Information Security News mailing list archives
Security UPDATE, January 23, 2002
From: InfoSec News <isn () c4i org>
Date: Thu, 24 Jan 2002 02:19:17 -0600 (CST)
******************** Windows & .NET Magazine Security UPDATE--brought to you by Security Administrator, a print newsletter bringing you practical, how-to articles about securing your Windows .NET, 2000, and NT systems. http://www.secadministrator.com ******************** ~~~~ THIS ISSUE SPONSORED BY ~~~~ Secure Your Network: Free Trial from NetIQ http://www.webtrends.com/register/trial.htm?regtype=Trial%20Install&prodtype=EntSecurity&sourceid=NSSAW2KSU0111 Sponsored by VeriSign--The Value of Trust http://list.winnetmag.com/cgi-bin3/flo?y=eKQQ0CJgSH0CBw0p5N0AI (below IN FOCUS) ~~~~~~~~~~~~~~~~~~~~ ~~~~ SPONSOR: SECURE YOUR NETWORK: FREE TRIAL FROM NETIQ ~~~~ Need to proactively prevent security breaches and strengthen security defenses by uncovering and resolving vulnerabilities? Protect your network with NetIQ's award-winning, multi-platform vulnerability scanning and assessment product, Security Analyzer. It automatically detects the latest known security vulnerabilities, provides reports and guidance on how to address them and seamlessly updates via an auto synchronization process. Prevent intrusions, halt internal abuse and maximize the security and availability of your Internet systems and corporate network today ... download a free trial of Security Analyzer! http://www.webtrends.com/register/trial.htm?regtype=Trial%20Install&prodtype=EntSecurity&sourceid=NSSAW2KSU0111 ~~~~~~~~~~~~~~~~~~~~ January 23, 2002--In this issue: 1. IN FOCUS - Updated Security Tools 2. SECURITY RISKS - DoS in ZBServer Pro 1.5 for Windows - File-Deletion Vulnerability in RaidenFTPD for Windows - Weak Protection of Credentials in MiraMail 1.4 for Windows 3. ANNOUNCEMENTS - Want 24 x 7 Availability? - Great Opportunity for .NET Developers 4. SECURITY ROUNDUP - News: Mosaic Software Enhances Credit Card Fraud Prevention - News: Tumbleweed Communications Introduces Secure Guardian OneChannel - News: Complete Text of the Bill Gates "Trustworthy Computing" Memo - News: New MKS Toolkit 8.0 Now Includes Secure Shell - News: Microsoft to Promote Security Over New Features - News: Reflex Magnetics Offers Free ScreenMail for Outlook 5. HOT RELEASE (ADVERTISEMENT) - St. Bernard's iPrism, When Surfing Isn't Working 6. SECURITY TOOLKIT - Virus Center - FAQ: How Can I Access the Windows Update Catalog for Windows XP and Windows .NET Server? 7. NEW AND IMPROVED - Encrypt and Digitally Sign Any File - Monitor PC Use 8. HOT THREADS - Windows & .NET Magazine Online Forums - Featured Thread: How to Back Up and Restore NT Users - HowTo Mailing List - Featured Thread: Audit Policy Becomes Reset 9. CONTACT US See this section for a list of ways to contact us. ~~~~~~~~~~~~~~~~~~~~ 1. ==== IN FOCUS ==== * UPDATED SECURITY TOOLS Hello everyone, Microsoft's latest claim about bettering the security of its products came last week in a supposedly leaked email from Microsoft Chairman and Chief Software Architect Bill Gates to employees, in which Gates said, "When we face a choice between adding features and resolving security issues, we need to choose security." You can read the full text of the email--it's linked in the SECURITY ROUNDUP section of this newsletter. Do you know that Microsoft has updated its HFNetChk scanning tool? HFNetChk 3.3 scans systems to determine which hotfixes you have or haven't installed and compares the system-information scans to an XML database. Shavlik Technologies developed the tool for Microsoft. You can use the tool to scan local and remote systems for patches related to Windows XP, Windows 2000, Windows NT 4.0, Internet Information Services (IIS) 5.0 and Internet Information Server (IIS) 4.0, Internet Explorer (IE) 5.01 and later, SQL Server 2000, and SQL Server 7.0. HFNetChk also identifies .NET and IIS 6.0 servers, but the XML database doesn't contain information to scan those systems yet. HFNetChk 3.3 has several new features, including the ability to scan systems that have disabled the Server service. The 3.3 version lets users specify a username and password for scanning remote systems, write output to a specified filename, and scan systems based on files containing lists of IP addresses or NetBIOS machine names. You can learn more about HFNetChk in Microsoft article Q303215, and the article contains links to two other Microsoft articles (Q305385 and Q306460) that contain further information. You can download a copy of the tool at Microsoft's Web site. Be sure to view the readme.txt included with the program to learn about all the latest changes to the new version. http://www.microsoft.com/technet/support/kb.asp?id=303215 http://www.microsoft.com/downloads/release.asp?releaseid=31154 Another updated tool you can download is Application Security's AppDetective. Formerly available only for Oracle and Lotus Domino servers, AppDetective for Microsoft SQL Server is now available in beta as a free download. The tool performs database discovery and penetration testing, attack simulation, and in- depth security audits. AppDetective checks for Denial of Service (DoS) conditions and server misconfigurations and also tests password strength. You can download a beta version at the company's Web site. http://www.appsecinc.com/products/appdetective/mssql Until next time, have a great week. Sincerely, Mark Joseph Edwards, News Editor mark () ntsecurity net ~~~~~~~~~~~~~~~~~~~~ ~~~~ SPONSOR: VERISIGN--THE VALUE OF TRUST ~~~~ Is your e-business secure enough? Learn why it's vital to encrypt your business transactions, secure your intranets, and authenticate your Web site with the strongest encryption available--128-bit SSL. To learn more, get VeriSign's FREE Guide, "Securing Your Web Site for Business" now: http://list.winnetmag.com/cgi-bin3/flo?y=eKQQ0CJgSH0CBw0p5N0AI ~~~~~~~~~~~~~~~~~~~~ 2. ==== SECURITY RISKS ==== (contributed by Ken Pfeil, ken () winnetmag com) * DOS IN ZBSERVER PRO 1.5 FOR WINDOWS Tamer Sahin of Security Office reported a Denial of Service (DoS) condition in ZBServer Pro 1.5. If an attacker repeatedly sends a URL request with more than 25,000 characters, the server quits responding. ZBSoft has been notified but hasn't issued a patch. http://www.secadministrator.com/articles/index.cfm?articleid=23785 * FILE-DELETION VULNERABILITY IN RAIDENFTPD FOR WINDOWS Tamer Sahin of Security Office reported a vulnerability in Raiden FTPD 2.2 that lets an attacker delete any file on the system located in the root directory (e.g., C:\, D:\). The vendor, RaidenFTPD, has been notified but hasn't issued a patch. http://www.secadministrator.com/articles/index.cfm?articleid=23786 * WEAK PROTECTION OF CREDENTIALS IN MIRAMAIL 1.4 FOR WINDOWS Chris Lathem reported that a vulnerability exists in Nevrona MiraMail 1.4 because the system stores all account information and variables that it uses in .ini files in plain text. Any user with access to these .ini files can steal or modify account information, passwords, and groups with impunity. The vendor, Nevrona Designs, has been notified and will issue version 1.5, which will encrypt the vulnerable .ini files. http://www.secadministrator.com/articles/index.cfm?articleid=23787 3. ==== ANNOUNCEMENTS ==== * WANT 24 X 7 AVAILABILITY? High-availability networks, systems, and applications are crucial to every business. Sign up for our (free!) Webinar taking place February 26 and sponsored by MKS, and find out how to achieve 24 x 7 availability on Windows 2000. Windows & .NET Magazine author Tim Huckaby shares his expertise on load balancing, monitoring, and more. Register today! http://list.winnetmag.com/cgi-bin3/flo?y=eKQQ0CJgSH0CBw0qQh0AD * GREAT OPPORTUNITY FOR .NET DEVELOPERS Microsoft ASP.NET Connections, Visual Basic Connections, and WinDev are co- locating their events to deliver the largest independent .NET developer-focused event in 2002. Three events for the price of one--more than 145 sessions covering Web development, XML and data management, .NET framework internals, Web forms, .NET basics, .NET Web security, VB6, C++, C#, debugging apps, and more. Register now before this event sells out. http://list.winnetmag.com/cgi-bin3/flo?y=eKQQ0CJgSH0CBw0qSH0Ah 4. ==== SECURITY ROUNDUP ==== * NEWS: MOSAIC SOFTWARE ENHANCES CREDIT CARD FRAUD PREVENTION Mosaic Software, an Electronic Funds Transfer (EFT) software provider, announced that clients using its Postilion credit card-processing software will soon be able to route transactions through Retail Decisions, a fraud-prevention services company. http://www.secadministrator.com/articles/index.cfm?articleid=23818 * NEWS: TUMBLEWEED COMMUNICATIONS INTRODUCES SECURE GUARDIAN ONECHANNEL Tumbleweed Communications announced its new Secure Guardian OneChannel software suite that helps companies communicate securely with business partners. http://www.secadministrator.com/articles/index.cfm?articleid=23821 * NEWS: COMPLETE TEXT OF THE BILL GATES "TRUSTWORTHY COMPUTING" MEMO Microsoft Chairman and Chief Software Architect Bill Gates writes, "Even more important than any ... new capabilities is the fact that it is designed from the ground up to deliver Trustworthy Computing. Customers will always be able to rely on these systems." http://www.secadministrator.com/articles/index.cfm?articleid=23801 * NEWS: NEW MKS TOOLKIT 8.0 NOW INCLUDES SECURE SHELL MKS announced the release of MKS Toolkit 8.0, which includes a new secure shell service for connectivity to UNIX and Windows systems. http://www.secadministrator.com/articles/index.cfm?articleid=23791 * NEWS: MICROSOFT TO PROMOTE SECURITY OVER NEW FEATURES In an email message to the company's 40,000 employees last Wednesday, Microsoft Chairman and Chief Software Architect Bill Gates announced a major strategy shift across all of the company's products that will emphasize security and privacy over new features http://www.secadministrator.com/articles/index.cfm?articleid=23792 * NEWS: REFLEX MAGNETICS OFFERS FREE SCREENMAIL FOR OUTLOOK UK-based Reflex Magnetics announced that it is offering its new ScreenMail plugin for Outlook free of charge. The plugin works on Outlook Express 5.0 through 6.0 and Outlook 97 through 2002. http://www.secadministrator.com/articles/index.cfm?articleid=23790 5. ==== HOT RELEASE (ADVERTISEMENT) ==== * ST. BERNARD'S IPRISM, WHEN SURFING ISN'T WORKING The cost of running your IT department is on the rise due to Internet abuse. iPrism, PC Magazines editor's choice winner, can help. Not sure if Web abuse is a problem, download our sample monitoring tool. http://list.winnetmag.com/cgi-bin3/flo?y=eKQQ0CJgSH0CBw0pE60AA 6. ==== SECURITY TOOLKIT ==== * VIRUS CENTER Panda Software and the Windows 2000 Magazine Network have teamed to bring you the Center for Virus Control. Visit the site often to remain informed about the latest threats to your system security. http://www.secadministrator.com/panda * FAQ: HOW CAN I ACCESS THE WINDOWS UPDATE CATALOG FOR WINDOWS XP AND WINDOWS .NET SERVER? ( contributed by John Savill, http://www.windows2000faq.com ) A. Windows Update contains patches and upgrades for XP and .NET Server; however, you can't save these fixes to a local machine. To save the patches and upgrades locally, you must use the corporate Windows Update Catalog, which lets you store fixes locally for subsequent installation. To access this catalog, follow these steps: 1. Go to the general Windows Update Web site. 2. Under Other Options, select Personalize Windows Update. 3. Select the "Display the link to the Windows Update Catalog" under the "See Also" option. 4. Click Save Settings. 5. Under See Also, you'll now have Windows Update Catalog. You can also access the corporate Windows Update Catalog directly at this Microsoft Web site. After you access the catalog, you can add several fixes to your "basket" that Windows Update will download to your machine. http://www.windows2000faq.com/articles/index.cfm?articleid=23679 7. ==== NEW AND IMPROVED ==== (contributed by Scott Firestone, IV, products () winnetmag com) * ENCRYPT AND DIGITALLY SIGN ANY FILE Information Security released SecretAgent 5.5, file-encryption and digital- signature software that features support for Public Key Cryptography Standards (PKCS) #11, improved certificate revocation list (CRL) support, Microsoft CryptoAPI integration, an improved PKCS #12 export process, an archive- inspection feature, and easier setup and configuration features. Information Security also released PolicyAgent, an administration tool that lets you control the security settings within SecretAgent. SecretAgent 5.5 and PolicyAgent run on Windows XP, Windows 2000, Windows Me, Windows NT, and Windows 9x systems and each costs $179.95 for a single-user license. Contact Information Security at 847-405-0500. http://www.infoseccorp.com * MONITOR PC USE Zemerick Software released Watchful Eye, software that provides secret and secure PC monitoring for homes and small businesses concerned with Internet safety and abuse. The software can capture all system keystrokes, capture Web sites that the user visits, capture screenshots, and keep a record of executed programs. Watchful Eye runs on Windows XP, Windows 2000, Windows Me, Windows NT, and Windows 9x systems and costs $30. Contact Zemerick Software at info () zemericks com. http://www.zemericks.com 8. ==== HOT THREADS ==== * WINDOWS & .NET MAGAZINE ONLINE FORUMS http://www.winnetmag.net/forums Featured Thread: How to Back Up and Restore NT Users (Nine messages in this thread) Makus wants to know how to back up a system's Windows NT users, then restore the users when he reinstalls the OS. Can you help? Read more about the problem or lend a helping hand at the following URL: http://www.secadministrator.com/forums/thread.cfm?thread_id=86707 * HOWTO MAILING LIST http://www.secadministrator.com/listserv/page_listserv.asp?s=howto Featured Thread: Audit Policy Becomes Reset (One message in this thread) Rick is having trouble with a server on which the audit policies keep resetting. Whenever a user makes a change to the audit policy, Rick's logs indicate that the SYSTEM account has changed the policies back to the original settings. This activity is detailed in the event log by two "audit_policy_changed" events that occur one right after the other. The first event shows the user that made the audit policy change and also reflects the altered flags. The second event shows the SYSTEM account restoring the flags to their original settings. Do you know why? Read the responses or lend a hand at the following URL: http://63.88.172.96/listserv/page_listserv.asp?a2=ind0201c&l=howto&p=1830 9. ==== CONTACT US ==== Here's how to reach us with your comments and questions: * ABOUT IN FOCUS -- mark () ntsecurity net * ABOUT THE NEWSLETTER IN GENERAL -- mlibbey () winnetmag com (please mention the newsletter name in the subject line) * TECHNICAL QUESTIONS -- http://www.winnetmag.net/forums * PRODUCT NEWS -- products () winnetmag com * QUESTIONS ABOUT YOUR SECURITY UPDATE SUBSCRIPTION? Customer Support -- securityupdate () winnetmag com * WANT TO SPONSOR SECURITY UPDATE? emedia_opps () winnetmag com ******************** Receive the latest information about the Windows and .NET topics of your choice. Subscribe to our other FREE email newsletters. http://www.winnetmag.net/email |-+-+-+-+-+-+-+-+-+-| Thank you for reading Security UPDATE. SUBSCRIBE To subscribe, send a blank email to mailto:Security-UPDATE_Sub () list winnetmag com. - ISN is currently hosted by Attrition.org To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY of the mail.
Current thread:
- Security UPDATE, January 23, 2002 InfoSec News (Jan 24)