AOH :: ISN-3214.HTM

eVade-o-Matic Nearly Evades My Understanding

eVade-o-Matic Nearly Evades My Understanding
eVade-o-Matic Nearly Evades My Understanding


Reducing the Cost of IT Compliance: Streamlining the IT Compliance Life 

Protect Your Network - Threats Brought in By Remote Laptops 

Achieving Compliance: Best Practices for Outward Bound Internet Content 

=== CONTENTS ==================================================
IN FOCUS: eVade-o-Matic Nearly Evades My Understanding

   - IE 7.0 and Firefox 2.0 Both Have New Antiphishing Technologies
   - IE 7.0 Vulnerable to Address Bar Spoofing
   - Norman Data Defense Systems Introduces Automated Malware Forensics
   - Recent Security Vulnerabilities

   - Security Matters Blog: Firefox 2.0 Badly Broken? 
   - FAQ: Using a Script to Check User or Group Existence
   - From the Forum: Database Security Error
   - Know Your IT Security Contest
   - Your IT Pro Vote Counts!

   - Easing Smart Card Administration
   - Wanted: Your Reviews of Products 




=== SPONSOR: Scalable Software ================================
Reducing the Cost of IT Compliance: Streamlining the IT Compliance Life 
   The average enterprise spends nearly $10 million annually on IT 
compliance. Download this free whitepaper today to streamline the 
compliance lifecycle, and dramatically reduce your company's costs! 

=== IN FOCUS: eVade-o-Matic Nearly Evades My Understanding ====   by Mark Joseph Edwards, News Editor, mark at ntsecurity / net

Metasploit is billed as a benevolent forensic tool to test security. In 
summary, it's a toolkit that nearly anyone with a modest amount of 
computer experience can use to exploit vulnerabilities to the maximum 
extent. Just plug in a module, fill in some parameters, and presto, 
instant exploitation. 

The logo on the Metasploit home page (see URL below) paints a picture 
that's the complete opposite of benevolence, in my mind anyway. The 
logo contains the image of an obviously malicious intruder (who reminds 
me of the Joker from the old "Batman" TV series) sitting at a keyboard 
with any of a variety of "catchy" phrases emblazoned next to it. The 
phrase cycles on each page reload and offers such pithiness as "Point. 
Click. Root.," "The Best a Haxor Can Get," "Always hot exploits. 
Always.," and "What would you like to Metasploit today?" 

About the only beneficial thing I can see about Metasploit is that if 
it had to be developed at all, at least it's available to the public so 
that white hats can use it. 

Metasploit is about to take on an even more insidious tinge when the 
eVade-o-Matic Module (VoMM, for short) is released. VoMM makes it 
possible to completely evade signature-based security systems 
(including signature-based intrusion detection systems--IDSs--and 
antivirus platforms) by continually changing a piece of code. If code 
morphs with each new use, an endless number of detection signatures 
would be needed, which simply isn't practical. Therefore, VoMM and 
similar technologies render signature-based security systems useless 
for the most part. 

According to information posted on the blog (see the URL 
below), VoMM uses a number of techniques to morph code, including white 
space randomization, string obfuscation and encoding, random comments 
and comment placement, code block randomization, variable name and 
function name randomization and obfuscation, and function pointer 
reassignments. You can get a very detailed analysis of exactly what 
VoMM does. 

While these sorts of evasion techniques are by no means new to the 
world of malware, what is new is the packaging of such techniques into 
a tool like Metasploit, which anybody with one firing neuron can 
download to immediately experience that warm and fuzzy "point, click, 
root" feeling. Rest assured that VoMM will be used by just about every 
"bad guy" on the planet. Why anyone would unleash this madness upon the 
world nearly evades my understanding. Nearly. 

=== SPONSOR: 8e6 Technologies =================================
Protect Your Network - Threats Brought in By Remote Laptops
   Learn how employee laptops indiscriminately harm company networks, 
despite standard security gear, and gain valuable information on how to 
protect your company against these threats - without throwing out the 
laptops. Get the FREE white paper from 8e6 Technologies. Qualify Now! 

=== SECURITY NEWS AND FEATURES ================================
IE 7.0 and Firefox 2.0 Both Have New Antiphishing Technologies
   Microsoft released the long-awaited Internet Explorer 7.0, and 
Mozilla Foundation released its long-awaited Firefox 2.0. Both include 
new antiphishing technology. 

IE 7.0 Vulnerable to Address Bar Spoofing
   Secunia reports that an anonymous person discovered that it's 
possible to partially spoof the Internet Explorer (IE) 7.0 Address bar 
in a pop-up window, which might lead to phishing attacks. 

Norman Data Systems Introduces Automated Malware Forensics
   Norman's new offerings bring malware analysis tools out of private 
labs and into corporate networks. 

Recent Security Vulnerabilities
   If you subscribe to this newsletter, you also receive Security 
Alerts, which inform you about recently discovered security 
vulnerabilities. You can also find information about these 
discoveries at 

=== SPONSOR: Surf Control =====================================
Achieving Compliance: Best Practices for Outward Bound Internet Content 
   Achieve compliance in today's complex regulatory environment, while 
managing threats to the inward- and outward-bound communications vital 
to your business. Adopt a best-practices approach, such as the one 
outlined in the international information security standard ISO/IEC 
17799:2005. Download the whitepaper today and secure the 
confidentiality, availability and integrity of your corporate 

=== GIVE AND TAKE =============================================
SECURITY MATTERS BLOG: Firefox 2.0 Badly Broken? 
by Mark Joseph Edwards, 

I'm about to lose my patience with Firefox 2.0. It seems badly broken, 
and I wonder if these symptoms are happening to anyone else. Read the 
blog to learn about what I've found. 

FAQ: Using a Script to Check User or Group Existence 
by John Savill, 

Q: How can I use a script to check whether an Active Directory (AD) 
user or group exists? 

Find the answer at 

FROM THE FORUM: Database Security Error
   A forum participant uses SQL Server 2000 with SP4 and sees an error 
in his logs that reads "Login failed for user 'RECOVER'." Does this 
error have something to do with failed writes to audit files? If you 
have an idea, join the discussion at: 

   Share your security-related tips, comments, or solutions in 1000 
words or less, and you could be one of 13 lucky winners of a Zune media 
player. Tell us how you do patch management, share a security script, 
or write about a security article you've read or a Webcast you've 
viewed. Submit your entry between now and December 13. We'll select the 
13 best entries, and the winners will receive a Zune media player--
plus, we'll publish the winning entries in the Windows IT Security 
newsletter. Email your contributions to 
   Prizes are courtesy of Microsoft Learning Paths for Security: 

   Vote for the next "IT Pro of the Month!" Take the time to reward 
excellence to an IT pro who deserves it. The first 100 to cast their 
vote will receive a one-year print subscription to Windows IT Pro 
magazine--compliments of Microsoft. Voting only takes a few seconds, so 
don't miss out. Cast your vote now: 

=== PRODUCTS ================================================== by Renee Munshi, 

Easing Smart Card Administration
   Gemalto announced integration of its .NET smart cards in Microsoft 
Certificate Life Cycle Manager (CLM). Gemalto .NET cards run a 
streamlined version of the .NET framework and provide cryptographic 
capabilities and two-factor authentication. Support for Gemalto .NET 
smart cards is integrated into Windows Vista or available from the 
Microsoft Download Center for Windows 2000/XP/Server 2003. CLM 
streamlines the provisioning, configuration, and management of digital 
certificates and smart cards. Gemalto .NET smart cards for testing can 
be ordered online at the first URL below, and CLM Beta 2 is available 
for download at the second URL below. 

WANTED: your reviews of products you've tested and used in 
production. Send your experiences and ratings of products to and get a Best Buy gift certificate. 

=== RESOURCES AND EVENTS ======================================   For more security-related resources, visit 

Can disaster recovery planning create real value for your business 
beyond mere survival? Justify your investments in DR planning, and get 
real answers to your questions about how DR planning and implementation 
affect the financial performance of your organization. Make cost-
effective decisions to positively impact your bottom line! Live event: 
Tuesday, November 14 

How do you manage security vulnerabilities? If you depend on 
vulnerability assessments to determine the state of your IT security 
systems, you won't want to miss this Web seminar. Special research from 
Gartner indicates that deeper penetration is needed to augment your 
existing vulnerability management processes. Learn more today! 

Learn all you need to know about code-signing technology, including the 
goals and benefits of code signing, how it works, and the underlying 
cryptographic and security concepts and building blocks. Download this 
complete eBook today--free! 

Does your company have $500,000 to spend on one email discovery 
request? Join us for this free Web seminar to learn how you can 
implement an email archiving solution to optimize email management and 
proactively take control of e-discovery--and save the IT search party 
for when you really need it! On-demand Web Seminar 

Total Cost of Ownership--TCO. It's every executive's favorite buzzword, 
but what does it really mean and how does it affect you? In this 
podcast, Ben Smith explains how your organization can use 
virtualization technology to measurably improve the TCO for servers and 

=== FEATURED WHITE PAPER ======================================
Is your email easily accessible, yet secure, in the event of an e-
discovery request? With the phenomenal growth in email volume and the 
high cost of failing to comply with a discovery request, you can't 
afford to lose any email. Download this free white paper and implement 
a strong email retention and management system today! 

=== ANNOUNCEMENTS =============================================
Uncover Essential Windows Knowledge Through Excavator 
   Try out the ultimate vertical search tool--Windows Excavator. 
Windows Excavator gives you fast, thorough third-party information 
while filtering out unwanted content. Visit today! 

Your Vote Counts!   
   Vote for the next "IT Pro of the Month!" Take the time to reward 
excellence in an IT pro. The first 100 readers to cast a vote will 
receive a one-year subscription to Windows IT Pro, compliments of 
Microsoft. Voting takes only a few seconds, so don't miss out. Cast 
your vote now: 

Security UDPATE is brought to you by the Windows IT Pro Web site's 
Security page (first URL below) and the Windows IT Security newsletter 
(subscribe at the second URL below).

Subscribe to Security UPDATE at 

Be sure to add 
to your antispam software's list of allowed senders.

To contact us: 
About Security UPDATE content -- 
About technical questions -- 
About your product news -- 
About your subscription -- 
About sponsoring Security UPDATE -- 

View the Windows IT Pro privacy policy at 

Windows IT Pro, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department

Copyright 2006, Penton Media, Inc. All rights reserved.

Visit the InfoSec News store! 

Site design & layout copyright © 1986-2014 CodeGods