Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Subject: Security UPDATE, July 17, 2002

From: InfoSec News <isn () c4i org>
Date: Thu, 18 Jul 2002 07:04:47 -0500 (CDT)
********************
Windows & .NET Magazine Security UPDATE--brought to you by Security
Administrator, a print newsletter bringing you practical, how-to
articles about securing your Windows .NET Server, Windows 2000, and
Windows NT systems.
   http://www.secadministrator.com
********************

~~~~ THIS ISSUE SPONSORED BY ~~~~

Security Auditing and Configuration Analysis!
   http://list.winnetmag.com/cgi-bin3/flo?y=eMgt0CJgSH0CBw03C30A2

VeriSign - The Value of Trust
   http://list.winnetmag.com/cgi-bin3/flo?y=eMgt0CJgSH0CBw01bI0As
   (below IN FOCUS)

~~~~~~~~~~~~~~~~~~~~

~~~~ SPONSOR: SECURITY AUDITING AND CONFIGURATION ANALYSIS! ~~~~
   How many people have administrative rights in your network? How
 many unused user accounts are in your domains? What changes were made to
your directories during the last week? Security vulnerabilities occur
when you can't answer these questions. Don't be vulnerable to attacks
from inside and outside your network. Aelita Enterprise Directory
Reporter offers a comprehensive directory reporting and security
assessment solution for Windows NT/2000, Active Directory, and
Exchange. Improve security with network configuration, Group Policy,
and user information that lets you locate and correct problems and
implement enterprise-wide policies. Download a FREE evaluation copy.
Put Aelita in the lab!
   http://list.winnetmag.com/cgi-bin3/flo?y=eMgt0CJgSH0CBw03C30A2

~~~~~~~~~~~~~~~~~~~~

July 17, 2002--In this issue:

1. IN FOCUS
     - Unwise Connectivity; Microsoft Obtains Third-Party Protection;
       and Camera/Shy

2. SECURITY RISKS
     - Multiple Vulnerabilities in Microsoft SQL Server 2000 and MSDE
       2000
     - DoS in WatchGuard Firebox VPN Appliance
     - DoS in BEA WebLogic for Win2K and NT

3. ANNOUNCEMENTS
     - Register Today for Our Win2K Migration Web Seminar!
     - Enter the Windows & .NET Magazine/Transcender Sweepstakes!

4. SECURITY ROUNDUP
     - News: Survey Says Web Is More Vulnerable Than Ever
     - Feature: Security Holes Pop Up in Unexpected Places
     - Feature: Best Practices for Secure Administrator Accounts

5. HOT RELEASES
     - Sprint IP VPN Services: Special Offer
     - IBM E-Business Integration White Paper

6. SECURITY TOOLKIT
     - Virus Center
     - FAQ: How Can I Force a User to Use a Machine-Specific Group
       Policy Rather Than a User-Specific Group Policy?

7. NEW AND IMPROVED
     - Submit Top Product Ideas
     - Protect Your Valuable Notebook from Theft
     - Invisible Means Invulnerable

8. HOT THREADS
     - Windows & .NET Magazine Online Forums
         - Featured Thread: Blocking IRC Scripts

9. CONTACT US
   See this section for a list of ways to contact us.

~~~~~~~~~~~~~~~~~~~~

1. ==== IN FOCUS ====
   (contributed by Mark Joseph Edwards, News Editor,
mark () ntsecurity net)

* UNWISE CONNECTIVITY; MICROSOFT OBTAINS THIRD-PARTY PROTECTION; AND
CAMERA/SHY

According to a provocative article from the Associated Press (AP) wire
last week (which draws information from a Los Angeles Times report),
US power and energy companies "have become targets for computer
hackers who have managed to penetrate energy control networks as well
as administrative systems."
   http://www.cbsnews.com/stories/2002/07/08/tech/main514426.shtml

The article reports that the online power and energy companies
surveyed have experienced an average of 1280 attacks in the past 6
months alone. Riptech, which performed the study, said that the number
of attacks represents a 77 percent increase over the number of attacks
experienced last year. According to the article, FBI Cybercrime
Director Ronald Dick said, "The event that I fear most is a physical
attack in conjunction with the success of a cyber attack on an
infrastructure such as electric power or 911."

The report points out the weakest link in the energy and power
companies' infrastructure: control systems that monitor power grids
and govern the flow of oil and water through pipelines. Formerly,
these systems weren't connected to public networks such as the
Internet, but now they are--and, as a result, they're vulnerable to
attack.

The story begs the obvious question: Why would any entity connect
extremely critical infrastructures (e.g., power companies, national
911 services) to the Internet? By doing so, they ask for serious
trouble. Is that wise in times such as these? I don't think so.

In other recent and interesting news, PC World reported that Microsoft
has adopted NetScreen-500 to help protect its corporate network (see
the first URL below). NetScreen Technologies (see the second URL
below) issued a press release regarding the adoption. NetScreen-500 is
a firewall/VPN combination appliance that, among other things, helps
stop viruses and worms from propagating into a network. What makes
this news strange is that Microsoft touts its Internet Security and
Acceleration (ISA) Server 2000 (see the third URL below) as a product
that "protects the enterprise network from hacker intrusion and
malicious worms through application-level filtering."
   http://www.pcworld.com/news/article/0,aid,102626,tk,dn071202X,00.asp
   http://www.netscreen.com/products/index.html
   http://www.microsoft.com/isaserver/howtobuy/upgrade.asp

Are you looking for a way to transmit sensitive information? A group
that calls itself Hacktivismo has released a new tool called
Camera/Shy at the Hackers On Planet Earth (HOPE) Conference in New
York. Camera/Shy is a steganography tool that encrypts and stores data
in graphical image files. Steganography adds extra data to a typical
image file so that when someone views the file, it seems to contain an
ordinary image. After data is stored in an image file, you can
transmit the file, and the recipient can recover the data stored
therein. According to Hacktivismo, the tool is easy to use. Camera/Shy
targets users who work behind network border devices that filter or
censor Internet content. You can find a temporary download site for
Camera/Shy and its documentation at the first URL below. Let's hope
nobody uses Camera/Shy to attack power and energy companies. For
additional information about steganography, go to the second URL
below.
   http://members.cox.net/osioniusx/CameraShy.exe
   http://www.secadministrator.com/articles/index.cfm?articleid=20057
 
~~~~~~~~~~~~~~~~~~~~

~~~~ SPONSOR: VERISIGN - THE VALUE OF TRUST ~~~~
   FREE E-COMMERCE SECURITY GUIDE
   Is your e-business built on a strong, secure foundation? Find out
with VeriSign's FREE White Paper, "Building an E-Commerce Trust
Infrastructure." Learn how to authenticate your site to customers,
secure your web servers with 128-Bit SSL encryption, and accept secure
payments online. Click here:
   http://list.winnetmag.com/cgi-bin3/flo?y=eMgt0CJgSH0CBw01bI0As

~~~~~~~~~~~~~~~~~~~~

2. ==== SECURITY RISKS ====
   (contributed by Ken Pfeil, ken () winnetmag com)

* MULTIPLE VULNERABILITIES IN SQL SERVER 2000 AND MSDE 2000
   Cesar Cerrudo and Mark Litchfield of Next Generation Security
Software discovered multiple vulnerabilities in Microsoft SQL Server
2000 and Microsoft SQL Server Desktop Engine (MSDE) 2000, the most
severe of which can lead to remote compromise of the vulnerable
server. Microsoft has released Security Bulletin MS02-034 (Cumulative
Patch for SQL Server) to address this vulnerability and recommends
that affected users download and apply the appropriate patch mentioned
in the bulletin. These patches are cumulative and address all
previously discovered vulnerabilities in the affected product.
   http://www.secadministrator.com/articles/index.cfm?articleid=25868

* DoS IN WATCHGUARD FIREBOX VPN APPLIANCE
   Andreas Sandor and Peter Grundl discovered a Denial of Service
(DoS) condition in WatchGuard Technologies' Firebox with firmware
5.x.x. By sending a malformed packet to the listener service on TCP
port 4110, an attacker can cause the Dynamic VPN Configuration
Protocol (DVCP) service to fail. The vendor, WatchGuard, recommends
that affected users upgrade their firmware to version 6.x.x, available
through the company's LiveSecurity Service.
   http://www.secadministrator.com/articles/index.cfm?articleid=25812

* DoS IN BEA WEBLOGIC FOR WIN2K AND NT
   Peter Grundl discovered a Denial of Service (DoS) condition in BEA
Systems' WebLogic Server when used with the performance pack, which
installs by default. By data or connection flooding, an attacker can
crash the Web service with a report of an error in ntdll.dll. The
vendor, BEA Systems, has released a security advisory to address this
problem and recommends that affected users apply the appropriate patch
listed in this bulletin.
   http://www.secadministrator.com/articles/index.cfm?articleid=25811

3. ==== ANNOUNCEMENTS ====
   (brought to you by Windows & .NET Magazine and its partners)

* REGISTER TODAY FOR OUR WIN2K MIGRATION WEB SEMINAR!
   You can make the Windows 2000 road less bumpy--if you know how.
Hear Jeremy Moskowitz talk about what to do before your Win2K
migration actually begins, and what to be on the lookout for during
the migration process. This special online event is scheduled for
Thursday, July 18, so sign up today!
   http://list.winnetmag.com/cgi-bin3/flo?y=eMgt0CJgSH0CBw022F0A3

* ENTER THE WINDOWS & .NET MAGAZINE/TRANSCENDER SWEEPSTAKES!
   Nothing can help you prepare for certification like Transcender
products, and no one can help you master your job like Windows & .NET
Magazine. Enter our combined sweepstakes contest, and you could win a
Transcender Deluxe MCSE Core Pak (a $569 value) or one of several
other great prizes. Sign up today!
   http://list.winnetmag.com/cgi-bin3/flo?y=eMgt0CJgSH0CBw028j0Ak

4. ==== SECURITY ROUNDUP ====

* NEWS: SURVEY SAYS WEB IS MORE VULNERABLE THAN EVER
   A June 2002 Netcraft survey shows that Web sites are more
vulnerable than ever because of several recently reported security
problems with Microsoft IIS and Apache Web server. Netcraft polled
38,807,788 Web servers and found that 59.67 percent (more than 23
million sites) run Apache Web server and 28.96 percent run IIS.
   http://www.secadministrator.com/articles/index.cfm?articleid=25846

* FEATURE: SECURITY HOLES POP UP IN UNEXPECTED PLACES
   With so many obvious security holes that systems administrators
must watch for, keeping up with all the potential problem areas that
the Windows OSs present is tough. It's even worse when the security
problems occur in a little-used but ubiquitous application such as the
Windows Media Player (WMP).
   http://www.secadministrator.com/articles/index.cfm?articleid=25840

* FEATURE: BEST PRACTICES FOR SECURE ADMINISTRATOR ACCOUNTS
   Creating unique passwords for your Administrator accounts is one
important step you can take to keep your systems secure. Dick Lewis
offers best practices that can help you protect the powerful
Administrator account from intruders. Be sure to read the article on
our Web site!
   http://www.secadministrator.com/articles/index.cfm?articleid=25721

5. ==== HOT RELEASES ====

* SPRINT IP VPN SERVICES: SPECIAL OFFER
   For secure, global network access and great savings, visit
  
  
http://ad.doubleclick.net/clk;4366192;7296505;q?http://www.sprintbiz.com/apps/tag/sprintbizQ2Growth/,16,27,S3,199/bsgpromo/ip1.html

* IBM E-BUSINESS INTEGRATION WHITE PAPER
   Learn to remain competitive as e-business technologies evolve. The
IBM white paper, "Managing e-business integration challenges," will
help you understand how to identify key integration components. Get
your complimentary copy at
   http://www.ibm.com/e-business/playtowin/n122

6. ==== SECURITY TOOLKIT ====

* VIRUS CENTER
   Panda Software and the Windows & .NET Magazine Network have teamed
to bring you the Center for Virus Control. Visit the site often to
remain informed about the latest threats to your system security.
   http://www.secadministrator.com/panda

* FAQ: HOW CAN I FORCE A USER TO USE A MACHINE-SPECIFIC GROUP POLICY
RATHER THAN A USER-SPECIFIC GROUP POLICY?
   ( contributed by John Savill, http://www.windows2000faq.com )

A. Typically, the settings that the OS applies when a user logs on are
based on the user's account container (e.g., a domain, a site, an
organizational unit--OU), regardless of which container the user's
machine belongs to. In some instances, you might want to forgo using
this default behavior and instead associate a user's settings with the
location of the user's computer within Active Directory (AD). For
example, you might want to set a strict, defined set of policies for a
publicly accessible computer, regardless of who logs on to that
computer.
   To establish machine-specific settings, use Group Policy to set the
computer's container to "loopback" mode--so that the computer's client
settings take precedence--by performing the following steps:
   1. Start Group Policy Editor (GPE) and load the policy that affects
the computer whose behavior you want to modify (alternatively, you can
start the Microsoft Management Console--MMC--Active Directory Users
and Computers snap-in, right-click the container, select Properties,
then select the Group Policy tab).
   2. Expand the Computer Configuration, Administrative Templates,
System, Group Policy branches.
   3. Double-click the "Loopback Policy" option (or "User Group Policy
loopback processing mode" in Windows .NET Server--Win.NET Server).
   4. Select the Enabled option, then select the Mode:
   - Merge Mode--loads a user's normal settings first, then loads any
settings based on the computer's location, thus overwriting any
conflicting user settings
   - Replace Mode--loads only settings based on the computer's
 location
   5. Click OK.

7. ==== NEW AND IMPROVED ====
   (contributed by Judy Drennen, products () winnetmag com)

* SUBMIT TOP PRODUCT IDEAS
   Have you used a product that changed your IT experience by saving
you time or easing your daily burden? Do you know of a terrific
product that others should know about? Tell us! We want to write about
the product in a future What's Hot column. Send your product
suggestions to whatshot () winnetmag com.

* PROTECT YOUR VALUABLE NOTEBOOK FROM THEFT
   Belkin released SafeTech, a line of security products for notebook
computers, dock stations, flat-screen monitors, and other expensive
computer devices. The SafeTech line features two locks: a keyless
version, the SafeTech C100 Combo Security Lock at $24.95 and a keyed
version, the SafeTech K100 Security Lock at $29.95. For more
information, go to the Belkin Web site.
   http://www.belkin.com

*  INVISIBLE MEANS INVULNERABLE
   Gianus Technologies introduced Phantom Total Security (PTS),
security software that can protect any type of computer data by making
it invisible to attackers, unauthorized users, and even viruses. PTS
splits a computer hard disk into two parts, then makes one part
disappear with the simple click of an icon. PTS costs $190 and runs on
multiple OSs on the same computer, each OS transparent to the other.
Contact Gianus Technologies at 212-838-7070.
   http://www.phantomts.com

8. ==== HOT THREADS ====

* WINDOWS & .NET MAGAZINE ONLINE FORUMS
   http://www.winnetmag.com/forums

Featured Thread: Blocking IRC Scripts
   (Two messages in this thread)

Brett writes that one of his clients found that someone has gained
access to the client's Windows 2000 server and installed an Internet
Relay Chat (IRC) script that lets a remote user control the server.
The script uses two programs, firedeamon.exe and srchost.exe. Brett
wants to know the best way to prevent the installation of such
scripts.
   http://www.secadministrator.com/forums/thread.cfm?thread_id=108852

9. ==== CONTACT US ====
   Here's how to reach us with your comments and questions:

* ABOUT IN FOCUS -- mark () ntsecurity net

* ABOUT THE NEWSLETTER IN GENERAL -- vpatterson () winnetmag com (please
mention the newsletter name in the subject line)

* TECHNICAL QUESTIONS -- http://www.winnetmag.com/forums

* PRODUCT NEWS -- products () winnetmag com

* QUESTIONS ABOUT YOUR SECURITY UPDATE SUBSCRIPTION? Customer
Support -- securityupdate () winnetmag com

* WANT TO SPONSOR SECURITY UPDATE? emedia_opps () winnetmag com

********************

   This email newsletter is brought to you by Security Administrator,
the print newsletter with independent, impartial advice for IT
administrators securing a Windows 2000/Windows NT enterprise.
Subscribe today!
   http://www.secadministrator.com/sub.cfm?code=saei25xxup

   Receive the latest information about the Windows and .NET topics of
your choice. Subscribe to our other FREE email newsletters.
   http://www.winnetmag.com/email

|-+-|-+-|-+-|-+-|-+-|

Thank you for reading Security UPDATE.

MANAGE YOUR ACCOUNT
You can manage your entire Windows & .NET Magazine Network email
newsletter account on our Web site. Simply log on and you can change
your email address, update your profile information, and subscribe or
unsubscribe to any of our email newsletters all in one place.
   http://www.winnetmag.com/email

Thank you!



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.
Previous By Date Next
Previous By Thread Next

Current thread: