Full Disclosure mailing list archives
Fwd: Security Watch: Source Code Dealer Arrested
From: n3td3v <xploitable () gmail com>
Date: Mon, 22 Nov 2004 23:13:32 +0000
---------- Forwarded message ---------- From: SecurityWatch <securitywatch () newsletters 101com com> Date: Mon, 22 Nov 2004 17:07:13 -0500 Subject: Security Watch: Source Code Dealer Arrested To: Crew-x Security <xploitable () gmail com> November 22, 2004 Security Watch http://mcpmag.com/security/ http://ENTmag.com ================================================================= THIS ISSUE SPONSORED BY: - ONLY FROM CISCO: THE INTEGRATED SECURITY DEMO http://info.101com.com/default.asp?id=10527 - TechMentor is Back in Orlando with 6 New Tracks http://info.101com.com/default.asp?id=10975 - Free Paper: Simple, Affordable Fault Tolerant Windows http://info.101com.com/default.asp?id=10976 ================================================================= ----------------------------------------------------------------- In This Issue: 1) Ill News for Illwill 2) Reader Feedback: USB Security 3) Security News and Other Information ----------------------------------------------------------------- ================================================================= SPONSOR: ONLY FROM CISCO: THE INTEGRATED SECURITY DEMO ================================================================= This brief executive level demonstration outlines the substantial security challenges facing business of all sizes and types today, and how the powerful Cisco Integrated Security approach can effectively protect your business. http://info.101com.com/default.asp?id=10527 ================================================================= ----------------------------------------------------------------- Ill News for Illwill **By Roberta Bragg Last week William Genovese, a.k.a. "illwill," was arrested and charged with selling Windows 2000 and Windows NT 4.0 source code. The source code was purportedly stolen from the drives of a computer owned by longtime Microsoft partner Mainsoft Corp. The arrest was the result of the work of an online security investigator hired by Microsoft, the U.S. Attorney's office and the FBI. Genovese has a previous conviction, in March of 2003, for eavesdropping when he wrote a virus used to hack into computers. Genovese, 27, of Meriden, Connecticut, faces a maximum sentence of 10 years in prison and a fine of $250,000 if convicted. The arrest is good, and welcome, news. It's been disheartening of late to witness the criminal activity concerning computers and computer information. In spite of all we know, in spite of all we do, it seems we're deluged daily with, or beaten down with, the news of new vulnerabilities, new malware, new incidents of data theft, denial of service attacks and increasing evidence of criminal and malicious intent behind them. Just when I was ready to succumb to my paranoia and retire to my fortress, two good things happened. First, the arrest shows that organizations are working together to "do something" about it. A single arrest won't stop the attempts or successful attacks on our information systems, but it does indicate progress. Second, you, the readers, continue to write me with not just questions, but information on how you're engaged in the battle. Keep those letters coming. I answer as many questions as I can, and I like hearing about your successes in keeping the boogey man at bay. Meanwhile, Microsoft has a slew of tools that may help in your efforts. These tools, all part of the ALTools package, focus on Netlogon and the Windows event log. They can be downloaded from http://snipurl.com/2vic. Included in the package: - LockoutStatus.exe. Displays information about a locked-out account. - ALockout.dll. Helps determine the program or process sending the incorrect credentials in a scenario. - AcctInfo.dll. Isolates and troubleshoots account lockouts. - ALoInfo.exe. Displays user account names and their password age. - EnableKerbLog.vbs. Startup script that enables Kerberos logging. - EventCombMT.exe. Gathers events for event logs at many locations for a centralized view. - NLParse.exe. Extracts and displays desired entries from Netlogon files. But before you rush out and start using the tools, read the disclaimers. For example, Microsoft warns that you shouldn't run ALockout.dll on servers that host network programs such as Exchange, because the tool may make it impossible for those programs to start. Also check out the Microsoft document "Account Passwords and Policies," http://snipurl.com/at8y, which fully describes the tools, points to more information on running them, and sternly warns against their frivolous use. (The tools can be used with Windows Server 2003, Win2K and, in some cases, NT 4.0.) As usual, before running any new tool, you should back up a copy of the operating system and your valuable data. -- Roberta Bragg, MCSE: Security, CISSP, Security+, and contributing editor for MCP Magazine, owns Have Computer Will Travel, Inc., an independent firm specializing in information security and operating systems. She's series editor for McGraw-Hill/Osborne's Hardening series--books that instruct you on how to secure your networks before you are hacked, and author of the first book in the series, "Hardening Windows Systems". Contact her at roberta.bragg () mcpmag com. ----------------------------------------------------------------- ================================================================= SPONSOR: Super Early Bird Savings Through December 31 ================================================================= TechMentor has changed! Our new vision happens in Orlando April 4-8, 2005, with six tracks on networking and certification training for Windows professionals. We now offer three tracks on Microsoft's administrative certs: MCDST, MCSA, MCSE. PLUS three tracks to help time-challenged administrators do their jobs better, faster and more efficiently: Windows System Automation, System and Network Troubleshooting, and Small/Medium Business Operations. Register by December 31 and save $300. http://info.101com.com/default.asp?id=10975 ================================================================= ----------------------------------------------------------------- **Reader Feedback: USB Security Roberta, Question: Using policies, can I disable selected computers from using USB external memory devices without preventing the use of such things as USB mice? --Name Withheld Roberta answers: No. However, there are some ways to manage USB ports. I recently devoted a Security Watch column to that topic, which you can find here: http://redmondmag.com/columns/article.asp?EditorialsID=811 ----------------------------------------------------------------- ================================================================= SPONSOR: Free Paper: Simple, Affordable Fault Tolerant Windows ================================================================= Is Windows server downtime costing you money? Learn simple, affordable ways to make unmodified Windows servers fault tolerant. Get continuous application availability through faults and failures with no need for cluster-aware apps, no failover scripting, and no data loss. Marathon Delivers Simple, Affordable, Continuous Uptime. http://info.101com.com/default.asp?id=10976 ================================================================= ----------------------------------------------------------------- **Security News and Other Information -- Rand Proposes Analysis Method Connecting disparate pieces of information to prevent terrorist attacks has taken on greater importance for the intelligence and homeland security communities since the Sept. 11, 2001, terrorist attacks. But the going since then hasn't been easy. http://fcw.com/fcw/articles/2004/1115/web-rand-11-19-04.asp -- TSA advances TWIC program Transportation Security Administration officials have entered a new phase of the Transportation Worker Identity Credential (TWIC) program, with testing under way at the Port of Long Beach Container Terminal in California. http://fcw.com/fcw/articles/2004/1122/news-tsa-11-22-04.asp -- Groups Urge 911 Improvements Advocates for the emergency 911 service said the nation's communication infrastructure is so woefully outdated that it cannot adapt to the increasing public usage of new and emerging communication devices, such as voice over IP. http://fcw.com/fcw/articles/2004/1115/web-nena-11-17-04.asp -- NetIQ Ties Its System Management and Security Tools NetIQ this month will begin shipping a "connector" tool to enable systems management and security information to be displayed on the same console. http://entmag.com/news/article.asp?EditorialsID=6460 ----------------------------------------------------------------- ================================================================= To find out how you can sponsor this newsletter, contact Matt Morollo at mailto:mmorollo () 101com com. ================================================================= UNSUBSCRIBE: http://newsletters.101com.com/red/form.asp?e=XPLOITABLE () GMAIL COM&nl=40 CHANGE EMAIL ADDRESS: http://newsletters.101com.com/red/form.asp?e=XPLOITABLE () GMAIL COM&nl=40 ==================================================================== Encourage your peers to excel! Please forward this e-mail to your interested associates. If this e-mail was forwarded to you and you'd like to subscribe, please http://newsletters.101com.com/red/n.asp?pc=HWEB28&nl=37,27,26,43,22,40,7 1 FREE Subscription to Redmond magazine. http://subscribe.101com.com/red/magazine/NewFreeUS/?p=enews4 Got Windows? Get Redmond magazine, The Independent Voice Of The Microsoft IT Community. Each monthly issue brings you hands-on problem solving, tactical hard-core tech info, real-world reviews, expert columnists, news analysis and strategic insights into all things Microsoft. This invaluable, solution-oriented magazine comes in both print and a digital edition, created in Adobe Acrobat PDF format. Do not miss an issue. Already receive it? Keep it coming! Get it Now. Get it Free. Get it Fast. Click here to start or continue your subscription! http://subscribe.101com.com/red/magazine/NewFreeUS/?p=enews4 Customer Service: ----------------- - Print Issue: 866-293-3194 (U.S.) or 402-293-3194 (international), 8 a.m. to 5 p.m. Central time Monday through Friday. - Newsletter problems: mailto:RED () lists 101com com Copyright 2004 101communications LLC. Security Watch may only be redistributed in its unedited form. Written permission from the editor must be obtained to reprint the information contained within this newsletter. Contact kward () redmondmag com. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Fwd: Security Watch: Source Code Dealer Arrested n3td3v (Nov 22)
- RE: Fwd: Security Watch: Source Code Dealer Arrested Michael Evanchik (Nov 23)