AOH :: ISN-2872.HTM

Black Hat Briefly

Black Hat Briefly
Black Hat Briefly


Choose Your Savings on Web Filtering 

Protect Your Network - Threats Brought in By Remote Laptops 

Patch and Spyware Management: An Integrated Approach to Network 

=== CONTENTS ==================================================
IN FOCUS: Black Hat Briefly

   - Windows Server Service Still Vulnerable to DoS Attacks
   - Cult of the Dead Cow Puts Malware Samples Online
   - Name That Computer!
   - Recent Security Vulnerabilities

   - Security Matters Blog: Shine Some Light on Potential UAC Problems
   - FAQ: Process Explorer
   - Share Your Security Tips

   - Antispyware on the Go
   - Wanted: Your Reviews of Products 




=== SPONSOR: St. Bernard Software =============================
Choose Your Savings on Web Filtering
   iPrism, the IDC-ranked #1 Web filtering appliance has an offer 
that's too good to pass up. Purchase a 3-year subscription to the most 
accurate database in the industry and get your iPrism appliance at no 
charge. Or, purchase an iPrism and a 3-year subscription and get an 
extra year free. Only iPrism gives you two ways to save big. This is a 
limited time offer so get a Quick Quote now! 

=== IN FOCUS: Black Hat Briefly ============================   by Mark Joseph Edwards, News Editor, mark at ntsecurity / net

The Black Hat USA 2006 conference ended August 3. Several presentations 
at the show made some big waves. This week, I'll briefly summarize some 
of the more notable happenings in relation to Microsoft. 

You might have read any of the dozens of news stories about the Wi-Fi 
driver problems. David Maynor and Johnny Cache (a pseudonym used by 
John Ellch) demonstrated that they could hijack an Apple MacBook system 
even when it wasn't connected to a wireless Access Point (AP). Some of 
the stories implied that the flaw was within Mac OS X. But as Maynor 
pointed out in his presentation, "Don't think however that just because 
we're attacking an Apple that the flaw is in an Apple. We're actually 
using a third-party wireless card." Maynor and Ellch also discovered 
flaws in third-party Wi-Fi drivers for Windows platforms. So the 
problems aren't with any particular OS but instead reside firmly with 
third-party driver developers whose code contains significant flaws. 

Maynor and Ellch played a recording of their presentation at the 
conference instead of doing it live because they didn't want to risk 
having someone intercept Wi-Fi packets at the conference to discern the 
exact nature of their attack while various vendors are working on 
solutions for their problematic drivers. If you want to see Maynor and 
Ellch's presentation, you can watch it at YouTube: 

Another interesting presentation was given by Dan Kaminsky, who 
demonstrated a method of probing TCP/IP networks to determine whether a 
given Internet backbone provider is manipulating traffic based on its 
type or origin. Backbone providers have made noise recently about 
wanting to charge content providers, such as those who provide large 
amounts of audio and video, more money to carry high-bandwidth traffic. 
Kaminsky's tool would help reveal which backbone providers are already 
practicing traffic shaping. He plans to release the tool as part of his 
Paketto Keiretsu toolkit, which he intends to update in the next half 
year. You can learn more about Paketto Keiretsu at his Web site. 

Joanna Rutkowska made some waves too when she demonstrated how to load 
unsigned code into Windows Vista. Her attack requires that the code run 
under an account with administrative privileges, and Vista's new User 
Account Control (UAC) feature will help defend against such attacks, 
provided users don't make mistakes answering a plethora of prompts. 
Also, Microsoft has reportedly fixed Rutkowska's path of attack in 
later builds of Vista. I'm not sure whether she'll post her 
presentation online, but you can monitor her Web site if you're 

Microsoft was out in force at Black Hat watching presentations and 
giving eight presentations that touched on various aspects of Vista 
security and Microsoft's changing security landscape. During his 
presentation, John Lambert, security group manager in Microsoft's 
Security Engineering and Communications Group, said the company is 
putting Vista through the biggest penetration testing process in 

I remember years ago when people (myself included) cried out for 
Microsoft to hire hackers instead of opposing them when they discovered 
and released vulnerability reports. Well, now Microsoft has reportedly 
hired numerous companies and many well-known hackers to help with 
various aspects of security, including penetration testing--and I must 
say, it's about time!

=== SPONSOR: 8e6 Technologies =================================
Protect Your Network - Threats Brought in By Remote Laptops
   Learn how employee laptops indiscriminately harm company networks, 
despite standard security gear, and gain valuable information on how to 
protect your company against these threats - without throwing out the 
laptops. Get the FREE white paper from 8e6 Technologies. Qualify Now! 

=== SECURITY NEWS AND FEATURES ================================
Windows Server Service Still Vulnerable to DoS Attacks
   Microsoft released a dozen security updates this month (which 
incidentally fix nearly two dozen flaws), but the updates don't include 
a fix for a known Denial of Service (DoS) attack that could cause an 
affected system to crash. 

Cult of the Dead Cow Puts Malware Samples Online
   Offensive Computing, an offshoot of Cult of the Dead Cow (cDc), 
which labels itself a "technology activist group," offers a new malware 
library on its Web site. 

Name That Computer!
   Jeff Fellinge looks at how naming conventions and IP standards can 
help you quickly identify systems, then compares the approaches that 
two everyday Windows tools take to resolve IP addresses to names. 

Recent Security Vulnerabilities
   If you subscribe to this newsletter, you also receive Security 
Alerts, which inform you about recently discovered security 
vulnerabilities. You can also find information about these 
discoveries at 

=== SPONSOR: Shavlik ==========================================
Patch and Spyware Management: An Integrated Approach to Network 
   Manage threats and vulnerabilities from adware and spyware in one 
console as a comprehensive approach to maximizing network security. 

=== GIVE AND TAKE =============================================
SECURITY MATTERS BLOG: Shine Some Light on Potential UAC Problems 
by Mark Joseph Edwards, 

Windows Vista introduces User Account Control (UAC), which might cause 
problems for some applications that aren't designed to run under the 
least-privileged user account (LUA) approach. Aaron Margosis released a 
tool, LUA Buglight, that might help you discover the source of such 

FAQ: Process Explorer
by John Savill, 

Q: What is the Process Explorer utility?

Find the answer at 

   Share your security-related tips, comments, or problems and 
solutions in the Windows IT Security print newsletter's 
Reader to Reader column. Email your contributions to If we print your submission, you'll 
get $100. We edit submissions for style, grammar, and length.

=== PRODUCTS ================================================== by Renee Munshi, 

Antispyware on the Go
   ParetoLogic announces the immediate availability of XOFTspy 
Portable, which consists of the antispyware program XoftSpySE running 
on a U3 smart USB flash drive. XOFTspy Portable is licensed for use on 
multiple computers and is designed to protect roaming users on whatever 
PC they might use. In addition to cleaning the computers a user plugs 
it into, the product protects the data and applications stored on the 
device itself. XOFTspy Portable costs $14.95, and more information is 
available at 

WANTED: your reviews of products you've tested and used in 
production. Send your experiences and ratings of products to and get a Best Buy gift certificate. 

=== RESOURCES AND EVENTS ======================================
Is your continuity solution letting you down? If you're not getting 
100% coverage against lost or missing messages, even for short, 
unplanned outages, you might be jeopardizing your messaging system's 
integrity and your company's productivity. Learn how to manage 
disruptions to your messaging environment without breaking the bank in 
the process. View the on-demand Web seminar today! 

Use policy-based deployment to easily configure and deploy throughout 
your organization desktop spyware protection that provides AD support, 
an easy Admin Console for centralized management, and one of the most 
robust spyware threat databases in the industry. View the demo today! 

Incorporate Virtual Machines into Your Disaster Recovery Plan
   Join us for this free Web seminar to learn how incorporating VMs 
into your disaster recovery plan can reduce your TCO by 50% or more, 
reduce hardware cost, and simplify management. Attend the live Web 
seminar and get your questions answered by industry leaders from VMware 
and CA XOsoft. Live Event: Tuesday, September 19. 

Any unscheduled downtime--especially of your Exchange systems--can 
quickly affect your company's bottom line. Learn the essential skills 
to reduce downtime to minutes instead of hours. 

Are you ready for the next spyware attack? Make sure--learn from 
industry expert Mark Joseph Edwards. Protect against emerging spyware 
threats, including rootkits, keyloggers, and distribution methods. View 
the on-demand Web seminar today! 

=== FEATURED WHITE PAPER ======================================
Are you vulnerable when your users access the Internet outside the 
corporate network? Track and monitor remote access easily and 
unobtrusively to make sure that your intellectual assets are secure. 
Download the free whitepaper and find out more today! 

=== ANNOUNCEMENTS =============================================
Save $40 off Windows IT Pro Magazine 
   Subscribe to Windows IT Pro magazine today and SAVE up to $40! Along 
with your 12 issues, you'll get FREE access to the entire Windows IT 
Pro online article archive, which houses more than 9,000 helpful IT 
articles. This is a limited-time offer, so order now: 

Invitation for VIP Access  
   For only $29.95 per month, you'll get instant VIP online access to 
ALL articles published in Windows IT Pro, SQL Server Magazine, and the 
Exchange and Outlook Administrator, Windows Scripting Solutions, and 
Windows IT Security newsletters--that's more than 26,000 articles at 
your fingertips. Sign up now: 

Security UDPATE is brought to you by the Windows IT Pro Web site's 
Security page (first URL below) and the Windows IT Security newsletter 
(subscribe at the second URL below). 

Subscribe to Security UPDATE at 

Be sure to add 
to your antispam software's list of allowed senders.

To contact us: 
About Security UPDATE content -- 
About technical questions -- 
About your product news -- 
About your subscription -- 
About sponsoring Security UPDATE -- 

View the Windows IT Pro privacy policy at 

Windows IT Pro, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department

Copyright 2006, Penton Media, Inc. All rights reserved.

Visit the InfoSec News store! 

Site design & layout copyright © 1986-2015 CodeGods