Windows & .NET Magazine Security UPDATE--December 17, 2003

[InfoSec News <isn () c4i org>]

====================

==== This Issue Sponsored By ====

Free Download: Shavlik Security Patch Management
   http://list.winnetmag.com/cgi-bin3/DM/y/edzp0CJgSH0CBw0BDoF0A6

Policy-Based Vulnerability Management White Paper from NetIQ
   http://list.winnetmag.com/cgi-bin3/DM/y/edzp0CJgSH0CBw0BETV0Av

====================

1. In Focus: One Step Closer to Eliminating Junk Mail

2. Announcements
     - Attend Black Hat Briefings 2004
     - Announcing a New eBook: "Content Security in the
       Enterprise--Spam and Beyond"
     - New--Microsoft Security Strategies Roadshow 2004!

3. Security News and Features
     - Recent Security Vulnerabilities
     - News: Patch Delivery Snafu Snares No-Patch December
     - Feature: Malicious Hackers and Spam, Part 1

4. Security Toolkit
     - Virus Center
     - FAQ: What actions occur when I click Repair on a network
       connection in Windows XP and later?
     - Featured Thread: OWA and ISA Authentication

5. Event
     - Receive a Free Identity Management White Paper!

6. New and Improved
     - Turn Your PC into a Premises-Monitoring System
     - Attack and Event Correlation Analysis Across Firewalls
     - Tell Us About a Hot Product and Get a T-Shirt

7. Contact Us
   See this section for a list of ways to contact us.

====================

==== Sponsor: Free Download: Shavlik Security Patch Management ====
   Install the latest critical Microsoft security patches today with
HFNetChkPro. A free, fully functional, no time-out version of
HFNetChkPro is available to help you automate the delivery and testing
of these critical patches. HFNetChkPro offers unlimited scanning, a
complete GUI and Shavlik's exclusive PatchPush capabilities. Save time
on patch deployment, ensure systems are fully protected and safeguard
your systems from remote code execution, identity spoofing, arbitrary
code execution and other attacks. It's free, and it simplifies patch
management without agents. Learn more and download the free version of
HFNetChkPro at http://list.winnetmag.com/cgi-bin3/DM/y/edzp0CJgSH0CBw0BDoF0A6

====================

==== 1. In Focus: One Step Closer to Eliminating Junk Mail ====
   by Mark Joseph Edwards, News Editor, mark () ntsecurity net

I think just about everybody is tired of junk mail clogging up his or
her Inbox. I know I am. These days, I receive somewhere between 250
and 450 messages per day, and the vast majority of it (probably about
75 percent to 90 percent) is junk mail advertising all kinds of things
I will most likely never find a use for. My favorite junk mail ad is
the one that suggests I buy its antispam product to prevent receiving
its spam!

By looking at the recipient address on the messages, I can tell that
almost all the spammers sending me email have harvested my address and
used it without my permission. And the sender addresses show that
almost all the spammers make considerable attempts to disguise or lie
about their actual identities. Not knowing who's actually responsible
for the junk mail makes the effort to stop it much harder.

Fortunately, some relief is in sight. The Associated Press (AP)
reports that the state of Virginia has indicted two North Carolina
men, charging them with violations of antispam laws. The indictments
represent the first case in America in which people have been
criminally charged with felonies for sending unsolicited email.

According to the report, Jeremy Jaynes (aka Jeremy James or Gaven
Stubberfield) and Richard Rutowski are accused of sending tens of
thousands of unsolicited email messages and Virginia Attorney General
Jerry Kilgore said he knows of no legitimate business operated by
either of the men. Their spam typically consisted of solicitations for
penny stocks, low interest rate loans, and Internet history erasing
tools. Because the men falsified their identities, charges against
them were elevated to felonies.

Spamhaus, an organization that helps track and minimize spamming and
spammers, ranked Jaynes as the eighth worst spam offender as of
November 2003. The ranking is based on the number of registered
complaints against him. Hopefully, his indictment will cause other
spammers and scammers to think more carefully before clogging up the
Internet with their ridiculous advertisements.
   http://www.spamhaus.org

As far as I know, Virginia is currently the only state in the nation
that has laws that allow for criminal prosecution of spammers.
However, you might recall that Congress recently passed legislation
that proposes new federal laws that allow for federal prosecution.
That legislation will become enforceable law when the president signs
it.

I have no idea how this legislation will help prevent junk mail that
originates from foreign countries. Perhaps we'll see cases of foreign
spammers identified and extradited to the United States for
prosecution.

Alan Sugano recently wrote about his experiences troubleshooting an
Exchange Server that was plagued with noticeable backup failures and
poor performance. Sugano eventually found that a spammer in China was
using the server to send loads of spam. Be sure to read part 1 of his
expose, "Malicious Hackers and Spam"; look for the link in the
Security News and Features section below to learn more about his
cyber-sleuthing adventure.

====================

==== Sponsor: Policy-Based Vulnerability Management White Paper from
NetIQ ====
   Are you relying on ineffective approaches as you battle a constant
barrage of worms, viruses and attacks? Why not take a holistic
policy-based approach to vulnerability management? Register now for
NetIQ's free white paper, "From Project to Process: Policy-Based
Vulnerability Management" to get the critical, step-by-step methods
you need. You'll discover how to leverage policies and standards for
vulnerability management and institute them as a routine business
process instead of periodic projects.
   http://list.winnetmag.com/cgi-bin3/DM/y/edzp0CJgSH0CBw0BETV0Av

====================

==== 2. Announcements ====
   (from Windows & .NET Magazine and its partners)

Attend Black Hat Briefings 2004
   Black Hat Windows Security 2004 Briefings & Training is January
27-30, 2004 in Seattle. This is the world's premier Windows IT
security event and is fully supported by Microsoft. Discover solutions
to all of the current worm, virus and attack threats. Come for six
tracks and eight 2-day training sessions. Register today!
   http://list.winnetmag.com/cgi-bin3/DM/y/edzp0CJgSH0CBw0pHV0AM

Announcing a New eBook: "Content Security in the Enterprise--Spam and
Beyond"
   This eBook explores how to reduce and eliminate the risks from
Internet applications such as email, Web browsing, and Instant
Messaging by limiting inappropriate use, eliminating spam, protecting
corporate information assets, and ensuring that these vital resources
are secure and available for authorized business purposes. Download
this eBook now free!
   http://list.winnetmag.com/cgi-bin3/DM/y/edzp0CJgSH0CBw0BELd0A2

New--Microsoft Security Strategies Roadshow 2004!
   Join industry-guru Mark Minasi on this exciting 20-city tour and
learn more about tips and best practices to secure your Windows Server
2003 and Windows 2000 networks. There is no charge for this event, but
space is limited, so register today!
   http://list.winnetmag.com/cgi-bin3/DM/y/edzp0CJgSH0CBw0BELe0A3

====================

==== Sponsor: Virus Update from Panda Software ====
   Are your traditional antivirus solutions really protecting your
network? Panda Antivirus GateDefender is a dedicated hardware device
installed at the Internet gateway to block viruses before they
contaminate your network. It scans 7 different communication
protocols, achieving optimum protection against external attacks.
Panda Antivirus GateDefender 7100 (25-500 seats) & Panda Antivirus
GateDefender 7200 (500 seats+) provide the highest scalability with
native load balancing that transparently adapts to traffic volume.
   Visit "Panda's GateDefender Stands Guard!" at
http://list.winnetmag.com/cgi-bin3/DM/y/edzp0CJgSH0CBw0BEGa0At 
for more information.

====================

==== 3. Security News and Features ====

Recent Security Vulnerabilities
   If you subscribe to this newsletter, you also receive Security
Alerts, which inform you about recently discovered security
vulnerabilities. You can also find information about these discoveries
at
   http://www.winnetmag.com/departments/departmentid/752/752.html

News: Patch Delivery Snafu Snares No-Patch December
   The mysterious delivery of a critical security patch last week, the
same week in which Microsoft announced it would have no critical
security patch bundles, had the software maker scrambling to find out
what happened. It turns out that a glitch in the company's Windows
Update patch delivery mechanism caused the late delivery of the
erroneous patch, which fixes a problem with Microsoft FrontPage Server
Extensions, a software add-on for Microsoft's Web server software.
   http://www.winnetmag.com/article/articleid/41143/41143.html

Feature: Malicious Hackers and Spam, Part 1
   Alan Sugano's consulting company recently received a call from a
client company that was having problems with backup failures and poor
server performance when sending and receiving email. When Alan arrived
at the client site, he found that the problem was more serious than a
failed tape drive and slow server. If you read In Focus above, you
know what the problem was. Read Alan's article to find out how he
found the spammer that was using the machine as a relay.
   http://www.winnetmag.com/article/articleid/41094/41094.html

==== 4. Security Toolkit ====

Virus Center
   Panda Software and the Windows & .NET Magazine Network have teamed
to bring you the Center for Virus Control. Visit the site often to
remain informed about the latest threats to your system security.
   http://www.winnetmag.com/windowssecurity/panda

FAQ: What actions occur when I click Repair on a network connection in
Windows XP and later?
   by John Savill, http://www.winnetmag.com/windowsnt20002003faq

A. When you right-click a network connection and select Status,
Windows displays information about the connection's speed, duration,
and packet activity. For XP and later, a Repair option appears on the
Support tab. When you click Repair, Windows attempts to resolve a
range of problems. Specifically, the OS does the following:

   - Attempts to use a broadcast message to renew the DHCP lease, if
the connection obtains its IP address through DHCP

   - Uses the command "arp -d" to flush the Address Resolution
Protocol (ARP)

   - Uses the command "nbtstat -R" to flush the NetBIOS cache

   - Uses the command "ipconfig /flushdns" to flush the DNS cache

   - Uses the command "nbtstat -RR" to reregister the NetBIOS name and
IP address with WINS

   - Uses the command "ipconfig /registerdns" to reregister the
computer name and IP address with DNS

Featured Thread: OWA and ISA Authentication
   (One message in this thread)
Yushi writes that when his users connect to Microsoft Outlook Web
Access (OWA) from a remote site, they're asked to enter their username
and password three times before OWA opens their mailbox. When they
send email, the system prompts them again to enter their credentials.
He uses Microsoft Small Business Server (SBS) 2000, Internet Security
and Acceleration (ISA) Server, and Exchange Server all on the same
system. He has tried publishing OWA within ISA Server and users still
experience the same results. Lend a hand or read the responses:
   http://www.winnetmag.com/forums/messageview.cfm?catid=42&threadid=65947

==== 5. Event ====

Receive a Free Identity Management White Paper!
   Are your existing identity-management and access-control solutions
fragmented, duplicated, and inefficient? Attend this free Web seminar
and discover how to automate and simplify identity creation,
administration, and access control. Leverage your investment in
Microsoft technologies and benefit from greater security, improved
productivity, and better manageability. Register now!
   http://list.winnetmag.com/cgi-bin3/DM/y/edzp0CJgSH0CBw0BDya0Ai

==== 6. New and Improved ====
   by Jason Bovberg, products () winnetmag com

Turn Your PC into a Premises-Monitoring System
   DeskShare released WebCam Monitor 2.2, software that notifies you
when it detects motion or noise in your office or home. WebCam Monitor
can support four cameras and microphones simultaneously, letting you
keep tabs on a remote location. Whenever WebCam Monitor detects an
intrusion or other unusual activity, the software can capture snapshot
images, record video and audio images, flash your computer screen,
sound an audible alarm, or send an email message. WebCam Monitor 2.2
costs $39.95 for a single-user license. For more information about the
product, contact DeskShare on the Web.
   http://www.deskshare.com/wcm.aspx

Attack and Event Correlation Analysis Across Firewalls
   eIQnetworks announced FirewallAnalyzer Enterprise 3.0, the most
recent version of its browser-based firewall/VPN correlation analysis,
reporting, and monitoring software. Using patent-pending FScale
data-management architecture and advanced log-management technologies,
FirewallAnalyzer Enterprise correlates cryptic Syslog messages from
all leading firewall appliances and servers into meaningful
information that you can easily interpret and act upon. Version 3.0
specifically addresses enterprise and managed service provider
customers' need to correlate data across distributed firewalls.
FirewallAnalyzer Enterprise, which supports all leading firewall
servers and appliances, helps identify attackers, attack sources,
requests, event types, and ports of attack. FirewallAnalyzer
Enterprise costs $795 and is licensed per physical firewall. For more
information about the product, contact eIQnetworks on the Web.
   http://www.eiqnetworks.com

Tell Us About a Hot Product and Get a T-Shirt!
   Have you used a product that changed your IT experience by saving
you time or easing your daily burden? Tell us about the product, and
we'll send you a Windows & .NET Magazine T-shirt if we write about the
product in a future Windows & .NET Magazine What's Hot column. Send
your product suggestions with information about how the product has
helped you to whatshot () winnetmag com.

===================

==== Sponsored Links ====

NetSupport
   Free Trial - Fast and Easy Network Management. - NetSupport DNA
   http://list.winnetmag.com/cgi-bin3/DM/y/edzp0CJgSH0CBw0BEOp0AI

===================

==== 7. Contact Us ====

About the newsletter -- letters () winnetmag com
About technical questions -- http://www.winnetmag.com/forums
About product news -- products () winnetmag com
About your subscription -- securityupdate () winnetmag com
About sponsoring Security UPDATE -- emedia_opps () winnetmag com

This email newsletter is brought to you by Security Administrator, the
print newsletter with independent, impartial advice for IT
administrators securing Windows and related technologies. Subscribe
today.
https://secure.pentontech.com/nt/security/index.cfm?promocode=00&Code=ei25xxup

Copyright 2003, Penton Media, Inc.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.