Security Incidents mailing list archives
SecurityFocus.com Microsoft Newsletter #23
From: Stephen Entwisle <se () SECURITYFOCUS COM>
Date: Mon, 26 Feb 2001 10:26:21 -0700
SecurityFocus.com Microsoft Newsletter #23 ------------------------------------------ I. FRONT AND CENTER 1. The Field Guide for Investigating Computer Crime, Part 7: Information Discovery - Basics and Planning 2. Studying Normal Traffic, Part Two: Studying FTP Traffic II. MICROSOFT VULNERABILITY SUMMARY 1. Microsoft Windows NT PPTP DoS Vulnerability 2. Microsoft Windows 2000 Domain Controller DoS Vulnerability III. MICROSOFT FOCUS LIST SUMMARY 1. Details on a hacked NT server (possible kit?) (Thread) 2. TO WHOM IT MAY CONSERN Registry entrys regarding Denial of...(Thread) 3. OT: P*rn Site Urls (Thread) 4. Outlook Text Preview option (Thread) 5. NT 4 with IIS 4 install checklist (Thread) 6. pcAnywhere (Thread) 7. iis unicode bug... (Thread) 8. Possible FTP Site DDoS (Thread) 9. P*rn Site Urls (Thread) 10. Laptop Security (Thread) 11. Troubleshooting disk permission schemes ... (Thread) 12. Win2K Terminal Service as Web Server Admin Tool (Thread) 13. FW: Outlook Text Preview option (Thread) 14. NT/w2k kiosk or hardening software? (Thread) 15. NT: Restrict Users from Installing Software? (Thread) 16. Win2k Telnet Service (Thread) 17. VNCViewer (Thread) 18. MS Security Issue (Thread) 19. Is my IIS proxying for people? (Thread) 20. SecurityFocus.com Microsoft Newsletter #22 (Thread) IV.NEW PRODUCTS FOR MICROSOFT PLATFORMS 1. Ethenticator MS 3000 2. EGTSOFT System Locker V. NEW TOOLS FOR MICROSOFT PLATFORMS 1. DoorWatch 2. Random Number Generator 3. Advanced Password Generator 2.74 4. WebClicker 2.0 5.aTrans VI. SUBSCRIBE/UNSUBSCRIBE INFORMATION I. FRONT AND CENTER ------------------- 1. The Field Guide for Investigating Computer Crime, Part 7: Information Discovery Basics and Planning by Timothy E. Wright This is the seventh installment in SecurityFocus.com's Field Guide for Investigating Computer Crime. The previous installment in this series, "Search and Seizure, Evidence Retrieval and Processing", concluded the overview of search and seizure with a discussion of the retrieval and processing of computer crime scene evidence. In this installment, we will begin our discussion of information discovery, the process of viewing log files, databases, and other data sources on unseized equipment, in order to find and analyze information that may be of importance to a computer crime investigation. http://www.securityfocus.com/focus/ih/articles/crimeguide7.html 2. Studying Normal Traffic, Part Two: Studying FTP Traffic by Karen Frederick This is the second article in a three-part series devoted to studying normal traffic. Many intrusion detection analysts concentrate on identifying the characteristics of suspicious packets. However, it is also important to be familiar with what normal traffic looks like. A great way to do this is to generate some normal traffic, capture the packets and examine them. The first article in this series explained how to capture packets using WinDump and reviewed some simple examples of normal TCP/IP traffic. In this article, we will be examining FTP traffic, which, from a traffic flow standpoint, is more complicated than many other protocols. http://www.securityfocus.com/focus/ids/articles/normaltraf2.html II. BUGTRAQ SUMMARY ------------------- 1. Microsoft Windows NT PPTP DoS Vulnerability BugTraq ID: 2368 Remote: Yes Date Published: 2001-02-13 Relevant URL: http://www.securityfocus.com/bid/2368 Summary: Point to Point Tunneling Protocol (PPTP) is a protocol which enables remote users to connect to a network through a secure connection. Due to a memory leak in the implementation of PPTP it is possible for a remote user to cause a denial of service condition on a server running Windows NT with PPTP enabled. An attacker could exploit this vulnerability by submitting multiple malformed packets to the PPTP services on the target server. Each malicious packet could consume system memory until all available system resources were exhausted. A restart of the server is required in order to gain normal functionality. Successful exploitation of this vulnerability could assist in further attacks against the victim. 2. Microsoft Windows 2000 Domain Controller DoS Vulnerability BugTraq ID: 2394 Remote: Yes Date Published: 2001-02-20 Relevant URL: http://www.securityfocus.com/bid/2394 Summary: Domain controllers in a Windows 2000 network handle user authentication and various other required tasks. Microsoft Windows 2000 domain controllers are subject to a denial of service condition. Unfortunately Windows 2000 domain controllers do not properly validate a user request before attempting to process it. Submitting numerous specially crafted invalid requests to a domain controller, could initiate the domain controllers attempt to carry out the request. This constant processing attempt will eventually exhaust nearly all available system resources, preventing the domain controller from handling various mandatory tasks. A restart of the server is required in order to gain normal functionality. Successful exploitation of this vulnerability could assist in further attacks against the victim host. III. MICROSOFT FOCUS LIST SUMMARY --------------------------------- 1. Details on a hacked NT server (possible kit?) (Thread) Relevant URL: http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d88%26date%3d2001-02-26%26thread%3dF221C7Mzx6ClF6OuyyF0000955e () hotmail com 2. TO WHOM IT MAY CONSERN Registry entrys regarding Denial of Service Attacks (Thread) Relevant URL: http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d88%26date%3d2001-02-26%26thread%3d001601c09e58$df026280$8401a8c0@tricompc 3. OT: P*rn Site Urls (Thread) Relevant URL: http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d88%26date%3d2001-02-26%26thread%3d006001c09dde$d634f7f0$b6079818@ndr113 4. Outlook Text Preview option (Thread) Relevant URL: http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d88%26date%3d2001-02-26%26thread%3d006201c09de3$78b579b0$37866a3f@ssternw2kw 5. NT 4 with IIS 4 install checklist (Thread) Relevant URL: http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d88%26date%3d2001-02-26%26thread%3dGLEFJOAAJFENFGKOJPBGIELLCDAA.patrick () whitefrog com 6. pcAnywhere (Thread) Relevant URL: http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d88%26date%3d2001-02-26%26thread%3dDAEIJNEKMPIGLADFMEICMEAODBAA.smoulec () cuisinesolutions com 7. iis unicode bug... (Thread) Relevant URL: http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d88%26date%3d2001-02-26%26thread%3d3A96CCA5.1E9B0197 () moquijo com 8. Possible FTP Site DDoS (Thread) Relevant URL: http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d88%26date%3d2001-02-26%26thread%3d200102232145.f1NLjFA54681 () robin cts com 9. P*rn Site Urls (Thread) Relevant URL: http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d88%26date%3d2001-02-26%26thread%3dNDBBJLMHNCGAJNMCLPHFIEMIEDAA.karl () lovink net 10. Laptop Security (Thread) Relevant URL: http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d88%26date%3d2001-02-26%26thread%3dPine.LNX.4.10.10102221221490.11153-100000 () KWAN ca 11. Troubleshooting disk permission schemes ... (Thread) Relevant URL: http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d88%26date%3d2001-02-26%26thread%3d01F1E3781779D411B63B00D0B7B0E0D03824EE () atv-ga4b-213 rasserver net 12. Win2K Terminal Service as Web Server Admin Tool (Thread) Relevant URL: http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d88%26date%3d2001-02-26%26thread%3d31ACC2D3E8B4D411BC4A00306E0061EF016207@IGHMSG01 13. FW: Outlook Text Preview option (Thread) Relevant URL: http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d88%26date%3d2001-02-26%26thread%3d49EFF2B5759ED2118F0F00805FE67FE0039F2F03 () dasmttayz026 army pentagon mil 14. NT/w2k kiosk or hardening software? (Thread) Relevant URL: http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d88%26date%3d2001-02-26%26thread%3dDJEGKFFMGLMAKALIEECAOENOCDAA.judy () colorado edu 15. NT: Restrict Users from Installing Software? (Thread) Relevant URL: http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d88%26date%3d2001-02-26%26thread%3d3A936B60.F4CFC954 () ifi uib no 16. Win2k Telnet Service (Thread) Relevant URL: http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d88%26date%3d2001-02-26%26thread%3d00b901c09bd1$69578f30$af05a8c0 () anchorsign com 17. VNCViewer (Thread) Relevant URL: http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d88%26date%3d2001-02-26%26thread%3d000b01c09bab$5415c680$1fef0b18 () truckee1 ca home com 18. MS Security Issue (Thread) Relevant URL: http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d88%26date%3d2001-02-26%26thread%3d4.3.2.7.2.20010220122932.00faa890 () pop qut edu au 19. Is my IIS proxying for people? (Thread) Relevant URL: http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d88%26date%3d2001-02-26%26thread%3d603D8EA4BB33D31197600006290532CE06AEEC03 () Server1b office isaserver be 20. SecurityFocus.com Microsoft Newsletter #22 (Thread) Relevant URL: http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d88%26date%3d2001-02-26%26thread%3dPine.GSO.4.30.0102191038510.13831-100000@mail IV.NEW PRODUCTS FOR MICROSOFT PLATFORMS ---------------------------------------- 1. Ethenticator MS 3000 by Ethentica Platforms: Windows NT Relevant URL: http://www.securityfocus.com/products/1385 Summary: The Ethenticator's unique ability to grant access to networks and protected websites without having to remember or type passwords makes it a lifesaver while you're on the road with a thousand other things on your mind. Its secure access features put your mind at ease, too, with reliable protection from unauthorized use and data theft. The Ethenticator MS 3000 also eliminates the need to remember passwords and lets you instantly access any web site on the Internet that requires your password, any application or other text-based information secured by a password or user name / password combination on your mobile computer. 2. EGTSOFT System Locker by EGTSOFT Platforms: Windows 95/98 Relevant URL: http://www.securityfocus.com/products/1384 Summary: System Locker is a handy utility that locks your keyboard and mouse thus allowing you to protect your personal computer from unauthorized access. System Locker is highly configurable utility and could be tuned to fully satisfy customers' needs. V.NEW TOOLS FOR MICROSOFT PLATFORMS ------------------------------------ 1. DoorWatch Platforms: Windows 2000 by corea2k Relevant URL: http://www.securityfocus.com/tools/1936 Summary: IP/PORT/NetBios/Trojan Scanning Whois Ping Test Ping Attack NetStatus Whois NSLookup Finger 2. Random Number Generator Platforms: Windows 95/98 by Segobit Relevant URL: http://www.securityfocus.com/tools/671 Summary: Random Number Generator is a Windows95 based application designed to generate random numbers of any length. Random Number Generator v.1.1 allow users to do choice random number generator, which built into this application.This is linear congruential and bit shift random number generators.This feature is used to generate an extremely random seed value. Random number generators written in low-level language, and some of random number generators, which built into this application, is ipossible to write in high-level language (Basic,Pascal,C++ and other). Random Number Generator will generate to 200 numbers. 3. Advanced Password Generator 2.74 Platforms: Windows 2000, Windows 95/98 and Windows NT by Segobit Software Relevant URL: http://www.securityfocus.com/tools/1907 Advanced Password Generator is a application designed to generate passwords of any length and character content. Advanced Password Generator allow users to do choice random number generator, which built into this application.This feature is used to generate an extremely random seed value. Random number generators written in low-level language, and some of random number generators, which built into this application, is impossible to write in high-level language (Basic,Pascal,C++ and other). After registration user can to obtain the application with the own additional random number generator. Advanced Password Generator will create alphabetic, numeric, alphanumeric or all keyboard characters password of user-defined lengths.Password can be generated in lowercase or mixed case.All passwords can be printed. 4. WebClicker 2.0 Platforms: Windows 2000, Windows 95/98 and Windows NT by Moritz Bartl Relevant URL: http://www.securityfocus.com/tools/1859 Uses public proxies to create artificial banner ad clicks. Emulates complete browser HTTP transfer and can be used for banner/link exchanges and toplists as well. 5.aTrans Platforms: Windows 2000, Windows 95/98 and Windows NT by DataRescue Inc Relevant URL: http://www.securityfocus.com/tools/1942 Easy to move, easy to use, P2P secure file transfer and chat on the windows 32 platform. AES encryption / RSA authentication / Diffie-Hellman EKE, on the fly compression, secure migration in a 400 kb self extracting encrypted package. VI. SUBSCRIBE/UNSUBSCRIBE INFORMATION ------------------------------------- 1. How do I subscribe? Send an e-mail message to LISTSERV () SECURITYFOCUS COM with a message body of: SUBSCRIBE FOCUS-MS Lastname, Firstname You will receive a confirmation request message to which you will have to anwser. 2. How do I unsubscribe? Send an e-mail message to LISTSERV () SECURITYFOCUS COM from the subscribed address with a message body of: UNSUBSCRIBE FOCUS-MS If your email address has changed email aleph1 () securityfocus com and I will manualy remove you. 3. How do I disable mail delivery temporarily? If you will are simply going in vacation you can turn off mail delivery without unsubscribing by sending LISTSERV the command: SET FOCUS-MS NOMAIL To turn back on e-mail delivery use the command: SET FOCUS-MS MAIL 4. Is the list available in a digest format? Yes. The digest generated once a day. 5. How do I subscribe to the digest? To subscribe to the digest join the list normally (see section 0.2.1) and then send a message to LISTSERV () SECURITYFOCUS COM with with a message body of: SET FOCUS-MS DIGEST 6. How do I unsubscribe from the digest? To turn the digest off send a message to LISTSERV with a message body of: SET FOCUS-MS NODIGEST If you want to unsubscribe from the list completely follow the instructions of section 0.2.2 next. 7. I seem to not be able to unsubscribe. What is going on? You are probably subscribed from a different address than that from which you are sending commands to LISTSERV from. Either send email from the appropiate address or email the moderator to be unsubscribed manually.
Current thread:
- SecurityFocus.com Microsoft Newsletter #23 Stephen Entwisle (Feb 26)