Security UPDATE-- AxMan, Malware Search, and Bugle --August 9, 2006


Tap into the Potential Value of Compliance

Clean Up Your Company's Email Act: Using Filters to Block Threats

The Starter PKI Program



IN FOCUS: AxMan, Malware Search, and Bugle


- Microsoft Testing Daily Malware Definition Updates

- Security Guru Leaves Microsoft

- The Balancing Act Between Security and Usability

- Recent Security Vulnerabilities


- Security Matters Blog: Build Your Own Firewall

- FAQ: Displaying a File's Full Path in Windows Explorer

- From the Forum: Authenticating Wireless Users

- Share Your Security Tips


- Encrypt Your Removable Media

- Wanted: Your Reviews of Products




=== SPONSOR: Quest Software


Tap into the Potential Value of Compliance

If your compliance solutions only address compliance, you're not getting the most for your budget dollar. The new Quest Software white paper, "Leveraging Business Value from Compliance Efforts," offers expert tips for identifying compliance solutions with high business value.

Read the white paper now.

=== IN FOCUS: AxMan, Malware Search, and Bugle


by Mark Joseph Edwards, News Editor, mark at ntsecurity / net

If you read my Security Matters blog, you might remember me mentioning the Month of Browser Bugs, in which one new browser bug was to be posted to a Web site each day during the month of July. Well, July is over, but you can still read about all the browser bugs at the following URL:

The Month of Browser Bugs was driven by well-known security researcher H.D. Moore and some of his associates. Moore is probably best known as the developer of the Metasploit Toolkit. Moore has a couple other useful tools that you might not be aware of: AxMan and Malware Search.

According to Moore, "\[AxMan\] was used to discover and debug almost every single ActiveX flaw published during the Month of Browser Bugs." AxMan is an ActiveX fuzzer that can find bugs in COM objects through Microsoft Internet Explorer (IE). In case you don't know, a fuzzer injects random data into a program or object in an effort to find flaws or vulnerabilities. Moore recently made the AxMan package freely available for download. There's also an online demo you can try:

Malware Search is a search tool that uses Google queries to look for the "fingerprints" of known malware on the Internet. A fingerprint includes the date and time the malware was received, the size of the code image, the address entry point, and the size of the code itself. The tool consists of a set of scripts written in Ruby and comes with a database of several dozen signatures. One of the scripts lets you generate a new fingerprint when a new malware file pops up on your network. To perform a malware search or download the tool, go to the following URL:

Bugle, another new Web search tool by Emmanouel Kellinis, is essentially a list of search engine queries that look for possible security bugs in source code that has been indexed by Google. Bugle uses a "filetype" parameter along with function calls in the queries to specify the type of files to look in for the specific problematic function.

For example, one query finds possible SQL injection vulnerabilities by looking for the function call "executequery request.getparameter" in .java files. Another query finds possible cross-site scripting problems in Active Server Pages (ASP) applications by looking for "response.write request.form" in .asp files. At the time of this writing, Google returned 452 results for the first example and 149 for the second example.

Keep in mind that not every piece of code returned in the search results has vulnerabilities. The potential for a vulnerability typically depends on how the developer implemented the code, so you'll need to understand a bit about writing code in order to make a determination.

Kellinis invites the public to develop other queries and submit them for inclusion in his list. If you like to hunt for vulnerabilities or are curious about whether an application you're interested in using might contain vulnerabilities, bookmark the site and use it when the need arises.

=== SPONSOR: St. Bernard Software


Clean Up Your Company's Email Act: Using Filters to Block Threats

Do you want to block unwanted or undesirable email? Download this free whitepaper to learn how to manage the content of information crossing your network.



Microsoft Testing Daily Malware Definition Updates

Those who use Microsoft's anti-malware solution, Windows Defender, have probably noticed that Microsoft is currently testing its malware signature update pipeline by publishing updates each weekday instead of biweekly. Find out why in this news story.

Security Guru Leaves Microsoft

Amid the major shake-ups in management at Microsoft, one of the company's more notable security gurus, Jesper Johansson, announced that he's leaving the company to work for online retail giant Amazon.

The Balancing Act Between Security and Usability

If your network's security is too tight, your network is more difficult to use and manage. If it's too loose, your network is vulnerable to attacks. Apostolos Fotakelis explains how he achieves balance in this Reader to Reader article.

Recent Security Vulnerabilities

If you subscribe to this newsletter, you also receive Security Alerts, which inform you about recently discovered security vulnerabilities. You can also find information about these discoveries at

=== SPONSOR: Thawte


The Starter PKI Program

Test the Starter PKI Program to benefit your company with timesaving convenience and secure multiple domains and host names.



SECURITY MATTERS BLOG: Build Your Own Firewall

by Mark Joseph Edwards,

Have a spare system and a couple of NICs lying around? You can use them to build your own firewall without too much trouble. Get the link that shows you how in this blog entry.

FAQ: Displaying a File's Full Path in Windows Explorer

by John Savill,

Q: How can I modify the registry to enable the option to display the full path in the Windows Explorer Address bar?

Find the answer at

FROM THE FORUM: Authenticating Wireless Users

A forum participant wants to use Remote Authentication Dial-In User Service (RADIUS) and Protected Extensible Authentication Protocol (PEAP) to authenticate wireless users, but he's experiencing some problems. Help him out at:


Share your security-related tips, comments, or problems and solutions in the Windows IT Security print newsletter's Reader to Reader column. Email your contributions to [email protected] If we print your submission, you'll get $100. We edit submissions for style, grammar, and length.



by Renee Munshi, [email protected]

Encrypt Your Removable Media

Addonics Technologies offers Cipher UDD, an encryption/decryption hardware device for securing data on removable media. You plug the portable (4.63-inch x 5.4-inch x .98-inch) device into your computer via a USB 2.0 or eSATA connection. Cipher UDD has a standard Type II PC card slot that accommodates standard PC cards and ATA flash cards. For other form factors, Addonics provides an array of adapters that can be purchased separately or as a bundled solution. Cipher UDD works with most systems and OSs as long as the user has the Cipher key. The base model has 64-bit encryption and costs $79. A model providing 128-bit encryption is also available. For more information, go to

WANTED: your reviews of products you've tested and used in production. Send your experiences and ratings of products to [email protected] and get a Best Buy gift certificate.



Windows Connections Conference

Now in its seventh year, Windows Connections returns November 6-9, at Mandalay Bay in Las Vegas. Don't miss your chance to interact with industry experts and hear the latest information on Windows Server 2003, Windows 2000 Server, and Windows XP Professional! Register and attend sessions at Microsoft Exchange Connections FREE!

Gear up for TechX World Roadshow

Hear first-hand from today's leading interoperability experts, vendors, and peers at this exclusive one-day event. You'll learn about managing OS interoperability, directory migration, data interoperability, and much more. Register for the early-bird special of $129 by August 31!

Learn all you need to know about code-signing technology, including the goals and benefits of code signing, how code signing works, and the underlying cryptographic and security concepts and building blocks.

Randy Franklin Smith outlines five evaluation points to consider when choosing your antispyware solution in this free podcast. Download it today!

When your systems go down, your users' productivity grinds to a halt. User downtime is one of the fastest growing concerns among businesses. This free Web seminar teaches you how to keep your users continuously connected and your business up and running. Live event: Thursday, August 24



Antivirus or patching software alone isn't enough to protect your valuable systems from spyware. Learn how an enterprise antispyware solution gives you an affordable--and most important, effective, solution to spyware. Download the free whitepaper today!



Monthly Online Pass--only $5.95 per month!

Includes instant online access to every article ever written in Windows IT Pro magazine, plus the latest digital issue. Order now:

Save $40 off SQL Server Magazine

Subscribe to SQL Server Magazine today and SAVE up to $40! Along with your 12 issues, you'll get FREE access to the entire SQL Server Magazine online article archive, which houses more than 2,300 helpful SQL Server articles. This is a limited-time offer, so order now:


Security UDPATE is brought to you by the Windows IT Pro Web site's Security page (first URL below) and the Windows IT Security newsletter (subscribe at the second URL below).

Subscribe to Security UPDATE at

Unsubscribe by clicking

Be sure to add [email protected] to your antispam software's list of allowed senders.

To contact us:

About Security UPDATE content -- [email protected]

About technical questions --

About your product news -- [email protected]

About your subscription -- [email protected]

About sponsoring Security UPDATE -- [email protected]

View the Windows IT Pro privacy policy at

Windows IT Pro, a division of Penton Media, Inc.

221 East 29th Street, Loveland, CO 80538

Attention: Customer Service Department

Copyright 2006, Penton Media, Inc. All rights reserved.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.