So Long ORDB; So Long 2006

So Long ORDB; So Long 2006
So Long ORDB; So Long 2006

Forwarded from: Security UPDATE 


Comparing Approaches for Desktop Software Lockdown 

Defending Against Inappropriate Content, Spyware, IM, and P2P at the 

Understanding and Leveraging Code Signing Technologies 

=== CONTENTS ==================================================
IN FOCUS: So Long ORDB; So Long 2006

   - ElcomSoft's Proactive Password Auditor Now Supports DEP, Vista, 
and More
   - Websense to Begin Offering Information Leak Prevention
   - Train to Be a Certified Ethical Hacker
   - Recent Security Vulnerabilities

   - Security Matters Blog: Stupid Security Tricks?
   - FAQ: Windows Vista Security Guide
   - Share Your Security Tips

   - New Protection for OWA Users' Attachments
   - Wanted: Your Reviews of Products 




=== SPONSOR: Bit9 =============================================
Comparing Approaches for Desktop Software Lockdown
   Prevent installation and execution of unauthorized software on the 
computers on your network. Download this free whitepaper today for a 
comparison of different techniques for detecting and preventing 
unauthorized code. Protect against the emerging risks today! 

=== IN FOCUS: So Long ORDB; So Long 2006 ======================   by Mark Joseph Edwards, News Editor, mark at ntsecurity / net

Remember the days, years ago, when we could use just about any mail 
server we wanted to send legitimate email? That ability was especially 
helpful in certain instances, particularly when our regular mail server 
went down or we found ourselves unable to reach our regular mail server 
while traveling. The ability for anyone to use a given mail server of 
course meant that the server was an open relay, and the days of open 
relays are nearly gone, thanks to spammers. 

Spammers' abuse of open relays quickly led to a new "best practice" of 
administrators no longer leaving their mail servers wide open for use 
by anyone (for the most part anyway). At the same time, people formed 
groups that began tracking open relays with the intent of providing 
lists of those servers to others who wanted to use them to help detect 
potential spam. 

One such group, Open Relay Database (ORDB), has been a long-standing 
resource for administrators in their efforts to eliminate spam. But 
alas, last week ORDB announced that it's shutting down. 

The nonprofit organization--founded 5 1/2 years ago--provided a 
valuable service to the Internet community by making its database 
available via several methods, including simple and fast DNS queries. 

When ORDB went live in 2001, private individuals and network 
administrators at companies of all sizes around the world began to use 
it as one of several methods of gauging whether a message might be 
spam. The logic of using ORDB was simply that if a message passed 
through an open relay, then it was likely spam because spammers abuse 
open relays. 

Community support for the integration of ORDB was significant. 
Integration methods were made available for many popular mail servers 
including Postfix, Sendmail, qmail, Exim, Lotus Domino, and Microsoft 
Exchange Server. But although integration support was strong, the 
operators of ORBD say that they think the usefulness of ORDB has 
reached its end.

A message posted on the organization's Web site said that "the general 
consensus within the team is that open relay [blacklists] are no longer 
the most effective way of preventing spam from entering your network as 
spammers have changed tactics in recent years, as have the anti-spam 

The ORDB mailing lists and the organization's DNS servers--the latter 
of which provided the means to check whether a mail server was an open 
relay--were shut down December 18. The ORDB team said that the Web site 
itself will be taken down as of December 31. 

So long, ORDB, and thanks for all your hard work. 

While ORDB blacklisted only open relays, other blacklist services 
continue to provide open relay databases and more. Such services can be 
used to check for a variety of other conditions about a given email 
message. For example, many blacklist operators now think that running a 
mail server on a dynamic IP address is taboo, so some provide databases 
of dynamic IP addresses in use around the world. The logic behind 
blacklisting mail servers that use dynamic IP addresses is that bots 
routinely turn the computers of dial-up users into prolific senders of 
spam, building behemoth mail server networks for spammers. 

Other types of data offered by blacklist providers can include lists of 
open proxies, Web sites that host vulnerable mailer scripts, servers 
and networks that are known to be used to send spam, hijacked networks 
used to send spam, and more. 

Quite some time ago, I wrote about the spam problem and mentioned a 
useful report that shows which blacklists are most effective for Jeff 
Makey. You can view his frequently updated report at the URL below. 
Many of the blacklists in Makey's report have proven effective in my 
own tests, and I think you'll find some of them effective for you too. 

This is the last edition of Security Update for 2006. We've come a long 
way since the newsletter began in late 1998. We've published more than 
400 editions, brought you well over a thousand security-related news 
stories, pointed you to several hundred feature articles by various 
authors, and fielded countless email messages from you, our readers. We 
look forward to bringing you even more in the year ahead. And with that 
said, I wish you all a happy new year. 

=== SPONSOR: St. Bernard Software =============================
Defending Against Inappropriate Content, Spyware, IM, and P2P at the 
   Examine the threats of allowing unwanted or offensive content into 
your network and learn about the technologies and methodologies to 
defend against inappropriate content, spyware, IM, and P2P. 

=== SECURITY NEWS AND FEATURES ================================
ElcomSoft's Proactive Password Auditor Now Supports DEP, Vista, and 
   ElcomSoft released Proactive Password Auditor 1.7. The new version 
works on systems that use Data Execution Prevention (DEP) and also 
supports Windows Vista platforms. Other improvements in the new version 
include a "Rainbow Attack" mode for NT LAN Manager (NTLM) and LM 
authentication and full Unicode compliance. 

Websense to Begin Offering Information Leak Prevention
   Websense is set to add information leak prevention technology to its 
offerings with the acquisition of PortAuthority Technologies. Websense 
said it will pay approximately $90 million in cash to acquire the 

Train to Be a Certified Ethical Hacker
   New Horizons launched its new Certified Ethical Hacker Program, 
which aims to certify individuals in ethical hacking from a vendor-
neutral perspective. 

Recent Security Vulnerabilities
   If you subscribe to this newsletter, you also receive Security 
Alerts, which inform you about recently discovered security 
vulnerabilities. You can also find information about these 
discoveries at 

=== SPONSOR: Thawte ===========================================
Understanding and Leveraging Code Signing Technologies
   Learn all you need to know about code signing technology, including 
the goals and benefits of code signing, how code signing works and the 
underlying cryptographic and security concepts and building blocks. 

=== GIVE AND TAKE =============================================
SECURITY MATTERS BLOG: Stupid Security Tricks? 
by Mark Joseph Edwards, 

I'm not sure whether this new trend is stupendous or just plain stupid. 
You be the judge when you read about it in this blog article. 

FAQ: Windows Vista Security Guide
by John Savill, 

Q: What is the Windows Vista Security Guide?

Find the answer at 

   Share your security-related tips, comments, or problems and 
solutions in the Windows IT Security print newsletter's 
Reader to Reader column. Email your contributions to If we print your submission, you'll 
get $100. We edit submissions for style, grammar, and length.

=== PRODUCTS ================================================== by Renee Munshi, 

New Protection for OWA Users' Attachments
   Messageware announced the release of AttachView 8.0. AttachView 
converts email attachments in Microsoft Outlook Web Access (OWA) into 
secure Web pages so that users don't unintentionally leave them behind 
in a computer's Web browser cache. Other new features are the ability 
to block certain users and locations from printing attachments (so they 
can't be accidentally left on a public printer) and a new design that 
reduces bandwidth between Exchange Server systems, which should result 
in a significant performance increase for larger corporations. For more 
information, go to 

WANTED: your reviews of products you've tested and used in 
production. Send your experiences and ratings of products to and get a Best Buy gift certificate. 

=== RESOURCES AND EVENTS ======================================   For more security-related resources, visit 

Find the buried treasure by uncovering the secrets to Web filtering. 
Complete this quiz correctly and you could be a winner! 

Expert Ben Smith describes the benefits of using server virtualization 
to make computers more efficient. Download the exclusive podcast today! 

Do you have visibility and control over your software license use? Most 
organizations face a number of serious challenges, including 
understanding vendor licensing models, cost overruns, missed deadlines, 
business opportunities, and lost user productivity. Learn to address 
these challenges, and prepare for audits. Register for the free Web 
seminar, available now! 

We're giving away a PS3--Register for any Web seminar before December 
31 and you could win! Visit 
to see a full listing of on-demand Web seminars that you can register 

You know you need to manage your email data; how do you do it? What 
steps are you taking? What additional measures should you enact? What 
shouldn't you do? Get answers to these questions and get control of 
your vital messaging data. Download the free eBook today! 

Get a solid introduction to Data Protection Manager (DPM), now shipping 
with Microsoft System Center. Download the full ebook today to learn 
how to use DPM to augment tape-based backups. 

=== FEATURED WHITE PAPER ======================================
Can you trust users to protect critical PC business data? One in 3 
users write down their passwords--leaving data at risk, even with 
encryption-only protection. True PC data protection requires 
organizational control of your data. Download this free white paper 
today to find out how to accomplish your PC data security goals without 
inhibiting employee productivity. 

BONUS: Register for any white paper from Windows IT Pro in the month of 
December, and be entered to win a Wii! Visit for more information 
and a complete white paper listing.

=== ANNOUNCEMENTS =============================================
Holiday Offer--Save $40 off Windows IT Pro  
   Don't miss Windows IT Pro magazine in 2007! As a subscriber, you'll 
have full access to must-have content covering Windows Vista 
deployment, virtualization & disaster recovery, Active Directory 
enhancements, Office 2007 launch, SharePoint fundamentals and much 
more. Order now and save $40: 

Make Your Mark on the IT Community!  
   Nominate yourself or a peer to become an "IT Pro of the Month." This 
is your chance to get the recognition you deserve! Winners will receive 
over $600 in IT resources and be featured in Windows IT Pro magazine 
and the TechNet Flash email newsletter. It's easy to enter--accepting 
January nominations now for a limited time! Submit your nomination 

Security UDPATE is brought to you by the Windows IT Pro Web site's 
Security page (first URL below) and the Windows IT Security newsletter 
(subscribe at the second URL below). 

Subscribe to Security UPDATE at 

Be sure to add 
to your antispam software's list of allowed senders.

To contact us: 
About Security UPDATE content -- 
About technical questions -- 
About your product news -- 
About your subscription -- 
About sponsoring Security UPDATE -- 

View the Windows IT Pro privacy policy at 

Windows IT Pro, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department

Copyright 2006, Penton Media, Inc. All rights reserved.

Subscribe to InfoSec News 

Site design & layout copyright © 1986-2015 CodeGods