Skip navigation

Security UPDATE--Phishing and Pharming--June 22, 2005

This email newsletter comes to you free and is supported by the following advertisers, which offer products and services in which you might be interested. Please take a moment to visit these advertisers' Web sites and show your support for Security UPDATE.

Download NOW and be the First-to-Know

Testing Your Security Configuration


1. In Focus: Phishing and Pharming

2. Security News and Features

- Recent Security Vulnerabilities

- Three Previous Microsoft Security Bulletins Re-released

- Setting Up Windows Server Update Services

3. Instant Poll

4. Security Toolkit

- Security Matters Blog


5. New and Improved

- Rugged and Encrypted Laptop


==== Sponsor: TNT Software ====

Download NOW and be the First-to-Know

Download ELM Enterprise Manager from TNT Software NOW and be the First-to-Know when changing conditions indicate security threats. ELM is the comprehensive monitoring, alerting and reporting solution that gives IT Managers confidence that their systems are continuously watched, and that they will be immediately alerted when suspicious activities occur. Security breaches can be minimized when real-time monitoring and alerting strategies are deployed. To experience the benefits of fortifying your security perimeter with ELM Enterprise Manager, take a FREE full featured, 10 system, 30 day evaluation test drive NOW.


==== 1. In Focus: Phishing and Pharming ====

by Mark Joseph Edwards, News Editor, mark at ntsecurity / net

You've undoubtedly heard of "phishing," luring users (typically through email messages) to phony Web sites that imitate legitimate Web sites to try to trick users into divulging private information such as logon IDs, passwords, and account numbers. Phishing can lead to unauthorized monetary charges against your merchant accounts, unauthorized use of your services, and more.

Tools such as CoreStreet's SpoofStick (at first URL below) and the Netcraft Toolbar (at second URL below) can help in some cases. Both tools are add-ons for Microsoft Internet Explorer (IE) and Mozilla Firefox that try to determine and display the real domain of the site you're visiting.

Recently, hackers are combining phishing with DNS poisoning or DNS hijacking--also known as "pharming." In a pharming attack, the attacker changes DNS records of the servers at an ISP or at the company that's the target of the attack or modifies a client system's HOSTS file or DNS settings. Obviously, protecting against such attacks means devising some method of establishing trust in DNS query results. The two tools I mentioned above don't help much against pharming.

I know of three ways to help prevent pharming attacks. The first method is for a company to use a service, such as one recently announced by MarkMonitor, to monitor the company's DNS servers for unauthorized changes. When unauthorized changes are detected, MarkMonitor alerts the company so that it can begin working to correct the situation.

A second method, which is also new, is to use Next Generation Security's (NGSEC's) AntiPharming tool, which works at the client level (rather than the server level) to prevent unauthorized changes to a system's HOSTS file and local DNS settings. It also listens on the system's network interfaces to capture DNS query responses and then doublechecks those responses against "three secure DNS servers." The tool comes with three DNS servers preconfigured, and you can modify those server addresses as you see fit. The tool is available free for personal use and requires a fee for commercial use.

Another new solution, Identity Cues from Green Armor Solutions, works at the Web site level. The first time a user logs on to an Identity Cues-protected Web site, the product generates colored visual cues that will then appear each time the user logs on to the site. A spoofed Web site won't be able to generate the same cues, so a user sent to a spoofed site will immediately know that he or she isn't visiting the legitimate Web site. Identity Cues is definitely a novel concept.

All three approaches sound like good ideas and would go a long way towards thwarting phishing and pharming. I suspect that there are other ways to help prevent pharming, but at this point I'm unaware of any other solutions. If you know of any, please send me an email message that fills me in on the details.


Calling All Windows IT Pro Innovators!

Have you developed a solution that uses Windows technology to solve a business problem in an innovative way? Enter your solution in the Windows IT Pro Innovators Contest! Grand-prize winners will receive a host of great prizes and a write-up in the November 2005 issue. Contest extended to July 1, 2005! To enter, click here:


==== Sponsor: Microsoft ====

Testing Your Security Configuration

Over a decade ago the Department of Defense (DoD) released a statement saying, "Hack your network, or the hackers will do it for you." Today, vulnerability-scanning hackers, Internet-traveling worms, and roving bots are common. This free white paper will discuss how to identify and fix vulnerabilities, discover and use vulnerability assessment tools, evaluate your security investment and more. Download your free copy now!


==== 2. Security News and Features ====

Recent Security Vulnerabilities

If you subscribe to this newsletter, you also receive Security Alerts, which inform you about recently discovered security vulnerabilities. You can also find information about these discoveries at

Three Previous Microsoft Security Bulletins Re-released

Microsoft released ten security bulletins this month. Did you know the company also re-released three older security bulletins? Find out what they are and whether you need to load them in this story on our Web site.

Setting Up Windows Server Update Services

Patch management is a headache for security administrators at most organizations. Microsoft has developed an improved patch-management product, called Windows Server Updates Services. WSUS offers benefits for organizations of all sizes, thanks to its flexibility, advanced features, and ease of deployment. John Howie walks you through the process of installing and configuring WSUS for your organization, obtaining updates, and configuring clients to use WSUS to obtain updates.


==== Resources and Events ====

Anti-spam product not working?

Many email administrators are experiencing increased frustration with their current anti-spam products as they battle new and more dangerous email threats. In-house software, appliances and even some services may no longer work effectively, require too much IT staff time to update and maintain, or satisfy the needs of different users. In this free Web seminar, learn how you can search for a better way to protect your email systems and users.

Back By Popular Demand - SQL Server 2005 Roadshow in a City Near You

Get the facts about migrating to SQL Server 2005. SQL Server experts will present real-world information about administration, development, and business intelligence to help you implement a best-practices migration to SQL Server 2005 and improve your database computing environment. Attend and receive a 1-year membership to PASS and 1-year subscription to SQL Server Magazine. Register now!

Token Authentication: Getting It Right

Perhaps you need tokens for management or mobile workers or your only applications that need token support are VPN, extranet access, or PC security. In this free Web seminar, join industry guru Randy Franklin Smith and learn how you can make a solid business case to management that justifies tokens. You'll also discover what the right combination of token devices and middleware can do. Plus - receive checklists of key evaluation and testing points for rollout time. Register now!

Recover Your Active Directory

Get answers to all your Active Directory recovery questions here! Join industry guru Darren Mar-Elia in this free Web Seminar and discover how to use native recovery tools and methods, how to implement a lag site to delay replication, limitations to native recovery approaches and more. Learn how you can develop an effective AD backup strategy - Register today!

The Essential Guide to Exchange Preventative Maintenance

Database health is the weakest link in most Microsoft Exchange Server environments. Download this Essential Guide now and find out how the ideal solution is an automated, end-to-end maintenance and management tool that provides a centralized view of the entire managed infrastructure. Get your free copy now!


==== Featured White Paper ====

Avoiding Availability Pitfalls in Microsoft Exchange Environments

Many solutions are targeted at making Exchange email environments more reliable, however a wide range of potential difficulties still lurk, waiting to interrupt service and, ultimately, your business. In this free white paper, discover the more common pitfalls that can lessen Exchange availability and the recommendations for what you can do to avoid the problem and better plan your Microsoft Exchange messaging environment.


==== Hot Release ====

FREE Download - The Next Generation of End-point Security is Available Today.

NEW NetOp Desktop Firewall's fast 100% driver-centric design offers a tiny footprint that protects machines from all types of malware even before Windows loads and without slowing them down. NetOp provides process & application control, real-time centralized management, automatic network detection & profiles and more. Try it FREE.


==== 3. Instant Poll ====

Results of Previous Poll: How will you use WSUS in your enterprise?

The voting has closed in this Windows IT Pro Security Hot Topic nonscientific Instant Poll. Here are the results from the 32 votes.

- 56% As my patch management infrastructure

- 6% As a backup to SMS 2003 or other patch management infrastructure

- 0% As a reporting tool to check on compliance with patches

- 38% I won't be using WSUS

New Instant Poll: Does your network firewall provide stateful application-layer inspection in addition to the traditional stateful packet inspection?

Go to the Security Hot Topic and submit your vote for

- Yes

- No

==== 4. Security Toolkit ====

Security Matters Blog: Security Checklists and Scripts

by Mark Joseph Edwards,

If you're looking for security checklists and helper scripts for Windows platforms, there are several available from Corp-Sec, a nonprofit group of IT professionals. In addition to those resources, you can also find scripts that help with incident response, a list of security mailing lists that you might want to join, whitepapers, and more.


by John Savill,

Q: What's port 445 used for in Windows 2000 and later versions?

Find the answer at


==== Announcements ====

(from Windows IT Pro and its partners)

Why Do You Need the Windows IT Pro Master CD?

There are three good reasons to order our latest Windows IT Pro Master CD. One, because it's a lightning-fast, portable tool that lets you search for solutions by topic, author, or issue. Two, because it includes our Top 100 Windows IT Pro Tips. Three, because you'll also receive exclusive, subscriber-only access to our entire online article database. Click here to discover even more reasons:

Monthly Online Pass = Quick Security Answers!

Sign up today for your Monthly Online Pass and get 24/7 access to the entire online Windows IT Security article database, including exclusive subscriber-only content. That's a database of over 1,900 Security articles to help you get all the answers you need, when you need them. Sign up now for just US$14.95 per month:


==== 5. New and Improved ====

by Renee Munshi, [email protected]

Rugged and Encrypted Laptop

Getac's MobileForce M220 ruggedized notebook computer is now available with Enova X-Wall 40-bit real-time cryptographic gateways. Once the encryption is activated, users and potential hackers must manually enter a 5-character alphanumeric preboot password to load the OS and view the contents of the drive. This password resides only in a Secret Key on the hard disk drive (not in the registry), making the drive seem unformatted if stolen and installed in another computer. The M220 with Enova X-Wall LX-40 security is designed for accounting and insurance audit, military, police, fire, homeland security, medical, and banking applications. It's priced at $3995 with significant volume and other discounts available. For more information, go to

Tell Us About a Hot Product and Get a T-Shirt!

Have you used a product that changed your IT experience by saving you time or easing your daily burden? Tell us about the product, and we'll send you a T-shirt if we write about the product in a future Windows IT Pro What's Hot column. Send your product suggestions with information about how the product has helped you to

[email protected].

Editor's note: Share Your Security Discoveries and Get $100

Share your security-related discoveries, comments, or problems and solutions in the Windows IT Security print newsletter's Reader to Reader column. Email your contributions (500 words or less) to [email protected]. If we print your submission, you'll get $100. We edit submissions for style, grammar, and length.


==== Sponsored Links ====

Quest Software

Eleven things you must know about quick AD recovery!;17412125;8214395;c?


==== Contact Us ====

About the newsletter -- [email protected]

About technical questions --

About product news -- [email protected]

About your subscription -- [email protected]

About sponsoring Security UPDATE -- [email protected]


This email newsletter is brought to you by Windows IT Security, the leading publication for IT professionals securing the Windows enterprise from external intruders and controlling access for internal users. Subscribe today.

View the Windows IT Pro privacy policy at

Windows IT Pro, a division of Penton Media, Inc.

221 East 29th Street, Loveland, CO 80538

Attention: Customer Service Department

Copyright 2005, Penton Media, Inc. All rights reserved.

TAGS: Security
Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.