4 More Tools for Your Toolkit

4 More Tools for Your Toolkit
4 More Tools for Your Toolkit

Forwarded with permission from: Security UPDATE 


Hosted Security: A solution for small and medium-sized businesses 

ALERT: "How a Hacker Launches a SQL Injection Attack!" White Paper 

Tell little, trust less & thwart hacker attacks. 

=== CONTENTS ==================================================
IN FOCUS: 4 More Tools for Your Toolkit

   - Ubuntu Team Servers Suffer Intrusion
   - GFI to Expand MailArchiver Capabilities
   - Recent Security Vulnerabilities

   - Security Matters Blog: Intel Invests in VMware; Security on a Chip
   - FAQ: Exploring Windows Processes
   - From the Forum: Vulnerability Scanners
   - Share Your Security Tips

   - Gateway Appliance Does Multiple Security Tasks
   - Product Evaluations from the Real World




=== SPONSOR: St. Bernard Software =============================
Hosted Security: A solution for small and medium-sized businesses
   Is effective security out of reach for your small or medium-sized 
business? Imagine having a team of IT experts who only focus on 
security as part of your staff. Download this white paper today and 
find out how you can eliminate your company's security risks. 

=== IN FOCUS: 4 More Tools for Your Toolkit ============   by Mark Joseph Edwards, News Editor, mark at ntsecurity / net

Last week, I learned about four security tools that I hadn't come 
across previously. The tools, available for free from MANDIANT and 
Immunity, each make a worthwhile new addition to your security toolkit. 

The first tool, Web Historian, developed by MANDIANT (formerly Red 
Cliff Consulting), analyzes Web browsing history files from major 
browsers including Microsoft Internet Explorer, Mozilla Firefox, 
Netscape Navigator, Opera, and Apple Safari. You might already have 
such a tool that analyzes browser history files (there are a few 
available); however this is the only tool I know of that can analyze 
the history files of such a wide range of browsers. 

The second tool, First Response, also from MANDIANT, is an incident-
handling tool. The software includes an agent that can be loaded on 
Windows 2000, Windows XP, and Windows Server 2003 systems to collect 
information from a variety of sources, such as the registry, event 
logs, file systems, and active processes. The tool uses a centralized 
console to collect information from its agents, analyze the data, build 
reports, and coordinate incident-response activity. In addition to 
working over a network, the tool can collect information directly from 
a local system that you have physical access to. 

The third tool is MANDIANT's Red Curtain. It's a new malware analysis 
tool that can inspect executables (including DLLs) to look for signs 
that the code might be dangerous. Information gathered by the tool 
includes signatures from development tools (commonly inserted by 
compilers and packagers), packaging type information, whether the code 
includes randomization, and more. The data is used to provide a 
possible threat level score. Depending on the overall score, you might 
decide to take a closer look at the file or quarantine it and move on 
to other tasks.

All three of MANDIANT's tools are available at 

Red Curtain leads me to the fourth tool, Immunity Debugger. If you 
happen to find a suspicious executable and want to take a deeper look 
at what it does, then a debugger can be an essential tool. 

Numerous debuggers are available today; however, unlike many other 
debuggers, a key feature of Immunity Debugger is that it's written 
specifically for security researchers. The tool includes both a GUI and 
a command line interface and supports Python scripting. A lot of the 
functionality of the debugger revolves around the Python subsystem, 
which lets you extend the debugger to conduct a variety of activities 
and lets you design custom routines that display data, accept user 
input, and more. Several sample scripts come with the tool to get you 
started. Another great feature of the tool is that it can latch onto a 
process via its filename, window name, process identifier (PID), 
process name, services, or TCP or UDP port. Overall, it's a powerful 

You can learn more about Immunity Debugger and download a copy at the 
URL below. 

=== SPONSOR: SPI Dynamics =====================================
ALERT: "How a Hacker Launches a SQL Injection Attack!" White Paper 
   It's as simple as placing additional SQL commands into a Web Form 
input box giving hackers complete access to all your backend systems! 
Firewalls and IDS will not stop such attacks because SQL Injections are 
NOT seen as intruders. Download this *FREE* white paper from SPI 
Dynamics for a complete guide to protection! 

=== SECURITY NEWS AND FEATURES ================================
Ubuntu Team Servers Suffer Intrusion
   Some of the regional servers used by Ubuntu advocate teams were 
compromised and made to launch attacks against other systems. As a 
result, five of the servers were taken offline while steps were taken 
to secure them. 

GFI to Expand MailArchiver Capabilities
   GFI announced that it will acquire the technology assets of 
XEmplifyIT, an email management company. The acquisition will allow GFI 
to further empower its MailArchiver solution while at the same time 
removing a competitor from the marketplace. 

Recent Security Vulnerabilities
   If you subscribe to this newsletter, you also receive Security 
Alerts, which inform you about recently discovered security 
vulnerabilities. You can also find information about these 
discoveries at 

=== SPONSOR: Port80 Software ==================================
Tell little, trust less & thwart hacker attacks.
   Over 70% of network attacks are Web-based. Reinforce your Microsoft 
IIS Web servers with low-cost, high impact Port80 tools for Web site 
anti-reconnaissance, redirecting problematic traffic, anti-image 
leeching and to defend your .NET/PHP/CFM/JSP code easily. Get free 
trial downloads & IIS security tips now! 

=== GIVE AND TAKE =============================================
SECURITY MATTERS BLOG: Intel Invests in VMware; Security on a Chip
by Mark Joseph Edwards, 

Intel must see a bright future in VMware. The company recently anted a 
cool $219 million investment for roughly 10 million shares of VMware 
stock! In other partnering news, Intel and Symantec are reportedly 
working to develop "security on a chip." Read the blog to get the 

FAQ: Exploring Windows Processes
by John Savill, 

Q: What is the Process Explorer utility?

Find the answer at 

FROM THE FORUM: Vulnerability Scanners
   A forum participant is wondering which scanners other people have 
used and what their experiences have been with these products. Join the 
discussion at 

   Share your security-related tips, comments, or problems and 
solutions in Security Pro VIP's Reader to Reader column. Email your 
contributions to If we print your submission, 
you'll get $100. We edit submissions for style, grammar, and length.

=== PRODUCTS ================================================== by Renee Munshi, 

Gateway Appliance Does Multiple Security Tasks
   ContentWatch added three Internet gateway security appliances to its 
ContentProtect Security Appliance family. The new plug-and-play 
appliances combine content filtering, bandwidth management, IM and 
peer-to-peer control, antivirus, and antispyware capabilities in one 
box. The ContentProtect Security Appliance comes in three models: The 
CP 100 can host up to 200 users, the CP 300 hosts 1,000, and the CP 350 
hosts more than 5,000. 

   Share your product experience with your peers. Have you discovered a 
great product that saves you time and money? Do you use something you 
wouldn't wish on anyone? Tell the world! If we publish your opinion, 
we'll send you a Best Buy gift card! Send information about a product 
you use and whether it helps or hinders you to 

=== RESOURCES AND EVENTS ======================================   For more security-related resources, visit 

Microsoft TechEd IT Forum
   TechEd IT Forum is Microsoft's premier European conference designed 
to provide IT professionals with technical training, information, and 
community resources to build, plan, deploy, and manage the secure 
connected enterprise. 

Online Backup as a Service
   IT has never been short on buzz. The problem is that for each 
innovation that's buzz worthy, there are two that are forgotten within 
months. "Software as a Service" (SaaS), including online backup as a 
service, is currently generating a lot of buzz. In this podcast, you'll 
find out why storage as a software service is definitely worthy of the 

Get the facts about Microsoft Unified Communications, including 
Exchange Server 2007 and Office Communications Server 2007 during this 
free virtual event on Sept. 19, 2007. Independent Exchange experts will 
present practical, real-world information about deploying, managing, 
and securing Exchange Server 2007 and Office Communications Server 

=== FEATURED WHITE PAPER ======================================
Increase customer confidence with the latest breakthrough in online 
security: Extended Validation SSL. Extended Validation triggers a green 
address bar in Microsoft Internet Explorer 7.0 that proves site 
identity. Learn how to get the green bar and higher sales by reading 
the technical white paper "Maximizing Site Visitor Trust Using Extended 
Validation SSL." 

=== ANNOUNCEMENTS =============================================
Search Thousands of SQL Articles Online and on CD 
   A SQL Server Magazine Master CD subscription buys you portable, 
lightning-fast access to the entire SQL Server article database on CD, 
plus exclusive, up-to-the-minute access to the new articles we publish 
on every day. Order your subscription now! 

Save 1/2 Off Security Pro VIP 
   Security Pro VIP is an online resource that delivers new articles 
every week to help you defend your network. Subscribers also receive 
tips, cautionary advice, direct access to our editors for technical 
Q&As, and a host of other benefits! Order now, and save up to 50 

Security UDPATE is brought to you by the Windows IT Pro Web site's 
Security page (first URL below) and Security Pro VIP (second URL 

Subscribe to Security UPDATE at 

Be sure to add 
to your antispam software's list of allowed senders.

To contact us: 
About Security UPDATE content -- 
About technical questions -- 
About your product news -- 
About your subscription -- 
About sponsoring Security UPDATE -- 

View the Windows IT Pro privacy policy at 

Windows IT Pro, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department

Copyright 2007, Penton Media, Inc. All rights reserved.

Attend HITBSecConf2007 - Malaysia 
Taking place September 3-6 2007 featuring seven tracks of technical 
training and a dual-track security conference with keynote speakers 
Lance Spitzner and Mikko Hypponen!  -  Book your seats today! 

Site design & layout copyright © 1986-2015 CodeGods