Security UPDATE--Really Simple Syndication Security--July 6, 2005

This email newsletter comes to you free and is supported by the following advertisers, which offer products and services in which you might be interested. Please take a moment to visit these advertisers' Web sites and show your support for Security UPDATE.

Protecting Your Company by Managing Your Users' Internet Access http://www.windowsitpro.com/whitepapers/stbernard/internetaccess/index.cfm?code=secnltop706

Testing Your Security Configuration http://www.windowsitpro.com/Whitepapers/microsoft/securityconfiguration/index.cfm?code=secnlmid706

1. In Focus: Really Simple Syndication Security

2. Security News and Features
- Recent Security Vulnerabilities
- Microsoft Released Update Rollup 1 for Windows 2000 SP4
- Bluetooth Security Essentials
- Preventing Data Loss When Using EFS

3. Security Toolkit
- Security Matters Blog
- FAQ

4. New and Improved
- Prevention Is Better than the Cure

==== Sponsor: Protecting Your Company by Managing Your Users' Internet Access ==== Companies pay plenty of attention to hardening their servers and networks but pay little attention to how uncontrolled Internet access from within an organization can represent a significant legal and security risk. For example, users who browse a malicious Web site can become infected with a Trojan or other malware without their knowledge as a result of vulnerabilities in Internet Explorer. Internet filtering technology is a key player in mitigating these threats. This white paper discusses the various methods available for Internet filtering and how to use them to increase security and decrease legal exposure. Download this free white paper now! OR Do You Know If Your Network Is At Risk Of A Trojan Attack? Discover the various methods available for controlled Internet access and how to use them to increase security and decrease legal exposure. http://www.windowsitpro.com/whitepapers/stbernard/internetaccess/index.cfm?code=secnltop706

==== 1. In Focus: Really Simple Syndication Security ====
by Mark Joseph Edwards, News Editor, mark at ntsecurity / net

As you probably know by now, Really Simple Syndication (RSS) technology is hotter than a firecracker. The technology is slated to explode into the world of even more users with the eventual release of the next version of Windows (code-named Longhorn).

A slight wave of concern about security has started to grow with Microsoft's announcement that it will build RSS technology into Longhorn. Because Windows is so widely used and RSS will be built in, people have pointed out that RSS could become intruders' avenue of choice for exploiting systems.

RSS can be used to deliver all kinds of content, and by far the most popular content is HTML-based text. However, RSS can be used to deliver more than just text. You might be aware that there are ways to include file attachments in an RSS feed. As a result, we now have exceptionally great technologies such as podcasting, which is a way of delivering audio files as RSS-item attachments. Likewise, RSS can be used to deliver video, software updates, documents, spreadsheets, and all sorts of other files. The possibilities are nearly unlimited. And therein resides the concern.

RSS is a delivery vehicle for content. Some type of helper application is required to read, view, listen to, or otherwise handle that content. For example, if you have RSS deliver an MP3 audio file, then at some point, you'll launch your MP3 player to listen to that file. The same goes for HTML, video, documents, and so on. If any of the applications used to handle RSS-related data have security vulnerabilities, of course intruders will eventually find a way to deliver an exploit.

Because RSS is so widely used and RSS feeds are typically updated in a somewhat automated fashion, the potential is high that someone could exploit a large number of systems very quickly. For example, a problem in your Web browser or media player software could be exploited by delivering specially crafted content.

Combined attacks could be used too. For example, you might subscribe to an RSS feed at a major news site. An intruder might find a way to tweak your HOSTS file and DNS cache so that, unknown to you, your RSS aggregator or RSS reader goes to some other site instead. The RSS aggregator or RSS reader would then pull content from that illegitimate site and possibly launch an exploit on your system. All the while, you're none the wiser, thinking you've simply pulled the latest news articles, which of course would be designed to look exactly like the real thing.

The bottom line is that RSS isn't much of a security risk and poses few, if any, problems in and of itself. The real risks, so far as I can see, are that RSS feeds often interface with other problematic software, such as browsers, assorted media-playing software, and word processing software. To protect users, those applications need to be developed to be as secure as possible. If that isn't accomplished, computer users will be less likely to use the great RSS technology we now enjoy.

==== Sponsor: Testing Your Security Configuration ====
Over a decade ago the Department of Defense (DoD) released a statement saying, "Hack your network, or the hackers will do it for you. Up until that point, the value of vulnerability scanning and penetration testing was questionable. Today, vulnerability-scanning hackers, Internet-traveling worms, and roving bots are common. The DoD's advice given 10 years ago still holds true: You should conduct regular vulnerability and penetration testing audits to validate your security policy. This free white paper will discuss how to identify and fix vulnerabilities, discover and use vulnerability assessment tools, evaluate your security investment and more. Download your free copy now!
http://www.windowsitpro.com/Whitepapers/microsoft/securityconfiguration/index.cfm?code=secnlmid706

==== 2. Security News and Features ====

Recent Security Vulnerabilities
If you subscribe to this newsletter, you also receive Security Alerts, which inform you about recently discovered security vulnerabilities. You can also find information about these discoveries at
http://www.windowsitpro.com/departments/departmentid/752/752.html

Microsoft Released Update Rollup 1 for Windows 2000 SP4
Microsoft released Update Rollup 1 for Windows 2000 SP4, which contains all updates and patches issued as of April 30, 2005. A spokesperson for Microsoft said that there will be no Service Pack 5 for Windows 2000 and that Update Rollup 1 won't be a requirement in order to receive support during Windows 2000's extended support phase. The company believes that "the Update Rollup will meet customer needs more appropriately than a new service pack."
http://www.windowsitpro.com/Article/ArticleID/46854

Bluetooth Security Essentials
Microsoft introduced comprehensive Bluetooth support for desktops and laptops in Windows XP Service Pack 2 (SP2), and for smart phones and Pocket PCs in Windows CE. As with its better-known cousin Wi-Fi, security questions have arisen about Bluetooth. John Howie takes a look at the fundamentals of Bluetooth, including its security features and potential risks and walks you through the process of securing your Bluetooth implementation.
http://www.windowsitpro.com/Article/ArticleID/45210

Preventing Data Loss When Using EFS
Many people use the Encrypting File System (EFS) to protect their confidential files but later lose that information when they upgrade their computer or lose the computer and try to restore from backups. Randy Franklin Smith explains how to avoid losing data when using EFS.
http://www.windowsitpro.com/Article/ArticleID/46580

==== Resources and Events ====

Recover Your Active Directory
Get answers to all your Active Directory recovery questions here! Join industry guru Darren Mar-Elia in this free Web seminar and discover how to use native recovery tools and methods, how to implement a lag site to delay replication, limitations to native recovery approaches, and more. Learn how you can develop an effective AD backup strategy. Register today!
http://www.windowsitpro.com/seminars/activedirectoryrecovery/index.cfm?code=0706emailannc

Are Your Prepared to Answer Your CEO for Money Lost When Your Systems Are Down?
In this free Web seminar, you'll get the tools you need to ensure your systems aren't going down. You'll discover the various categories of high-availability and disaster-recovery solutions available and the pros and cons of each. You'll learn what solutions help you take preemptive, corrective action without resorting to a full system failover, or in extreme cases, that perform a nondisruptive, automatic switchover to a secondary server. Register Now!
http://www.windowsitpro.com/seminars/truehighavailability/index.cfm?code=0706emailannc

SQL Server 2005 Features for Developers
SQL Server 2005 offers great features for every role: DBAs, Business Intelligence (BI) analysts, and developers. In this free Web seminar, you'll discover the numerous features and productivity enhancements over SQL Server 2000, including Common Table Expressions (CTEs), DDL triggers, XML data type, using T-SQL commands, and more.
http://www.windowsitpro.com/seminars/SQLServer2005/index.cfm?code=0706emailannc

Back By Popular Demand--SQL Server 2005 Roadshow in a City Near You
Get the facts about migrating to SQL Server 2005. SQL Server experts will present real-world information about administration, development, and business intelligence to help you implement a best-practices migration to SQL Server 2005 and improve your database computing environment. Attend and receive a 1-year membership to PASS and 1-year subscription to SQL Server Magazine. Register now!
http://www.windowsitpro.com/roadshows/sqlserverusa/index.cfm?code=0706emailannc

You Could Win An iPod Mini!
Your expert opinion makes a difference--tell us what you think about industry conferences and events. Your feedback is very valuable to us. Take this short survey today!
http://www.pentonsurveys.com/survey.asp?s=01033250254096156108

==== Featured White Paper ====

Is Your Network at Risk of a Trojan Attack?
Uncontrolled Internet access from within an organization can represent a significant legal and security risk. Internet filtering technology is a key player in mitigating these threats. In this white paper, learn the various methods available for Internet filtering and how to use them to increase security and decrease legal exposure. Download this free white paper now!
http://www.windowsitpro.com/whitepapers/raritan/integratedkvm/index.cfm?code=0706emailannc

==== Hot Release ====

FREE Download – The Next Generation of End-point Security is Available Today.
NEW NetOp Desktop Firewall's fast 100% driver-centric design offers a tiny footprint that protects machines from all types of malware even before Windows loads and without slowing them down. NetOp provides process & application control, real-time centralized management, automatic network detection & profiles and more. Try it FREE.
http://www.crossteccorp.com/netopfirewall/?utm_source=winitpro&utm_medium=email&utm_campaign=ndf45

==== 3. Security Toolkit ====

Security Matters Blog: Any Problems with Win2K Update Rollup 1?
by Mark Joseph Edwards, http://www.windowsitpro.com/securitymatters

I've heard a couple of reports of problems regarding the new Update Rollup 1 package for Windows 2000 Service Pack 4 (SP4). Have you experienced any problems?
http://www.windowsitpro.com/Article/ArticleID/46896

FAQ
by John Savill, http://www.windowsitpro.com/windowsnt20002003faq

Q: How can I use a script to determine password-expiration dates for users in a domain or an organizational unit (OU) and send an email message to accounts whose passwords expire soon?

Find the answer at
http://www.windowsitpro.com/Article/ArticleID/46819

==== Announcements ====
(from Windows IT Pro and its partners)

Check Out the New Windows IT Security Newsletter!
Security Administrator is now Windows IT Security. We've expanded our content to include even more fundamentals on building and maintaining a secure enterprise. Each issue also features product coverage of the best security tools available and expert advice on the best way to implement various security components. Plus, paid subscribers get online access to our entire security article database (over 1900 security articles)! Order now:
http://www.secadministrator.com/rd.cfm?code=00eu2557su

Exclusive Content for VIP Subscribers!
Get inside access to all of the content and vast resources from Windows IT Pro, SQL Server Magazine, Exchange & Outlook Administrator, Windows Scripting Solutions, and Windows IT Security, with over 26,000 articles at your fingertips. Your VIP subscription also includes a 1-year print subscription to Windows IT Pro and a VIP CD (includes entire article database). Sign up now:
http://www.windowsitpro.com/rd.cfm?code=wveu2757bu

==== 4. New and Improved ====
by Dustin Ewing, [email protected]

Prevention Is Better than the Cure
Symantec has released Symantec Critical System Protection 4.5, an intrusion-prevention solution for desktops and servers running Windows, UNIX and Linux OSs. Symantec Critical System Protection enforces behavior-based security policies that defend and proactively protect applications on client and server platforms. The software is designed to protect against day-zero attacks and maintain system compliance. Buffer overflow and memory-based attack protection provide an added defense against sophisticated attacks. The product includes a high-performance firewall that monitors inbound and outbound network traffic connections and can block by port, protocol, and IP address range. For pricing and more information, see the company's Web site.
http://www.symantec.com

Tell Us About a Hot Product and Get a T-Shirt!
Have you used a product that changed your IT experience by saving you time or easing your daily burden? Tell us about the product, and we'll send you a T-shirt if we write about the product in a future Windows IT Pro What's Hot column. Send your product suggestions with information about how the product has helped you.
[email protected].

Editor's note: Share Your Security Discoveries and Get $100
Share your security-related discoveries, comments, or problems and solutions in the Windows IT Security print newsletter's Reader to Reader column. Email your contributions (500 words or less) to [email protected]. If we print your submission, you'll get $100. We edit submissions for style, grammar, and length.

==== Sponsored Link ====

Argent versus MOM 2005
Experts Pick the Best Windows Monitoring Solution
http://a.windowsitpro.com/RealMedia/ads/click_lx.ads/www.windowsitpro.com/TextLink/1112745096/x14/Penton/WN_Argent_July05_NLSplink_116194/1x1.gif/1

==== Contact Us ====

About the newsletter -- [email protected]
About technical questions -- http://www.windowsitpro.com/forums
About product news -- [email protected]
About your subscription -- [email protected]
About sponsoring Security UPDATE -- [email protected]