Skip navigation

Security UPDATE--Netscape 8.0 Security--May 25, 2005

This email newsletter comes to you free and is supported by the following advertisers, which offer products and services in which you might be interested. Please take a moment to visit these advertisers' Web sites and show your support for Security UPDATE.

Reduce Costs with Cyclades AlterPath OnSite

Anti-Spam product not working? What more companies are switching to . . . and why.


1. In Focus: Netscape 8.0 Security

2. Security News and Features

- Recent Security Vulnerabilities

- Windows TCP/IP Woes

- NT OBJECTives Offers Two Free Security Tools

3. Security Toolkit

- Security Matters Blog


- Security Forum Featured Thread

4. New and Improved

- Control Your Network Traffic


==== Sponsor: Cyclades ====

Reduce Costs with Cyclades AlterPath OnSite

Reduce operational costs by eliminating the need for most remote site visits with the AlterPath OnSite, Cyclades newest out-of-band infrastructure (OOBI) appliance specifically designed for small, remote branch office management. The AlterPath OnSite combines the functionality of Cyclades ACS (advanced console server) and Cyclades KVM/net (KVM over IP) to deliver serial console control, KVM control and power control (through the AlterPath PM power control unit) – in a single, easy-to-use appliance. Visit Cyclades at Microsoft Tech Ed in Orlando, Florida, June 6-9, Booth #228 and #230.


==== 1. In Focus: Netscape 8.0 Security ====

by Mark Joseph Edwards, News Editor, mark at ntsecurity / net

Netscape Communications' Netscape Browser 8.0 was released last week. I downloaded a copy and found that it has some impressive features, two of which are great innovations that I think are worth a close look. First, Netscape 8.0 can use both the Mozilla Firefox and Microsoft Internet Explorer (IE) rendering engines, which means that if you use it, you no longer have to open two browsers to get maximum functionality while surfing the Web. The IE engine is enabled by default for "trusted sites," and you can change that setting so that the Firefox engine is used by default instead. A menu option (Tools, Rendering Engine) lets you switch back and forth between the engines on the fly.

Second, configuring Netscape 8.0 is fairly simple, especially if you're familiar with Firefox. The Options dialog boxes are nearly identical in both browsers. However, one Netscape 8.0 feature that you won't find in Firefox is the Site Controls, which are similar to IE's security zones. With Site Controls, you can define master settings that determine how the browser will behave for each site you visit. There are four master settings: "I Trust This Site," "I'm Not Sure," "I Don't Trust This Site," and "Local Files." These are equivalent to IE's Trusted Sites, Internet, Restricted Sites, and Local Intranet zones, respectively. For each zone in Netscape 8.0, you can enable or disable various Web features, such as Java, JavaScript, cookies, pop-up windows, and ActiveX controls. You read that last item right--Netscape 8.0 supports ActiveX!

You can customize the master settings on a per-site basis for any sites you've added to any of the zones. Adding sites to a zone is simple. After you have a site open in the browser, right-click its tab and select Site Controls. Doing so presents a dialog box in which you can specify the zone the site should belong to and customize individual settings. You can also define a default rendering engine on a per-zone or per-site basis.

A third new security feature (also part of Site Controls) is Trust Ratings. If you enable this feature, you're relying on a third party to determine whether you should trust a Web site's content and whether it's OK to enter sensitive information at that Web site. The third party maintains catalogs of trusted and untrusted sites. The catalogs are automatically downloaded to the browser based on a schedule you define. For example, you can refresh the catalogs hourly, daily, or weekly. What Trust Ratings lacks is any information about who creates the catalogs, what classification criteria is used, and a way to view the catalogs. The feature requires that you trust it blindly to decide on your behalf. Thus, I think this feature is less useful than it could be.

Netscape 8.0 has other security-related features, some of which are similar to ones in Firefox. For example, Datacard Manager helps store information you might enter in Web forms. Passcard Manager helps you store frequently used passwords. Netscape 8.0 also supports themes and extensions. All those features are found in Firefox. Netscape 8.0 also has a handy toolbar button that erases the browser history and a Web mail manager that lets you configure account information for commonly used services such as MSN Hotmail, Yahoo!, Google's Gmail, America Online (AOL), and others. Those features don't come as standard components of Firefox, but extensions that offer such functionality are probably available.

Another feature not found in Firefox is statistics gathering. Netscape 8.0 can gather numbers about customers' browser feature usage, send them back to developers (while preserving customers' anonymity, of course), and use these statistics to improve future versions of the browser. As you would expect, when you install Netscape 8.0, you can import settings (such as preferences, cookies, browsing history) from other installed browsers, including Firefox, IE, and Opera. Although the installation routine did import all my settings, it didn't import all my search engine plug-ins, so that's one area that needs some improvement.

One thing I'm not clear about yet is how Netscape 8.0 actually uses the IE rendering engine and ActiveX controls. Does Netscape 8.0 respect the security zone settings as defined in IE? When I configure Netscape 8.0 to use the IE rendering engine, does it somehow map its own zones to IE zones to use the IE zone settings in the registry? Does it respect my IE zone settings for ActiveX behavior, such as disabling the download of unsigned controls? I did some basic testing to try to determine the functionality, and Netscape 8.0 didn't appear to use IE zone settings, but I could be wrong. If you have any information to help explain what goes on under the hood, please send me an email message with the details.

Overall, Netscape 8.0 seems like an excellent solution, particularly because of the new Site Controls and its use of both the IE and Firefox rendering engines. You can download a copy at the URL below and take it for a test drive. Note that Netscape 8.0 is based on Firefox 1.0.3 code. As such it inherited the same security problems that were present in that Firefox version. Netscape 8.0.1 has been released to correct those problems.


==== Sponsor: Postini ====

Anti-Spam product not working? What more companies are switching to . . . and why.

Many email administrators are experiencing increased frustration with their legacy anti-spam products as they battle new and more dangerous email threats. In-house software, appliances and even some services may no longer work effectively, require too much IT staff time to update and maintain, or satisfy the email security needs of different users. In this free white paper learn why many companies are switching to a managed service solution. You'll find out how to get better accuracy and effectiveness, lower overhead and administrative costs, get more flexible end user controls, improve service and support and more. Download your free copy now!


==== 2. Security News and Features ====

Recent Security Vulnerabilities

If you subscribe to this newsletter, you also receive Security Alerts, which inform you about recently discovered security vulnerabilities. You can also find information about these discoveries at

Windows TCP/IP Woes

The Land attack method has been known to the public at least since November 1997. When a Windows system receives a SYN packet that contains the same source and destination address, the packet could cause a minor Denial of Service (DoS). Microsoft issued a patch to fix the problem in IPv4, but the company's IPv6 implementation is still vulnerable.

NT OBJECTives Offers Two Free Security Tools

NT OBJECTives announced that it has made its ntoinsight 2.0 Web site analysis tool and ntoweb vulnerability assessment tool available as freeware. Ntoinsight catalogs a Web site's content, architecture, and dependencies, and can identify areas that might be used as attack points by intruders. Ntoweb is a plug-in that lets ntoinsight use the Nikto vulnerability database.


==== Resources and Events ====

Safeguard Your Exchange Servers--Plus Receive a Free eBook

Managing storage growth, providing application resiliency, and handling small errors and problems before they grow are all important aspects of boosting your Exchange Server uptime. In this free Web seminar, discover how storage and application management techniques for Exchange can be used to improve the resiliency and performance of your Exchange infrastructure. Register now and get a free eBook!

Streamline Desktop Deployments

Managing desktop software configurations doesn't have to be a manual process, resulting in unplanned costs, deployment delays, and client confusion. In this free Web seminar, find out how to manage the software package preparation process and increase your desktop reliability, user satisfaction, and IT cost effectiveness. You'll learn how to simplify the deployment and configuration process, starting with the new-application request, review, and approval process and progressing through software packaging and deployment.

Here's Your Chance To Earn $100

If you're going to TechEd 2005, we want you! Now's the time to tell us what you think--click here to see if you qualify to participate in this exclusive focus group opportunity.

Get Ready for SQL Server 2005 Roadshow in Europe

Get the facts about migrating to SQL Server 2005. SQL Server experts will present real-world information about administration, development, and business intelligence to help you implement a best-practices migration to SQL Server 2005 and improve your database computing environment. Receive a 1-year membership to PASS and 1-year subscription to SQL Server Magazine. Register now!

Get on the 64-Bit Bandwagon

In this free, on-demand Web seminar, you'll learn the most important factors and best uses of 64-bit technology. Join industry expert Mike Otey as he compares 32-bit and 64-bit technology and reveals the best platform for high performance. You'll also learn how to successfully migrate and manage the two. Register now!


==== Featured White Paper ====

Test Your Security Configuration

Today, vulnerability-scanning hackers, Internet-traveling worms, and roving bots are common. You should conduct regular vulnerability and penetration testing audits to validate your security policy. In this free white paper, learn how to identify and fix vulnerabilities, discover and use vulnerability assessment tools, evaluate your security investment, and more. Download your free copy now!


==== Hot Release ====

Saving Time and Money with Network Faxing

Despite the rise of e-mail and the Internet, fax continues to be an important means of business communication. Organizations can save significantly on long distance costs, increase worker productivity, and streamline their business processes simply by connecting a fax server to their local area network. Get this white paper now!


==== 3. Security Toolkit ====

Security Matters Blog: Hack IIS 6.0

by Mark Joseph Edwards,

Feel like testing your hacking skills against IIS? If you can break into the test server, you'll win an Xbox. Head over to and read the rules of engagement. The contest ends June 8.


by John Savill,

Q: How can I restrict the application of Group Policy Object (GPOs) depending on the client machine's OS?

Find the answer at

Security Forum Featured Thread: Accessing the Security Log on a DC

A forum participant writes that he has a third-party audit tool running in Active Directory on Windows Server 2003. The configuring administrators of the audit tool aren't domain administrators, but they must have access to the Security log of the DCs to get the needed events. Is it possible to give access to the Security log on a DC without a membership in Domain Admins? Join the discussion at


==== Announcements ====

(from Windows IT Pro and its partners)

Why Do You Need the Windows IT Pro Master CD?

There are three good reasons to order our latest Windows IT Pro Master CD. One, because it's a lightning-fast, portable tool that lets you search for solutions by topic, author, or issue. Two, because it includes our Top 100 Windows IT Pro Tips. Three, because you'll also receive exclusive, subscriber-only access to our entire online article database. Click here to discover even more reasons:

Nominate Yourself or a Friend for the MCP Hall of Fame

Are you a top-notch MCP who deserves to be a part of the first-ever MCP Hall of Fame? Get the fame you deserve by nominating yourself or a peer to become a part of this influential community of certified professionals. You could win a VIP trip to Microsoft and other valuable prizes. Enter now--it's easy:


==== 4. New and Improved ====

by Renee Munshi, [email protected]

Control Your Network Traffic

Lightspeed Systems offers Total Traffic Control (TTC) 5.03 for schools, government departments, and businesses. TTC 5.03 performs content filtering, spam blocking, bandwidth management, and reporting. TTC 5.03 incorporates a Security Agent, which augments virus signature matching with behavior analysis to identify and prevent malicious threats. The Security Agent enables administrators to quickly classify any undesirable application as a known malicious program and distribute that information to systems on the network. TTC 5.03 also has new spam-blocking techniques and can block Web searches on words that you specify. For more information, go to

Tell Us About a Hot Product and Get a T-Shirt!

Have you used a product that changed your IT experience by saving you time or easing your daily burden? Tell us about the product, and we'll send you a T-shirt if we write about the product in a future Windows IT Pro What's Hot column. Send your product suggestions with information about how the product has helped you to

[email protected]

Editor's note: Share Your Security Discoveries and Get $100

Share your security-related discoveries, comments, or problems and solutions in the Windows IT Security print newsletter's Reader to Reader column. Email your contributions (500 words or less) to [email protected] If we print your submission, you'll get $100. We edit submissions for style, grammar, and length.


==== Sponsored Links ====

Symantec and Gartner Present Client Resilience

Symantec Webcasts: Ensure devices are available and compliant.;16531043;8214395;c?

Converting a Microsoft Access Application to Oracle HTML DB

Convert MS Access into a Web application for multiple users. Download now!;15956147;8214395;r?

Protecting Your Company by Managing Your Users' Internet Access

Internet access within an organization can represent a legal & security risk


==== Contact Us ====

About the newsletter -- [email protected]

About technical questions --

About product news -- [email protected]

About your subscription -- [email protected]

About sponsoring Security UPDATE -- [email protected]


This email newsletter is brought to you by Windows IT Security, the leading publication for IT professionals securing the Windows enterprise from external intruders and controlling access for internal users. Subscribe today.

View the Windows IT Pro privacy policy at

Windows IT Pro, a division of Penton Media, Inc.

221 East 29th Street, Loveland, CO 80538

Attention: Customer Service Department

Copyright 2005, Penton Media, Inc. All rights reserved.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.