This email newsletter comes to you free and is supported by the following advertisers, which offer products and services in which you might be interested. Please take a moment to visit these advertisers' Web sites and show your support for Security UPDATE.
Secure and Configure Desktops from One Console
Security Management in a Multi-platform World
1. In Focus: The Challenge of Data Destruction, Part 2
2. Security News and Features
- Recent Security Vulnerabilities
- Trend Micro Acquires InterMute; Novell Acquires Immunix
- What IT Pros Must Know About Sarbanes-Oxley
- Microsoft Plans Gatekeeper Security Contest
3. Instant Poll
4. Security Toolkit
- Security Matters Blog
- Security Forum Featured Thread
5. New and Improved
- Stop Buffer Overflow Attacks
==== Sponsor: ScriptLogic ====
Secure and Configure Desktops from One Console
Get a FREE T-shirt when you evaluate NEW Desktop Authority 6.5, now with Anti-Spyware and Patch Management options. With this award-winning desktop management solution, you now have one console to proactively secure, manage and support desktops from a central location. Centrally configure drive mappings, printer deployments and many other settings. Plus use ScriptLogic's patented Validation Logic technology to determine how, when and where spyware is detected and removed – and how, when and where patches are scanned-for and deployed. Significantly reduce total cost of desktop and application ownership with this fully integrated solution. Download and evaluate a 30-day FREE trial of Desktop Authority 6.5 and get a FREE T-shirt. Download today at
==== 1. In Focus: The Challenge of Data Destruction, Part 2 ====
by Mark Joseph Edwards, News Editor, mark at ntsecurity / net
Two weeks ago, I wrote about the challenge of data destruction. Based on the number of responses to that column we received, the issue is something a lot of you have to deal with.
A couple of readers wrote to suggest that heating the disks to a high temperature might help destroy the magnetic properties of the platters. One reader in particular said that people who work in universities might find this concept to be an interesting exercise for students working in the physics labs.
Two more readers presented what I think is a very economical idea in terms of both time and money. They suggested having the drives crushed in a hydraulic press. One of the readers contracts with a local machine shop to do the work. He stands by while the drives are crushed, and each visit costs less than $100. The other reader said he first wipes disks with a software tool, then takes them to a local automobile scrap yard. A worker at the scrap yard crushes the drives in exchange for beer! The crushed parts could be separated into multiple lots and disposed of at several trash dumps and recycling locations.
Another interesting idea is to use an oxyacetylene cutting torch or arc welder to destroy drives. This sort of approach would certainly destroy data, however it could become expensive in terms of time and money depending on who did the work. And as one reader pointed out, the fumes released from burning drive components could be toxic.
Yet another reader wrote to suggest driving a nail through each drive. I agree that would work, but it's a lot of hammering if there are a few hundred drives to destroy. The same reader also pointed out an error I made in mentioning liquid hydrogen as a way to freeze a drive. The proper chemical is liquid nitrogen. I apologize for that mistake.
A novel solution is to use a shredder. A reader said he contracts with a company that offers an on-site shredding service for documents. As a demonstration of its shredder's ability to shred other materials, the company shredded an old laptop into pieces no bigger than a fingernail! Because the reader already contracts with the shredding company for other shredding needs, having it destroy old disk drives costs the reader nothing extra.
What if you want to recycle your hardware so that it can be used again by someone else? A reader suggested using a computer recycling company such as RetroBox, which charges a fee to collect your old systems and wipe the drives of all data using technology that meets Department of Defense specifications. RetroBox then sells the refurbished systems and returns part of the proceeds to your company. Depending on your policies and needs, this could be a reasonable solution.
Finally, another reader suggested using a data encryption solution that requires a hardware-based key to access the data, such as SecureIDE (at the URL below). If no key is available, then in theory the data can't be accessed. This is a reasonable solution for many businesses, and so are data encryption techniques that use software-based keys. However, someone might be able to recover the data if he or she has enough resources to allocate to the task.
Thanks to all of you who contributed to this list of interesting solutions.
==== Sponsor: BindView ====
Security Management in a Multi-platform World
In this free white paper you'll learn how to reduce management overhead when dealing with multiple platforms such as Windows, UNIX, Linux and NetWare, and the costs and benefits of a centralized "holistic" approach to security management. Get the ins and outs of managing multi-platform security and how you can safely, securely, and sanely manage the security infrastructure of complex, multi-platform environments.
==== 2. Security News and Features ====
Recent Security Vulnerabilities
If you subscribe to this newsletter, you also receive Security Alerts, which inform you about recently discovered security vulnerabilities. You can also find information about these discoveries at
Trend Micro Acquires InterMute; Novell Acquires Immunix
Security solution provider Trend Micro has acquired antispyware maker InterMute for approximately $15 million. Novell acquired Linux application security vendor Immunix, maker of AppArmor.
What IT Pros Must Know About Sarbanes-Oxley
Chances are you've already been affected by sections 404 and 302 of the Sarbanes-Oxley Act (SOX), whether or not you realize it. SOX has ramifications for everyone in the corporation from the CEO and board of directors down to IT professionals. Randy Franklin Smith examines the various IT areas that SOX affects to help you get a handle on your role in implementing compliance-related mandates from upper management.
Microsoft Plans Gatekeeper Security Contest
All right, all you European IT pros--it's time to dig into the security resources at http://www.gatekeepertest.com and http://emea.windowsitpro.com and brush up on your security skills because Microsoft is having a contest. The Gatekeeper Test will be open to IT pros in more than 19 European countries and will test security knowledge with 19 multiple-choice questions and one open-ended question. The grand prize winner goes to Microsoft TechEd 2005 Europe in Amsterdam on Bill G's dime. In addition to the TechEd trip, you could win a Windows XP Tablet PC, a Media Center PC, or subscriptions to Microsoft TechNet Magazine and Windows IT Pro magazine. Visit
==== Resources and Events ====
Improve Fax Messaging and Application Integration
View this on-demand Web seminar and receive a complimentary 30-day software evaluation and industry white paper! Join industry expert David Chernicoff and learn how leading organizations are incorporating fax technologies to empower users and enhance existing investments in infrastructure and applications while providing substantial ROI. Register now!
Attend the Black Hat Briefings
Attend the Black Hat Briefings & Training USA, July 23-28, 2005 in Las Vegas. World renowned security experts reveal tomorrow's threats today. Free of vendor pitches, the briefings are designed to be pragmatic regardless of your security environment. Featuring 25 hands-on training courses and 10 conference tracks. Lots of Windows stuff profiled.
Get Excited About SQL Server 2005 Reporting Services
In this free Web seminar, explore the new features associated with Microsoft SQL Server 2005 Reporting Services. You'll discover how to offer the "single version of truth" in your enterprise reporting environment with the integration of Reporting Services 2005 and the Analysis Service 2005 Unified Dimensional Model (UDM). Plus, you'll discover "Report Builder," and more. Sign up today!
Find Out What's New in SQL Server Analysis Services 2005
In this free Web seminar, get an in-depth understanding of the many new features and capabilities Microsoft has introduced in SQL Server 2005 Analysis Services. You'll learn about data source views, user-defined hierarchies, measure groups, KPIs and more! Plus--get all you need to know about integration with Integration Services and Reporting Services and the new deployment and synchronization capabilities in SQL Server 2005 Analysis Services.
==== Featured White Paper ====
Optimizing Disk-Based Backups for SMBs and Distributed Enterprises
In this free white paper, learn how your small or midsized business can optimize disk-based backup. Discover how combining disk-based backups with automated backup technology can deliver easy-to-manage backups, fast restores, and simplified creation and tracking of tape for offsite media rotation. Download this free white paper today!
==== Hot Release ====
FREE Download – The Next Generation of End-Point Security is Available Today. NEW NetOp Desktop Firewall's fast 100% driver-centric design offers a tiny footprint that protects machines from all types of malware even before Windows loads and without slowing them down. NetOp provides process & application control, real-time centralized management, automatic network detection & profiles, more. Try it FREE.
==== 3. Instant Poll ====
Results of Previous Poll: Do you map the data you collect during wireless-network audits by using tools such as StumbVerter and MapPoint?
The voting has closed in this Windows IT Pro Security Hot Topic nonscientific Instant Poll. Here are the results from the 12 votes:
- 25% Yes
- 8% I haven't been, but I plan to
- 67% No, and I don't plan to
New Instant Poll: How will you use WSUS in your enterprise?
Go to the Security Hot Topic and submit your vote for
- As my patch management infrastructure
- As a backup to SMS 2003 or other patch management infrastructure
- As a reporting tool to check on compliance with patches
- I won't be using WSUS
==== 4. Security Toolkit ====
Security Matters Blog: Firefox 1.0.4 Fixes Three Critical Security Problems
by Mark Joseph Edwards, http://www.windowsitpro.com/securitymatters
If you use Mozilla Firefox, it's time to upgrade to the latest version, 1.0.4, released May 11. The new version fixes three critical security problems.
by John Savill, http://www.windowsitpro.com/windowsnt20002003faq
Q: Are Group Policy Objects (GPOs) inherited by child domains?
Find the answer at
Security Forum Featured Thread: Blocking Port 220
A forum participant writes, "I have a Dell box running Windows Server 2003 Service Pack 1 (SP1), and my network folks tell me that it's been compromised by a Trojan horse program. They see outbound traffic over port 220. Their solution is to take the machine down and reformat the drive. There has got to be another way. How do I block this port--with an outbound firewall?" Join the discussion at
==== Announcements ====
(from Windows IT Pro and its partners)
SQL Server Magazine Gives DBAs and Developers What They Need
With SQL Server 2005 right around the corner, it's important to note that SQL Server Magazine is on target to deliver comprehensive coverage of all betas of the new product and the final release. If you aren't already a subscriber, now is the time to subscribe. Act now and save 47% off the cover price, plus get the new Reporting Services poster.
Nominate Yourself or a Friend for the MCP Hall of Fame
Are you a top-notch MCP who deserves to be a part of the first-ever MCP Hall of Fame? Get the fame you deserve by nominating yourself or a peer to become a part of this influential community of certified professionals. You could win a VIP trip to Microsoft and other valuable prizes. Enter now--it's easy:
==== 5. New and Improved ====
by Renee Munshi, [email protected]
Stop Buffer Overflow Attacks
SoftSphere Technologies announced the release of Defence Plus, the latest version of its antihacking software tool previously known as Anti-Cracker Shield. Defence Plus detects and stops buffer overflow attacks, protecting Windows, its components, and all software applications installed on the computer. When intrusion-like behavior is detected, Defence Plus blocks it and notifies you with a sound. You can click an icon to view a detailed report on the blocked attack. Defence Plus is designed for Windows NT/2000/XP/2003 and costs $39 for a single-user license. For more information, go to
Tell Us About a Hot Product and Get a T-Shirt!
Have you used a product that changed your IT experience by saving you time or easing your daily burden? Tell us about the product, and we'll send you a T-shirt if we write about the product in a future Windows IT Pro What's Hot column. Send your product suggestions with information about how the product has helped you to
Editor's note: Share Your Security Discoveries and Get $100
Share your security-related discoveries, comments, or problems and solutions in the Windows IT Security print newsletter's Reader to Reader column. Email your contributions (500 words or less) to [email protected] If we print your submission, you'll get $100. We edit submissions for style, grammar, and length.
==== Sponsored Links ====
Converting a Microsoft Access Application to Oracle HTML DB
Convert MS Access into a Web application for multiple users. Download now!
Phishing, viruses, bot-nets and more: How to prevent the "Perfect Storm" from devastating your email system
Stop attacks with a multi-layered approach. Download this white paper now!
Protecting Your Company by Managing Your Users' Internet Access
Internet access within an organization can represent a legal & security risk
==== Contact Us ====
About the newsletter -- [email protected]
About technical questions -- http://www.windowsitpro.com/forums
About product news -- [email protected]
About your subscription -- [email protected]
About sponsoring Security UPDATE -- [email protected]
This email newsletter is brought to you by Windows IT Security, the leading publication for IT professionals securing the Windows enterprise from external intruders and controlling access for internal users. Subscribe today.
Windows IT Pro, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department
Copyright 2005, Penton Media, Inc. All rights reserved.