Security UPDATE, August 21, 2002

[InfoSec News <isn () c4i org>]

********************
Windows & .NET Magazine Security UPDATE--brought to you by Security
Administrator, a print newsletter bringing you practical, how-to
articles about securing your Windows .NET Server, Windows 2000, and
Windows NT systems.
   http://www.secadministrator.com
********************

~~~~ THIS ISSUE SPONSORED BY ~~~~

VeriSign - The Value of Trust
   http://list.winnetmag.com/cgi-bin3/flo?y=eNBo0CJgSH0CBw014e0At

Security Exploits Are a Result of Missing Patches
   http://list.winnetmag.com/cgi-bin3/flo?y=eNBo0CJgSH0CBw0rf10Aw
   (below IN FOCUS)

~~~~~~~~~~~~~~~~~~~~

~~~~ SPONSOR: VeriSign - The Value of Trust ~~~~
   Get the strongest server security -- 128-bit SSL encryption!
   Download VeriSign's FREE guide, "Securing Your Web Site for
Business" and learn everything you need to know about using SSL to
encrypt your e-commerce transactions for serious online security.
Click here!
   http://list.winnetmag.com/cgi-bin3/flo?y=eNBo0CJgSH0CBw014e0At

~~~~~~~~~~~~~~~~~~~~

August 21, 2002--In this issue:

1. IN FOCUS
     - Thought Police: Coming to a Computer Near You?

2. SECURITY RISKS
     - Privilege Elevation Vulnerability in Microsoft SQL and MSDE
     - Privilege Elevation Vulnerability in Win2K Network Connection
       Manager
     - Macromedia Shockwave Flash Malformed Header Overflow
     - Buffer Overflow in Winhlp32.exe

3. ANNOUNCEMENTS
     - Why Pay When You Can Get In-Person Security Expertise at No
       Charge?
     - Take Our Survey and You Could Win a Free T-Shirt!

4. SECURITY ROUNDUP
     - News: Security Certifications Decline
     - News: Severe Vulnerability in IE Secure Sockets Layer
     - News: Intruder Stole New Shuttle Design Plans from NASA

5. HOT RELEASE
     - Stop IIS Web Server Intrusions & Cyber Attacks

6. INSTANT POLL
     - Results of Previous Poll: Wireless Security
     - New Instant Poll: Biometric Scanners

7. SECURITY TOOLKIT
     - Virus Center
     - FAQ: How Can I Connect to a Windows .NET Server (Win.NET
       Server) Console?

8. NEW AND IMPROVED
     - Upgrade to VPN Security Solution
     - Centralized Auditing of Windows Security Logs
     - Submit Top Product Ideas

9. HOT THREADS
     - Windows & .NET Magazine Online Forums
         - Featured Thread: PGP or PKI?
      - HowTo Mailing List:
         - Featured Thread: Windows XP User Account Creation

10. CONTACT US
   See this section for a list of ways to contact us.

~~~~~~~~~~~~~~~~~~~~

1. ==== IN FOCUS ====
   (contributed by Mark Joseph Edwards, News Editor,
mark () ntsecurity net)

* THOUGHT POLICE: COMING TO A COMPUTER NEAR YOU?

Imagine a computer security device that won't let you access a
computer or network unless your thoughts are preapproved by a policing
scanner. You walk up to a terminal, and a device instantly scans your
brain waves and heart rate and gathers biometric identification data
from your body. The scanner then compares the biometrics data and your
vital statistics to a variety of databases, including credit bureaus,
criminal records, travel habits, and hundreds (if not thousands) of
other sensitive databases. If you're deemed not to be a risk, you're
allowed access to the computer or network. Sound far-fetched? Think
again (no pun intended).

According to a "The Washington Times" report, such technology is under
development right now, all in the name of antiterrorism. The report
states that the National Aeronautics and Space Administration (NASA)
is developing the technology with cooperation from an unnamed
commercial firm for use at airports to help identify potential
terrorists. Given the fact that computers and networks are vital to
everyday affairs, it hardly stretches the imagination to think that
such technology could become commonplace in the computer industry
sometime in the future.
   http://washtimes.com/national/20020817-704732.htm

According to "The Washington Times" report, on July 31, the Electronic
Privacy Information Center (EPIC) obtained documents from the
Transportation Security Administration (TSA) under the Freedom of
Information Act (FOIA) for a lawsuit. The documents revealed a plan to
implement such technology to screen passengers at airports. NASA told
security specialists at Northwest Airlines, where the technology might
be tested, about the brain-monitoring technology.
   http://www.epic.org

NASA Aerospace Research Manager Herb Schlickenmaier likened the
technology to "a super lie detector that would also measure pulse
rate, body temperature, eye-flicker rate and other biometric aspects
sensed remotely." Today, a ball cap-type sensor must touch someone's
head to read brainwaves. And, in fact, Schlickenmaier noted, "To say I
can take that cap off and put sensors in a doorjamb, and as the
passenger starts walking through [say that the passenger is] a threat
or not, is at this point a future application."

Physics professors familiar with brainwave research have raised
privacy concerns about that research. Nevertheless, if NASA can
produce such a device and the public accepts such technology as part
of the general screening process for airport access, then it's
reasonable to think that such technology might also make its way into
the computer security industry (and other industries soon thereafter).
After all, computer networks are mission-critical elements of a
nation's infrastructure, and it's rather obvious that computer
intruders pose a serious threat to such infrastructures.

For information about such threats, be sure to read our news story,
"Intruder Stole New Shuttle Design Plans from NASA," listed in the
SECURITY ROUNDUP section of this UPDATE (see the URL below). And read
"The Washington Times" report for a revealing glimpse of a potential
future scenario.
   http://www.secadministrator.com/articles/index.cfm?articleid=26246

~~~~~~~~~~~~~~~~~~~~

~~~~ SPONSOR: SECURITY EXPLOITS ARE A RESULT OF MISSING PATCHES ~~~~
   Are you confident your network has the patches required to prevent
intrusions? UpdateEXPERT is a patch remediation tool that scans for
missing hotfixes, and FIXES discovered weaknesses for increased
protection. UpdateEXPERT features an exclusive database of patches
that are researched and tested for interdependencies by our in-house
patch experts. Supporting Windows NT4/2000/XP, SQL Server, Exchange
Server, IE, Outlook and other critical applications, UpdateEXPERT
installs updates to all servers and workstations remotely without a
required client agent. FREE 15-day live trial and Whitepaper!
   http://list.winnetmag.com/cgi-bin3/flo?y=eNBo0CJgSH0CBw0rf10Aw

~~~~~~~~~~~~~~~~~~~~

2. ==== SECURITY RISKS ====
   (contributed by Ken Pfeil, ken () winnetmag com)

* PRIVILEGE ELEVATION VULNERABILITY IN MICROSOFT SQL SERVER AND MSDE
   David Litchfield of NGS Software discovered vulnerabilities in
Microsoft SQL Server and Microsoft Desktop Engine (MSDE) that could
result in an unprivileged user gaining control of the database. These
vulnerabilities stem from weak default permissions on certain extended
stored procedures that let unprivileged users run these stored
procedures with Administrator privileges. Microsoft has released
Security Bulletin MS02-043 (Cumulative Patch for SQL Server) to
address this vulnerability and recommends that affected users download
and apply the patch mentioned in the security bulletin
   http://www.secadministrator.com/articles/index.cfm?articleid=26292

* PRIVILEGE ELEVATION VULNERABILITY IN WIN2K NETWORK
CONNECTION MANAGER
   Microsoft reported a vulnerability in Windows 2000's Network
Connection Manager (NCM) that could result in compromise of the
affected system. This vulnerability stems from a flaw in an NCM
handler routine that could grant an unprivileged user LocalSystem
rights. Microsoft has released Security Bulletin MS02-042 (Flaw in
Network Connection Manager Could Enable Privilege Elevation) to
address this vulnerability and recommends that affected users download
and apply the patch mentioned in the security bulletin.
   http://www.secadministrator.com/articles/index.cfm?articleid=26291

* MACROMEDIA SHOCKWAVE FLASH MALFORMED HEADER OVERFLOW
   Drew Copley and Riley Hassell of eEye Digital Security discovered a
vulnerability in Macromedia's Shockwave Flash that could lead to
execution of arbitrary code on the vulnerable system. An intruder can
exploit a malformed Macromedia Flash movie (SWF) header that supplies
more frame data than the decoder expects, resulting in a
buffer-overrun condition. Macromedia has released bulletin MPSB02-07
(Macromedia Flash Malformed Header Vulnerability Issue) regarding this
vulnerability and recommends that affected users download Flash Player
6,0,40,0, which addresses this vulnerability.
   http://www.secadministrator.com/articles/index.cfm?articleid=26250

* BUFFER OVERFLOW IN WINHLP32.EXE
   A buffer-overrun vulnerability in Winhlp32.exe could result in the
execution of arbitrary code on the vulnerable system. This
vulnerability stems from a flaw in the Item parameter within WinHlp
Command. This exploit would execute in the security context of the
currently logged on user. Microsoft has released Windows 2000 Service
Pack 3 (SP3), which includes a fix for this vulnerability.
   http://www.secadministrator.com/articles/index.cfm?articleid=26252

3. ==== ANNOUNCEMENTS ====
   (brought to you by Windows & .NET Magazine and its partners)

* WHY PAY WHEN YOU CAN GET IN-PERSON SECURITY EXPERTISE AT NO CHARGE?
   Windows & .NET Magazine Network Road Show 2002 is coming this fall
to New York, Chicago, Denver, and San Francisco! Industry experts Mark
Minasi and Paul Thurrott will show you how to shore up your system's
security and what desktop security features are planned for Microsoft
.NET and beyond. Sponsored by NetIQ. Registration is free, but space
is limited so sign up now!
   http://list.winnetmag.com/cgi-bin3/flo?y=eNBo0CJgSH0CBw03lK0AR

* TAKE OUR SURVEY AND YOU COULD WIN A FREE T-SHIRT!
   We need to hear your thoughts on the future on technology! Take our
reader survey, and you'll be entered to win a T-shirt, compliments of
Windows & .NET Magazine. All responses are completely confidential, so
visit
   http://list.winnetmag.com/cgi-bin3/flo?y=eNBo0CJgSH0CBw038L0Aa

4. ==== SECURITY ROUNDUP ====

* NEWS: SECURITY CERTIFICATIONS DECLINE
   According to a new "Cyber Defense IQ Report" from Brainbench, the
number of new security certifications obtained over an 8-month period
has declined significantly. Brainbench compared the number of security
certifications obtained between November 2000 through July 2001 with
the number of security certifications obtained between November 2001
through July 2002.
   http://www.secadministrator.com/articles/index.cfm?articleid=26262

* NEWS: SEVERE VULNERABILITY IN IE SSL
   In what has been called one of the most serious problems ever
detected in cryptography, researcher Mike Benham has discovered that
intruders can implement undetected man-in-the-middle attacks against
users of Microsoft Internet Explorer (IE) 6.x and 5.x. Benham reported
his findings to readers of a popular security mailing and detailed the
vulnerability.
   http://www.secadministrator.com/articles/index.cfm?articleid=26245

* NEWS: INTRUDER STOLE NEW SHUTTLE DESIGN PLANS FROM NASA
   According to a "Computerworld" report, an intruder known as RaFa
has broken into a network that National Aeronautics and Space
Administration (NASA) operates and stolen extremely sensitive design
plans for a space shuttle. Using a vulnerability in FTP servers that
allow anonymous logons, RaFa managed to locate and download more than
43MB of data, including a Microsoft PowerPoint presentation.
   http://www.secadministrator.com/articles/index.cfm?articleid=26246

5. ==== HOT RELEASE ====

* STOP IIS WEB SERVER INTRUSIONS & CYBER ATTACKS
   eEye Digital Security has released SecureIIS, a proactive security
solution built specifically for IIS. Known for their IIS vulnerability
research expertise, eEye created SecureIIS to prevent damaging network
traffic that goes undetected by firewalls and IDS's.
   Learn more & free trial downloads at:
   http://list.winnetmag.com/cgi-bin3/flo?y=eNBo0CJgSH0CBw04DK0Am

6. ==== INSTANT POLL ====

* RESULTS OF PREVIOUS POLL: WIRELESS SECURITY
      The voting has closed in Windows & .NET Magazine's Security
Administrator Channel nonscientific Instant Poll for the question,
"Does your company use some form of security to prevent unauthorized
access to its wireless network?" Here are the results (+/- 2 percent)
from the 90 votes:
   -  56% Yes
   -  28% No
   -  17% No--We leave the wireless network unprotected to offer open
 access

* NEW INSTANT POLL: BIOMETRIC SCANNERS
   The next Instant Poll question is, "Which of the following types of
biometric scanners are currently in use on your network?" Go to the
Security Administrator Channel home page and submit your vote for a)
Fingerprint, b) Retina, c) Facial, d) Two or more of the above, or e)
None of the above.
   http://www.secadministrator.com

7. ==== SECURITY TOOLKIT ====

* VIRUS CENTER
   Panda Software and the Windows & .NET Magazine Network have teamed
to bring you the Center for Virus Control. Visit the site often to
remain informed about the latest threats to your system security.
   http://www.secadministrator.com/panda

* FAQ: HOW CAN I CONNECT TO A WINDOWS .NET SERVER (WIN.NET SERVER)
CONSOLE?
   ( contributed by John Savill, http://www.windows2000faq.com )

A. The Windows 2000 Server family lets you make two connections to a
server in Win2K Server Terminal Services administration mode without
requiring additional licenses, but neither connection is an actual
console session. Win.NET Server addresses this omission by letting you
connect to the console session using technology taken from Windows
XP's Remote Desktop feature.

The XP Remote Desktop Connection (RDC) client can connect to a console
session, but this ability is hidden. To connect to a Win.NET Server
console from an XP system, you have to start the RDC client with the
/console switch by typing the following at the command prompt:

   msdtc /console

The RDC graphical interface will start as usual, but the connection to
the Win.NET Server will display a console session instead of creating
a new RDP session.

To modify the RDC client shortcut to always include the /console
switch, right-click the RDC client shortcut item on the Start menu,
select Properties from the context menu, and add /console to the
Target. For example,

   C:\program files\remote desktop\mstsc.exe

becomes

   C:\program files\remote desktop\mstsc.exe /console

If you aren't using XP, you can install the Win.NET Server RDC client
on a Win2K or later client. Win.NET Server also ships with the
Microsoft Management Console (MMC) Remote Desktops snap-in, which lets
you connect to a console by selecting the "Connect to console" check
box.

8. ==== NEW AND IMPROVED ====
   (contributed by Judy Drennen, products () winnetmag com)

* UPGRADE TO VPN SECURITY SOLUTION
   WatchGuard Technologies announced WatchGuard Firebox System (WFS)
6.0 for its Firebox III line of products. WFS 6.0, a complete firewall
and VPN solution with advanced stateful packet filtering and
transparent proxy architecture, is a free software upgrade for current
LiveSecurity subscribers. WFS 6.0 integrates a new public key
infrastructure (PKI) with built-in Certificate Authority (CA). WFS 6.0
is available for download from http://www.watchguard.com. For more
information, contact WatchGuard at 206-521-8340 or go to the Web site.
   http://www.watchguard.com

* CENTRALIZED AUDITING OF WINDOWS SECURITY LOGS
   GFI announced LANguard Security Event Log Monitor (S.E.L.M.) 3.0, a
host-based Intrusion Detection System (IDS) that monitors networks for
security breaches. The product analyzes network Security logs and
alerts administrators about key security events in realtime. Because
it performs intrusion detection by scanning the event logs, GFI
LANguard S.E.L.M. isn't impaired by switches, IP traffic encryption,
or high-speed data transfer, as are traditional network-based
intrusion detection products. The product scans Windows XP, Windows
2000, and Windows NT, and pricing starts at $375 for a
two-server/10-workstation package. Contact GFI Software at
angelica () gfi com or go to the Web site.
   http://www.gfi.com

* SUBMIT TOP PRODUCT IDEAS
   Have you used a product that changed your IT experience by saving
you time or easing your daily burden? Do you know of a terrific
product that others should know about? Tell us! We want to write about
the product in a future What's Hot column. Send your product
suggestions to whatshot () winnetmag com.

9. ==== HOT THREADS ====

* WINDOWS & .NET MAGAZINE ONLINE FORUMS
   http://www.winnetmag.com/forums

Featured Thread: PGP or PKI?
   (Two messages in this thread)

A user writes that he's moving to a new office in 3 months and his
company will be completely rebuilding its network. The company will
maintain a remote site for five people. Therefore, he intends to have
a VPN connecting the two sites. His boss is very concerned about
security, including email. He wants to know which is more secure and
easier to implement and maintain: pretty good privacy (PGP) or public
key infrastructure (PKI)? Read the responses or lend a hand at:
   http://www.secadministrator.com/forums/thread.cfm?thread_id=23123

* HOWTO MAILING LIST
   http://www.secadministrator.com/listserv/page_listserv.asp?s=howto

Featured Thread: Windows XP User Account Creation
   (One message in this thread)

Michael wants to know a way to create users in Windows XP, then
restrict their local access without using the domain model. He tried
using Group Policy in Microsoft Management Console (MMC) and felt that
the results were disastrous because the process locked all accounts
(including administrative accounts) out of the Control Panel. Read the
responses or lend a hand at the following URL:
   http://63.88.172.96/listserv/page_listserv.asp?a2=ind0208b&l=howto&p=82

10. ==== CONTACT US ====
   Here's how to reach us with your comments and questions:

* ABOUT IN FOCUS -- mark () ntsecurity net

* ABOUT THE NEWSLETTER IN GENERAL -- vpatterson () winnetmag com (please
mention the newsletter name in the subject line)

* TECHNICAL QUESTIONS -- http://www.winnetmag.com/forums

* PRODUCT NEWS -- products () winnetmag com

* QUESTIONS ABOUT YOUR SECURITY UPDATE SUBSCRIPTION? Customer
Support -- securityupdate () winnetmag com

* WANT TO SPONSOR SECURITY UPDATE? emedia_opps () winnetmag com

********************

   This email newsletter is brought to you by Security Administrator,
the print newsletter with independent, impartial advice for IT
administrators securing a Windows 2000/Windows NT enterprise.
Subscribe today!
   http://www.secadministrator.com/sub.cfm?code=saei25xxup

   Receive the latest information about the Windows and .NET topics of
your choice. Subscribe to our other FREE email newsletters.
   http://list.winnetmag.com/cgi-bin3/flo?y=eNBo0CJgSH0CBw0rvS0Am

|-+-|-+-|-+-|-+-|-+-|

Thank you for reading Security UPDATE.

MANAGE YOUR ACCOUNT
   You can manage your entire Windows & .NET Magazine Network email
newsletter account on our Web site. Simply log on and you can change
your email address, update your profile information, and subscribe or
unsubscribe to any of our email newsletters all in one place.
   http://list.winnetmag.com/cgi-bin3/flo?y=eNBo0CJgSH0CBw0rvS0Am

Thank you!



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.