Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Security UPDATE, November 14, 2001

From: InfoSec News <isn () c4i org>
Date: Thu, 15 Nov 2001 01:15:40 -0600 (CST)
********************
Windows 2000 Magazine Security UPDATE--brought to you by Security
Administrator, a print newsletter bringing you practical, how-to
articles about securing your Windows 2000 and NT systems.
   http://www.secadministrator.com
********************

~~~~ THIS ISSUE SPONSORED BY ~~~~

Top 10 Windows and AD Security Threats
   http://lists.win2000mag.net/cgi-bin3/flo?y=eIvx0CJgSH0BVg0KwR0A7 

FREE Outbreak Prevention Service for SMTP Gateway
   http://lists.win2000mag.net/cgi-bin3/flo?y=eIvx0CJgSH0BVg0oNJ0At 
   (below IN FOCUS)

~~~~~~~~~~~~~~~~~~~~

~~~~ SPONSOR: TOP 10 WINDOWS AND AD SECURITY THREATS ~~~~
   Security vulnerabilities never die, they just become more 
embarrassing when exploited. Protect your organization from common 
security risks. To find out how, download a free white paper "Top Ten 
Security Threats for Windows 2000 and Active Directory." This white 
paper not only describes vulnerability threats such as IIS RDS, IIS 
Unicode, SQL Server with no system administrator (SA) password, and 
weak or no passwords, but also tells you how to protect your 
organization from these Windows 2000 and Active Directory security 
exposures. Download it FREE at http://lists.win2000mag.net/cgi-bin3/flo?y=eIvx0CJgSH0BVg0KwR0A7 

********************

November 14, 2001--In this issue:

1. IN FOCUS
     - RADIUS Insecurity; Hotfix Reporter; New Security Services and 
       Risks

2. SECURITY RISK
     - Script Injection Vulnerability in Microsoft Internet Explorer

3. ANNOUNCEMENTS
     - Windows Security 2002 Briefings and Training, February 5 Through 
       8, 2002
     
     - Tell Us About Your Connected Home!

4. SECURITY ROUNDUP
     - News: Microsoft Ships Post-SP6a Security Rollup for NT 4.0
     - News: Microsoft Adds Security to .Net My Services
     - News: Three Personal Firewalls Pass Stringent Security Testing
     - Feature: Have You Given Your Exchange Server a Security Checkup 
       Lately?

5. HOT RELEASE
     - VeriSign--The Value of Trust

6. SECURITY TOOLKIT
     - Book Highlight: Cisco Secure Intrusion Detection Systems
     - Virus Center
     - FAQ: How Can I Prevent a User from Running or Stopping a 
       Scheduled Process?

7. NEW AND IMPROVED
     - Protect Microsoft IIS
     - Protect Your System

8. HOT THREADS
     - Windows 2000 Magazine Online Forums
         - Featured Thread: Hackers?
     - HowTo Mailing List 
         - Featured Thread: Detecting Packet Sniffers

9. CONTACT US
   See this section for a list of ways to contact us.

~~~~~~~~~~~~~~~~~~~~

1. ==== COMMENTARY ====

Hello everyone,

Do you run RADIUS for authentication in your network environment? If 
so, you might be interested in a new paper, "An Analysis of the RADIUS 
Authentication Protocol," which Joshua Hill posted on the BugTraq 
mailing list on November 12. Hill dissects the protocol to reveal half 
a dozen vulnerabilities that an attacker can use in various 
combinations to compromise a network. The vulnerabilities originate 
mostly from what Hill considers to be the misuse of MD5 (a hash 
function) as a cipher primitive. Hill also makes several suggestions 
for improving the protocol, and he points out that the Internet 
Engineering Task Force (IETF) is working on a new authentication 
protocol specification called DIAMETER. Stop by Hill's Web page to read 
the paper (URL below), which also includes information about DIAMETER.
   http://www.untruth.org/~josh/security/radius

If you use the Microsoft HFNetChk tool, which checks systems for 
installed and missing hotfixes, you know that the output the tool 
presents could be improved. Maximized Software provides a freeware 
complement for HFNetChk called "Hotfix Reporter," which further 
automates hotfix checking and reporting. The tool consists of command 
(.cmd) files and an executable that converts the tabbed HFNetChk output 
into a formatted .html file for viewing with a Web browser. In the HTML 
report, Hotfix Reporter displays related Microsoft Security Bulletins 
and TechNet articles as clickable links, compares scans against the 
same system to determine whether new hotfixes are available, and lets 
you hide hotfixes that you want to ignore. 

In addition, the Hotfix Reporter Web site offers advice about how to 
perform actions such as automating HFNetChk scans, emailing subsequent 
reports to a given account, and automating the download of the 
Microsoft-related mssecure.xml file, which HFNetChk uses to determine 
the state of hotfixes on a given system. Hotfix Reporter seems to be a 
great tool you might want to add to your toolkit. You can find it at 
the URL below.
   http://www.maximized.com/freeware/hotfixreporter/cmdfiles.htm

The Denver Post ran an interesting story on November 5 (URL below) 
about a new security firm called Fuzion Security, which offers a new 
vulnerability-assessment service called AsseZment. Customers already 
include firms such as Qwest and OppenheimerFunds. According to the news 
story, AsseZment produces a "report that shows what the company's 
security risks are, how much it will cost to address the risks and how 
much the company can expect to save by addressing the risks. The report 
also prioritizes the most significant security risks."
   http://www.denverpost.com/stories/0,1002,33%257E208826,00.html

Since 1992, Fuzion Security founders have written 14 books on security-
risk assessment, and they've spent the last 14 months developing their 
new services. You can learn more at the Fuzion Security Web site (see 
below).
   http://www.fuzionsecurity.com

Did you hear about the college students who managed to break the 
security of bank ATMs? The Cambridge students published details of the 
findings last week, much to the dismay of banks and customers 
everywhere. Apparently, most ATMs run standard software in conjunction 
with an IBM 4758 cryptographic co-processor. The IBM device uses the 
Common Cryptographic Architecture (CCA) technology, which relies on 
Data Encryption Standard (DES) to protect sensitive information. 
Attackers have shown repeatedly that DES is vulnerable to attack. Now, 
using off-the-shelf software, the college students have proven that any 
unscrupulous bank employee can steal funds from unsuspecting banks and 
banking customers.

Although Ross Anderson (also of Cambridge University) first exposed the 
vulnerability in February 2001, apparently no one took action to 
correct the matter. But now that the Cambridge students have revealed 
the exploit, banks might begin to better protect their assets and the 
assets of their customers. Be sure to stop by and read the report (URL 
below). Until next time, have a great week.
   http://www.cl.cam.ac.uk/~rnc1/descrack

Sincerely,

Mark Joseph Edwards, News Editor, mark () ntsecurity net

********************

~~~~ SPONSOR: TREND MICRO INTERSCAN MESSAGING SECURITY SUITE ~~~~
   InterScan(R) Messaging Security for SMTP is a high performance 
policy-based antivirus and content security for the SMTP gateway 
designed to protect your messaging system from virus outbreaks. Its 
Outbreak Prevention Policy is a fast defense against new email-borne 
virus. Automatically deployed policies give administrators peace of 
mind while offering an effective protection available against new 
viruses. Get your free Outbreak Prevention service today! For program 
details or to download your 30-day FREE InterScan evaluation copy:
   http://lists.win2000mag.net/cgi-bin3/flo?y=eIvx0CJgSH0BVg0oNJ0At

~~~~~~~~~~~~~~~~~~~~

2. ===== SECURITY RISK ====
   (contributed by Ken Pfeil, ken () win2000mag com)

* SCRIPT INJECTION VULNERABILITY IN MICROSOFT INTERNET EXPLORER
   A vulnerability exists in Microsoft Internet Explorer (IE) that can 
result in information disclosure through locally stored cookies on the 
vulnerable system. The vulnerability stems from a problem in IE that 
lets a specially crafted URL read and modify this information. 
Microsoft has released Security Bulletin MS01-055 to address this 
vulnerability and recommends that affected users apply the patch that 
Microsoft will provide at the URL when the patch becomes available. As 
a workaround, users can disable active scripting in both the Internet 
and intranet zones. This vulnerability doesn't affect users who have 
applied the Outlook E-Mail Security Update or who have set Outlook 
Express to use the Restricted Sites zone.
   http://www.secadministrator.com/articles/index.cfm?articleid=23197

3. ==== ANNOUNCEMENTS ====

* WINDOWS SECURITY 2002 BRIEFINGS AND TRAINING, FEBRUARY 5 THROUGH 8, 
2002
   Registration and call for papers for the BlackHat's Windows Security 
2002 conference is now open. This is the Windows XP/Windows 2000/.NET 
security event of the year, with intensive training sessions! Join 500 
experts and "underground" security specialists for briefings, training, 
and Mardi Gras in New Orleans.
   http://www.blackhat.com

* TELL US ABOUT YOUR CONNECTED HOME!
   Does your computer technology savvy come in handy at home? We want 
to know how you use home networking, computer technology, and home 
automation technology for work and play. Take a few minutes to answer 
our online survey today!
   http://www.zoomerang.com/survey.zgi?85ab2cl65159mdggmah9del6

4. ==== SECURITY ROUNDUP ====

* NEWS: MICROSOFT SHIPS POST-SP6A SECURITY ROLLUP FOR NT 4.0
   Microsoft shipped the promised replacement for Windows NT 4.0 
Service Pack 7 (SP7--see first URL below). The cleverly named Windows 
NT 4.0 Post-SP6a Security Rollup Package (SRP) is a handy 14.3MB 
package that provides all available post-NT 4.0 SP6a security updates. 
For more information about this free download, visit the second URL 
below. (For information about some specific post-NT 4.0 SP6a fixes, go 
to the third URL below and see Paula Sharick's, "Mailto Address List 
Truncated; Post-SP6a Fixes," InstantDoc ID 9755, and "NT 4.0 Post-SP6a 
Fixes; Preparing for SMS 2.0 SP2," InstantDoc ID 8969.)
   http://www.secadministrator.com/articles/index.cfm?articleid=22769
   http://www.microsoft.com/ntserver/sp6asrp.asp
   http://www.win2000mag.com

* NEWS: MICROSOFT ADDS SECURITY TO .NET MY SERVICES
   Microsoft has made a deal with Web-authentication infrastructure 
provider VeriSign to include digital certificate-authentication 
technology in Microsoft's upcoming .NET My Services (formerly code-
named Hailstorm). .NET My Services represents the first wave of .NET-
enabled services and utilizes Microsoft Passport, which stores user 
information such as passwords and credit card information for 
compatible Web sites. Microsoft has also contracted with antivirus 
vendor McAfee to add security software to Microsoft .NET server 
products.
   http://www.secadministrator.com/articles/index.cfm?articleid=22767

* NEWS: THREE PERSONAL FIREWALLS PASS STRINGENT SECURITY TESTING
   TruSecure announced that its Internet Computer Security Association 
(ICSA) Labs division has awarded certification to three products under 
its new PC firewall certification program. The newly certified products 
include ZoneAlarm Pro for Windows, Tiny Personal Firewall for Windows 
2000, and Norton Personal Firewall for Win2K, Windows 2000 
Professional, Windows Me, and Windows NT Workstation.
   http://www.secadministrator.com/articles/index.cfm?articleid=23173

* FEATURE: HAVE YOU GIVEN YOUR EXCHANGE SERVER A SECURITY CHECKUP 
LATELY?
   Recent discussions in the media and other forums show a heightened 
concern about Microsoft Windows 2000 and Exchange 2000 Server security. 
Typical Exchange security discussions focus on protecting Exchange 
servers from outside threats, but Jerry Cochran offers a twist and 
looks at protecting Exchange servers from internal threats--in other 
words, protecting ourselves from ourselves.
   http://www.secadministrator.com/articles/index.cfm?articleid=23052

5. ==== HOT RELEASE (ADVERTISEMENT) ====

* VERISIGN - THE VALUE OF TRUST
   Secure your servers with 128-bit SSL encryption! Grab your copy of 
VeriSign's FREE Guide, "Securing Your Web site for Business," and learn 
about using SSL to encrypt e-commerce transactions. Get it now!
   http://lists.win2000mag.net/cgi-bin3/flo?y=eIvx0CJgSH0BVg0Lo50AW

6. ==== SECURITY TOOLKIT ====

* BOOK HIGHLIGHT: CISCO SECURE INTRUSION DETECTION SYSTEMS
   By Earl Carter
   Fatbrain Online Price: $50.00
   Hardcover; 912 pages
   Published by Cisco Press, October 2001
   ISBN 158705034X

For more information or to purchase this book, go to 
http://www1.fatbrain.com/asp/bookinfo/bookinfo.asp?theisbn=158705034X 
and enter WIN2000MAG as the discount code when you order.

* VIRUS CENTER
   Panda Software and the Windows 2000 Magazine Network have teamed to 
bring you the Center for Virus Control. Visit the site often to remain 
informed about the latest threats to your system security.
   http://www.secadministrator.com/panda

* FAQ: HOW CAN I PREVENT A USER FROM RUNNING OR STOPPING A SCHEDULED 
PROCESS?
   ( contributed by John Savill, http://www.windows2000faq.com )

A. You can block user access to scheduled tasks in several ways. To 
block access at a Group Policy level, perform the following steps: 

   1. Start Group Policy Editor (GPE) for the container you want to 
modify. 
   2. Expand either User Configuration or Computer Configuration. 
   3. Expand Administrative Templates, Windows Components, Task 
Scheduler. 
   4. Double-click "Prevent Task Run or End." 
   5. Select Enabled and click OK. 

You can also edit the registry to block access on a per-computer or 
per-user basis: 

   1. Start regedit.exe on the machine where you want to block access. 
   2. Go to HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Task 
Scheduler5.0 or 
HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Windows\Task Scheduler5.0 
(you might need to create the key). 
   3. From the Edit menu, select New, DWORD Value, enter a name of 
Execution, and press Enter. 
   4. Double-click the new value, and set it to 1. Click OK. 
   5. Close regedit.

7. ==== NEW AND IMPROVED ====
   (contributed by Scott Firestone, IV, products () win2000mag com)

* PROTECT MICROSOFT IIS
   Flicks Software released Titan, software that protects Microsoft IIS 
Web servers by analyzing and verifying incoming Web server data for any 
possible security breaches. The software lets network administrators 
set parameters and monitor all HTTP traffic over their networks for 
illicit behavior. You can prevent buffer overflows, scan for certain 
keywords common to intruders, and receive email notification of failed 
malicious intruder attempts. Titan costs $395 for a single-user 
license. Contact Flicks Software at 310-526-0325.
   http://www.flicks.com

* PROTECT YOUR SYSTEM
   LuoSoft released Iparmor 5.17, security software that protects your 
system from Trojan horse, worm, and virus attacks. When you run the 
program, Iparmor 5.17 scans memory to ensure that no unauthorized 
programs are active. You can view each of your active network ports to 
see whether an attacker is using it to run a Trojan horse, or whether a 
Trojan horse is using the port to transmit your data to attackers. 
Iparmor 5.17 runs on Windows XP, Windows 2000, Windows NT, Windows Me, 
and Windows 9x and costs $29.95. Contact LuoSoft at 
iparmorsales () luosoft com.
   http://www.luosoft.com

8. ==== HOT THREADS ====

* WINDOWS 2000 MAGAZINE ONLINE FORUMS
   http://www.win2000mag.net/forums 

Featured Thread: Hackers? 
   (Six messages in this thread)

Bobby is using Windows NT 4.0 at school, and other students are somehow 
accessing his files. He suspects they have his user password, and he 
wonders how they're able to gain such access. Can you help? Read more 
about the questions and responses or lend a hand at the following URL:
   http://www.secadministrator.com/forums/thread.cfm?thread_id=82656

* HOWTO MAILING LIST
   http://www.secadministrator.com/listserv/page_listserv.asp?s=howto

Featured Thread: Detecting Packet Sniffers
   (Three messages in this thread)

Andrew ran a packet sniffer on his network to determine what information 
he could gather. Within 5 minutes he had captured packets that included 
usernames, passwords, and other sensitive information. He's wondering 
how he can go about detecting other people running packet sniffers on 
his network to prevent them from gathering similar information. Can you 
help? Read the responses or lend a hand at the following URL:
http://63.88.172.96/listserv/page_listserv.asp?a2=ind0111A&L=howto&p=190

9. ==== CONTACT US ====
   Here's how to reach us with your comments and questions:

* ABOUT THE COMMENTARY -- mark () ntsecurity net

* ABOUT THE NEWSLETTER IN GENERAL -- mlibbey () win2000mag com (please
mention the newsletter name in the subject line)

* TECHNICAL QUESTIONS -- http://www.win2000mag.net/forums

* PRODUCT NEWS -- products () win2000mag com

* QUESTIONS ABOUT YOUR SECURITY UPDATE SUBSCRIPTION? -- Email Customer
Support -- securityupdate () win2000mag com

* WANT TO SPONSOR SECURITY UPDATE? -- emedia_opps () win2000mag com

********************

   Receive the latest information about the Windows and .NET topics of 
your choice. Subscribe to our other FREE email newsletters.
   http://www.win2000mag.net/email

|-+-+-+-+-+-+-+-+-+-| 

Thank you for reading Security UPDATE.


SUBSCRIBE
To subscribe, send a blank email to mailto:Security_UPDATE_Sub () lists win2000mag net.

_______________________________________________________________________

Copyright 2001, Penton Media, Inc.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.
Previous By Date Next
Previous By Thread Next

Current thread: