To:"Mike Swier" <mswier@YAHOO.COM>
Date: Thu, 22 Apr 2004 09:49:55 -0400 (EDT)
From:"Security Pipeline Newsletter" <secured@techwire.com>
Subject: [SPN] Security Pipeline Newsletter - 04.22.2004 - Spam 
SECURITY PIPELINE NEWSLETTER
http://www.securitypipeline.com/
Thursday, April 22, 2004

IN THIS ISSUE:

1. Editor's Note: 
  - What Are You Doing About Spam?
  - Would You Do It For A Candy Bar?
2. Top Stories This Week
  - TCP Vulnerable, But Net Won't Go Down
  - Will Trade Passwords For Chocolate
  - A Network Of Networks  
3. This Week's Attacks, Patches And Bulletins
4. Only The Best Security News
5. TRENDS: Security Plays Small Ball
6. REVIEW: iPolicy Networks' ipEnforcer i3400
7. VOTING BOOTH: Cast Your Vote On Counter-Attacking Hackers
8. Shameless Self-Promotion
9. How To Unsubscribe And Subscribe

------- Advertisement -------------------

The Computer Associates eTrust(tm) Identity and Access Management 
Suite provides a unique, comprehensive solution that enhances 
security and reduces costs by automating business processes and 
enabling self-administration in addition to providing policy-based
protection for platform, web, mainframe, and application resources
across the enterprise. http://www.ca.com/iam

-----------------------------------------

1. EDITOR'S NOTE

WHAT ARE YOU DOING ABOUT SPAM?

Spam went from annoyance to major problem about two years ago.
That's the bad news. The good news is that we've had plenty of
time to develop workarounds, and despite dire predictions, e-mail
hasn't melted down, although it has gotten pretty mushy. 

We'd like to take an in-depth look at spam, and we'd like your
help. We want to know what you're doing about it. Send me an 
e-mail (mailto:mwagner@cmp.com?Subject=SPNfeedback) and let me know. 

Some of the things we want to know.

- What are you doing about spam?

- Can you recommend any spam products or free software?

- What are the major problems and risks that spam causes for you?

We especially want to hear from e-mail administrators responsible
for managing e-mail systems for businesses, government entities,
not-for-profits and other enterprises. But if you're a small
businessperson, end user or consumer, we'd like to hear from you too. 

WOULD YOU DO IT FOR A CANDY BAR?

I was tickled by a report released this week, saying that about
three-quarters of respondents to a person-on-the-street survey
were willing to divulge their passwords for a chocolate bar. 
 		 
Will Trade Passwords For Chocolate
http://dclsmtp1.techwire.com/trk/click?ref=zp7waa8wo_0-6ax1234x143022&

A couple of bloggers liked the story too. 

"Heaven only knows what they'd fork over for venti latte with
extra foam," said Xeni Jardin at BoingBoing.

BoingBoing
http://dclsmtp1.techwire.com/trk/click?ref=zp7waa8wo_0-6ax1235x143022&

BoingBoing reader Joe Buck added: "If a person on the street
offers me a chocolate bar in exchange for my password, and it's a
good chocolate bar, I'll happily tell him or her a password...
except that it will be FAKE."

BoingBoing also noted that in January, researchers asked for
passwords, offering no incentive at all, and, still got a 90
percent response rate.
http://dclsmtp1.techwire.com/trk/click?ref=zp7waa8wo_0-6ax1236x143022&

Fark.com also linked to the story. (Warning: raunchy language)
http://dclsmtp1.techwire.com/trk/click?ref=zp7waa8wo_0-6ax1237x143022&

Some Fark readers responded: 

- "So I guess we know the answer to 'What would you do for a
   Klondike bar?' now huh?"

- "I'd give up my boss's password for much less."

- "Funny, my password is 'givemesomecandy.'"

One Fark reader noted that the survey was taken outside a London
commuter train station, and said the most popular password
divulged by respondents was, "Bugger off out of my way I've got a
train to catch."

Mitch Wagner
mailto:mwagner@cmp.com?subject=SPNfeedback
Editor
Security Pipeline
http://www.securitypipeline.com

If you send e-mail, let us know if you'd rather we didn't publish it.

For more commentary and links by Mitch Wagner, see Wagner's Weblog
http://dclsmtp1.techwire.com/trk/click?ref=zp7waa8wo_0-6ax1238x143022&

-----------------------------------------

2. TOP STORIES THIS WEEK

TCP Vulnerable, But Net Won't Go Down
http://dclsmtp1.techwire.com/trk/click?ref=zp7waa8wo_0-6ax1239x143022&
A critical vulnerability in TCP protocol could possibly disrupt
portions of the internet, but security experts say not to panic,
that security professionals have taken extra precautions to
mitigate a lot of the risk.

Will Trade Passwords For Chocolate
http://dclsmtp1.techwire.com/trk/click?ref=zp7waa8wo_0-6ax1234x143022&
Almost three quarters of office workers in an impromptu man-on-
the-street survey were willing to give up their passwords when
offered the bribe of a chocolate bar.

A Network Of Networks  
http://dclsmtp1.techwire.com/trk/click?ref=zp7waa8wo_0-6ax123ax143022&
A $350 million metanetwork built by subcontractors will finally
allow federal agencies to communicate securely and, authorities
hope, resolve many of the federal government's information-
sharing problems.

3. THIS WEEK'S ATTACKS, PATCHES AND BULLETINS

Netsky.y Sparks High Threat Level
http://dclsmtp1.techwire.com/trk/click?ref=zp7waa8wo_0-6ax123bx143022&
Classified a "high" threat by Panda Software, Netsky.y arrives in
an e-mail with a subject line which reads "delivery failure
notice" along with an 8-digit "ID" number. 

Cisco Reveals Significant Security Flaw
http://dclsmtp1.techwire.com/trk/click?ref=zp7waa8wo_0-6ax123cx143022&
 		 
Security Vulnerability Threatens Widespread DOS Attacks 
http://dclsmtp1.techwire.com/trk/click?ref=zp7waa8wo_0-6ax123dx143022&
 		 
Netsky.x Wild On The Net 
http://dclsmtp1.techwire.com/trk/click?ref=zp7waa8wo_0-6ax123ex143022&

Phatbot Worm May Be Attacking SQL Server Ports   
http://dclsmtp1.techwire.com/trk/click?ref=zp7waa8wo_0-6ax123fx143022&

4. ONLY THE BEST SECURITY NEWS

IBM Launches Desktop Management Services For Small And Medium 
Businesses 
http://dclsmtp1.techwire.com/trk/click?ref=zp7waa8wo_0-6ax1240x143022&
Services included in the per-seat-priced suite are automatic
backup, image management, and anti-virus and anti-spam protection.

Tower Records Settles FTC Site-Security Charges   
http://dclsmtp1.techwire.com/trk/click?ref=zp7waa8wo_0-6ax1241x143022&

Phishing E-mails Jump 800-fold In Six Months   
http://dclsmtp1.techwire.com/trk/click?ref=zp7waa8wo_0-6ax1242x143022&

Study Says Anti-Spam Efforts Yield Rapid Returns 
http://dclsmtp1.techwire.com/trk/click?ref=zp7waa8wo_0-6ax1243x143022&
 		 
Microsoft Preps Next Release Candidate For Windows XP Service Pack 2
http://dclsmtp1.techwire.com/trk/click?ref=zp7waa8wo_0-6ax1244x143022&
 		 
National Security Experts Voice Concerns Over Operating Systems
http://dclsmtp1.techwire.com/trk/click?ref=zp7waa8wo_0-6ax1245x143022&
 		 
Symantec Suite Tackles Storage Backup, Recovery 
http://dclsmtp1.techwire.com/trk/click?ref=zp7waa8wo_0-6ax1246x143022&

Anti-Spam Protection Pays Its Way
http://dclsmtp1.techwire.com/trk/click?ref=zp7waa8wo_0-6ax1247x143022&

5. TRENDS: Security Plays Small Ball
http://dclsmtp1.techwire.com/trk/click?ref=zp7waa8wo_0-6ax1248x143022&
Even as the security industry unleashes a flood of products for
small to medium-size businesses (SMB), owners and executives are
confident that their security needs are under control.

6. REVIEW: iPolicy Networks' ipEnforcer i3400
http://dclsmtp1.techwire.com/trk/click?ref=zp7waa8wo_0-6ax1249x143022&
Increasing security by separating network traffic according to
access rights and policies, the ipEnforcer i3400 provides
stateful firewalling, URL filtering and intrusion
detection/prevention.
 		 
7. VOTING BOOTH: Cast Your Vote On Counter-Attacking Hackers
http://dclsmtp1.techwire.com/trk/click?ref=zp7waa8wo_0-6ax124ax143022&
Symbiot, Inc., introduced a product to let enterprises strike
back at attackers. Is that right? Should companies under attack
by hackers strike back? 

RESULTS SO FAR: 
- Yes, the best defense is a good offense, 65 percent, 411 votes
  out of 636. 
- No, vigilante justice is wrong, 35 percent, 225 votes.

8. SHAMELESS SELF-PROMOTION

LOOK FOR FIREWALL HARDWARE IN PRODUCT FINDER 
http://dclsmtp1.techwire.com/trk/click?ref=zp7waa8wo_0-6ax124bx143022&

For other Product Finder product categories, browse or search the
database from its home page:
http://dclsmtp1.techwire.com/trk/click?ref=zp7waa8wo_0-6ax11d0x143022&

CHECK OUT THE SECURITY PIPELINE TOPIC CENTERS

Desktop Security:
http://www.securitypipeline.com/desktop/

Network Security:
http://www.securitypipeline.com/network/

Infrastructure:
http://www.securitypipeline.com/infrastructure/

Policy & Privacy:
http://www.securitypipeline.com/policy_privacy/

TELL A COLLEAGUE ABOUT THE SECURITY PIPELINE NEWSLETTER
If you know a colleague or co-worker who might be interested in
signing up for this newsletter, please forward it to him or her
and point out the subscription page:
http://www.securitypipeline.com/newsletter.jhtml

HAVE YOU DISCOVERED THE OTHER PIPELINES?
Security Pipeline is one is a series of specialized IT sites you
might like. Here are the others, and you can expect more in the future:

NEW! Outsourcing Pipeline http://www.outsourcingpipeline.com/
Enterprise Apps Pipeline http://www.enterpriseappspipeline.com
Biz Intelligence Pipeline http://www.bizintelligencepipeline.com
Compliance Pipeline http://www.compliancepipeline.com
Desktop Pipeline http://www.desktoppipeline.com
Developer Pipeline http://www.developerpipeline.com
IT Utility Pipeline http://www.itutilitypipeline.com
Linux Pipeline http://www.linuxpipeline.com
Mobile Pipeline http://www.mobilepipeline.com
Networking Pipeline http://www.networkingpipeline.com
Server Pipeline http://www.serverpipeline.com
Small Business Pipeline http://www.smallbusinesspipeline.com
Storage Pipeline http://www.storagepipeline.com
Web Services Pipeline http://www.webservicespipeline.com

Every Pipeline site has its own newsletter and RSS feed. Give
them a try.

NETWORK COMPUTING'S SECURE ENTERPRISE MAGAZINE
http://www.securitypipeline.com/se/
Did you know that Network Computing has launched a new supplement
called Secure Enterprise? Security Pipeline hosts the Secure
Enterprise Web site. It's well worth a moment of your time to
check out this content from top-notch authors:

SUBSCRIBE TO THE SECURITY PIPELINE RSS FEED

Security Pipeline is now available as an RSS feed
http://www.securitypipeline.com/rss/all.jhtml

You'll need specialized software, called a news aggregator, to
view the preceding link. To find out more about RSS and news
aggregators, see here
http://wagblog.internetweek.com/archives/000951.html


------- Advertisement -------------------

The Computer Associates eTrust(tm) Identity and Access Management 
Suite provides a unique, comprehensive solution that enhances 
security and reduces costs by automating business processes and 
enabling self-administration in addition to providing policy-based
protection for platform, web, mainframe, and application resources
across the enterprise. http://www.ca.com/iam

-----------------------------------------

9. HOW TO UNSUBSCRIBE AND SUBSCRIBE
http://www.securitypipeline.com/newsletter.jhtml

Privacy policy:
http://www.cmp.com/delivery/privacy.html

The Security Pipeline Newsletter
http://www.securitypipeline.com/
Copyright (c) 2003-2004 CMP Media LLC
600 Community Drive
Manhasset, NY 11030