Date: Tue, 30 Dec 2003 10:16:08 -0500
From:"Security-Pipeline-Newsletter" <secured@TECHWIRE.COM>
Subject: [SPN] Security Pipeline Newsletter - 12.30.2003
To:SECURITY-PIPELINE-NEWSLETTER@DCLISTSRV1.TECHWIRE.COM

SECURITY PIPELINE NEWSLETTER
Tuesday December 30, 2003

A First Look At Windows XP Service Pack 2
-----------------------------------------------------------------
You may think Microsoft is making baby steps only where security
is concerned. And after you learn more about Windows XP service
pack 2, I don't think your mind will change. But if this release
had been available before the MS Blaster attack last August, it's
possible the blast effect would have been minimized.

Why? Because Windows XP Service Pack 2 is at consumers whose PCs
are woefully under protected, perpetually turned on, and
basically nothing but giant malware magnets that serve as staging
areas for spreading the problem.

I got my hands on Windows XP service pack 2 beta code recently,
and I wrote a first-impression tour of the forthcoming update,
complete with screenshots and analysis. Check it out:

http://www.securitypipeline.com/showArticle.jhtml?articleId=17100264

By the way, the last issue of this newsletter, Thursday Dec. 18,
offered my take on why Microsoft shouldn't be allowed to walk
away from providing security patches to Windows 98 just yet. More
than a hundred of you replied with impassioned responses -- about
80 percent of which were in marked disagreement to my point of
view.

In two weeks, on January 15, I'm going to publish some of those
responses as well as my rebuttal to them. Don't miss it.

Happy New Year!

-- Scot Finnie, Editor, Security Pipeline
http://www.securitypipeline.com/
sfinnie@techweb.com

------- Advertisement -------------------

FREE Enterprise Data Protection eBOOK, courtesy of VERITAS!
Advance to the next level in Enterprise Data Protection with
the market leader-VERITAS. Learn from a third-party expert how
to plan and implement the most effective data protection solution
for your enterprise. Download NOW!
http://ad.doubleclick.net/clk;6858339;8570396;f?http://www.veritas.com/offer?a_id=4135

-----------------------------------------

IN THIS ISSUE

1. Only The Best Security News
2. Special Feature: The 2004 Security Survivor's Guide
3. Trends: New PCs Must Be Protected And Patched
4. How-To: Three Important End-Of-Year PC Maintenance Tasks
5. Voting Booth: Good or Bad: No Win XP SP2 Until Mid-2004
6. Expert Views: Best Practices Should Come Top Down
7. Explore Encryption In Product Finder
8. Check Out The Security Pipeline Topic Categories
- Desktop Security
- Network Security
- Infrastructure
- Policy & Privacy
9. Tell A Colleague About Security Pipeline Newsletter
10. Have You Discovered The Other Pipelines?
11. Network Computing's Secure Enterprise Magazine
12. Change Your Subscription Options

1. ONLY THE BEST SECURITY NEWS

Security Threats: Bad In 2003, Worse In 2004?
------------
As difficult as 2003 was for businesses battling waves of
security problems, next year promises to be just as bad, perhaps
worse, as additional threats develop from peer-to-peer file
sharing software and spyware.
http://www.securitypipeline.com/showArticle.jhtml?articleId=17100252

Spending To Fend Off Online Attacks Grows In 2004
http://www.securitypipeline.com/news/showArticle.jhtml?articleId=17100139

Phishing Attacks Increase Fourfold
http://www.securitypipeline.com/news/showArticle.jhtml?articleId=17100156

Royal Bank Of Canada Takes Business Continuity To The Next Level
http://www.securitypipeline.com/news/showArticle.jhtml?articleId=17100220

Researchers Outline Microsoft's Top 10 Challenges For 2004
http://www.securitypipeline.com/news/showArticle.jhtml?articleId=17100116

Symantec Wins Judgment In Software Piracy Suit
http://www.securitypipeline.com/news/showArticle.jhtml?articleId=17100047

Los Alamos Employees Placed On Leave After Security Gaffe
http://www.securitypipeline.com/news/showArticle.jhtml?articleId=17000499

Sober.C Starts Spreading, Germany Most At Risk
http://www.securitypipeline.com/news/showArticle.jhtml?articleId=17000566

Check Security Pipeline's News page for the latest security news:
http://www.securitypipeline.com/news/

2. SPECIAL FEATURE: The 2004 Security Survivor's Guide
You have to find the right combination of products that will give
you protection both inside and outside your network, from the
host to the desktop to the perimeter. You need a sound patching
strategy that you can implement and maintain effectively. But
above all, your security plan must never get in the way of your
company's business needs.
http://www.securitypipeline.com/showArticle.jhtml?articleId=17000382

3. TRENDS: New PCs Must Be Protected And Patched
Consumers buying PCs as holidays gifts and businesses purchasing
new systems to squeeze capital expenditures under the tax wire
may be putting themselves at risk as soon as they unwrap the
machines.
http://www.securitypipeline.com/showArticle.jhtml?articleId=17100046

4. HOW-TO: Three Important End-Of-Year PC Maintenance Tasks
Fred Langa recommends taking advantage of the slower pace of the
holidays to perform three essential tasks.
http://www.securitypipeline.com/howto/showArticle.jhtml?articleId=17100122

5. VOTING BOOTH: Good or Bad: No Win XP SP2 Until Mid-2004?
Microsoft recently announced that the Service Pack 2 release to
Windows XP won't ship until the middle of 2004. Was that a good
or bad decision? Tell us what you think:

http://www.securitypipeline.com/vote/winxpsp2_92403.jhtml

-- Results Of Identity Theft Poll --
And in case you're wondering, the results of the last poll about
identity theft were a little surprising. The question was:
"Identity theft is clearly a consumer concern. At your
organization, is it also an enterprise concern?"

Just under 500 responses to this poll were received, which is a
very low response rate for Security Pipeline. So many of you
didn't find the question interesting or didn't have a ready
answer. 51 percent of you answered "Yes" and 49 percent of you
answered "No."

6. EXPERT VIEWS: Security Best Practices Should Come Top Down - Hulme
Before the Department of Homeland Security takes action to force
the private sector do more to secure its systems, the federal
government needs to do more -- much more -- to lockdown its
house.
http://www.securitypipeline.com/showArticle.jhtml?articleId=17000528

7. EXPLORE ENCRYPTION IN PRODUCT FINDER
This week, wander through the Encryption category in Security
Pipeline's Product Finder:

http://productfinder.securitypipeline.com/index.cgi?search=Search&final_cat1=3&category=6&sub_cat=28

For other Product Finder product categories, browse or search the
database from its home page:

http://productfinder.securitypipeline.com/

8. CHECK OUT THE SECURITY PIPELINE TOPIC CENTERS

Desktop Security:
http://www.securitypipeline.com/desktop/

Network Security:
http://www.securitypipeline.com/network/

Infrastructure:
http://www.securitypipeline.com/infrastructure/

Policy & Privacy:
http://www.securitypipeline.com/policy_privacy/

9. TELL A FRIEND
If you know a colleague or co-worker who might be interested in
signing up for this newsletter, please forward it to him or her
and point out the subscription page:

http://www.securitypipeline.com/newsletter.jhtml

10. HAVE YOU DISCOVERED THE OTHER PIPELINES?
Security Pipeline is one is a series of specialized IT sites that
might be to your liking. Here are two others, and you can expect
more in the future:

Linux Pipeline: http://www.linuxpipeline.com/
Mobile Pipeline: http://www.mobilepipeline.com/
Storage Pipeline: http://www.storagepipeline.com/
Networking Pipeline: http://www.networkingpipeline.com/
Server Pipeline: http://www.serverpipeline.com/

11. NETWORK COMPUTING'S SECURE ENTERPRISE MAGAZINE
Did you know that Network Computing has launched a new supplement
called Secure Enterprise? Security Pipeline hosts the Secure
Enterprise Web site. It's well worth a moment of your time to
check out this content from top-notch authors:

http://www.securitypipeline.com/se/

------- Advertisement -------------------

-------------------------------------------

12. CHANGE YOUR SUBSCRIPTION OPTIONS
To unsubscribe from or subscribe to this newsletter, please visit
the Security Pipeline subscription center:
http://www.securitypipeline.com/newsletter.jhtml

The Security Pipeline Newsletter
http://www.securitypipeline.com/
Copyright (c) 2003 CMP Media LLC
600 Community Drive
Manhasset, NY 11030