See How BlackHat Briefings Reflect Industry Changes- - August 27, 2003

[InfoSec News <isn () c4i org>]

====================

==== This Issue Sponsored By ====

Windows Scripting Solutions
   http://list.winnetmag.com/cgi-bin3/DM/y/ecYN0CJgSH0CBw0BBTy0AL

====================

1. In Focus: BlackHat Briefings Reflect Industry Changes

2. Security Risks
     - System-Compromise Vulnerability in Microsoft MDAC
     - Multiple Vulnerabilities in Microsoft IE

3. Announcements
     - Attend Black Hat Briefings & Training Federal!
     - Need Help Managing Your Storage Investment?

4. Security Roundup
     - News: Welchia/Nachi Worm: Vigilante or Poor Disguise?
     - News: Worms and Viruses, Oh My
     - Feature: Disaster Prevention: Preparing for the Worst

5. Security Toolkit
     - Virus Center
         - Virus Alert: Sobig.F
     - FAQ: How Do I Assign Unique Local Administrator Passwords?

6. Event
     - New--Mobile & Wireless Road Show!
 
7. New and Improved
     - Train Employees on Security Best Practices
     - Protect Web Applications and Infrastructure
     - Submit Top Product Ideas

8. Hot Thread
     - Windows & .NET Magazine Online Forums
         - Featured Thread: Need Help Cleaning Femad.B Virus
      - HowTo Mailing List:
         - Featured Thread: Blocking Ping Traffic

9. Contact Us
   See this section for a list of ways to contact us.

====================

==== Sponsor: Windows Scripting Solutions ====
   Windows Scripting Solutions for the Systems Administrator
   You might not be a programmer, but that doesn't mean you can't
learn to create and deploy timesaving, problem-solving scripts.
Discover Windows Scripting Solutions, the monthly print publication
that helps you tackle common problems and automate everyday tasks with
simple tools, tricks, and scripts. Try a sample issue today at:
   http://list.winnetmag.com/cgi-bin3/DM/y/ecYN0CJgSH0CBw0BBTy0AL

====================

==== 1. In Focus: BlackHat Briefings Reflect Industry Changes ====
   by guest columnist Mark Burnett, mb () xato net

The security industry evolves constantly, and this year's BlackHat
Briefings in Las Vegas (July 28 through 31) reflects the changes. The
BlackHat Briefings is a security conference that addresses the
technical and legal concerns security professionals face and focuses
on the newest emerging threats and risks. "We are seeing a shift
towards the policy and legal issues," said conference administrator
Ping Look. "We are also seeing more awareness and participation from
the higher education sector, [among] those attending and [among] those
speaking."

The briefings consisted of 10 tracks, among them a new track dedicated
to policy, law, and society. The new track included such sessions as
"Criminal Copyright Infringement and Warez Trading" and "Introduction
to Corporate Information Security Law." Also new this year was a
series of panels discussing IT security trends, including the handling
of security vulnerabilities.

As usual, BlackHat was full of presentations detailing the newest
constantly evolving threats, many of which target authentication
systems and core networking infrastructure. Kevin Mitnick, author of
"The Art of Deception," (John Wiley & Sons, 2002) said, "It's always
going to be a cat and mouse game; there are constantly new security
technologies but people are still getting past them."

The number of threats has increased, but for IT and security
professionals, the recommendations are still basically the same: Keep
up with OS patches, use strong passwords, configure your firewall
properly, and educate users. "The challenge is education," said
Vincent Weafer, senior director of Symantec Security Response. "How do
you create awareness across the organization?" Weafer added that
corporate security spreads beyond the corporate networks: "Home
security impacts corporate security; we need to do a better job
reaching home users."
Weafer emphasized Symantec's change in strategy toward consolidation
to deal with the increasing number of security threats: "It is driving
changes inside the corporation, forcing [everyone involved] to bring
standalone systems together."

The conference topics expanded beyond technical threats to address
related issues, including cyberterrorism, attacks on anonymity
systems, and the legal concerns involved in vulnerability research and
disclosure. "There is more interest in these issues," said Jennifer
Granick of the Center for Internet and Society at Stanford Law School,
"These issues are starting to matter to more people in their
day-to-day lives."

Granick's presentation, "The Law of 'Sploits," tackled the US Digital
Millennium Copyright Act (DMCA) and its effect on researching and
publishing security vulnerabilities. In her presentation, she
addressed the problem with which we all struggle: "The same
information that allows more wide-spread exploitation of
vulnerabilities is required to correct those vulnerabilities."
According to Granick, "The law is grappling with these issues; the law
recognizes that [releasing security vulnerability information] is
important but also recognizes there is potential harm."

Despite the expanding coverage of topics at BlackHat, some things
never change: Security researcher David Litchfield of Next Generation
Security Software (NGSSoftware) released his usual 0-day exploits; Tim
Mullen, CIO and chief software architect for AnchorIS.com, released
his new Terminal Services password brute-force tool, TSGrinder; and
Simple Nomad released two new anonymity tools, Ncrypt and Ncovert.

BlackHat produces five briefing and training events each year, and
attendance at the Las Vegas event has grown from the 110 people who
attended the first conference in 1997 to more than 1700 this year. For
information about upcoming BlackHat Briefings, visit the Web site at
the URL below.
   http://www.blackhat.com/html/bh-link/briefings.html

====================

==== 2. Security Risks ====
   contributed by Ken Pfeil, ken () winnetmag com

System-Compromise Vulnerability in Microsoft MDAC
    Aaron C. Newman of Application Security discovered a new
vulnerability in Microsoft Data Access Components (MDAC) that can
result in the compromise of a vulnerable computer. This vulnerability
is the result of a flaw in a specific MDAC component that handles
broadcast requests. By responding to a request with a specially
crafted packet, an attacker can create a buffer overflow. Microsoft
has released Security Bulletin MS03-033 (Unchecked Buffer in MDAC
Function Could Enable System Compromise) to address this vulnerability
and recommends that affected users apply the appropriate patch
mentioned in the bulletin.
   http://www.secadministrator.com/articles/index.cfm?articleid=39910
 
Multiple Vulnerabilities in Microsoft IE
   Yu-Arai of Little eArth Corporation (LAC), eEye Digital Security,
and Greg Jones from KPMG UK discovered two new vulnerabilities in
Microsoft Internet Explorer (IE), the most serious of which can result
in the execution of arbitrary code on the vulnerable computer. These
two new vulnerabilities are related to IE's cross-domain security
model and IE's failure to properly determine an object type that a Web
server returns. Microsoft has released Security Bulletin MS03-032
(Cumulative Patch for Internet Explorer) to address these
vulnerabilities and recommends that affected users apply the
appropriate patch mentioned in the bulletin.
   http://www.secadministrator.com/articles/index.cfm?articleid=39909

==== VIRUS UPDATE FROM PANDA SOFTWARE ====

   Check for the latest anti-virus information and tools, including
weekly virus reports, virus forecasts, and virus prevention tips, at
Panda Software's Center for Virus Control.
   http://list.winnetmag.com/cgi-bin3/DM/y/ecYN0CJgSH0CBw0BBlT0A7

   Viruses routinely infect "fully protected" networks. Is total
protection possible? Find answers in the free guide HOW TO KEEP YOUR
COMPANY 100% VIRUS FREE from Panda Software. Learn how viruses enter
networks, what they do, and the most effective weapons to combat them.
Protect your network effectively and permanently - download today!
   http://list.winnetmag.com/cgi-bin3/DM/y/ecYN0CJgSH0CBw0BBDp0Au

==== 3. Announcements ====
   (from Windows & .NET Magazine and its partners)

Attend Black Hat Briefings & Training Federal!
   Running September 29-30, 2003 (Training) and October 1-2, 2003
(Briefings) in Tysons Corner, VA, this is the world's premier
technical IT security event. Modeled after the famous Black Hat event
in Las Vegas! Includes 6 tracks, 12 training sessions, top speakers,
and sponsors. Lots of Windows stuff. Early-bird registration ends
September 6, so register today!
   http://list.winnetmag.com/cgi-bin3/DM/y/ecYN0CJgSH0CBw0pHV0AE

Need Help Managing Your Storage Investment?
   Planning and managing your storage deployment can be costly and
complex. Check out Windows & .NET Magazine's Storage Administration
Web site for the latest advice, news, and tips to help you make the
most of your storage investment. You'll find problem-solving articles,
eye-opening white papers, a technical forum, and much more!
   http://list.winnetmag.com/cgi-bin3/DM/y/ecYN0CJgSH0CBw0rvk0AN

==== 4. Security Roundup ====

News: Welchia/Nachi Worm: Vigilante or Poor Disguise?
   A new worm is on the loose, one that exploits the remote procedure
call (RPC)/Distributed COM (DCOM) security problem. The worm,
Welchia/Nachi, attempts to infiltrate a system and force it to install
Microsoft's RPC/DCOM patch, which amounts to vigilantism. But is the
worm really trying to protect users?
   http://www.secadministrator.com/articles/index.cfm?articleid=39898

News: Worms and Viruses, Oh My
   Two new computer attacks are wreaking havoc with PC users, clogging
email systems and overwhelming corporate networks. The first, which
oddly enough seeks to undo the damage from the infamous MSBlaster
worm, is Welchia/Nachi; it aggressively looks for new hosts that
MSBlaster has infected, then downloads and installs the Microsoft
patch that fixes the vulnerability. The second, SoBig.F and its
variants, is a virus and is more malicious. This virus infects users
through email, searches for email addresses on the users' systems,
then sends itself through email messages to each of those email
addresses.
   http://www.secadministrator.com/articles/index.cfm?articleid=39902

Feature: Disaster Prevention: Preparing for the Worst
   Many people break the subject of high availability into two
parts--disaster prevention and disaster recovery--and discuss the
topic as if every step in a high-availability solution fits neatly
into one arena or the other. However, as this author planned her
article and tried to determine which activities constitute disaster
prevention and which constitute disaster recovery, she found that the
line between the two isn't a neat one. She also realized that to
distinguish between disaster prevention and disaster recovery, you
need a clear definition of "disaster" for your organization. Use the
best practices in Kalen Delaney's article to help protect your
systems.
   http://www.secadministrator.com/articles/index.cfm?articleid=39647

==== 5. Security Toolkit ====

Virus Center
   Panda Software and the Windows & .NET Magazine Network have teamed
to bring you the Center for Virus Control. Visit the site often to
remain informed about the latest threats to your system security.
   http://list.winnetmag.com/cgi-bin3/DM/y/ecYN0CJgSH0CBw0BAeo0AR

Virus Alert: Sobig.F
   Sobig.F is a worm that spreads through email and across shared
network drives. When Sobig.F spreads through email, it arrives as a
message with variable characteristics and contains an attached file
that usually has a .pif extension. When the worm spreads across shared
network drives, it attempts to copy itself to those drives to which
the local computer has access. Learn more about the worm at the URL
below:
   http://us.pandasoftware.com/virus_info/encyclopedia/overview.aspx?idvirus=40408&sind=0

FAQ: How Do I Assign Unique Local Administrator Passwords?
   contributed by Jan De Clercq

You might want to check out Foghorn Security's Local Account Password
Manager (LAPM), a tool that gives every workstation a unique
administrator password and centralizes the administration related to
this operation. You can download a fully functional, nonexpiring demo
version of LAPM from http://www.foghornsecurity.com/lapm/download. The
demo version has a built-in host limit of 35 machines. For a
description of how the tool works and what you can expect, read the
rest of this FAQ at the URL below:
   http://www.secadministrator.com/articles/index.cfm?articleid=26121

==== 6. Event ====

New--Mobile & Wireless Road Show!
   Learn more about the wireless and mobility solutions that are
available today! Register now for this free event!
   http://list.winnetmag.com/cgi-bin3/DM/y/ecYN0CJgSH0CBw0BA8Y0AK

==== 7. New and Improved ====
   by Sue Cooper, products () winnetmag com

Train Employees on Security Best Practices
   Software By Bay announced the Web-based Information Security
Education (WISE) training program, a series of interactive, self-paced
courses to increase knowledge about ongoing internal and external
security breaches and attacks and how to defend against them. Based on
the International Organization for Standardization (ISO) 17799
information security best practices standards, the course provides
training ranging from general security awareness and security
management to detailed technical training. Introductory pricing for
each course is $99. Contact Software By Bay at 866-973-8324,
973-257-1205, or sales () softwarebybay com.
   http://www.softwarebybay.com

Protect Web Applications and Infrastructure
   MagniFire WebSystems announced its flagship program, TrafficShield,
which protects Web applications and the infrastructure behind them
from both known and unknown attacks. Its true-positive security logic
for Web applications ensures that any customer interaction not
specifically known to be legal is blocked immediately. The hardened
appliance automatically creates an accurate granular security policy
of every legal user interaction with the Web site, denying everything
else. TrafficShield is currently installed in major financial
institutions worldwide. The price is $25,000 per appliance. Contact
MagniFire WebSystems at 212-909-2772 or sales () magnifire com.
   http://www.magnifire.com

Submit Top Product Ideas
   Have you used a product that changed your IT experience by saving
you time or easing your daily burden? Do you know of a terrific
product that others should know about? Tell us! We want to write about
the product in a future What's Hot column. Send your product
suggestions to whatshot () winnetmag com.

8. ==== Hot Thread ====

Windows & .NET Magazine Online Forums
   http://www.winnetmag.com/forums

Featured Thread: Need Help Cleaning Femad.B Virus
   (Three messages in this thread)

A user writes that he ran McAfee and Grisoft's AVG antivirus software
on his system and found that the Femad.B Trojan horse had infected the
msdos.exe file, but he can't seem to clean the virus. He's searched
for the virus information but to no avail. He tried to delete the
infected msdos.exe file, but his Windows XP system reboots when he
merely highlights the file to delete it! Lend a hand or read the
responses:
   http://www.winnetmag.com/forums/rd.cfm?cid=42&tid=62468

HowTo Mailing List
   http://63.88.172.96/listserv/page_listserv.asp?s=howto

Featured Thread: Blocking Ping Traffic
   (Two messages in this thread)

A user wants to know how he can block Internet Control Message
Protocol (ICMP) ping traffic from reaching his system. Lend a hand or
read the responses:
   http://63.88.172.96/listserv/page_listserv.asp?A2=IND0308C&L=HOWTO&P=1747

==== Sponsored Links ====

Ultrabac
   FREE live trial-Backup & Disaster Recovery software w/ encryption
   http://list.winnetmag.com/cgi-bin3/DM/y/ecYN0CJgSH0CBw0BBi50AY

CrossTec
   Free Download - NEW NetOp 7.6 - faster, more secure, remote support
   http://list.winnetmag.com/cgi-bin3/DM/y/ecYN0CJgSH0CBw0BBnb0AO

MailFrontier
   Eliminate spam once and for all. MailFrontier Anti-Spam Gateway.
   http://list.winnetmag.com/cgi-bin3/DM/y/ecYN0CJgSH0CBw0BCEC0AD

===================

==== 9. Contact Us ====

About the newsletter -- letters () winnetmag com
About technical questions -- http://www.winnetmag.com/forums
About product news -- products () winnetmag com
About your subscription -- securityupdate () winnetmag com
About sponsoring Security UPDATE -- emedia_opps () winnetmag com

====================
   This email newsletter is brought to you by Security Administrator,
the print newsletter with independent, impartial advice for IT
administrators securing Windows and related technologies. Subscribe
 today.
   http://www.secadministrator.com/sub.cfm?code=saei25xxup


Thank you!
__________________________________________________________
Copyright 2003, Penton Media, Inc.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.