Information Security News mailing list archives
Windows & .NET Magazine Security UPDATE--Averting Doom--February 4, 2004
From: InfoSec News <isn () c4i org>
Date: Thu, 5 Feb 2004 04:59:16 -0600 (CST)
==================== ==== This Issue Sponsored By ==== Be Proactive with Real-Time Monitoring http://list.winnetmag.com/cgi-bin3/DM/y/eeUk0CJgSH0CBw0BFIl0AS Free Download: Shavlik Security Patch Management http://list.winnetmag.com/cgi-bin3/DM/y/eeUk0CJgSH0CBw0BDoF0AQ ==================== 1. In Focus: Averting Doom 2. Announcements - Register for Windows & .NET Magazine Connections! - Check Out the Latest Web Seminar--A Practical Guide to Selecting the Right IM Security Solution 3. Security News and Features - Recent Security Vulnerabilities - News: Microsoft to Change IE Behavior - News: Office 2003 SR1 to Include InfoPath, OneNote, and Security Improvements - Feature: Quarantining Virus Outbreaks 4. Security Toolkit - Virus Center - Virus Alert: MyDoom.A - FAQ: I'm Trying to Install Updates from Windows Update on My Windows XP Computer, but I Keep Encountering a Winlogon.exe Error. What's Going On? - Featured Thread: Problems with Windows 2000 SP2 5. Event - New Web Seminar--Realizing the Return on Active Directory 6. New and Improved - Assess Clients' Networks - Enhanced Security for Developers - Tell Us About a Hot Product and Get a T-Shirt 7. Contact Us See this section for a list of ways to contact us. ==================== ==== Sponsor: Proactive Management with TNT Software ==== There are two ways to manage your critical systems: Reactive and Proactive. ELM Enterprise Manager supports the latter. ELM Enterprise Manager is the affordable solution that monitors the health and status of your systems and alerts you in time to take prompt corrective action. Imagine the added security when consolidated event frequencies, performance trends, state changes, and quality of service breaches are clearly displayed and easily accessible. Equally important, be notified while the risk are developing. Be proactive, download your FREE fully featured 30-Day evaluation copy of ELM Enterprise Manager NOW and start experiencing the benefits for real-time monitoring. http://list.winnetmag.com/cgi-bin3/DM/y/eeUk0CJgSH0CBw0BFIl0AS ==================== ==== 1. In Focus: Averting Doom ==== by Mark Joseph Edwards, News Editor, mark () ntsecurity net By the time you read this newsletter, the MyDoom.A and MyDoom.B worms will have launched Distributed Denial of Service (DDoS) attacks against the SCO Group's Web site as well as Microsoft's Web site. As I write this column, the attack against SCO is under way, and the attack against Microsoft should start in the next 24 hours. Experiencing a DDoS attack is undoubtedly grueling, but you can take steps to defend yourself from such an attack. I'm not sure how Microsoft plans to handle the attack against it, aside from using massive bandwidth and processing power and hoping that the company's resources are greater than the worms' consumption of them. The SCO Group's approach to handling the attack is interesting: The company removed the www.sco.com DNS record so that lookups for that record would fail and established an alternative domain for their Web site, www.thescogroup.com. Of course this solution isn't perfect because it stops all systems--both clean systems and systems infected with the worm--from reaching the company's Web site at its former address, but it does mitigate a complete DoS. Having been forewarned of the attack, SCO could take such steps. Preventing the spread of such nuisances is a simple matter of common sense computer usage. The fact that such nuisances are still propagated far and wide shows that plenty of users still don't understand the risks. Nor do they seem to realize that even more virulent, destructive viruses or worms (imagine a worm that wipes out your hard disk!) will almost certainly be unleashed on the Internet, probably sooner rather than later. I'm still amazed when I learn of someone who doesn't at least use a firewall and antivirus software. We can all help make the Internet a bit safer by educating our friends and family to use such tools. As you know, not all antivirus software and firewalls are equal. I haven't found a resource that compares the features, capabilities, and functionality of the major antivirus software products, so if you know of one, please send me an email message to let me know about it. I do know of a site, PC Flank, that compares the strength of personal firewalls. Take a look at the URL below to see how well 24 personal firewalls protect users' system and information, and consider these findings when recommending personal firewall software to your family, friends, and associates. http://www.pcflank.com/art41a.htm ==================== ==== Sponsor: Free Download: Shavlik Security Patch Management ==== Install the latest critical Microsoft security patch today with HFNetChkPro. A free, fully functional, no time-out version of HFNetChkPro is available to help you automate the delivery and testing of this critical patch. HFNetChkPro offers unlimited scanning, a complete GUI and Shavlik's exclusive PatchPush capabilities. Save time on patch deployment, ensure systems are fully protected and safeguard your systems from remote code execution, identity spoofing, arbitrary code execution and other attacks. Its free, and it simplifies patch management without agents. Learn more and download the free version of HFNetChkPro at http://list.winnetmag.com/cgi-bin3/DM/y/eeUk0CJgSH0CBw0BDoF0AQ ==================== ==== 2. Announcements ==== (from Windows & .NET Magazine and its partners) Register for Windows & .NET Magazine Connections! Windows & .NET Magazine Connections will be held April 4-7, 2004, in Las Vegas, Nevada. Complete details about workshops, breakout sessions, and speakers are now online. Save $200 if you hurry and register before the early bird discount expires. Register now on the Web or by calling 203-268-3204 or 800-505-1201. http://list.winnetmag.com/cgi-bin3/DM/y/eeUk0CJgSH0CBw0KXQ0AF Check Out the Latest Web Seminar--A Practical Guide to Selecting the Right IM Security Solution Deploying an IM security solution is the only way to gain control over your IM security. In this free Web seminar, you'll learn about IM authentication, encryption, support for and interoperability between different IM networks, auditing, automatic legal disclaimers, virus and worm scanning, and more. Register now! http://list.winnetmag.com/cgi-bin3/DM/y/eeUk0CJgSH0CBw0BFE50AT ==================== ==== Sponsor: Virus Update from Panda Software ==== Are your traditional antivirus solutions really protecting your network? Panda Antivirus GateDefender is a dedicated hardware device installed at the Internet gateway to block viruses before they contaminate your network. It scans 7 different communication protocols, achieving optimum protection against external attacks. Panda Antivirus GateDefender 7100 (25-500 seats) & Panda Antivirus GateDefender 7200 (500 seats+) provide the highest scalability with native load balancing that transparently adapts to traffic volume. Visit "Panda's GateDefender Stands Guard!" at http://list.winnetmag.com/cgi-bin3/DM/y/eeUk0CJgSH0CBw0BEGa0AE for more information. ==================== ==== 3. Security News and Features ==== Recent Security Vulnerabilities If you subscribe to this newsletter, you also receive Security Alerts, which inform you about recently discovered security vulnerabilities. You can also find information about these discoveries at http://www.winnetmag.com/departments/departmentid/752/752.html News: Microsoft to Change IE Behavior Microsoft announced plans to change the way Internet Explorer (IE) handles certain URLs that in the past have been used to dupe users into visiting a site they didn't intend to visit. The Microsoft article "Microsoft plans to release a software update that modifies the default behavior of Internet Explorer for handling user information in HTTP and HTTPS URLs," http://support.microsoft.com/?kbid=834489 , explains that the company will soon release a software update for IE 6.0 and IE 5.x running on Windows Server 2003, Windows XP, Windows 2000, Windows NT, and Windows 98. With the update loaded, a certain spoofing technique won't work when used in conjunction with the HTTP and HTTP Secure (HTTPS) protocols. Read about the problem and the update in this article on our Web site. http://www.winnetmag.com/article/articleid/41589/41589.html News: Office 2003 SR1 to Include InfoPath, OneNote, and Security Improvements Microsoft revealed last week that its first Microsoft Office 2003 service release, due in late spring, will be a major release that includes new security features and major improvements to the two new Office applications: Microsoft Office InfoPath 2003 and Microsoft Office OneNote 2003. Like earlier service releases, Office 2003 Service Release 1 (SR1) will include all the bug fixes and patches that the company has released for the various Office products since it first introduced the suite in October 2003. http://www.winnetmag.com/article/articleid/41592/41592.html Feature: Quarantining Virus Outbreaks The MyDoom worm (which is actually a variant of the Mimail worm) is busily spreading all over the Internet. The continuing spread of worms such as MyDoom and Bagle (aka Beagle or Bagel) proves that not every administrator knows what to do when an outbreak like this one hits. As Paul Robichaux watched his Microsoft Outlook "Caught by scanner" folder fill up last week, he was inspired to write about how you can help prevent an infection. http://www.winnetmag.com/article/articleid/41606/41606.html ==================== ==== Hot Release ==== Free white paper from Aelita Software! "Event Log Management: A Guide to a Stress-free Audit" Download this free technical white paper now from Windows & .NET Magazine's White Paper Central. Brought to you courtesy of Aelita Software. http://list.winnetmag.com/cgi-bin3/DM/y/eeUk0CJgSH0CBw0BFIm0AT ==================== ==== 4. Security Toolkit ==== Virus Center Panda Software and the Windows & .NET Magazine Network have teamed to bring you the Center for Virus Control. Visit the site often to remain informed about the latest threats to your system security. http://www.winnetmag.com/windowssecurity/panda Virus Alert: MyDoom.A MyDoom.A is a worm that spreads through email messages and through the KaZaA peer-to-peer (P2P) file-sharing network. MyDoom.A launches Distributed Denial of Service (DDoS) attacks against the SCO Group Web site (www.sco.com) if the system date is between February 1 and February 12, 2004. It does this by launching GET/ HTTP/ 1.1 requests every 1,024 milliseconds. The worm is set to stop functioning on February 12, 2004. MyDoom.A inserts a DLL (shimgapi.dll) into a user's system, which creates a backdoor and opens the first available TCP port in the range from 3127 to 3198. This backdoor component lets an intruder download and run an executable file and also acts as a proxy server, which lets a hacker gain remote access to network resources. http://www.pandasoftware.com/virus_info/encyclopedia/overview.aspx?idvirus=44140 FAQ: I'm Trying to Install Updates from Windows Update on My Windows XP Computer, but I Keep Encountering a Winlogon.exe Error. What's Going On? by John Savill, http://www.winnetmag.com/windowsnt20002003faq A. The full text of the error you're referring to is "Winlogon.exe. Entry Point Not Found. The procedure entry point AssocIsDangerous could not be found in the dynamic link library SHLWAPI.DLL." This problem is typically the result of installing XP Service Pack 1 (SP1) without restarting the computer when prompted, then attempting to access other updates from the Windows Update site. Performing these actions corrupts certain DLLs. Because the corrupted DLLs are core files, you can't repair them while Windows is running. To repair the damaged files, you need to reboot to the Recovery Console (RC) and perform several steps. Read the complete details in the FAQ on our Web site. http://www.winnetmag.com/article/articleid/41545/41545.html Featured Thread: Problems with Windows 2000 SP2 (Four messages in this thread) A user writes that when he tries to apply Windows 2000 Service Pack 2 (SP2), he receives an error message that says, "The following error occurred while Service Pack Setup attempted to download the Service Pack files from the Internet: The server name or address could not be resolved." He wants to know why this error occurs and how to work around it. Lend a hand or read the responses: http://www.winnetmag.com/forums/messageview.cfm?catid=42&threadid=66897 ==== 5. Event ==== New Web Seminar--Realizing the Return on Active Directory Join Mark Minasi and Indy Chakrabarti for a free Web seminar and discover how to maximize the return on your Active Directory investments and cut the cost of security exposures with secure task delegation, centralized auditing, and Group Policy management. Register now and receive NetIQ's free "Layered Security Architecture" white paper. http://list.winnetmag.com/cgi-bin3/DM/y/eeUk0CJgSH0CBw0BFE60AU ==== 6. New and Improved ==== by Jason Bovberg, products () winnetmag com Assess Clients' Networks eEye Digital Security and Trend Micro announced the Trend Micro Virus Vulnerability Assessment Service, a service for Trend Micro's value-added channel partners. The new service will let system integrators and security consultants assess and report their clients' network-security level and identify potential security vulnerabilities. The service is based on a special edition of eEye's Retina Network Security Scanner vulnerability-assessment product. Vendors interested in becoming channel partners can contact either eEye Digital Security or Trend Micro on the Web. http://www.eeye.com http://www.trendmicro.com/partners Enhanced Security for Developers Aladdin Knowledge Systems announced that it has added enhanced security features to its Hardware Against Software Piracy (HASP) software-protection, antipiracy, and software-licensing tool. An upgraded Win32 Envelope adds an automatic wrapping tool that improves antidebugging features and a tool for optimizing network utilization by revoking licenses that aren't used for an extended time. For more information about the new HASP features, contact Aladdin Knowledge Systems on the Web. http://www.ealaddin.com/hasp Tell Us About a Hot Product and Get a T-Shirt! Have you used a product that changed your IT experience by saving you time or easing your daily burden? Tell us about the product, and we'll send you a Windows & .NET Magazine T-shirt if we write about the product in a future Windows & .NET Magazine What's Hot column. Send your product suggestions with information about how the product has helped you to whatshot () winnetmag com. =================== ==== Sponsored Links ==== Argent Comparison Paper: The Argent Guardian Easily Beats Out MOM http://list.winnetmag.com/cgi-bin3/DM/y/eeUk0CJgSH0CBw0BDWV0AI =================== ==== 7. Contact Us ==== About the newsletter -- letters () winnetmag com About technical questions -- http://www.winnetmag.com/forums About product news -- products () winnetmag com About your subscription -- securityupdate () winnetmag com About sponsoring Security UPDATE -- emedia_opps () winnetmag com This email newsletter is brought to you by Windows & .NET Magazine, the leading publication for IT professionals deploying Windows and related technologies. Subscribe today. http://www.winnetmag.com/sub.cfm?code=wswi201x1z You received this email message because you asked to receive additional information about products and services from the Windows & .NET Magazine Network. To unsubscribe, send an email message to mailto:Security-UPDATE_Unsub () list winnetmag com. Thank you! View the Windows & .NET Magazine privacy policy at http://www.winnetmag.com/AboutUs/Index.cfm?action=privacy Windows & .NET Magazine, a division of Penton Media, Inc. 221 East 29th Street, Loveland, CO 80538 Attention: Customer Service Department Copyright 2004, Penton Media, Inc. All rights reserved. - ISN is currently hosted by Attrition.org To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY of the mail.
Current thread:
- Windows & .NET Magazine Security UPDATE--Averting Doom--February 4, 2004 InfoSec News (Feb 05)