Re: (Fwd) Steve Gibson releases 'Patchwork'

[Marc Maiffret <marc () EEYE COM>]

"PATCHWORK ONLY CHECKS FOR AND ADVISES ABOUT THE PRESENCE OF THESE SPECIFIC
VULNERABILITIES." http://grc.com/pw/patchwork.htm

Ok... so then next time SANS and Steve Gibson go getting all of this press,
more power to em, they should do something useful so that next year they
don't go doing the same thing again (ala top 10 NT vulnerabilities about a
year ago from sans).

Instead of creating a program that checks for only a few, of the many, NT
vulnerabilities they should have created a tool or checklist (which you can
get from many different websites including securityfocus.com and I believe
microsoft.com) that was a simple Q and A. For example:

What NT version are you running? NT4 or Windows 2000?

If NT4 then Install Service Pack X (x==latest) and all of these hotfixes,
xyz, abc, ddq, pft, etc...
If Win2k then Install Service Pack X (x==latest) and all of these hotfixes,
xyz, abc, ddq, pft, etc...

and b00m you would have stopped all of the SANS stuff and a lot of other
things and hopefully have trained NT admin's to stay up to date with patches
instead of running this half a$$'d programs once a year and still they end
up getting screwed.

Signed,
Marc Maiffret
Chief Hacking Officer
eEye Digital Security
T.949.349.9062
F.949.349.9538
http://eEye.com/Retina - Network Security Scanner
http://eEye.com/Iris/ - Network Traffic Analyzer

|-----Original Message-----
|From: ISN Mailing List [mailto:ISN () SECURITYFOCUS COM]On Behalf Of Erik
|Moeller
|Sent: Thursday, March 15, 2001 5:20 AM
|To: ISN () SECURITYFOCUS COM
|Subject: [ISN] (Fwd) Steve Gibson releases 'Patchwork'
|
|
|------- Forwarded message follows -------
|To:                     Erik <moeller () okay net>
|From:                   Steve Gibson's MailBot <mailbot-gb0f4icn () grc com>
|Send reply to:          Steve Gibson's MailBot <mailbot-gb0f4icn () grc com>
|Date sent:              Wed, 14 Mar 2001 22:29:39 -0800
|Subject:                Steve Gibson's March/2001 News from GRC.COM ...
|
|Hello Erik,
|
|_________________________________________________________________
|
|           New freeware utility developed and released:
|
|                          "PATCHWORK"
|_________________________________________________________________
|
|
|As you may recall, the last eMail from me was the early December
|announcement of the new "LeakTest" personal firewall leakage
|tester.  Thanks to your support, 775,778 copies have been
|downloaded ... and all major firewall vendors have updated their
|products to plug their leaks.  In the future, a next generation
|of LeakTest will highlight additional problem areas in personal
|computing firewalls.
|
|So what is PATCHWORK ??
|
|Last Thursday (March 8th) the United States Federal Bureau of
|Investigation -- the FBI -- announced that the Windows NT and
|Windows 2000 Internet web servers belonging to at least 40
|prominent eCommerce companies have been systematically broken
|into by Eastern European hackers. After having their private
|customer credit card data stolen, the companies were financially
|extorted under the threat of public disclosure of their customers'
|data. More than one million credit card purchasing records have been
|stolen. You can read the full FBI press release here:
|
|             <http://grc.com/pw/FBIannouncement.htm>
|
|Shortly before the FBI's public announcement, I was contacted by
|people in Washington and asked if I could produce a utility to
|instantly determine whether a Windows NT or 2000 Internet server
|was vulnerable to these attacks, and to search the server for any
|evidence of previous penetration.  The FBI provided all of the
|specific details required, so I quickly created my latest freeware:
|"PatchWork" (just 30k bytes).
|
|PatchWork is ONLY useful for users running Windows NT or 2000
|-- so I know that it will not be of interest to everyone -- but I
|wanted you to know that it exists.  If you, or anyone you know, ARE
|using any version of Windows NT or 2000, you really should check out
|PatchWork!  It is opening MANY people's eyes ...
|
|                <http://grc.com/pw/patchwork.htm>
|
|_________________________________________________________________
|
|Other News:
|
|  1. The GRC NetFilter:
|
|     I am VERY excited about the next product I will soon start
|     creating: It's called the "GRC NetFilter".  It is like a
|     privacy and security enhancing firewall that deals with the
|     growing number of Internet privacy problems and annoyances;
|     things like 3rd-party cookies, personal information leakage,
|     browser "pop-up" windows, home-phoning spyware, web tracking and
|     profiling, and even unsolicited (SPAM) eMail.  For an overview of
|     the project, check out this page:
|
|     <http://grc.com/nf/netfilter.htm>
|
|
|  2. The birth of FREE Firewall Log Analyzers!
|
|     If you use a personal firewall you may know that their logs
|     can sometimes be difficult to decipher. Some entries in the
|     logs may be friendly or innocent, while others could be
|     truly nefarious. Some new and really cool utilities are
|     answering the need to make sense of these confusing logs.
|     More are on the way, but you may want to check out these
|     first, completely free, solutions:
|
|     Right now for all users of ZoneAlarm:
|
|     <http://www.zonelog.co.uk/>
|
|     For users of BlackICE Defender: A feature-rich freeware log
|     analyzer, similar to the ZoneLog Analyzer, is in development by
|     the people at the popular DSL Reports web site.  I'll be sure to
|     let you know when it's available for your testing! In the
|     meantime you might want to check out the completely FREE
|     "ICEWatch v2.19":
|
|     <http://keir.net/icewatch.html>   (just 63k bytes)
|
|     (See the ICEWatch v2.19 link at the TOP of the page.)
|
|
|  3. What programs contain Spyware??
|
|     During the year that my OptOut tool was closely focused
|     upon Spyware, the question we heard over and over was "Does
|     the such-and-such product contain spyware?" People wanted to know
|     which products were suspicious. So I was very pleased when I
|     discovered a web site that is actively maintaining a database of
|     spyware carrying applications. If you have ever wondered about
|     any of your own software, or before purchasing a new program, you
|     might want to check it out!
|
|     <http://www.spychecker.com>
|
|_________________________________________________________________
|
|Thank you for your time. I hope this has been useful to you.
|
|Steve Gibson.         <a href= "http://grc.com/"; >GRC Website</a>
|
|________________________________________________________________
|You may change your eMail address or remove yourself from this
|eMail system entirely, by visiting your personal page anytime:
|<a href= "http://grc.com/x/ne.dll?6gb0f4icn6"; >Update Info</a>
|
|------- End of forwarded message -------
|
|--
|Scientific Reviewer, Freelancer, Humanist -- Berlin/Germany
|Phone: +49-30-45491008 - Web: <http://www.humanist.de/erik>
|The Origins of Peace and Violence: <http://www.violence.de>
|
|"The right way to do things is not to try to persuade people you're
|right but to challenge them to think it through for themselves."
|(Noam Chomsky)
|
|ISN is hosted by SecurityFocus.com
|---
|To unsubscribe email LISTSERV () SecurityFocus com with a message body of
|"SIGNOFF ISN".
|

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".