hot Product and Get a Best Buy Gift Card!

Have you used a product that changed your IT experience by saving you time or easing your daily burden? Tell us about the product, and we'll send you a Best Buy Gift Card if we write about the product in a Windows IT Pro What's Hot column. Send your product suggestion with information about how the product has helped you to [email protected]



Cross-Platform Data Roadshow

Oracle professionals will cover key concepts about Oracle and SQL Server in enterprise database computing. This event provides invaluable information about the benefits of 64-bit computing on the Windows platform, SQL Server BI for Oracle, high-availability proof points for SQL and Oracle, and much more.

Are you protected company-wide against spyware, keyloggers, adware, and backdoor Trojans? Test the state-of-the-art scanning engine that uses threat signatures from multiple sources to track down the culprits that antivirus solutions alone can't protect you against. Download your free 30-day trial of CounterSpy Enterprise today!

How will compliance regulations affect your IT infrastructure? Help design your retention and retrieval, privacy, and security policies to make sure that your organization is compliant. Download the full ebook today!

Take an up-to-date look at secure, remote access to corporate applications and stay ahead of the curve when making decisions about near- and long-term IT infrastructure. On-demand Web seminar.

Learn the key requirements of an effective internal network security solution and whether your approach protects you against worms, BotNets, Trojan horses, and hackers. On-demand Web seminar.



Secure Your Online Data Transfer with SSL

Increase your customers' confidence and your business by securely collecting sensitive information online. In this free white paper, you'll learn about the various applications of SSL certificates and their appropriate deployment, along with details of how to test SSL on your Web server.



Uncover Essential Windows Knowledge Through Excavator

Try out the ultimate vertical search tool--Windows Excavator. Windows Excavator gives you fast and thorough third-party information while filtering out unwanted content. Visit today!

Save $40 off Windows IT Pro Magazine

Subscribe to Windows IT Pro magazine today and SAVE up to $40! Along with your 12 issues, you'll get FREE access to the entire Windows IT Pro online article archive, which houses more than 9,000 helpful IT articles. This is a limited-time offer, so order now:


Security UDPATE is brought to you by the Windows IT Pro Web site's Security page (first URL below) and the Windows IT Security newsletter (subscribe at the second URL below).

Subscribe to Security UPDATE at

Unsubscribe by clicking

Be sure to add [email protected] to your antispam software's list of allowed senders.

To contact us:

About Security UPDATE content -- [email protected]

About technical questions --

About your product news -- [email protected]

About your subscription -- [email protected]

About sponsoring Security UPDATE -- [email protected]

View the Windows IT Pro privacy policy at

Windows IT Pro, a division of Penton Media, Inc.

221 East 29th Street, Loveland, CO 80538

Attention: Customer Service Department

Copyright 2006, Penton Media, Inc. All rights reserved.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.