Security UPDATE, November 20, 2002

[InfoSec News <isn () c4i org>]

********************
Windows & .NET Magazine Security UPDATE--brought to you by Security
Administrator, a print newsletter bringing you practical, how-to
articles about securing your Windows .NET Server, Windows 2000, and
Windows NT systems.
   http://www.secadministrator.com
********************

~~~~ THIS ISSUE SPONSORED BY ~~~~

FREE 15 Day Trial Download from SPI Dynamics
   http://list.winnetmag.com/cgi-bin3/flo?y=eOZi0CJgSH0CBw06PO0AP

VeriSign - The Value of Trust
   http://list.winnetmag.com/cgi-bin3/flo?y=eOZi0CJgSH0CBw05iN0Am
   (below IN FOCUS)

~~~~~~~~~~~~~~~~~~~~

~~~~ SPONSOR: FREE 15 DAY TRIAL DOWNLOAD FROM SPI DYNAMICS ~~~~
  ALERT! Test and assess your Web Applications TODAY!
   Learn why 75% of today's successful hacks involve Web Application
   attacks such as:
   SQL Injection
   Cross-Site Scripting
   Buffer OverFlow
   Cookie Manipulation
   Parameter Manipulation
   Reverse Directory Transversal
   All undetectable by Firewalls and IDS!
   Download our FREE 15 Day Product Trial, which delivers a
   Comprehensive Vulnerability Report
   http://list.winnetmag.com/cgi-bin3/flo?y=eOZi0CJgSH0CBw06PO0AP
~~~~~~~~~~~~~~~~~~~~

November 20, 2002--In this issue:

1. IN FOCUS
     - Attackers Might Face Life in Prison; You Might Forfeit Some
       Privacy

2. SECURITY RISKS
     - Multiple Vulnerabilities in ISC's DNS BIND 8.x and BIND 4.x
     - Buffer Overflow in Macromedia's ColdFusion and JRun

3. ANNOUNCEMENTS
     - The Microsoft Mobility Tour Is Coming Soon to a City Near You!
     - Planning on Getting Certified? Make Sure to Pick Up Our New
       eBook!

4. SECURITY ROUNDUP
     - Feature: Use ISA Server to Secure Exchange

5. HOT RELEASES (ADVERTISEMENTS)
     - FREE Security Assessment Tool from Aelita!
     - Now Available - Fire & Water Security Toolkit

6. SECURITY TOOLKIT
     - Virus Center
         - Virus Alert: W32/Oror
     - FAQ: Why Doesn't Windows 2000 Service Pack 3 (SP3) Install the
       Set Program Access and Defaults Tool When I Apply the Service 
       Pack to My Win2K Server?

7. NEW AND IMPROVED
     - Detect System Intruders
     - Secure Exchange Environments
     - Submit Top Product Ideas
 
8. HOT THREADS
     - Windows & .NET Magazine Online Forums
         - Featured Thread: Relaying in Microsoft Exchange 5.5 SP4
     - HowTo Mailing List
         - Featured Thread: Problems Implementing Windows Update
           Client and SUS
 
9. CONTACT US
   See this section for a list of ways to contact us.

~~~~~~~~~~~~~~~~~~~~

1. ==== IN FOCUS ====
   (contributed by Mark Joseph Edwards, News Editor,
mark () ntsecurity net)

* ATTACKERS MIGHT FACE LIFE IN PRISON; YOU MIGHT FORFEIT SOME PRIVACY

Have you been keeping up with the Homeland Security Act of 2002? The
bill (which Congress just passed) will soon become law. According to
the bill's provisions, computer attackers could face many years--or
life--in prison for their activities.
   http://hsc.house.gov/legislation/hr5710.pdf

When you read the bill, you'll see that if attacker activities appear
to be intended to "intimidate or coerce the civilian population; to
influence the policy of a government by intimidation or coercion; or
to affect the conduct of a government by mass destruction [of
computers and/or networks in this case]," law enforcement can deem the
attacker a terrorist. According to the bill, the term "terrorism" can
mean any act that's dangerous to human life "or potentially
destructive of critical infrastructure or key resources; and is a
violation of the criminal laws of the United States or of any State or
other subdivision of the United States."

According to various news reports, lawmakers made last-minute
additions to the Homeland Security Act of 2002--provisions from the
Cyber Security Enhancement Act (CSEA)--that give law enforcement
agencies broad powers. For example, law officers could perform
wiretaps and other eavesdropping without court orders. Although
Congress previously didn't pass CSEA, according to reports,
legislators inserted CSEA provisions into the current Homeland
Security Act in a roundabout attempt to have those provisions become
law.

The Homeland Security Act also makes sweeping changes to privacy
rights both on and off the Internet. Although I agree that computer
attackers who intentionally and severely jeopardize infrastructures
should be dealt with severely, I don't agree that our right to privacy
should be stripped away in the name of the War on Terrorism--not at
this stage anyway.

According to a Reuters news story, "buried deep in the 500-page bill
are several provisions that could have lasting effects on computer
security and Internet privacy" although the bill doesn't contain
"authorization for a comprehensive data-mining effort proposed by the
Pentagon that would break down long-established barriers against
domestic surveillance."
  http://reuters.com/newsArticle.jhtml?storyID=1752157

That data-mining effort referred to is the proposed Total Information
Awareness (TIA) System project, which would fall under the Defense
Advanced Research Projects Agency's Information Awareness Office
(IAO). TIA would let the military collect information from both
private and public sectors and pool that information into centralized
databases--looking for patterns or details in an effort to track
suspected "terrorists and criminals."
   http://www.darpa.mil/iao

Many believe that implementing a program such as TIA would effectively
destroy the Fourth Amendment right to privacy and gives the military
(whose legal system lies outside the public criminal and civil courts)
the right to snoop on everyone about everything. Anything you do
that's recorded--on paper or digitally (including your individual and
business Internet activities)--can be subject to scrutiny.

Retired US Navy Admiral John Poindexter, former national security
adviser, heads the IAO, which would use TIA to process large amounts
of information from different sources to predict and prevent terrorist
attacks. According to "The Washington Post," Poindexter was fired from
his Reagan-era post and subsequently convicted of lying to Congress,
defrauding the government, and destroying evidence related to the
Iran-Contra scandal," although the convictions were overturned on
appeal.
   http://www.washingtonpost.com/wp-dyn/articles/A40942-2002Nov11.html
   http://www.washingtonpost.com/wp-dyn/articles/A61653-2002Nov15.html

The impact of new information-gathering methods remains to be seen;
however, programs such as TIA will include technology that uses facial
recognition and body movement to identify people at a distance. Could
those programs push us toward technology such as the "skin chip," a
digital implant about the size of a grain of rice? Such chips are
already available to the public and can contain almost any kind of
personal data. In theory, they could effectively be used for computer
and network authentication, but they would also change ideas about
privacy. To read more about these matters, visit the Electronic
Privacy Information Center (EPIC) Web site.
   http://www.epic.org/privacy/profiling/tia/

~~~~~~~~~~~~~~~~~~~~

~~~~ SPONSOR: VERISIGN - THE VALUE OF TRUST ~~~~
   Get the strongest server security -- 128-bit SSL encryption!
Download VeriSign's FREE guide, "Securing Your Web Site for Business"
and learn everything you need to know about using SSL to encrypt your
e-commerce transactions for serious online security. Click here!
   http://list.winnetmag.com/cgi-bin3/flo?y=eOZi0CJgSH0CBw05iN0Am
~~~~~~~~~~~~~~~~~~~~

2. ==== SECURITY RISKS ====
   (contributed by Ken Pfeil, ken () winnetmag com)

* MULTIPLE VULNERABILITIES IN ISC'S DNS BIND 8.X AND BIND 4.X
   Multiple remote vulnerabilities exist in Internet Software
Consortium's (ISC's) BIND 8.x and BIND 4.x, the most serious of which
can lead to remote compromise of the vulnerable server. For more
details about these vulnerabilities, see the discoverer's Web site.
ISC has released version 9.2.1 to correct these and other problems and
recommends that affected users immediately upgrade their software.
   http://www.secadministrator.com/articles/index.cfm?articleid=27286

* BUFFER OVERFLOW IN MACROMEDIA'S COLDFUSION AND JRUN
   A buffer-overflow vulnerability exists in Macromedia's ColdFusion
6.0 and JRun 4.0 that might let an attacker execute arbitrary code in
the system context of the vulnerable system. This vulnerability stems
from various heap overflows in the Microsoft IIS Internet Server API
(ISAPI) handlers as they handle Uniform Resource Identifier (URI)
filenames. By supplying a filename more than 4096 bytes, an attacker
can overwrite heap memory. To gain control of the remote IIS process
with system-level access, an attacker can overwrite various structures
in the process heap. For more details about this vulnerability, see
the discoverer's Web site. Macromedia has released patches for both
the ColdFusion and JRun products.
   http://www.secadministrator.com/articles/index.cfm?articleid=27285

3. ==== ANNOUNCEMENTS ====
   (brought to you by Windows & .NET Magazine and its partners)

* THE MICROSOFT MOBILITY TOUR IS COMING SOON TO A CITY NEAR YOU!
   Brought to you by Windows & .NET Magazine, this outstanding
seven-city event will help support your growing mobile workforce!
Industry guru Paul Thurrott discusses the coolest mobility hardware
solutions around, demonstrates how to increase the productivity of
your "road warriors" with the unique features of Windows XP and Office
XP, and much more. There is no charge for these live events, but space
is limited so register today!
   http://list.winnetmag.com/cgi-bin3/flo?y=eOZi0CJgSH0CBw06Kw0Ay

* PLANNING ON GETTING CERTIFIED? MAKE SURE TO PICK UP OUR NEW EBOOK!
   "The Insider's Guide to IT Certification" eBook is hot off the
presses and contains everything you need to know to help you save time
and money while preparing for certification exams from Microsoft,
Cisco Systems, and CompTIA and have a successful career in IT. Get
your copy of the Insider's Guide today!
   http://list.winnetmag.com/cgi-bin3/flo?y=eOZi0CJgSH0CBw038F0An

4. ==== SECURITY ROUNDUP ====

* FEATURE: USE ISA SERVER TO SECURE EXCHANGE
   Because exposing your Windows computers to remote procedure call
(RPC) traffic directly from the Internet is a bad idea, administrators
who want to offer Microsoft Outlook to remote users either need to
depend on direct dial-up connections or a VPN. VPNs work well but
require a certain degree of care and feeding, particularly when you're
deploying a VPN solution for many users or using hardware VPN devices
that require special client software. Microsoft Internet Security and
Acceleration (ISA) Server 2000 offers another solution to the dilemma
of how best to provide access to remote users.
   http://www.secadministrator.com/articles/index.cfm?articleid=27260

5. ==== HOT RELEASES (ADVERTISEMENTS) ====

* FREE SECURITY ASSESSMENT TOOL FROM AELITA!
   HIPAA? Gramm-Leach-Bliley? New Aelita InTrust(tm) 7.0 consolidates,
archives, and analyzes heterogeneous IT audit data and offers reports
to assist in documenting compliance. Get started with the FREE
security assessment tool: Aelita InTrust Audit Advisor!
   http://list.winnetmag.com/cgi-bin3/flo?y=eOZi0CJgSH0CBw06PP0AQ

* NOW AVAILABLE - FIRE & WATER SECURITY TOOLKIT
   NT OBJECTives offers the first integrated security toolkit for any
size network. Fire & Water provides discovery, assessment, mapping,
reporting and an advanced ISAPI filter for robust web server defense.
   Download freeware version now.
   http://list.winnetmag.com/cgi-bin3/flo?y=eOZi0CJgSH0CBw06PQ0AR

6. ==== SECURITY TOOLKIT ====

* VIRUS CENTER
   Panda Software and the Windows & .NET Magazine Network have teamed
to bring you the Center for Virus Control. Visit the site often to
remain informed about the latest threats to your system security.
   http://www.secadministrator.com/panda

- VIRUS ALERT: W32/OROR
   W32/Oror is a dangerous worm that's now spreading a variety of
renditions. The worm deletes all files on the computer's hard disk as
well as on every network drive accessible from the infected machine.
After it's activated, it displays an error message with the title
Error Starting Program. It uses email, Internet Relay Chat (IRC), and
the Kazaa program to spread. For detailed information about the
variations, visit the URLs below.
   http://63.88.172.127/Panda/Index.cfm?FuseAction=Virus&VirusID=1297
   http://63.88.172.127/Panda/Index.cfm?FuseAction=Virus&VirusID=1298
   http://63.88.172.127/Panda/Index.cfm?FuseAction=Virus&VirusID=1299

* FAQ: WHY DOESN'T WINDOWS 2000 SERVICE PACK 3 (SP3) INSTALL THE SET
PROGRAM ACCESS AND DEFAULTS TOOL WHEN I APPLY THE SERVICE PACK TO MY
WIN2K SERVER?
   ( contributed by John Savill, http://www.windows2000faq.com )

A. The Program Access and Defaults tool is available only for Win2K
Professional. The tool isn't available for any of the Win2K server
versions.

7. ==== NEW AND IMPROVED ====
   (contributed by Sue Cooper, products () winnetmag com)

* DETECT SYSTEM INTRUDERS
   Ionx released Data Sentinel, customizable host-based Intrusion
Detection System (IDS) software that scans any number of files and
registry entries for modification. You can modify the properties the
software scans for each file, group files, schedule integrity checks,
generate reports, and send automatic email alerts. Data Sentinel
supports Windows XP Professional, Windows 2000 Server, Windows 2000
Professional, Windows NT Server, and Windows NT Workstation. For
pricing, contact Ionx at sales () ionx com.
   http://www.ionx.co.uk

* SECURE EXCHANGE ENVIRONMENTS
   Sybari Software announced Antigen 7.0 for Microsoft Exchange,
software that provides antivirus protection, content filtering, and
email security for Exchange messaging and collaboration environments.
Features new to this version include the ability to add outbound
disclaimers, new quarantine and incident databases, and advanced file
filtering. Antigen 7.0 for Microsoft Exchange supports Exchange Server
2000, Exchange Server 5.5, Exchange 5.0, and Exchange running on
Microsoft Cluster Servers. The price is $5750 for 250 users and
includes a 2-year renewable license. Contact Sybari at info () sybari com
or 631-630-8500.
   http://www.sybari.com

* SUBMIT TOP PRODUCT IDEAS
   Have you used a product that changed your IT experience by saving
you time or easing your daily burden? Do you know of a terrific
product that others should know about? Tell us! We want to write about
the product in a future What's Hot column. Send your product
suggestions to whatshot () winnetmag com.

8. ==== HOT THREADS ====

* WINDOWS & .NET MAGAZINE ONLINE FORUMS
   http://www.winnetmag.com/forums

Featured Thread: Relaying with Microsoft Exchange 5.5 SP4
   (One message in this thread)

A user hosts POP3 accounts by using Exchange Server 5.5 with Service
Pack 4 (SP4) and needs to be able to relay messages. At the same time,
he wants to close access to outside calls to the server to eliminate
spam. He can't find a solution that will block outside access to his
server. Lend a hand or read the responses:
   http://www.winnetmag.com/forums/rd.cfm?cid=42&tid=49691

* HOWTO MAILING LIST
   http://63.88.172.96/listserv/page_listserv.asp?a0=howto

Featured Thread: Problems Implementing Windows Update Client and SUS
   (One message in this thread)

A user says he's in the process of implementing Microsoft Software
Update Services (SUS) to deliver service packs and patches to Windows
2000 desktops on his network. However, for some reason, his Windows
Update Client installations aren't running the updates, and log files
indicate that the clients aren't querying his SUS server. Can you help
figure out why? Read the responses or lend a hand at the following
URL:
   http://63.88.172.96/listserv/page_listserv.asp?A2=IND0211C&L=HOWTO&P=3425

9. ==== CONTACT US ====
   Here's how to reach us with your comments and questions:

* ABOUT IN FOCUS -- mark () ntsecurity net

* ABOUT THE NEWSLETTER IN GENERAL -- letters () winnetmag com (please
mention the newsletter name in the subject line)

* TECHNICAL QUESTIONS -- http://www.winnetmag.com/forums

* PRODUCT NEWS -- products () winnetmag com

* QUESTIONS ABOUT YOUR SECURITY UPDATE SUBSCRIPTION? Customer
Support -- securityupdate () winnetmag com

* WANT TO SPONSOR SECURITY UPDATE? emedia_opps () winnetmag com

********************

   This email newsletter is brought to you by Security Administrator,
the print newsletter with independent, impartial advice for IT
administrators securing a Windows 2000/Windows NT enterprise.
Subscribe today!
   http://www.secadministrator.com/sub.cfm?code=saei25xxup

   Receive the latest information about the Windows and .NET topics of
your choice. Subscribe to our other FREE email newsletters.
   http://www.winnetmag.com/email

|-+-|-+-|-+-|-+-|-+-|

Thank you for reading Security UPDATE.

You are subscribed as isn () c4i org.

MANAGE YOUR ACCOUNT
   You can manage your entire Windows & .NET Magazine Network email
newsletter account on our Web site. Simply log on and you can change
your email address, update your profile information, and subscribe or
unsubscribe to any of our email newsletters all in one place.
   http://www.winnetmag.com/email

Thank you!

__________________________________________________________

-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.