Security UPDATE--Search Engines Increase Web Site Security--January 19, 2005

This email newsletter comes to you free and is supported by the following advertisers, which offer products and services in which you might be interested. Please take a moment to visit these advertisers' Web sites and show your support for Security UPDATE.

Free White Paper: Email Encryption and Compliance

http://ad.doubleclick.net/clk;13435400;8214395;z?http://www.windowsitpro.com/whitepapers/postini/emailencryption/index.cfm?code=0119sec_p

Exchange & Outlook Administrator

http://ad.doubleclick.net/clk;13435310;8214395;z?http://www.exchangeadmin.com/rd.cfm?code=fsep2351up

1. In Focus: Search Engines Increase Web Site Security

2. Security News and Features

- Recent Security Vulnerabilities

- The Scoop on Microsoft's Malicious Software Removal Tool

- AMD Adds Holographic Security Labels to Processors

- Review: Security Explorer 4.8

3. Security Matters Blog

- The Race to Protect Customers

- A Matter of Daze

4. Security Toolkit

- FAQ

- Security Forum Featured Thread

5. New and Improved

- Secure Middleware Repriced and Repackaged

==== Sponsor: Postini ====

Free White Paper: Email Encryption and Compliance

New regulations, legal liability issues and evolving threats have recently bumped the issue of secure email transmission to the top of IT security managers "To Do" list. In this free white paper you'll learn how simple and cost effective is it to implement TLS-based secure email transmission. Download this whitepaper now to find out how to support the dual goals of securing email transmission while preserving the administrator's ability to filter out spam, viruses and prevent email content policy violations.

http://ad.doubleclick.net/clk;13435400;8214395;z?http://www.windowsitpro.com/whitepapers/postini/emailencryption/index.cfm?code=0119sec_p

==== 1. In Focus: Search Engines Increase Web Site Security ====

by Mark Joseph Edwards, News Editor, mark at ntsecurity / net

Back in July 2004, I mentioned a whitepaper, "Demystifying Google Hacks," by Debasis Mohanty. The paper outlines several ways in which someone can use a particular search syntax in Google to query for sites that might have known vulnerabilities. The paper is at the first URL below. The Security UPDATE in which I wrote about it is at the second URL below.

http://www.infosecwriters.com/texts.php?op=display&id=191

http://www.windowsitpro.com/Article/ArticleID/43376/43376.html

For example, Google supports query syntax that uses the commands intitle:, inurl:, allinurl:, filetype:, intext:, and more. Google isn't the only search engine that supports this sort of query syntax. MSN Search, AlltheWeb, Yahoo! Search, and others support a similar syntax to varying degrees.

As you know, the Santy worm, which takes advantage of search engine queries to find vulnerable sites, was released around the Christmas holidays. Recently, someone posted a message to a popular techno-gadget-related blog site stating that he'd found a search query that can locate vulnerable Webcams.

If worm writers and other people are using search engines to find vulnerabilities, you might want to try the same techniques to check your own Web sites for vulnerabilities. Instead of typing or pasting query after query into search engines, you can use scripts to store queries and automate the actual querying and result-gathering process. Another solution is to use a tool specifically designed for the task. Foundstone (now a division of McAfee) recently released a new version of its SiteDigger tool (2.0) that automates the process of using Google to scan for vulnerabilities in a given site.

http://www.foundstone.com/resources/proddesc/sitedigger.htm

SiteDigger 2.0 has several added capabilities. Foundstone boasts that it now provides "10 times more results." The tool also has an improved user interface, an expanded Help file, an improved results page, and improvements for signature updates. The company also said that SiteDigger 2.0 produces less false positives, which means it's less prone to alert you to problems that don't really exist. The new tool can also perform raw searches, and as you might expect, it can detect some of the latest vulnerabilities, such as overly exposed Webcams.

SiteDigger requires the Microsoft .NET Framework and also relies on the Google API, so you'll need to obtain the API license key, which is a simple process. More information about how to get the license key can be found at Foundstone's SiteDigger Web page.

I wonder why Foundstone limits SiteDigger to Google queries. I think the tool would be even more useful if the company added support for other major search engines. Nevertheless, it's a useful tool as it stands. Get yourself a copy and check it out.

==== Sponsor: Exchange & Outlook Administrator ====

Try a Sample Issue of Exchange & Outlook Administrator!

If you haven't seen Exchange & Outlook Administrator, you're missing out on key information that will go a long way towards preventing serious messaging problems and downtime. Request a sample issue today, and discover tools you won't find anywhere else to help you migrate, optimize, administer, backup, recover, and secure Exchange and Outlook. Order now!

http://ad.doubleclick.net/clk;13435310;8214395;z?http://www.exchangeadmin.com/rd.cfm?code=fsep2351up

==== 2. Security News and Features ====

Recent Security Vulnerabilities

If you subscribe to this newsletter, you also receive Security Alerts, which inform you about recently discovered security vulnerabilities. You can also find information about these discoveries at

http://www.windowsitpro.com/departments/departmentid/752/752.html

The Scoop on Microsoft's Malicious Software Removal Tool

Microsoft's Malicious Software Removal Tool (MSRT) is now available and will be updated on the second Tuesday of each month, according to Microsoft. The tool is essentially a consolidation of the company's other malware cleaning tools. The new all-in-one tool is currently designed to remove the Blaster, MyDoom, Sasser, Zindos, Nachi, Gaobot, Doomjuice, and Berbew forms of malware.

http://www.windowsitpro.com/Article/ArticleID/45064

AMD Adds Holographic Security Labels to Processors

To help thwart illegitimate copies of its Processor-in-a-Box (PIB) technology, Advanced Micro Devices (AMD) has added new holographic labels to ensure authenticity.

http://www.windowsitpro.com/Article/ArticleID/45055

Review: Security Explorer 4.8

ScriptLogic's Security Explorer 4.8 lets administrators quickly and easily audit and adjust permission attributes for NTFS file systems, registries, and shares on local or remote computers. The program executes quickly and displays exactly what you want: directories, files, and their associated permissions. Read Jeff Fellinge's review on our Web site.

http://www.windowsitpro.com/Article/ArticleID/44699

==== Announcements ====

(from Windows IT Pro and its partners)

True High-Availability for Microsoft Exchange Web Seminar--February 3

Discover solutions that minimize the likelihood of downtime in your Exchange implementation and help to ensure continuous Exchange application availability. In this free Web seminar, learn how you can ensure high-availability through the use of tools that analyze and proactively monitor the health of your entire Exchange environment. Register now!

http://www.windowsitpro.com/seminars/highavailability/index.cfm?code=0117emailannc

Got NDS? Get The Essential Guide to an NDS-to-Active Directory Migration

Migrating from NDS or eDirectory to AD can present complexities and pitfalls. For a smooth transition, you must prepare for the challenge and simplify your migration processes. The Essential Guide to an NDS-to-Active Directory Migration shows you how to perform a successful migration with minimal impact on your organization. Download this guide today.

http://www.windowsitpro.com/essential/index.cfm?code=0117emailannc

Windows Connections Conference Spring 2005

Mark your calendar for Windows Connections Spring 2005, April 17-20, 2005, at the Hyatt Regency in San Francisco. Sessions jam-packed with tips and techniques you need to know to ensure success in today's enterprise deployments. Get the complete brochure online or call 203-268-3204 or 800-505-1201 for more information.

http://ad.doubleclick.net/clk;13381178;8214395;l?http://www.winconnections.com

Sensible Best Practices for Exchange Availability Web Seminar--January 27

If you're discouraged about not having piles of money for improving the availability of your Exchange server, join Exchange MVP Paul Robichaux for this free Web seminar and learn how to maximize your existing configuration. Survive unexpected outages, plan for the unplannable, and evaluate what your real business requirements are without great expense. Register now!

http://www.windowsitpro.com/seminars/exchangeavailability/index.cfm?code=0117emailannc

==== 3. Security Matters Blog ====

by Mark Joseph Edwards, http://www.windowsitpro.com/securitymatters

Check out these recent entries in the Security Matters blog:

The Race to Protect Customers

Ever wonder what goes on inside a company that provides security solutions on "Patch Tuesday"? Learn about the scramble that takes place in order to protect customers before exploits are turned loose on the unsuspecting public.

http://www.windowsitpro.com/Article/ArticleID/45063

A Matter of Daze

The day after "Patch Tuesday" can reasonably be called "Exploit Wednesday" because, invariably, someone will learn how to take advantage of the published vulnerabilities and release loads of technical information within 24 hours.

http://www.windowsitpro.com/Article/ArticleID/45076

==== 4. Security Toolkit ====

FAQ, by John Savill, http://www.windowsitpro.com/windowsnt20002003faq

Q: I have Zone Labs' ZoneAlarm firewall installed, and it's reporting a problem with Microsoft Application Error Reporting. What's causing this error?

Find the answer at

http://www.windowsitpro.com/Article/ArticleID/44922

Security Forum Featured Thread: File-Based Restrictions in Folders

A forum participant writes that his company has a shared folder that contains all the company's official business files, including a lot of multimedia files (such as .mpg and .avi files) that need to be backed up. He wants to know if there is any way to restrict users from putting personal .mpg, .avi, .mp3, and other files into particular folders on his server so that these personal files won't fill his tape backups? Join the discussion at:

http://www.windowsitpro.com/Forums/messageview.cfm?catid=42&threadid=129022

==== Events Central ====

(A complete Web and live events directory brought to you by Windows IT Pro at http://www.windowsitpro.com/events )

Ensure Successful Token Authentication

Take the first steps toward leaving passwords behind and implementing tokens for your users and systems. Register now for this free Web seminar and find out how you can future-proof your investment, while making a solid business case to justify the costs. Discover pitfalls to avoid, the right combinations to use, key evaluation and testing points and critical success factors for rollout time. Sign up today and become an expert on the range of technologies and applications supported by today's token technologies!

http://www.windowsitpro.com/seminars/tokenauthentication/index.cfm?code=0124emailannc

==== 5. New and Improved ====

by Renee Munshi, [email protected]

Secure Middleware Repriced and Repackaged

SSH Communications Security offers a new pricing model and new versions of its SSH Tectia secure middleware solution. One new version of SSH Tectia Server lets large enterprises begin protecting their business applications without any desktop-software investment. When SSH Tectia is used to protect one business application, SSH Tectia Connector client software licenses will be provided free of charge. This new pricing model enables customers to start with one application and expand their licenses as their business needs grow and helps companies more quickly comply with requirements such as Sarbanes-Oxley. The second targeted version of SSH Tectia Server is designed for secure system administration, enabling system administrators to remotely administer application servers and other resources using a secure connection. For more information about SSH Tectia and its pricing, go to

http://www.ssh.com

Tell Us About a Hot Product and Get a T-Shirt!

Have you used a product that changed your IT experience by saving you time or easing your daily burden? Tell us about the product, and we'll send you a T-shirt if we write about the product in a future Windows IT Pro What's Hot column. Send your product suggestions with information about how the product has helped you to [email protected]

Editor's note: Share Your Security Discoveries and Get $100

Share your security-related discoveries, comments, or problems and solutions in the Security Administrator print newsletter's Reader to Reader column. Email your contributions (500 words or less) to [email protected] If we print your submission, you'll get $100. We edit submissions for style, grammar, and length.

==== Sponsored Links ====

Argent versus MOM 2005

Experts Pick the Best Windows Monitoring Solution

http://ad.doubleclick.net/clk;13273616;8214395;i?http://www.argent.com/w/whitepapers_mom.html?Source=WNT%20Sponsored%20Link

==== Contact Us ====

About the newsletter -- [email protected]

About technical questions -- http://www.windowsitpro.com/forums

About product news -- [email protected]

About your subscription -- [email protected]

About sponsoring Security UPDATE -- [email protected]