Skip navigation

Security UPDATE--Security Information on the Web--August 10, 2005

This email newsletter comes to you free and is supported by the following advertisers, which offer products and services in which you might be interested. Please take a moment to visit these advertisers' Web sites and show your support for Security UPDATE.

Rapid and Reliable Recovery from Symantec

Using Security Compliance Software to Improve Business Efficiency and Reduce Costs


1. In Focus: Security Information on the Web

2. Security News and Features

- Recent Security Vulnerabilities

- F-Secure Reports First Viruses for Microsoft Command Shell

- Bluetooth Security Essentials

3. Security Toolkit

- Security Matters Blog


4. New and Improved

- Improved FTP Client


==== Sponsor: Rapid and Reliable Recovery from Symantec ====

As a leader in Information Security, Symantec now delivers rapid and reliable system and data recovery solutions, including Symantec LiveState Recovery 3.0.

With Symantec LiveState Recovery, you can perform a full system restoration, a complete bare metal recovery or restore individual files and folders in minutes. When disaster strikes, quickly restore failed systems to a specified point-in-time without manually rebuilding and reinstalling from scratch.

Symantec LiveState Recovery is a disk-based backup solution designed to capture a server's entire live state, including files, configurations and settings, in one easy-to-manage file. Administrators can capture full and incremental snapshots throughout the day without interrupting user productivity or application usage. Save backups to virtually any disk storage device including SAN, NAS, or RAID array.

See for more information.


==== 1. In Focus: Security Information on the Web ====

by Mark Joseph Edwards, News Editor, mark at ntsecurity / net

Recently I did a little poking around the Internet for security information sources that I don't already regularly read. Over the past few days, I've discovered a few sites that you might find useful.

When I heard that Mozilla Foundation was starting Mozilla Corporation, I went to read about that and subsequently came across a huge list of Mozilla-related blogs. Many of them are written by developers and contain some information related to security or are written by people involved directly with Mozilla product security. So if you use Mozilla software, take time to go through the extensive list at MozillaZine, where you'll find dozens of useful blogs.

Another place you can find a huge list of blogs is at Microsoft's Web site. The company hosts some blogs on the Microsoft Developer Network (MSDN). I didn't count how many are listed there, but I can tell you there are a lot! The first URL lists the most recent posts; the second URL lists the blogs by blog name.

You can also visit the Microsoft Community Blog site, where you can find even more blogs, all of which are written by Microsoft employees. If you use the search facility at that site to search for "security," you'll find that 25 blogs contain that word in either their title or description. I subscribe to the Really Simple Syndication (RSS) feeds of many of them, and they usually contain interesting information, although I will warn you that you might have to endure the occasional post about somebody's weekend or vacation adventures.

Another blog you might be interested in is written by the Microsoft Internet Explorer (IE) development team. Keep an eye on that one if you're interested in the upcoming IE 7.0 (at the first URL below). Likewise you can keep tabs on the development of Windows Vista and its RSS features by reading the blog of the developers on Microsoft's RSS team (at the second URL below).

You probably know who Mark Russinovich is, but did you know he has a blog? I didn't realize that until last week. So now I subscribe to his RSS feed. It's a very interesting blog, and as you probably suspect, it does contain very technical discussion and information. Be sure to check it out.

Another interesting site I recently found is, which offers information pertaining to spam, including a lot of recent news items. If spam is a real bother to you, you might want to check in on the site once in a while.

Last, but certainly not least, is Risks Digest, which has information about security problems and a wide variety of other risks. You might already know about it because it's been around for 20 years. In essence, Risks Digest is a moderated discussion forum on Usenet (comp.risks) that's republished on various Web sites and can be obtained via email as well as in a Resource Description Framework (RDF) feed, which should work in most popular RSS feed reader applications. You can preview recent digests at the Web site below.

When you take time to review these sites, you'll find that not only do they contain useful information but that there are probably far more interesting information sources than you can possibly read in a reasonable period of time. Nevertheless, you could at least bookmark the sites that interest you and refer to them when the need arises.


==== Sponsor: BindView ====

Using Security Compliance Software to Improve Business Efficiency and Reduce Costs

Learn To Sort Through Sarbanes-Oxley, HIPAA And More Legislation Quicker And Easier! In this free white paper, get the tips you've been looking for to save time and money in achieving IT security and regulatory compliance. Find out how you can simplify these manually intensive, compliance-related tasks that reduce IT efficiency. Turn these mandates into automated and cost effective solutions. Download your copy today!


==== 2. Security News and Features ====

Recent Security Vulnerabilities

If you subscribe to this newsletter, you also receive Security Alerts, which inform you about recently discovered security vulnerabilities. You can also find information about these discoveries at

Identity Theft Ring Discovered

Sunbelt Software uncovered an identity-theft ring. Sunbelt CEO Alex Eckelberry said that the ring was discovered by Senior Spyware Research Analyst Patrick Jordan, who joined the company a week ago.

F-Secure Reports First Viruses for Microsoft Command Shell

Microsoft released a beta of its new command-line shell MSH (code-named Monad) in June, and already viruses have been developed that take advantage of the new technology. According to security solutions provider F-Secure, a virus writer published five sample viruses in a Web-based "magazine" dedicated to writers of computer viruses.

Bluetooth Security Essentials

As with its better-known cousin Wi-Fi, security questions have arisen about Bluetooth, and in recent months, terms such as Bluejacking and Bluesnarfing have entered the security professional's lexicon. John Howie takes a look at Bluetooth, including its security features and potential risks, and walks through the process of securing a Bluetooth implementation.


==== Resources and Events ====

Sort Through Sarbanes-Oxley, HIPAA Legislation and More--Quicker And Easier!

In this free Web seminar, get the tips you've been looking for to save time and money in achieving IT security and regulatory compliance. Find out how you can simplify these manually intensive, compliance-related tasks that reduce IT efficiency. Plus--sign up today and you'll receive a free white paper by Charles Kolodgy of IDC on using security compliance software to improve business efficiency and reduce costs.

Integrate Fax Services with Business Applications for Big ROI

In this free eBook you'll discover all you need to know about fax technology! You'll learn how to improve business processes by minimizing manual faxing and integrating faxing into your business workflow for improved ROI. The eBook will also look at the how-to of the desktop fax client, fax automation, faxing hardware and software technologies, and the future of faxing. Let this important guide help you stay on top of fax server technology within your business environment.

The 15-Minute Failover Solution for Exchange

Do you rest confidently knowing your Exchange and BlackBerry backup/restore solution meets your high-availability requirements? If not, you won't want to miss this free Web seminar. Join industry guru Paul Robichaux and learn all about choosing the appropriate technology, balancing the cost and the skill set, assessing the knowledge level required, the complexity added to your existing environment, and how much availability each technology gives you. Attend and you could win a $50 gift certificate to Best Buy!

Reduce Downtime With Continuous Data Protection

Continuous or real-time backup systems help avoid the danger of losing data if your system fails after the point of backup by providing real-time protection. In this free Web seminar, learn how to integrate them with your existing backup infrastructure, how to apply continuous protection technologies to your Windows-based servers, and more. Sign up today and learn how you can quickly roll back data not just to the last snapshot or backup, but to any point in time!

Compliance vs. Recovery: Can You Have Your Cake and Eat It Too?

In this free Web seminar, discover the issues involved with integrating your compliance system with backup and recovery, including backup schedules, the pros and cons of outsourcing your backup media storage and management, the DR implications of having to back up all that compliance data, and the possibility of using alternative backup methods to provide backup and compliance in a single system. You'll learn what to watch out for when combining the two functions and how to assess whether your backup/restore mechanisms are equal to the challenge.


==== Featured White Paper ====

Converting a Microsoft Access Application to Oracle HTML DB

Get the most efficient, scaleable and secure approach to managing information using an Oracle Database with a Web application as the user interface. In this free white paper, learn how you can use an Oracle HTML Database to convert a Microsoft Access application into a Web application that can be used by multiple users concurrently. You'll learn how to improve the original application by adding hit highlighting and an authorization scheme to provide access control to different types of users.


==== 3. Security Toolkit ====

Security Matters Blog: Shortsighted Bankers Add to the Fraud Problem

by Mark Joseph Edwards,

A friend received a surprising email message that demonstrates just how shortsighted bankers can be. Read this blog item to learn how much information was revealed in the email message and why such messages are a really bad idea.


by John Savill,

Q: What happened to the "No Override" option in Group Policy Management Console (GPMC)?

Find the answer at


==== Announcements ====

(from Windows IT Pro and its partners)

Try a Sample Issue of the Windows IT Security Newsletter!

Security Administrator is now Windows IT Security. We've expanded our content to include even more fundamentals on building and maintaining a secure enterprise. Each issue also features product coverage of the best security tools available and expert advice on the best way to implement various security components. Plus, paid subscribers get online access to our entire online security article database! Sign up to try a sample issue today:

Windows IT Pro Gives IT Professionals What They Need

The August issue is a must have! Subscribe now and find out the best ways to plan for Longhorn, what you need to know about VBScripts, and how to make sense of SQL Server. If you order today, you'll also gain exclusive access to the entire Windows IT Pro online article database (over 9000 articles) and save 44% off the cover price!


==== 4. New and Improved ====

by Renee Munshi, [email protected]

Improved FTP Client

Ipswitch announced the worldwide availability of Ipswitch WS_FTP Professional 2006, a new version of Ipswitch's FTP client for sending data. Advanced Encryption Standard (AES) ciphers now use 256 bits in concert with OpenPGP and Secure Sockets Layer (SSL) over FTP transfers. HTTP and HTTP Secure (HTTPS) transfers allow users to connect more easily to many external and remote data stores. Ipswitch WS_FTP Professional 2006 in English, French, and German is available directly from Ipswitch's Web site for $54.95 ($89.95 including a 1-year service agreement).

Tell Us About a Hot Product and Get a T-Shirt!

Have you used a product that changed your IT experience by saving you time or easing your daily burden? Tell us about the product, and we'll send you a T-shirt if we write about the product in a future Windows IT Pro What's Hot column. Send your product suggestions with information about how the product has helped you to

[email protected]

Editor's note: Share Your Security Discoveries and Get $100

Share your security-related discoveries, comments, or problems and solutions in the Windows IT Security print newsletter's Reader to Reader column. Email your contributions (500 words or less) to [email protected] If we print your submission, you'll get $100. We edit submissions for style, grammar, and length.


==== Sponsored Links ====

Professional and secure remote control from all major platforms

Argent versus MOM 2005

Experts Pick the Best Windows Monitoring Solution


==== Contact Us ====

About the newsletter -- [email protected]

About technical questions --

About product news -- [email protected]

About your subscription -- [email protected]

About sponsoring Security UPDATE -- [email protected]


This email newsletter is brought to you by Windows IT Security, the leading publication for IT professionals securing the Windows enterprise from external intruders and controlling access for internal users. Subscribe today.

View the Windows IT Pro privacy policy at

Windows IT Pro, a division of Penton Media, Inc.

221 East 29th Street, Loveland, CO 80538

Attention: Customer Service Department

Copyright 2005, Penton Media, Inc. All rights reserved.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.