To make sure that your copy of Security UPDATE isn't mistakenly blocked by antispam software, add [email protected] to your list of allowed senders and contacts.
==== This Issue Sponsored By ====
Windows & .NET Magazine
10 Things Hackers Don't Want You To Know
1. In Focus: Combined Attack Methods
2. Security News and Features
- Recent Security Vulnerabilities
- News: Vulnerable IIS Sites and IE Users Under Attack
- News: AOL Engineer Charged with Selling Screen Names to Spammer
- News: MasterCard and NameProtect Team to Stop Phishing
3. Instant Poll
4. Security Toolkit
- Featured Thread
5. New and Improved
- Monitoring Software Bundle Reduces Prices
==== Sponsor: Windows & .NET Magazine ====
Get 2 Sample Issues of Windows & .NET Magazine!
Every issue of Windows & .NET Magazine includes intelligent, impartial, and independent coverage of security, Active Directory, Exchange, scripting, and much more. Our expert authors deliver how-to articles and product evaluations that will help you do your job better. Try two, no-risk sample issues today, and find out why 100,000 IT professionals rely on Windows & .NET Magazine each month!
==== 1. In Focus: Combined Attack Methods ====
by Mark Joseph Edwards, News Editor, mark at ntsecurity dot net
Through this attack method that uses multiple vulnerabilities, many people's systems (possibly even the systems of some of you readers) have become infected with various sorts of software, most of which is annoying, if not outright dangerous. For example, nefarious entities have installed adware that generates an endless stream of pop-up windows on users' systems. That's the lighter side of the problem though.
Some preventive steps are obvious, and some aren't so obvious, depending on the user or administrator. Obviously, loading the IIS patch MS04-011 on your servers will stop intruders from manipulating the servers' Web pages into hosting malicious code. Turning off scripting in the IE security zones will also protect users to a certain extent. But in countless scenarios, turning scripting off just isn't possible. And sometimes scripting is essential to a Web site's usability. Many of you probably already know how to improve security in IE, but in case you don't, Microsoft has some recommendations that you can read at the following URL:
One workaround if you can't turn off scripting is to disable ADO databases (ADODB) in IE. Drew Copley of eEye Digital Security wrote a simple registry script that does this very thing and one that undoes the changes. He also wrote an executable program that disables and re-enables ADODB. You can download the scripts and executable program at the eEye Web site.
Another way of protecting IE systems against ADODB attacks is to use PivX Solutions' Qwik-Fix, which protects IE against a variety of intrusion methods. Recently, the company made available a version of Qwik-Fix for enterprise environments. I don't know of any other tool that provides the same sort of functionality.
==== Sponsor: 10 Things Hackers Don't Want You To Know ====
Do you think all hackers use the same techniques to break into your network? Do you think they all guess your passwords? Do you think that an unpatched vulnerability is the only way to compromise your domain controllers? In this free web seminar, you will learn about the 10 (actually 14) things that very successful hackers will do to compromise your network. You will learn how hackers use these techniques, and how to prevent them. The techniques may surprise you, but your network health will improve greatly once you understand them. Sign up now!
==== 2. Security News and Features ====
Recent Security Vulnerabilities
If you subscribe to this newsletter, you also receive Security Alerts, which inform you about recently discovered security vulnerabilities. You can also find information about these discoveries at
News: Vulnerable IIS Sites and IE Users Under Attack
A new form of attack is spreading over the Internet. The attack affects unpatched Microsoft IIS systems, which then attack unprotected Microsoft Internet Explorer (IE) systems.
News: AOL Engineer Charged with Selling Screen Names to Spammer
Jason Smathers, an America Online (AOL) engineer, has been arrested and charged with stealing tens of millions of AOL screen names (email addresses) and selling them. Sean Dunaway, who purchased the addresses from Smathers, has also been charged. He is accused of sending spam to AOL customers and selling the list of AOL screen names to other spammers.
News: MasterCard and NameProtect Team to Stop Phishing
MasterCard International and NameProtect announced a partnership in which NameProtect will provide its services to MasterCard to help stop phishing scams and illegal credit card use.
==== Announcements ====
(from Windows & .NET Magazine and its partners)
Free eBook--"The Expert's Guide for Exchange 2003: Preparing for, Moving to, and Supporting Exchange Server 2003"
This eBook will educate Exchange administrators and systems managers about how to best approach the migration and overall management of an Exchange 2003 environment. The book will focus on core issues such as configuration management, accounting, and monitoring performance with an eye toward migration, consolidation, security, and management.
Now the Windows & .NET Magazine Network VIP Web Site/Super CD Really Does Have It All!
Our VIP Web site/Super CD subscribers are used to getting online access to all of our publications, plus a print subscription to Windows & .NET Magazine and exclusive access to our banner-free VIP Web site. But now we've added even more content from the archives of SQL Server Magazine! You won't find a more complete and comprehensive resource anywhere--check it out!
==== 3. Instant Poll ====
Results of Previous Poll
The voting has closed in the Windows & .NET Magazine Network Security Web page nonscientific Instant Poll for the question, "Where are your wireless Access Points (APs)?" Here are the results from the 59 votes.
- 42% Inside the border firewall
- 24% Outside the border firewall
- 34% Between the border firewall and an internal firewall
New Instant Poll
The next Instant Poll question is, "Which Web browser does your company currently use for Internet (as opposed to intranet) browsing?" Go to the Security Administrator Web site and submit your vote for:
- Microsoft Internet Explorer (IE)
==== 4. Security Toolkit ====
FAQ: How Can I Enable a Connection to a Machine over RDP and Through a Firewall?
by John Savill, http://www.winnetmag.com/windowsnt20002003faq
A. RDP operates over TCP port 3389. To enable connectivity to any machine on the network through a firewall, open this port on the firewall. To connect to a particular system on the LAN, configure port forwarding on the firewall to send traffic from port 3389 to that computer.
Featured Thread: Running Multiple Antivirus Scanners
(Three message in this thread)
A reader wants to know whether running two different antivirus software packages on a network at the same time is a good idea. If yes, why? If no, why not? Lend a hand or read the responses:
==== Events Central ====
(A complete Web and live events directory brought to you by Windows & .NET Magazine: http://www.winnetmag.com/events )
Get Smart! Evaluate Your Options in the Entry-Level Server Market
Comparing the options in the server market, including the decision to purchase an OEM-supplied server versus building your own, can be a daunting task. This free Web seminar provides an introduction to entry-level servers, evaluates the current market of entry-level servers, and assesses the value of vendor-supplied service and support. Register now!
==== 5. New and Improved ====
by Jason Bovberg, [email protected]
Monitoring Software Bundle Reduces Prices
GFI Software launched the GFI LANguard Security Event Log Monitor (SELM) and GFI Network Server Monitor bundle. Customers can now purchase GFI LANguard SELM 5.0 and GFI Network Server Monitor 5.5 together at a reduced price. GFI LANguard SELM performs networkwide event-log monitoring to alert you to important security events immediately, whereas GFI Network Server Monitor automatically detects network and server problems. The bundled software lets you monitor 10 servers through GFI LANguard SELM and unlimited servers through GFI Network Server Monitor for $1295 (as opposed to $1649 without the bundle pricing). Complete bundle pricing information is available at GFI's Web site.
Tell Us About a Hot Product and Get a T-Shirt!
Have you used a product that changed your IT experience by saving you time or easing your daily burden? Tell us about the product, and we'll send you a Windows & .NET Magazine T-shirt if we write about the product in a future Windows & .NET Magazine What's Hot column. Send your product suggestions with information about how the product has helped you to [email protected]
==== Sponsored Links ====
Comparison Paper: The Argent Guardian Easily Beats Out MOM
CommVault - Free White Paper: Managing the Infinite Inbox
VERITAS White Paper: Reclaim 30% of Your Windows Storage Space Now!
Editor's note: Share Your Security Discoveries and Get $100
Share your security-related discoveries, comments, or problems and solutions in the Security Administrator print newsletter's Reader to Reader column. Email your contributions (500 words or less) to [email protected] If we print your submission, you'll get $100. We edit submissions for style, grammar, and length.
==== Contact Us ====
About the newsletter -- [email protected]
About technical questions -- http://www.winnetmag.com/forums
About product news -- [email protected]
About your subscription -- [email protected]
About sponsoring Security UPDATE -- [email protected]
This email newsletter is brought to you by Windows & .NET Magazine, the leading publication for IT professionals deploying Windows and related technologies. Subscribe today.
Windows & .NET Magazine, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department
Copyright 2004, Penton Media, Inc. All rights reserved.