This email newsletter comes to you free and is supported by the
following advertisers, which offer products and services in which
you might be interested. Please take a moment to visit these
advertisers' Web sites and show your support for Security UPDATE.
1. In Focus: Blacklists Aren't for Everyone
2. Security News and Features
- Recent Security Vulnerabilities
- Oracle Secures Search with Authorized Results
- RedBrowser Trojan Targets J2ME-based Phones
- Viruses Jump from PCs to Mobile Devices
3. Security Toolkit
- Security Matters Blog
- Share Your Security Tips
4. New and Improved
- Limit User Privileges and Block Unwanted Apps
==== Sponsor: St.Bernard Software ===
The Next Generation in Patch Management
At last, a unique solution that speeds the tedious tasks of system
vulnerability management with automated patching and settings
configuration features found in no other solution:
- Manage an entire distributed network, including remote and
disconnected machines, from a central console
- Assign Roles and Rights for optimum IT staffing and security
- Provide dual system security with integrated security settings
- Wake on LAN lets you successfully patch machines that are turned off
- Low acquisition and renewal pricing and flexible licensing model
Download your free trial today and find out how easy and cost-
effective securing your systems can be. Download Now!
==== 1. In Focus: Blacklists Aren't for Everyone === by Mark Joseph Edwards, News Editor, mark at ntsecurity / net
Last week, I wrote about blacklist services (the article is at the URL
below), and I received some responses that I'll share with you this
One reader wrote to say that, lately, Spam and Open Relay Blocking
System (SORBS) "is blocking almost all email from Yahoo, Hotmail, and
some other large ISPs." He has quit using SORBS because it caused
problems for a few clients.
Another reader also wrote about his problem with SORBS. He said that
"one of our main mail servers received a piece of spam with a forged
From address that went to one of [SORBS's] honeypots. We received an
email to a nonexistent [email address] and sent a nondelivery response
to the forged address at the honeypot. The result of a single email
sent last November was that any [host on the Internet] using SORBS
regarded our email server as a spam sender. The email had originated in
Brazil and our email server was just the last link in the chain." He
then described his ordeal in trying to get his server removed from
At the SORBS site (URL below), you'll read that "affected IPs [of the
mail server which sent spam] will only be delisted when US$50 is
donated to a SORBS nominated charity or good cause. The charities and
good causes SORBS approves will not have any connection with any member
of the SORBS administrators, either past or present." I have no problem
with donating to charity, but trying to force that on people is
unprofessional and unreasonable. The reader found an alternative way to
have his IP address removed from the SORBS database, but SORBS doesn't
make the alternative clear on its Web site.
In my tests, the SORBS blacklist service was only marginally better
than the service provided by dnsbl.net.au (DNS server:
t1.dnsbl.net.au), so I might not continue using SORBS in light of what
the two readers have revealed.
A third reader wrote to "strongly disagree with your recommendation to
use blacklists, even though they are effective. My opinion is based on
the fact that it is very easy to get blacklisted even without reason
and very difficult to get out of the blacklist. This can cause long
delays with email delivery and sometimes businesses depend on it--even
though they shouldn't. I also don't like the attitude of some of the
service providers for blacklisting, it is very frustrating to contact
What I recommend is that you do what works for your particular
networks. If you find that blacklists work and aren't much of a
management problem, then use them--they can be very effective. On the
other hand, if you experience trouble with an entity such as SORBS, it
might be best to drop that service in favor of another.
Some readers also offered comments about filtering particular
languages. I think that some readers took offense to such filtering. I
truly meant no offense. My point is simply that if no one in your
organization reads a particular language, then any inbound mail in that
language can be dropped. For example, approximately 48 percent of the
email received by the mail servers I tested appears to be written in
Asian languages--in particular, Japanese, Korean, and Taiwanese. None
of the people that those mail servers support read any Asian languages,
so we set the filters to drop all Asian language mail. As a result,
processing overhead is reduced.
==== Sponsor: 8e6 Technologies ===
Stop Spyware Now - Free White Paper!
Spyware remains a problem for most companies, disrupting
productivity, wasting time and money. Now 8e6 Technologies' free White
Paper proposes breakthrough solutions to counteract the Spyware
problem: recognize potential infections, stop unauthorized programs at
the source. Get the Free White Paper:
==== 2. Security News and Features ===
Recent Security Vulnerabilities
If you subscribe to this newsletter, you also receive Security
Alerts, which inform you about recently discovered security
vulnerabilities. You can also find information about these
Oracle Secures Search with Authorized Results
Oracle announced its new enterprise search engine, Secure Enterprise
Search 10g. One difference between Oracle's solution and other search
engines is that Oracle's will return only the results that a person is
authorized to access.
RedBrowser Trojan Targets J2ME-based Phones
The first malware was discovered that intentionally targets mobile
phones that use Sun Microsystems' Java 2 Platform, Micro Edition
(J2ME). Dubbed RedBrowser, the Trojan horse program tries to send text
messages to a high-cost toll number in Russia. According to Kaspersky
Lab, the mobile phone owner is charged between $5 and $6 for accessing
the toll number.
Viruses Jump from PCs to Mobile Devices
Docking your mobile device to your PC is no longer without
considerable risk. The Mobile Antivirus Researchers Association (MARA)
reported the first virus that can jump from a PC to a Windows CE or
Windows Mobile device. The virus was sent to MARA anonymously.
==== Resources and Events ===
DevConnections Europe Early Bird Special extended through 15 March
Four conferences for the price of one! Don't miss DevConnections
Europe--coming to Nice, France, April 24-27, 2006.
Use virtualization technology to leverage your IT assets, address
critical business needs, and get the most out of your existing hardware
with Windows Server 2003 R2. Live Event: April 4, 12:00 pm EST
Learn the best ways to manage your email security (and fight spam)
using a variety of solutions and tips.
Efficiently replicate file changes across WANS without worrying about
your remote server backups using the improved Distributed File System
in WSS R2. Live Event: March 14, 12:00 pm EST
SPECIAL PODCAST OFFER: Expert Ben Smith describes the benefits of using
server virtualization to make computers more efficient.
==== Featured White Paper ===
Manage your data growth, improve reliability, and speed data recovery
using continuous data protection.
==== Hot Spot ===
Automate IT security compliance now!
FREE White Paper demonstrates how you can reduce time spent on IT
policy compliance by as much as 90%, while improving your security
posture. Cambia's agentless software continuously discovers all changes
to network assets, intelligently determines which changes pose a risk
to security and compliance and works with administrators to fix
==== 3. Security Toolkit ====
Security Matters Blog: Network Security Toolkit 1.4.0
by Mark Joseph Edwards, http://list.windowsitpro.com/t?ctl=230BF:4FB69
This excellent bootable toolkit has been updated with several useful
enhancements, including an updated OS, new Web interfaces, and updates
to included applications. Learn more in the blog article.
by John Savill, http://list.windowsitpro.com/t?ctl=230BE:4FB69
Q: How can I delegate permission for a user or group to control certain
Find the answer at http://list.windowsitpro.com/t?ctl=230B9:4FB69
Share Your Security Tips and Get $100
Share your security-related tips, comments, or problems and
solutions in the Windows IT Security print newsletter's Reader to
Reader column. Email your contributions (500 words or less) to
firstname.lastname@example.org. If we print your submission, you'll
get $100. We edit submissions for style, grammar, and length.
==== Announcements === (from Windows IT Pro and its partners)
Windows IT Pro Magazine Article Library--access available
Sign up for a Monthly Online Pass and get INSTANT access to all
articles, tools, and helpful resources published on WindowsITPro.com,
including exclusive subscriber-only content. You'll get 24/7 access to
the full Windows IT article library (includes more than 9,000 articles)
and get the latest digital issue of Windows IT Pro delivered right to
your inbox. Sign up now:
Windows IT Pro Magazine--SAVE 58%
Windows IT Pro is a must-have in 2006! Subscribe now and plug into
the largest independent Windows IT community in the world. Along with
loads of how-to articles, time-saving advice, and expert tips and
solutions, you'll gain exclusive access to the entire online Windows IT
Pro article library FREE. This is a limited-time offer, so order now:
==== 4. New and Improved === by Renee Munshi, email@example.com
Limit User Privileges and Block Unwanted Apps
Winternals Software announced the release of Protection Manager,
which enables granular control of user and application privilege levels
and blocks all unauthorized executables. You install Protection Manager
on a central console and deploy it to clients throughout the network.
Then for each user role, you can specify one of four execution
attributes for each application: denied from executing under any
circumstances, allowed to execute with administrator privileges when
required, allowed to execute in the user's context with limited user
privileges, or allowed to execute normally. Protection Manager is
licensed by server and workstation and works with Windows Server 2003,
Windows XP, and Windows 2000 computers; for more information, go to
Tell Us About a Hot Product and Get a T-Shirt!
Have you used a product that changed your IT experience by saving
you time or easing your daily burden? Tell us about the product, and
we'll send you a T-shirt if we write about the product in a future
Windows IT Pro What's Hot column. Send your product suggestions with
information about how the product has helped you to
==== Contact Us ====
About the newsletter -- firstname.lastname@example.org
About technical questions -- http://list.windowsitpro.com/t?ctl=230C3:4FB69
About product news -- email@example.com
About your subscription -- firstname.lastname@example.org
About sponsoring Security UPDATE -- email@example.com
This email newsletter is brought to you by Windows IT Security,
the leading publication for IT professionals securing the Windows
enterprise from external intruders and controlling access for
internal users. Subscribe today.
Windows IT Pro, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department
Copyright 2006, Penton Media, Inc. All rights reserved.
InfoSec News v2.0 - Coming Soon!