Security UPDATE, December 18, 2002

[InfoSec News <isn () c4i org>]

********************
Windows & .NET Magazine Security UPDATE--brought to you by Security
Administrator, a print newsletter bringing you practical, how-to
articles about securing your Windows .NET Server, Windows 2000, and
Windows NT systems.
   http://www.secadministrator.com
********************

~~~~ THIS ISSUE SPONSORED BY ~~~~

Protect Your Systems with Real Time Monitoring
   http://list.winnetmag.com/cgi-bin3/flo?y=eOzD0CJgSH0CBw067B0Ag 

Lieberman & Associates
   http://list.winnetmag.com/cgi-bin3/flo?y=eOzD0CJgSH0CBw067C0Ah 
   (below IN FOCUS)

~~~~~~~~~~~~~~~~~~~~

~~~~ SPONSOR: PROTECT YOUR SYSTEMS WITH REAL TIME MONITORING ~~~~
   A proactive Security Administrator installed TNT Software's ELM
Enterprise Manager 3.0 on his critical servers to assess the benefits
of real time monitoring. During the first week, EEM 3.0 paged him as a
disgruntled employee attempted to access confidential files, emailed
him during a port scan barrage, and automatically restarted a failed
anti-virus service. As a result, ELM Enterprise Manager was purchased
and fully deployed during the second week. To experience how real time
monitoring with ELM Enterprise Manager will protect your systems,
download your FREE 30-day evaluation copy from:
   http://list.winnetmag.com/cgi-bin3/flo?y=eOzD0CJgSH0CBw067B0Ag 

~~~~~~~~~~~~~~~~~~~~

December 18, 2002--In this issue:

1. IN FOCUS
     - Critical Updates for Microsoft VM

2. SECURITY RISKS
     - Buffer Overrun in Enceladus Web Server for Windows

3. ANNOUNCEMENTS
     - Black Hat Briefings & Training: Windows Security
     - Planning on Getting Certified? Make Sure to Pick Up Our New
       eBook!

4. SECURITY ROUNDUP
     - News: Microsoft Releases MBSA 1.1
     - Feature: 7 Steps to SSL Encryption

5. HOT RELEASE (ADVERTISEMENT)
     - Get your FREE InTrust Audit Advisor tool

6. SECURITY TOOLKIT
     - Virus Center
     - FAQ: How Can I Enable Saving Attachments in Microsoft Outlook
       Express 6.0?

7. NEW AND IMPROVED
     - Protect NetApp Filers from Viruses
     - Secure Heterogeneous Enterprises
     - Correction: Control Spam with Firewall Appliance
     - Submit Top Product Ideas
 
8. HOT THREADS
     - Windows & .NET Magazine Online Forums
         - Featured Thread: Forensics Tools
     - HowTo Mailing List
         - Featured Thread: Account Lockout
 
9. CONTACT US
   See this section for a list of ways to contact us.

~~~~~~~~~~~~~~~~~~~~

1. ==== IN FOCUS ====
   (contributed by Mark Joseph Edwards, News Editor,
mark () ntsecurity net)

* CRITICAL UPDATES FOR MICROSOFT VM

Are you keeping up with all the patches Microsoft has issued?
Microsoft has issued 71 security bulletins so far this year. One
bulletin in particular, MS02-069 (Flaw in Microsoft VM Could Enable
System Compromise) issued December 11, addresses several problems with
the Microsoft Virtual Machine (VM) used for Java code. Versions of the
VM software through version 5.0.3805 are vulnerable. According to
Microsoft, "The most serious of these issues could enable a Web site
to compromise your system and take actions such as changing data,
loading and running programs, and reformatting the hard disk." The
patch is a critical update, and everyone should install it.
   http://www.microsoft.com/security/security_bulletins/ms02-069.asp

In the past, Microsoft has indicated that it will remove Java support
from Windows. In June, Microsoft announced that because of a legal
settlement with Sun Microsystems, after January 1, 2004, the company
can no longer make modifications to Sun's Java code, including
security fixes. Because of the settlement, Microsoft said, the company
wouldn't include Java with Windows after that date. The decision stems
from a legal argument between the two companies (to read more about
that story, see the WinInfo Web site at the first URL below; to find
the latest updates about the legal proceedings between Sun and
Microsoft, see the second URL below).
   http://www.wininformant.com/articles/index.cfm?articleid=25620
   http://search.winnetmag.com/query.html?col=wininfo&qt=Java

Even if Microsoft removes Java support from Windows, you might still
use the Microsoft VM in the future, so consider loading the latest
patch anyway, just in case. The patch will replace the "jview" program
on your system with the latest version. While you're updating the
Microsoft VM on your systems, consider upgrading other Java runtime
components. You can do that by downloading the latest Java runtime
environment (the Java 2 Platform) directly from Sun's Java Web site.
Sun's runtime environment works with Windows XP, Windows 2000, Windows
NT, Windows Me, Windows 9x, Sun Solaris, Linux, and Macintosh
platforms.
   http://java.sun.com/getjava/download.html

Speaking of patches, have you visited PivX Solutions' list of
unpatched security holes in Microsoft products lately? Last updated
December 9, 2002, the page lists 19 unpatched security
vulnerabilities. Two items listed pertain to Java, and I can't tell
whether this latest patch from Microsoft fixes those items. However,
even if the patch does fix the Java vulnerabilities, take note of the
17 other unpatched holes that you should be aware of.

The problems range from the simple to the complex, including
circumventing Microsoft Internet Explorer's (IE's) security zones,
reading local files on a user's computer, and executing arbitrary
code. The oldest problem listed on the Web page was reported almost a
year ago, December 22, 2001, and relates to man-in-the-middle attacks
against Secure Sockets Layer (SSL) traffic. The newest problem, posted
December 3, 2002, pertains to cookie theft and monitoring users' Web
activity. Be sure to read the Web page--and guard your systems against
those holes until Microsoft develops a patch.
   http://www.pivx.com/larholm/unpatched/

~~~~~~~~~~~~~~~~~~~~

~~~~ SPONSOR: LIEBERMAN & ASSOCIATES ~~~
   Massive Workstation Security Hole...Ignored!
   In just a few minutes any of your domain users could become the
administrator of ALL your machines without your knowledge. A quick
search of Google.com for password crackers is all it takes. There is a
solution. Download our guide to plugging the DISTRIBUTED CREDENTIALS
FLAW in Windows.
   http://list.winnetmag.com/cgi-bin3/flo?y=eOzD0CJgSH0CBw067C0Ah ~~~~~~~~~~~~~~~~~~~~

2. ==== SECURITY RISKS ====
   (contributed by Ken Pfeil, ken () winnetmag com)

* BUFFER OVERRUN IN ENCELADUS WEB SERVER FOR WINDOWS
   Tamer Sahin discovered that a buffer-overrun vulnerability in
Enceladus Web and FTP Server Suite 3.9 can let an attacker execute
arbitrary code on the vulnerable system. If an attacker supplies a
long sequence of characters as an argument to the CD command, thereby
exceeding the length of the input buffer, the excess data will
overwrite other variables on the stack and the stack frame. As a
result, an attacker can execute arbitrary code. Mollensoft Software
has been notified but hasn't yet released a patch for this problem.
   http://www.secadministrator.com/articles/index.cfm?articleid=27545

3. ==== ANNOUNCEMENTS ====
   (brought to you by Windows & .NET Magazine and its partners)

* BLACK HAT BRIEFINGS & TRAINING: WINDOWS SECURITY
   Attend the world's premier technical event for Windows and .NET
security experts, February 25-28, 2002 in Seattle. You'll find six
tracks, seven training sessions, and full support from Microsoft.  See
for yourself what the Black Hat buzz is all about. Register today!
   http://list.winnetmag.com/cgi-bin3/flo?y=eOzD0CJgSH0CBw0pHV0AH
 
* PLANNING ON GETTING CERTIFIED? MAKE SURE TO PICK UP OUR NEW EBOOK!
   "The Insider's Guide to IT Certification" eBook is hot off the
presses and contains everything you need to know to help you save time
and money while preparing for certification exams from Microsoft,
Cisco Systems, and CompTIA and have a successful career in IT. Get
your copy of the Insider's Guide today!
   http://list.winnetmag.com/cgi-bin3/flo?y=eOzD0CJgSH0CBw06cX0Am

4. ==== SECURITY ROUNDUP ====

* NEWS: MICROSOFT RELEASES MBSA 1.1
   Microsoft recently released a new version of Microsoft Baseline
Security Analyzer (MBSA), which Shavlik Technologies developed for
Microsoft. New features in MBSA 1.1 include Exchange and Windows Media
Player (WMP) security update detection, full HFNetChk 3.81 support in
the MBSA command-line interface, support for Microsoft Software Update
Services (SUS) during security update scans, compatibility with
Microsoft Systems Management Server (SMS) 2.0 Software Update Services
Feature Pack, and detection for multiple Microsoft SQL Server
instances.
   http://www.secadministrator.com/articles/index.cfm?articleid=27551

* FEATURE: 7 STEPS TO SSL ENCRYPTION
   In Microsoft SQL Server 2000, Microsoft introduced new features to
satisfy its customers' growing concerns about data security. One
little-understood feature is automatic support of Secure Sockets Layer
(SSL)-encrypted network traffic between the clients and the server.
Encryption slightly slows performance because it requires extra
actions on both sides of the network connection. However, for users
who are concerned about the security of their network communications,
the benefits of encryption outweigh this slight performance penalty.
Encryption is especially useful when clients connect to the SQL Server
across the Internet and data travels across public networks.
   http://www.secadministrator.com/articles/index.cfm?articleid=26908

5. ==== HOT RELEASE (ADVERTISEMENT) ====

* GET YOUR FREE INTRUST AUDIT ADVISOR TOOL
   Do you meet security regulations & corporate rules? Get your FREE
InTrust Audit Advisor tool to estimate the resources needed to deploy
and implement auditing practices, for a secure environment. Close the
security gap with InTrust.
   http://list.winnetmag.com/cgi-bin3/flo?y=eOzD0CJgSH0CBw067D0Ai 

6. ==== SECURITY TOOLKIT ====

* VIRUS CENTER
   Panda Software and the Windows & .NET Magazine Network have teamed
to bring you the Center for Virus Control. Visit the site often to
remain informed about the latest threats to your system security.
   http://www.secadministrator.com/panda

* FAQ: HOW CAN I ENABLE SAVING ATTACHMENTS IN MICROSOFT OUTLOOK
EXPRESS 6.0?
   ( contributed by John Savill, http://www.windows2000faq.com )

By default and as a security precaution to avoid saving a virus to
your computer, Outlook Express doesn't let you save files locally. To
enable file saving within Outlook Express, perform the following
steps:
   1. Start Outlook Express.
   2. From the Tools menu, select Options.
   3. Select the Security tab.
   4. Clear the "Do not allow attachments to be saved or opened that
could potentially be a virus" check box, then click OK.

7. ==== NEW AND IMPROVED ====
   (contributed by Sue Cooper, products () winnetmag com)

* PROTECT NETAPP FILERS FROM VIRUSES
   Symantec announced Symantec AntiVirus for NetApp Filers, software
that provides scalable virus scanning and repair services to protect
data on Network Appliance (NetApp) storage solutions. One scanner can
service multiple filers, protecting your data from damage or deletion
because of virus infection. A Central Quarantine feature lets you
redirect irreparable, virus-infected files to a safe area on a
centralized server for further inspection. For trialware, licensing
information, or reseller locations, go to
   http://enterprisesecurity.symantec.com.
   http://symantec.com

* SECURE HETEROGENEOUS ENTERPRISES
   SnapGear is shipping the SnapGear SME5xx family of VPN firewall
appliances. Based on the Hitachi SuperH SH4 microprocessor, the
appliances are built for small to midsized enterprises. These
appliances offer narrowband and broadband access, intrusion detection,
a URL content-filtering option, a stateful firewall, a VPN, LAN
throughputs up to 50Mbps, VPN throughputs up to 10Mbps, no built-in
user limitation, and lifetime firmware upgrades. Management is
browser-based. Prices start at $349. Contact SnapGear at 801-282-8492
and sales () snapgear com.
   http://www.snapgear.com

* CORRECTION: CONTROL SPAM WITH FIREWALL APPLIANCE
   In last week's Security UPDATE item about BorderWare Technologies'
MXtreme Mail Firewall, the first of the two phone numbers listed was
incorrect. Here's the corrected information: Contact BorderWare at
905-804-1855, 877-814-7900, and sales () mxtreme com.
   http://www.borderware.com

* SUBMIT TOP PRODUCT IDEAS
   Have you used a product that changed your IT experience by saving
you time or easing your daily burden? Do you know of a terrific
product that others should know about? Tell us! We want to write about
the product in a future What's Hot column. Send your product
suggestions to whatshot () winnetmag com.

8. ==== HOT THREADS ====

* WINDOWS & .NET MAGAZINE ONLINE FORUMS
   http://www.winnetmag.com/forums

Featured Thread: Forensics Tools
   (Three messages in this thread)

A user who's studying computer forensics wants to know which network
tools (in addition to Netstat, Snort, and Tcpdump) are helpful. Lend a
hand or read the responses:
   http://www.winnetmag.com/forums/rd.cfm?cid=42&tid=51198

* HOWTO MAILING LIST
   http://63.88.172.96/listserv/page_listserv.asp?a0=howto

Featured Thread: Account Lockout
   (Nine messages in this thread)

A user has a problem with a particular user account that's locked out
two or three times a day. When he searches the domain controllers'
(DCs') event logs, no events are logged against the user's account.
Event auditing is turned on, and he would expect to see event ID 529
(Unknown username or bad password) and event ID 539 (Account locked
out), but those events aren't logged. Read the responses or lend a
hand at the following URL:
   http://63.88.172.96/listserv/page_listserv.asp?A2=IND0212B&L=HOWTO&P=984

9. ==== CONTACT US ====
   Here's how to reach us with your comments and questions:

* ABOUT IN FOCUS -- mark () ntsecurity net

* ABOUT THE NEWSLETTER IN GENERAL -- letters () winnetmag com (please
mention the newsletter name in the subject line)

* TECHNICAL QUESTIONS -- http://www.winnetmag.com/forums

* PRODUCT NEWS -- products () winnetmag com

* QUESTIONS ABOUT YOUR SECURITY UPDATE SUBSCRIPTION? Customer
Support -- securityupdate () winnetmag com

* WANT TO SPONSOR SECURITY UPDATE? emedia_opps () winnetmag com

********************

   This email newsletter is brought to you by Security Administrator,
the print newsletter with independent, impartial advice for IT
administrators securing a Windows 2000/Windows NT enterprise.
Subscribe today!
   http://www.secadministrator.com/sub.cfm?code=saei25xxup

   Receive the latest information about the Windows and .NET topics of
your choice. Subscribe to our other FREE email newsletters.
   http://www.winnetmag.com/email

|-+-|-+-|-+-|-+-|-+-|

Thank you for reading Security UPDATE.

MANAGE YOUR ACCOUNT
   You can manage your entire Windows & .NET Magazine Network email
newsletter account on our Web site. Simply log on and you can change
your email address, update your profile information, and subscribe or
unsubscribe to any of our email newsletters all in one place.
   http://www.winnetmag.com/email

Thank you!

__________________________________________________________
Copyright 2002, Penton Media, Inc.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.