[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ISN] Tor Experiment Proves You Should Use SSL for Email

Forwarded with permission from: Security UPDATE <Security_UPDATE (at) list.windowsitpro.com>


Gain Control of Software Usage and Reduce Audit Risks

Right-Sizing Your Log Management System

Ensuring End User Continuity

=== CONTENTS ===================================================

IN FOCUS: Tor Experiment Proves You Should Use SSL for Email

   - eIQnetworks Publishes Open Log Format Specification
   - 89 Percent of Those Surveyed Want Use of SSNs Restricted
   - PatchLink Becomes Lumension Security
   - Recent Security Vulnerabilities

   - Security Matters Blog: Security Sites Become Targets of DDoS 
   - FAQ: How to Display Windows 2008 Group Policy Settings
   - From the Forum: ISA Server and an Exchange Back-End Server 
   - Share Your Security Tips

   - Faster, More Manageable Web Filtering
   - Product Evaluations from the Real World




=== SPONSOR: Macrovision =======================================

Gain Control of Software Usage and Reduce Audit Risks
   Most organizations face serious challenges, including understanding 
vendor-licensing models, cost overruns, missed deadlines, business 
opportunities, and lost user productivity. Learn to address these 
challenges, and prepare for audits. Register for the free Web seminar, 
available now!

=== IN FOCUS: Tor Experiment Proves You Should Use SSL for Email 
   by Mark Joseph Edwards, News Editor, mark at ntsecurity / net

A few weeks ago, Swedish security aficionado Dan Egerstad published a 
list that sent out some big shockwaves. Egerstad set up five The Onion 
Router (Tor) exit nodes around the world, put them online for the 
public to use, and then sniffed traffic as it left those exit nodes to 
look for credentials used for POP3 and IMAP traffic. When his adventure 
was over, Egerstad wound up with a lengthy list of logon names and 
passwords for high-profile mailboxes, including credentials that belong 
to workers at various embassies, consulates, large American companies, 
and even the offices of the Dalai Lama. 

In case you aren't familiar with Tor, it's basically a network of 
independently operated servers that work together to provide an 
encrypted VPN. Traffic sent through Tor is moved through at least three 
Tor servers in an ever-changing pattern. The premise is to provide some 
level of anonymity for Tor users so that they can disguise the origin 
of their traffic. Anyone can run a Tor server, and anyone can use the 
Tor network as a client. 

As Egerstad's adventure reveals, many high-profile people use Tor 
without adequate knowledge of how it works, and thus they remain 
unaware of the overall risks. The Tor network does encrypt traffic, and 
it does make an attempt to randomize the route that the traffic takes 
along its way to its destination. Because traffic is encrypted as it 
moves through the Tor network, Tor server operators can't easily sniff 
traffic as it passes through their Tor server. However, the traffic 
must be decrypted before it's sent to its final destination; therefore 
Tor exit server operators can sniff traffic if it wasn't encrypted 
prior to being sent into the Tor network. Egerstad's adventure was 
designed to discover how many people don't encrypt traffic before 
sending it to the Tor network.

A similar experiment is conducted each year at the DEFCON security 
conference: Sniffers are used to capture the credentials of people who 
use the conference wireless network without adequate encryption. The 
results are then posted on the Wall of Sheep (sometimes also referred 
to as the Wall of Shame). One might think that administrators for 
embassies and consulates would be aware of the potential for people to 
sniff network traffic, but apparently they aren't as aware as they 
ought to be. Some are more aware now after being embarrassed by 
Egerstad's findings. 

After Egerstad published his list of results on August 30 (at the URL 
below), his site was quickly shut down, apparently at the request of 
unnamed law enforcement agencies in the United States. Sometime during 
the following week, Egerstad's Web site went back online, and he then 
posted more details of his adventure. Included in the mix of 
information is the fact that there are plenty of suspicious Tor servers 
taking part in the overall Tor network, and that fact ought to give 
anyone using Tor some amount of pause. 

The lesson to be learned from Egerstad's adventure is that all 
administrators should seriously consider implementing POP3 and IMAP 
over Secure Sockets Layer (SSL). Most email clients and servers support 
SSL connectivity, and there's little if any reason not to use it these 
days. Even if your users don't use Tor or other anonymizing tools (such 
as public proxy servers), it's still a good idea to use SSL--even on 
in-house networks, because the threat from company insiders is equal to 
the threat from those outside your company. And, with the increasing 
trend toward telecommuting, SSL is becoming even more important as a 
standard tool that can help guard your private communications.

=== SPONSOR: EventTracker ======================================

Right-Sizing Your Log Management System
   Learn how to effectively achieve ROI with your log management system 
in a matter of months without costly or daunting investments. This web 
seminar addresses how to ensure your organization gets the most out of 
its log management investment, key requirements and architectural 
differences to consider, and caveats and risks to be on watch for as 
you spec out your requirements and design. 

=== SECURITY NEWS AND FEATURES =================================

eIQnetworks Publishes Open Log Format Specification
   eIQnetworks announced the availability of the new Open Log Format 
(OLF) specification, an open source event-logging standard. The company 
hopes the new standard will be adopted to facilitate easier aggregation 
of security log information.

89 Percent of Those Surveyed Want Use of SSNs Restricted
   A recent poll conducted by Consumers Union--publisher of Consumer 
Reports--revealed that 89 percent of those surveyed want lawmakers to 
create laws that restrict the use of Social Security numbers (SSNs).

PatchLink Becomes Lumension Security
   In June, PatchLink announced that it would merge with SecureWave, a 
provider of endpoint security. On the heels of the merger, completed in 
mid-July, PatchLink has renamed the newly combined companies Lumension 

Recent Security Vulnerabilities
   If you subscribe to this newsletter, you also receive Security 
Alerts, which inform you about recently discovered security 
vulnerabilities. You can also find information about these 
discoveries at

=== SPONSOR: Neverfail =========================================

Ensuring End User Continuity
   When your systems go down, your users' productivity grinds to a 
halt. User downtime is one of the fastest growing concerns among 
businesses. This free Web seminar teaches you how to keep your users 
continuously connected and your business up and running. View the On-
Demand Web seminar now!

=== GIVE AND TAKE ==============================================

SECURITY MATTERS BLOG: Security Sites Become Targets of DDoS Attacks
   by Mark Joseph Edwards, http://list.windowsitpro.com/t?ctl=66916:57B62BBB09A6927966C0B9687E3C8343
   Numerous sites that offer security information have come under 
sustained Distributed Denial of Service (DDoS )attacks, and some of the 
sites remain offline due to traffic overloads.

FAQ: How to Display Windows 2008 Group Policy Settings
   by John Savill, http://list.windowsitpro.com/t?ctl=66913:57B62BBB09A6927966C0B9687E3C8343 

Q: Where can I see a list of all the Windows 2008 Group Policy 

Find the answer at

FROM THE FORUM: ISA Server and an Exchange Back-End Server
   A forum participant writes that Microsoft recommends a scenario in 
which you put Microsoft ISA Server in a demilitarized zone (DMZ) and 
publish Microsoft Outlook Web Access (OWA) from a Microsoft Exchange 
front-end server on the inside. Looking at it strictly from a security 
point of view, he wonders, is there any difference in publishing the 
back-end server instead and skipping the front-end server? If you 
manage to hack the front-end server, he says, you're already inside. 
Join the discussion at

   Share your security-related tips, comments, or problems and 
solutions in Security Pro VIP's Reader to Reader column. Email your 
contributions to r2r@xxxxxxxxxxxxxxxxxxx If we print your submission, 
you'll get $100. We edit submissions for style, grammar, and length.

=== PRODUCTS ===================================================
   by Renee Munshi, products@xxxxxxxxxxxxxxxx

Faster, More Manageable Web Filtering 
   St. Bernard Software announced the iPrism M11000, a Web filtering 
appliance for large and midsized enterprises. St. Bernard also 
announced a major software upgrade, version 5.0, for all iPrism 
appliances. The iPrism M11000 provides an 80 percent performance 
improvement over the existing iPrism M3100 appliance. Version 5.0 of 
the iPrism software includes a new Safe Search feature that ensures 
that inappropriate Web content doesn't appear in thumbnails generated 
by Google search engine results and a new Delegated Administration 
feature that lets organizations separate policy-setting responsibility 
from technical administration. For more information, go to

   Share your product experience with your peers. Have you discovered a 
great product that saves you time and money? Do you use something you 
wouldn't wish on anyone? Tell the world! If we publish your opinion, 
we'll send you a Best Buy gift card! Send information about a product 
you use and whether it helps or hinders you to 

=== RESOURCES AND EVENTS =======================================
   For more security-related resources, visit

Microsoft TechEd IT Forum
   TechEd IT Forum is Microsoft's premier European conference designed 
to provide IT professionals with technical training, information, and 
community resources for building, planning, deploying, and managing the 
secure connected enterprise.

11 Reasons to Upgrade to Backup Exec 11d from Symantec
   Download this free on-demand Web seminar to learn about the key 
benefits of upgrading your current backup software to Symantec Backup 
Exec 11d; discover the latest enhancements in Backup Exec, the gold 
standard in Windows data recovery; and find out how you can take 
advantage of special upgrade pricing.

Comparing Email Management Systems that Protect Against Spam, Viruses, 
Malware, & Phishing
   As a systems administrator, you're tasked with determining which 
email security tool is the best fit for your company. Sunbelt Software 
engaged Osterman Research to survey enterprises that are using five of 
the leading email management systems that protect against spam, 
viruses, malware, and phishing attacks. This white paper presents the 
results of this survey and is a must-read for any administrator 
researching email security tools for Microsoft Exchange.

=== FEATURED WHITE PAPER =======================================

The Web Isn't Fun Anymore: How Websense Technology Protects Against 
Internet-Based Threats
   Thanks to its wealth of information, the Internet has become not 
only a vital business tool but also an important part of our personal 
lives. However, it does have a dark side. This white paper examines 
technologies that will help guard against Internet-based threats.

=== ANNOUNCEMENTS ==============================================

Windows IT Pro: Buy 1, Get 1 
   With Windows IT Pro's real-life solutions, news, tips and tricks, 
and access to over 10,000 articles online, subscribing is like hiring 
your very own team of Windows consultants. Subscribe now, and get 2 
years for the price of 1! 

Save 50% Off Scripting Pro VIP 
   Scripting Pro VIP is the IT administrator's source for scripting 
information, tools, and downloadable code. Subscribers also get access 
to our editors to help answer technical questions, as well as a host of 
other unique benefits. Order now at an exclusive charter rate and save 


Security UDPATE is brought to you by the Windows IT Pro Web site's 
Security page (first URL below) and Security Pro VIP (second URL 

Subscribe to Security UPDATE at

Be sure to add Security_UPDATE@xxxxxxxxxxxxxxxxxxxxx 
to your antispam software's list of allowed senders.

To contact us: 
   About Security UPDATE content -- letters@xxxxxxxxxxxxxxxx
   About technical questions -- http://list.windowsitpro.com/t?ctl=66917:57B62BBB09A6927966C0B9687E3C8343
   About your product news -- products@xxxxxxxxxxxxxxxx
   About your subscription -- windowsitproupdate@xxxxxxxxxxxxxxxx
   About sponsoring Security UPDATE -- salesopps@xxxxxxxxxxxxxxxx

View the Windows IT Pro privacy policy at

Windows IT Pro, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department

Copyright 2007, Penton Media, Inc. All rights reserved.

CSI 2007 is the only conference that delivers a business-focused
overview of enterprise security. It will convene 1,500+ delegates,
80 exhibitors and features 100+ sessions/seminars providing a
roadmap for integrating policies and procedures with new tools
and techniques.  Register now for savings on conference fees   
and/or free exhibits admission. - www.csiannual.com