AOH :: ISNQ4646.HTM

New Services and Devices Bring New Security Risks




New Services and Devices Bring New Security Risks
New Services and Devices Bring New Security Risks



Forwarded with permission from: Security UPDATE 

PLEASE VISIT OUR SPONSORS, WHO BRING YOU SECURITY UPDATE FOR FREE:

Trends in Malware: 2007 Security Threat Report
http://list.windowsitpro.com/t?ctl=68979:57B62BBB09A69279522C6B62EFCB2AF0 

How Websense Technology Protects Against Internet-Based Threats
http://list.windowsitpro.com/t?ctl=6896B:57B62BBB09A69279522C6B62EFCB2AF0 

Gain Control of Software Usage and Reduce Audit Risks
http://list.windowsitpro.com/t?ctl=68965:57B62BBB09A69279522C6B62EFCB2AF0 


=== CONTENTS ==================================================
IN FOCUS: New Services and Devices Bring New Security Risks

NEWS AND FEATURES
   - Danish Company Offers Free Web Application Firewall
   - Sun to Synchronize Java Security Updates
   - Mobile Device Security: Whose Data Is It, Anyway?
   - Recent Security Vulnerabilities

GIVE AND TAKE
   - Security Matters Blog: SSHFS Mounts Remote Linux File Systems; 
Worm Author Gets Job Offers
   - FAQ: Use Group Policy to Check for Server Core 
   - From the Forum: Domain User Application Problems
   - Share Your Security Tips

PRODUCTS
   - Out-of-Email-Stream Encryption Solution
   - Wanted: Your Reviews of Products 

RESOURCES AND EVENTS

FEATURED WHITE PAPER

ANNOUNCEMENTS


=== SPONSOR: Sophos ===========================================
Trends in Malware: 2007 Security Threat Report
   A sharp rise in web threats is the latest twist in cyber criminals' 
continually evolving efforts to steal information for financial gain. 
We review the year so far and predict the threat landscape for the 
second half of 2007.
http://list.windowsitpro.com/t?ctl=68979:57B62BBB09A69279522C6B62EFCB2AF0 


=== IN FOCUS: New Services and Devices Bring New Security Risks 
   by Mark Joseph Edwards, News Editor, mark at ntsecurity / net

The booming dot com era is certainly long gone, but even so, every 
month, more new Internet services make their debut, and not quite as 
frequently, new devices and gadgets are brought to market. Inevitably, 
some of these items will make their way into your network environment, 
often carrying with them considerable security risks. 

A good case in point popped up last week. A relatively new company 
called Pudding Media announced its new VoIP solution called 
ThePudding.com. The company intends to employ a lure typical of many 
new online services. Anyone will be able to use ThePudding.com's VoIP 
service for free to make calls in North America because the company 
intends to profit through the insertion of targeted advertising. Sounds 
reasonable, but there's a new twist. 

According to the company's privacy policy (at the URL below), "Our 
technology detects spoken keywords during a conversation and brings you 
rich media, news and offers, related to the very topics you talk about 
during your calls. The conversation keywords are not kept in our system 
after they are processed, and the conversation can not be 
reconstructed."
http://list.windowsitpro.com/t?ctl=68972:57B62BBB09A69279522C6B62EFCB2AF0 

Therein resides the risk. One of your employees or contractors might 
decide to use the VoIP service, thinking that by doing so they could 
save themselves or your business money. If the person discussed 
sensitive information, it could leak out. 

Pudding Media says it won't store keywords, and you might decide to 
trust the company. But there already are known ways to potentially 
eavesdrop on VoIP calls. Because this particular VoIP solution will, by 
design, be able to listen to conversations to discover keywords to use 
for targeted advertising, it stands to reason that the solution will 
have such capabilities built right into the VoIP software. And if 
that's the case, listening in might become even easier for intruders. 

Whether to allow the use of ThePudding.com is a decision you need to 
make before the service explodes into widespread use. You can read 
numerous stories about the service by checking Yahoo! News at the URL 
below.
http://list.windowsitpro.com/t?ctl=68971:57B62BBB09A69279522C6B62EFCB2AF0 

The overall point I'd like to make here is that if you hadn't learned 
about the service, you wouldn't even know that such a risk exists. So 
it's probably a good idea to read lots of news, follow the trends, 
research the overall computing industry to some extent, weigh the 
security impact of your findings on your environment, and take 
appropriate actions sooner rather than later. 

To stay up to date on news and trends, you can use some of the more 
obvious sources, such as major magazines and newspapers and even the 
news aggregation features of major search engines. However, a few more 
specialized sites can help you learn about trends faster than weeding 
through a huge pile of news. Next week, I'll tell you about some of the 
sites I use to follow trends. So stay tuned. 


=== SPONSOR: Websense =========================================
How Websense Technology Protects Against Internet-Based Threats
   The Internet--with its wealth of information and features that have 
become integrated into our everyday lives--has become a necessary tool 
for business and also provides a vast array of options for personal 
use. However, it does have a dark side. This whitepaper will examine 
technologies that will help guard against Internet-based threats.
http://list.windowsitpro.com/t?ctl=6896B:57B62BBB09A69279522C6B62EFCB2AF0 


=== SECURITY NEWS AND FEATURES ================================
Danish Company Offers Free Web Application Firewall
   Danish security company Armorlogic released a free version of its 
Profense Web application firewall. Based on OpenBSD, the product runs 
on your hardware and is a scaled-down version of the company's full-
featured firewall.
http://list.windowsitpro.com/t?ctl=68976:57B62BBB09A69279522C6B62EFCB2AF0 

Sun to Synchronize Java Security Updates
   Sun Microsystems said it will synchronize its security updates 
across its most widely used Java SE product release families. The 
company will also begin offering advance notification of security 
updates.
http://list.windowsitpro.com/t?ctl=68975:57B62BBB09A69279522C6B62EFCB2AF0 

Mobile Device Security: Whose Data Is It, Anyway?
   Businesses have a duty to protect their corporate information, but 
employees who provide their own mobile devices don't want the company 
imposing intrusive policies on their access. The solution requires a 
tradeoff between convenience and risk.
http://list.windowsitpro.com/t?ctl=68974:57B62BBB09A69279522C6B62EFCB2AF0 

Recent Security Vulnerabilities
   If you subscribe to this newsletter, you also receive Security 
Alerts, which inform you about recently discovered security 
vulnerabilities. You can also find information about these 
discoveries at
http://list.windowsitpro.com/t?ctl=6896C:57B62BBB09A69279522C6B62EFCB2AF0 


=== SPONSOR: Macrovision ======================================
Gain Control of Software Usage and Reduce Audit Risks
  Take the necessary steps for application management, from conversion 
of legacy applications to MSI to customizing applications to fit 
corporate standards. Don't overlook an important component of an OS 
migration--join us for the free on-demand Web seminar. 
http://list.windowsitpro.com/t?ctl=68965:57B62BBB09A69279522C6B62EFCB2AF0 


=== GIVE AND TAKE =============================================
SECURITY MATTERS BLOG: SSHFS Mounts Remote Linux File Systems; Worm 
Author Gets Job Offers
by Mark Joseph Edwards, http://list.windowsitpro.com/t?ctl=6897B:57B62BBB09A69279522C6B62EFCB2AF0 
   Learn about a tool that I recently came across, SSHFS, which is 
based on SSH and which lets you locally mount remote Linux file 
systems. Also learn about a worm author that got offers for several 
high paying jobs that he could take after he gets out of prison!
http://list.windowsitpro.com/t?ctl=68969:57B62BBB09A69279522C6B62EFCB2AF0 

FAQ: Use Group Policy to Check for Server Core 
by John Savill, http://list.windowsitpro.com/t?ctl=68978:57B62BBB09A69279522C6B62EFCB2AF0 

Q: How can I check for a Windows Server 2008 Server Core installation 
as part of a Group Policy application?

Find the answer at
http://list.windowsitpro.com/t?ctl=68973:57B62BBB09A69279522C6B62EFCB2AF0 

FROM THE FORUM: Domain User Application Problems
   A forum participant uses Windows Server 2003 Small Business Server 
(SBS) with Active Directory (AD) for a network of about 20 users and 
lots of applications. However, he often finds that users don't have 
enough rights to run some of the applications. He wonders whether 
there's an out-of-the-box solution. Join the discussion at 
http://list.windowsitpro.com/t?ctl=68964:57B62BBB09A69279522C6B62EFCB2AF0 

SHARE YOUR SECURITY TIPS AND GET $100
   Share your security-related tips, comments, or problems and 
solutions in Security Pro VIP's Reader to Reader column. Email your 
contributions to r2r@securityprovip.com. If we print your submission, 
you'll get $100. We edit submissions for style, grammar, and length.


=== PRODUCTS ================================================== by Renee Munshi, products@windowsitpro.com 

Out-of-Email-Stream Encryption Solution
   Kryptiva announced the availability of Kryptiva's Email Encryption 
Architecture, which consists of two primary components. The Kryptiva 
Packaging Plugin integrates into a user's current email application, 
and the Kryptiva Packaging Server is installed on a local server on the 
network and integrates with LDAP services. These components pull email 
messages out of the email traffic stream and package outgoing ones for 
authentication and encryption, and decrypt incoming ones. Customers 
must obtain an SSL certificate from a recognized Certificate Authority 
(CA), but the Email Encryption Architecture itself is free for U.S. and 
Canadian companies. Add-on services will be available for purchase in 
2008. For more information, go to 
http://list.windowsitpro.com/t?ctl=6897E:57B62BBB09A69279522C6B62EFCB2AF0 

WANTED: your reviews of products you've tested and used in 
production. Send your experiences and ratings of products to 
whatshot@windowsitpro.com and get a Best Buy gift certificate. 


=== RESOURCES AND EVENTS ======================================   For more security-related resources, visit
http://list.windowsitpro.com/t?ctl=68977:57B62BBB09A69279522C6B62EFCB2AF0 

If there's a "killer app," it's email. Business communications rely on 
it, and increasingly, mobile users and clients lower the tolerance for 
email downtime. View this Web seminar and hear from Paul Robichaux, who 
will share information to help you meet your enterprise's high-
availability needs. Tune in for useful tips and a guide to available 
disaster recovery planning resources.  
http://list.windowsitpro.com/t?ctl=68967:57B62BBB09A69279522C6B62EFCB2AF0 

Learn how Symantec and IBM deliver a comprehensive archiving solution 
to capture and store email, files, instant messages, databases, VoIP, 
and many other document formats while helping to reduce storage costs 
and simplify management. View this Web seminar to better understand the 
challenges of your Exchange environment and the Symantec and IBM 
capabilities that can help you solve them.  
http://list.windowsitpro.com/t?ctl=68968:57B62BBB09A69279522C6B62EFCB2AF0 

To stay competitive these days, IT leaders are required to take a 
primary role in delivering business value. Gain insight into business 
intelligence and Microsoft application platform optimization solutions 
in this full-day business intelligence virtual conference on October 4, 
2007.  
http://list.windowsitpro.com/t?ctl=6896A:57B62BBB09A69279522C6B62EFCB2AF0 


=== FEATURED WHITE PAPER ======================================
Is effective security out of reach for your small or midsized business? 
Imagine having a team of IT experts who focus on security as part of 
your staff. Learn how a hosted security solution can be an option for 
small and midsized businesses. Download this white paper today and find 
out how you can eliminate your company's security risks. 
http://list.windowsitpro.com/t?ctl=68966:57B62BBB09A69279522C6B62EFCB2AF0 


=== ANNOUNCEMENTS =============================================
Got a Tough Exchange or Outlook Question? 
   Rely on Exchange & Outlook Pro VIP, the new online resource with in-
depth articles on administration, migration, security, and performance. 
Subscribers get direct access to our top-flight editors, so subscribe 
and receive personalized solutions to your toughest technical 
questions. It beats a support call to Microsoft!   
http://list.windowsitpro.com/t?ctl=6896E:57B62BBB09A69279522C6B62EFCB2AF0 

Discover the New SQL Server Magazine 
   Don't miss the relaunched SQL Server Magazine, coming this month! 
Besides a new look, we have even more coverage of administration and 
performance, development and Web apps, BI and Reporting Services, and 
SQL Server fundamentals. Subscribe now and save 58% off the cover 
price.   
http://list.windowsitpro.com/t?ctl=6896D:57B62BBB09A69279522C6B62EFCB2AF0 


===============================================================
Security UDPATE is brought to you by the Windows IT Pro Web site's 
Security page (first URL below) and Security Pro VIP (second URL 
below).
http://list.windowsitpro.com/t?ctl=6897A:57B62BBB09A69279522C6B62EFCB2AF0 
http://list.windowsitpro.com/t?ctl=6897D:57B62BBB09A69279522C6B62EFCB2AF0 

Subscribe to Security UPDATE at
http://list.windowsitpro.com/t?ctl=68970:57B62BBB09A69279522C6B62EFCB2AF0 

Be sure to add Security_UPDATE@list.windowsitpro.com 
to your antispam software's list of allowed senders.

To contact us: 
About Security UPDATE content -- letters@windowsitpro.com 
About technical questions -- http://list.windowsitpro.com/t?ctl=6897C:57B62BBB09A69279522C6B62EFCB2AF0 
About your product news -- products@windowsitpro.com 
About your subscription -- windowsitproupdate@windowsitpro.com 
About sponsoring Security UPDATE -- salesopps@windowsitpro.com 

View the Windows IT Pro privacy policy at
http://list.windowsitpro.com/t?ctl=6896F:57B62BBB09A69279522C6B62EFCB2AF0 

Windows IT Pro, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department

Copyright 2007, Penton Media, Inc. All rights reserved.


__________________________________________________________________      
CSI 2007 is the only conference that delivers a business-focused
overview of enterprise security. It will convene 1,500+ delegates,
80 exhibitors and features 100+ sessions/seminars providing a
roadmap for integrating policies and procedures with new tools
and techniques.  Register now for savings on conference fees   
and/or free exhibits admission. - www.csiannual.com 

Site design & layout copyright © 1986-2014 CodeGods