Security UPDATE--A Different Kind of Honeypot Project--May 2, 2007

IN FOCUS: A Different Kind of Honeypot Project

NEWS AND FEATURES

- Dangerous QuickTime and Java Flaw Affects Windows

- Browser Toolbars Integrate Real-Time Anti-Malware Defenses

- Microsoft Prepares Forefront Client Security for May Release

- Recent Security Vulnerabilities

GIVE AND TAKE

- Security Matters Blog: Vbootkit Bypasses Vista Code Signing

- FAQ: Get Windows 2003 SP2

- From the Forum: Looking for Password Analyzer

- We Need Your Feedback About the Products You Use

- Share Your Security Tips

PRODUCTS

- Easier Management of Data Encryption Appliances

RESOURCES AND EVENTS

FEATURED WHITE PAPER

ANNOUNCEMENTS

=== SPONSOR: Ironport

Email Security for the 21st Century

Protect your users and your network against email-borne threats. This free eBook gives you the knowledge required to understand the real threat that email-borne attacks pose, and how to address those attacks in a way that reduces risk while ensuring users aren't impacted. Download it today!

http://www.windowsitpro.com/go/ebooks/ironport/emailsecurity/?code=securitytop0502

=== IN FOCUS: A Different Kind of Honeypot Project

by Mark Joseph Edwards, News Editor, mark at ntsecurity / net

Honeypots are excellent tools for preemptive forensic investigation. They let you see what intruders are targeting in your network, monitor their activity, capture their exploits, and more. So when I think of honeypots, that's typically the image that comes to mind. But a new type of honeypot project is aimed squarely at spammers.

Project Honey Pot is a community effort that aims to identify spammers and email address harvesters and put them out of business by eliminating their ability to deliver spam and thus hitting them where it hurts most: in the pocketbook.

The way it works is relatively simple. Web developers insert special code into their Web server platform that communicates with Project Honey Pot servers. The code grabs unique email addresses (tied to the IP address of the Web site visitor) from Project Honey Pot servers that are then inserted into the Web site dynamically. The email addresses of course are spam traps operated by Project Honey Pot. So when robots or people harvest those addresses and mail arrives in those traps, the project can track and identify the spammers.

Project Honey Pot also operates a new blacklist DNS system (called http:BL), similar to those used by email DNS blacklist providers. Web site developers can use Project Honey Pot's API to query the http:BL DNS servers by using a Web site visitor's IP address. The DNS query results reveal whether the visitor is a known harmless search engine robot, a known spammer, or a known email harvester. Code written by the Web developer can then take action based on the visitor's categorization. For example, If the DNS query returns info that says the visitor IP address is that of a spammer, code can prevent the visitor from posting a comment and thus prevent comment spam.

Overall, I think the project is a pretty good idea. Integrating a spam trap into your site isn't incredibly difficult. After you sign up for an account, you can download ready-made code in one of several languages, including Active Server Pages (ASP), PHP, Perl, Python, ColdFusion, and more. You drop the code into your Web site and make a link to it somewhere. If you run Apache, module code is available that you can integrate directly to work with http:BL. You can also donate MX records from your own domains that will be used to create spam traps shared at Project Honey Pot.

So far, the project has identified more than 15,000 email address harvesters and 2.5 million spam servers and currently operates more than 2.2 million spam traps. Last week, the project announced that it has filed a $1 billion lawsuit, the largest antispam suit ever, against spammers for harvesting email addresses and spamming Project Honey Pot members. The suit comes as a result of two years of tracking spammers.

You can read more about the suit at the first URL below (click the days of the week on the left-hand side of the screen to see other recent announcements, including integration information). If you're interested in joining the project, visit the home page at the second URL below, where you'll find a link to register along with links to a FAQ and more.

http://www.projecthoneypot.org/5days_thursday.php

http://www.projecthoneypot.org

===

You can win $100 by voting for the products you find most useful in Windows IT Pro's Community Choice Awards! Give us your feedback to qualify to win one of twelve $100 Amazon.com gift certificates. Voting is open through May 21. Winners will be announced in the August 2007 issue of Windows IT Pro. Go to

http://forums.windowsitpro.com/web/forum/messageview.aspx?catid=96&threadid=84652&enterthread=y

=== SPONSOR: Sherpa Software

Roadmap to Email Archiving and Compliance

How will compliance regulations affect your IT infrastructure? Help design your retention and retrieval, privacy and security policies to make sure that your organization is compliant. Download the free eBook today!

http://www.windowsitpro.com/go/ebooks/sherpa/compliance/?code=secmid0502

=== SECURITY NEWS AND FEATURES

Dangerous QuickTime and Java Flaw Affects Windows

At the recent CanSecWest conference, Shane Macaulay and Dino Dai Zovi worked in tandem to successfully break into a MacBook Pro running OS X by using a zero-day exploit. The security flaw is now believed to also affect Windows platforms.

http://www.windowsitpro.com/Article/ArticleID/95876

Browser Toolbars Integrate Real-Time Anti-Malware Defenses

Toolbars from Exploit Prevention Labs and Finjan help protect against malicious content in Web sites and search results by scanning Web page content in real time without the use of signature databases.

http://www.windowsitpro.com/Article/ArticleID/95915

Microsoft Prepares Forefront Client Security for May Release

Microsoft will ship its long-awaited Forefront Client Security product--a managed security solution for enterprises--in "the next month or so," according to Microsoft CEO Steve Ballmer.

http://www.windowsitpro.com/Article/ArticleID/95879

Recent Security Vulnerabilities

If you subscribe to this newsletter, you also receive Security Alerts, which inform you about recently discovered security vulnerabilities. You can also find information about these discoveries at

http://www.windowsitpro.com/departments/departmentid/752/752.html

=== SPONSOR: ShoreTel

Enterprises Rate Important IP Telephony Features

This comprehensive guide is invaluable for those evaluating VoIP and shows how organizations can reduce cost and improve operations to help you to plan and implement an IP phone system. Define system components - Identify network requirements - Learn important standards - Learn deployment options:

http://findtechinfo.com/penton/nl/264

=== GIVE AND TAKE

SECURITY MATTERS BLOG: Vbootkit Bypasses Vista Code Signing

by Mark Joseph Edwards, http://www.windowsitpro.com/securitymatters

As expected, Vista isn't perfect. It's possible to load unsigned code into the kernel. Vbootkit proves it.

http://www.windowsitpro.com/Article/ArticleID/95909

FAQ: Get Windows 2003 SP2

by John Savill, http://www.windowsitpro.com/windowsnt20002003faq

Q: Where can I download Windows Server 2003 SP2?

Find the answer at

http://www.windowsitpro.com/Article/ArticleID/95857

FROM THE FORUM: Looking for Password Analyzer

A forum participant is looking for some sort of utility to run on a server that would find weak user passwords and send an alert about them. Join the discussion at

http://forums.windowsitpro.com/web/forum/messageview.aspx?catid=42&threadid=85249&enterthread=y

WE NEED YOUR FEEDBACK ABOUT THE PRODUCTS YOU USE!

Share your product experience with your peers. Have you discovered a great product that saves you time and money? Do you use something you wouldn't wish on anyone? Tell the world! If we publish your opinion, we'll send you a Best Buy gift card! Send information about a product you use and whether it helps or hinders you to [email protected].

SHARE YOUR SECURITY TIPS AND GET $100

Share your security-related tips, comments, or problems and solutions in Security Pro VIP's Reader to Reader column. Email your contributions to [email protected]. If we print your submission, you'll get $100. We edit submissions for style, grammar, and length.

=== PRODUCTS

by Renee Munshi, [email protected]

Easier Management of Data Encryption Appliances

Decru announced the Decru SecureView framework to centralize management of its encryption and key management appliances. The appliances are used to encrypt stored data. The framework provides secure management of up to 1,000 devices from one interface. Features include administrator management, role-based access controls (RBAC), configuration and patch management, rolling upgrades, performance and access monitoring, and centralized graphical and command-line interfaces to enable the automation of operations across groups of appliances. For more information, go to

http://www.decru.com/

=== RESOURCES AND EVENTS

For more security-related resources, visit

http://www.windowsitpro.com/go/securityresources

Windows + UNIX/Linux = You Need TechX World!

If you work in an environment that includes both Windows and UNIX or Linux, TechX World is the place to go for practical strategies and resources to add to your toolkit. This one-day technical training event will teach you how to make the most of open-source tools on Windows and how to manage and sync multiple directories. Register today!

http://www.techxworld.com/registration/?code=epromo

Get Ready for Exchange & Office 2007 Roadshow--free!

The successful Microsoft-partnered Get Ready for Exchange & Office 2007 Roadshow is coming to Stockholm! Three independent, respected technical speakers--Jim McBee, Mark Arnold, and Ben Schorr--will deliver tracks on securing, managing, and deploying Exchange and Office 2007 and using Exchange Server 2007 capabilities to improve your messaging environment. Register today for this free day-long event. Your delegate bag will include Microsoft Exchange Server 2007 and Office 2007 Beta 2 Software Kits.

Venue: Berns Hotel, Stockholm

Date: Monday, 14 May 2007

http://www.windowsitpro.com/roadshows/exchange2007europe/

Get Ready for the Windows Server Longhorn Roadshow!

Seize control of your Windows infrastructure with Microsoft's biggest server release since Windows 2003. Get a live, under-the-hood look at Longhorn virtualization, deployment, Web services, and breakthroughs in core reliability. This one-day event is filled with demonstrations and in-depth discussions designed for IT pros who want a deep understanding of Windows Server Longhorn.

http://www.windowsitpro.com/roadshows/longhorn/?code=epromo

=== FEATURED WHITE PAPER

Increase customer confidence with the latest breakthrough in online security--Extended Validation SSL. Extended Validation triggers a green address bar in Internet Explorer 7.0 that proves site identity. Get the green bar and higher sales by reading the technical white paper "Maximizing Site Visitor Trust Using Extended Validation SSL."

http://www.windowsitpro.com/go/whitepaper/verisign/validationssl/?code=0430featwp

=== ANNOUNCEMENTS

Introducing a Unique Security Resource

Security Pro VIP is an online information center that delivers new articles every week on topics such as perimeter security, authentication, and system patches. Subscribers also receive tips, cautionary advice, direct access to our editors, and a host of other benefits! Order now at an exclusive charter rate and save up to $50!

https://store.pentontech.com/index.cfm?s=1&promocode=eu2574us

Introducing a Unique Exchange and Outlook Resource

Exchange & Outlook Pro VIP is an online information center that delivers new articles every week on messaging topics such as administration, migration, security, and performance. Subscribers also receive tips, cautionary advice, direct access to our editors, and a host of other benefits! Order now at an exclusive charter rate and save up to $50!

https://store.pentontech.com/index.cfm?s=1&promocode=eu2372ue