| To: | "Mike Swier" <mswier@YAHOO.COM> |
Date: | Thu, 5 Aug 2004 15:34:59 -0400 (EDT) |
From: | "Security Pipeline Newsletter" <secured@techwire.com>
| Subject: | [SPN] Security Pipeline Newsletter - 8.5.2004 - SP2 |
SECURITY PIPELINE NEWSLETTER
http://www.securitypipeline.com/
Thursday, August 5, 2004
IN THIS ISSUE:
1. Editor's Note:
- What Will You Do About SP2?
- Listen To Me On The Radio
2. Getting Your IT Environment Ready for XPSP2
3. Windows XP Service Pack 2 Breaks Microsoft CRM
4. Phishing Scams Enter Political Waters
5. Opinion: Linux Is More Secure Than Windows. It Just Is.
6. Whose Wi-Fi Is It, Anyway?
7. Using Pricing Against Piracy
8. Mozilla Offers Rewards For Security Bugs
9. SmartAdvice: Customer Education Key Part Of Anti-Phishing
Protection
10. Georgia County Looks At Network Traffic
11. Windows XP SP2 No Security Silver Bullet
12. Only The Best Security News
13. Register Today For TECHXNY
14. Outsourcing - New Whipping Boy?
15. Get More Out Of Security Pipeline
------- Advertisement -------------------
This issue sponsored by Managed Security Services by Symantec(tm).
Our global intelligence network spans 40 countries and monitors
threats 24 hours a day, providing your enterprise with the benefits of
a
world-class security infrastructure while sparing you the complications
of building your own. Click here to download our free white paper.
http://ad.doubleclick.net/clk;9809206;9739344;y?https://ses.symantec.com/SOC
-----------------------------------------
1. EDITOR'S NOTE:
WHAT WILL YOU DO ABOUT SP2?
Seems like it's an unusually quiet summer, doesn't it? The
presidential election is uneventful--everybody in the U.S. has
already made up their mind about who they're going to vote for.
There's no cult summer TV series, like "Keen Eddie" or "Maximum
Bob" as in in years past.
And the biggest event of the industry isn't even the release of a
new product. It's just a patch.
But what a patch it is. Windows XP Service Pack 2 -- due out
within a matter of days, according to published reports -- is
Microsoft's attempt to solve the security problems of Windows XP
in one fell swoop.
http://www.securitypipeline.com/trends/26805941
The patch cranks optional security settings to their highest
level, and turns on an onboard firewall. It'll also stop the
common buffer overrun method of attacks, but only when paired
with PC processor technology which is, unfortunately, not widely
available just yet.
But the improvements come at a price. Not a financial price --
the software is free to existing Windows XP users. The
improvements have a cost, in terms of hassle and time. Most
enterprises will need to test the software before deploying it.
And, by tightening down Internet Explorer, a chief source of
security problems, SP2 will break web applications that make
aggressive use of Active X and other scripting features.
What are your plans for deploying Windows XP SP2 to your users?
Are you going to jump on it right away? Wait for bugs to be
reported and patched by Microsoft? Test it internally first? Have
you been testing the betas? If you're not going to deploy it now,
then when?
We'd especially like to hear from you if you're a Windows XP user
and you don't plan to deploy SP2 ever. Why not?
Write to mwagner@cmp.com and let us know.
LISTEN TO ME ON THE RADIO
Interested in putting a voice to my name? The good people at the
radio show IMI TechTalk contacted me earlier this week; they read
my earlier article, "True Confessions: I Used My Neighbor's Wi-
Fi,"
http://www.securitypipeline.com/trends/26100635
and want to interview me about Wi-Fi sharing. I'll be appearing
streaming live over the Internet at
http://www.1100kfnx.com/
at 7 pm Eastern time on Sunday. Or, if you live in the great city
of Phoenix, Ariz., you can listen on the radio at AM 1100 KFNX.
Until then, I'll be sitting and brooding about how neither "Keen
Eddie" nor "Maximum Bob" were ever picked up as regular TV
series. Philistines. I live in a nation of Philistines.
Mitch Wagner
mailto:mwagner@cmp.com?subject=SPNfeedback
Editor
Security Pipeline
http://www.securitypipeline.com
For more commentary and links by Mitch Wagner, see Wagner's
Weblog
http://WagBlog.InternetWeek.com
-----------------------------------------
2. Getting Your IT Environment Ready for XPSP2
http://www.SecurityPipeline.com/showArticle.jhtml?articleId=26100743
Windows XP2 Service Pack 2 will fix some problems -- but will
also cause others. Here's some advice for IT and network admins
to be ready.
3. Windows XP Service Pack 2 Breaks Microsoft CRM
http://www.SecurityPipeline.com/showArticle.jhtml?articleId=26805899
According to a posting on Microsoft's download site, installation
of Windows XP SP2 will break the Outlook Sales client of
Microsoft CRM 1.2.
4. Phishing Scams Enter Political Waters
http://www.SecurityPipeline.com/showArticle.jhtml?articleId=26805819
SurfControl reports that phishing scams purporting to solicit
campaign contributions have already started.
5. Opinion: Linux Is More Secure Than Windows. It Just Is.
http://www.SecurityPipeline.com/showArticle.jhtml?articleId=26805728
A recent survey provides more proof of the security of open
source. By Mitch Wagner
6. Whose Wi-Fi Is It, Anyway?
http://www.SecurityPipeline.com/showArticle.jhtml?articleId=26805630
More Wi-Fi access points mean more unprotected access--and more
opportunities to take a free ride on someone else's signal.
7. Using Pricing Against Piracy
http://www.SecurityPipeline.com/showArticle.jhtml?articleId=26805600
Software piracy is a serious worldwide problem which some
companies are trying to solve with lower prices.
8. Mozilla Offers Rewards For Security Bugs
http://www.SecurityPipeline.com/showArticle.jhtml?articleId=26805603
The maker of the open-source Firefox Web browser will pay $500 to
those who discover and report significant security bugs.
9. SmartAdvice: Customer Education Key Part Of Anti-Phishing
Protection
http://www.SecurityPipeline.com/showArticle.jhtml?articleId=26800224
Educating customers to safeguard personal information helps
prevent phishing thefts and builds loyalty, The Advisory Council
says.
10. Georgia County Looks At Network Traffic
http://www.SecurityPipeline.com/showArticle.jhtml?articleId=26100998
Fulton County, Ga.'s, IT department deploys server to keep track
of employee network usage and improve security.
11. Windows XP SP2 No Security Silver Bullet
http://www.SecurityPipeline.com/showArticle.jhtml?articleId=26100978
The upcoming Windows XP Service Pack 2 has plenty of improvements
but aggressive hackers will still remain a threat.
12. ONLY THE BEST SECURITY NEWS:
New MyDoom Yanks Addresses From Yahoo
http://www.SecurityPipeline.com/showArticle.jhtml?articleId=26805894
A new MyDoom variation uses Yahoo's People search site to find
more e-mail addresses.
Attack Bots Take Down DoubleClick
http://www.SecurityPipeline.com/showArticle.jhtml?articleId=26800229
Microsoft Patches Security Hole In Previous Patch
http://www.SecurityPipeline.com/showArticle.jhtml?articleId=26800181
Microsoft Puts Out IE Patch Early
http://www.SecurityPipeline.com/showArticle.jhtml?articleId=26100981
Big Time Spammer Shut Down By CAN-SPAM
http://www.SecurityPipeline.com/showArticle.jhtml?articleId=26100920
Microsoft Issues 'Critical' IE Patch
http://www.SecurityPipeline.com/showArticle.jhtml?articleId=26800054
Microsoft Upgrades Web Services Security For .Net
http://www.SecurityPipeline.com/showArticle.jhtml?articleId=26100766
13. Register Today For TECHXNY
http://techxny.com/
Join us October 5-7 at the Jacob Javits Convention Center in New
York for TECHXNY where you'll find the business solutions you
need. We'll be covering storage, networking, security, database,
Internet, wireless, Linux solutions and more. Save the dates and
register today.
14. Outsourcing - New Whipping Boy?
http://www.managingoffshore.com
As the political season heats up, politicians will bludgeon the
electorate with outsourcing in an attempt to garner
contributions. Outsourcing is the latest wedge issue of both the
left and the right, explains Managing Offshore Editor Rusty
Weston. Check out the August issue of Managing Offshore
(subscription required -- sample issue available).
15. GET MORE OUT OF SECURITY PIPELINE
LOOK FOR ENTERPRISE ANTI-SPAM PRODUCTS IN PRODUCT FINDER
http://productfinder.securitypipeline.com/index.cgi?search=Search&final_cat1=3&category=6&sub_cat=39
For other Product Finder product categories, browse or search the
database from its home page:
http://productfinder.securitypipeline.com/
BULLETINS: Microsoft Security
http://www.securitypipeline.com/howto/
Feeling insecure? Keep up with all the latest security bulletins
from Redmond. A live feed updates this page continuously; for
best results, bookmark and check it regularly.
CHECK OUT THE SECURITY PIPELINE TOPIC CENTERS
Desktop Security:
http://www.securitypipeline.com/desktop/
Network Security:
http://www.securitypipeline.com/network/
Infrastructure:
http://www.securitypipeline.com/infrastructure/
Policy & Privacy:
http://www.securitypipeline.com/policy_privacy/
TELL A COLLEAGUE ABOUT THE SECURITY PIPELINE NEWSLETTER
http://www.securitypipeline.com/newsletter.jhtml
If you know a colleague or co-worker who might be interested in
signing up for this newsletter, please forward it to him or her
and point out the subscription page:
NETWORK COMPUTING'S SECURE ENTERPRISE MAGAZINE
http://www.securitypipeline.com/se/
Did you know that Network Computing has launched a new supplement
called Secure Enterprise? Security Pipeline hosts the Secure
Enterprise Web site. It's well worth a moment of your time to
check out this content from top-notch authors.
HAVE YOU DISCOVERED THE OTHER PIPELINES?
http://www.techweb.com/pipelines/
Security Pipeline is one is a series of specialized IT sites from
the TechWeb Network we think you'll like. Discover the rest of
the Pipeline publications:
Every Pipeline site has its own newsletter and RSS feed. Give
them a try.
Explore the TechWeb Network:
http://www.techweb.com/
SUBSCRIBE TO THE SECURITY PIPELINE RSS FEED
Security Pipeline's content is available as an RSS feed. Just
copy this link and paste into an RSS reader:
http://www.securitypipeline.com/rss/all.jhtml
You need specialized software (or a Web-based service) called a
news aggregator or RSS reader to view an RSS feed. This link does
not work in most Web browsers or e-mail packages.
Are you asking yourself, "What the heck is RSS?" Interested in
other TechWeb RSS feeds? Learn more:
http://www.securitypipeline.com/shared/static/rss.jhtml
------- Advertisement -------------------
This issue sponsored by Managed Security Services by Symantec(tm).
Our global intelligence network spans 40 countries and monitors
threats 24 hours a day, providing your enterprise with the benefits of
a
world-class security infrastructure while sparing you the complications
of building your own. Click here to download our free white paper.
http://ad.doubleclick.net/clk;9809206;9739344;y?https://ses.symantec.com/SOC
Privacy policy:
http://www.cmp.com/delivery/privacy.html
The Security Pipeline Newsletter
http://www.securitypipeline.com/
Copyright (c) 2003-2004 CMP Media LLC
600 Community Drive
Manhasset, NY 11030