Security UPDATE, October 30, 2002

[InfoSec News <isn () c4i org>]

********************
Windows & .NET Magazine Security UPDATE--brought to you by Security
Administrator, a print newsletter bringing you practical, how-to
articles about securing your Windows .NET Server, Windows 2000, and
Windows NT systems.
   http://www.secadministrator.com
********************

~~~~ THIS ISSUE SPONSORED BY ~~~~

VeriSign - The Value of Trust
   http://list.winnetmag.com/cgi-bin3/flo?y=eOEi0CJgSH0CBw05qj0A2

Real Time Monitoring Is a Security Requirement
   http://list.winnetmag.com/cgi-bin3/flo?y=eOEi0CJgSH0CBw02Jr0AT
   (below IN FOCUS)

~~~~~~~~~~~~~~~~~~~~

~~~~ SPONSOR: VERISIGN - THE VALUE OF TRUST ~~~~
   Secure all your Web servers now - with a proven 5-part strategy.
The FREE Server Security Guide shows you how:
   * DEPLOY THE LATEST ENCRYPTION and authentication techniques
   * DELIVER TRANSPARENT PROTECTION with the strongest security
without disrupting users. And more. Get your FREE Guide now:
   http://list.winnetmag.com/cgi-bin3/flo?y=eOEi0CJgSH0CBw05qj0A2

~~~~~~~~~~~~~~~~~~~~

October 30, 2002--In this issue:

1. IN FOCUS
     - Sneak Attack Through a License Agreement

2. SECURITY RISKS
     - Remote File Deletion Vulnerability in Windows XP
     - Privilege Escalation Vulnerability in Microsoft SQL Server,
       MSDE 2000, and MSDE 1.0

3. ANNOUNCEMENTS
     - Safeguard Your Data and Protect Your Privacy
     - Attend Our Free Tips & Tricks Web Summit

4. SECURITY ROUNDUP
     - News: Protect Your Contact List: Read the EULA!
     - News: PGP Back in Action: 8.0 Beta Released to Public
     - News: DNS Root Servers Attacked
     - Feature: SonicWALL Global Management System 2.2

5. HOT RELEASES (ADVERTISEMENTS)
     - FREE Security Assessment Tool From Aelita!
     - SPI Dynamics

6. INSTANT POLL
     - Results of Previous Poll: Microsoft .NET Passport
     - New Instant Poll: Reading the EULA

7. SECURITY TOOLKIT
     - Virus Center
     - FAQ: How Can I Prevent Regedit from Remembering the Last
       Registry Key Location I Accessed Under Windows XP?

8. NEW AND IMPROVED
     - Internet Security Protection and Remediation Solution
     - Web Optimization Tools and Enhanced Virus Protection Upgrade
     - Submit Top Product Ideas
 
9. HOT THREADS
     - Windows & .NET Magazine Online Forums
         - Featured Thread: Why Doesn't Netscape Communicator 4.7 Work
           with ISA Server 2000?
     - HowTo Mailing List
         - Featured Thread: Password Protection on Backups
 
10. CONTACT US
   See this section for a list of ways to contact us.

~~~~~~~~~~~~~~~~~~~~

1. ==== IN FOCUS ====
   (contributed by Mark Joseph Edwards, News Editor,
mark () ntsecurity net)

* SNEAK ATTACK THROUGH A LICENSE AGREEMENT

Have you ever received a Web-based greeting card from a friend or
relative? They're common these days, and they seem to be taken for
granted, in that people trust the intent of someone who might send
them a greeting card. People like to be greeted with kindness, so
they're inclined to look at and read the greeting card. It's one of
the feel-good things that many people simply can't resist.

Have you ever wondered why a company would spend its Internet
resources delivering free greeting cards on behalf of people with whom
it conducts no business otherwise? How does such an entity profit from
those endeavors? What might its motives be?

Last week, a user posted an interesting message to our HowTo for
Security mailing list regarding one company that delivers Web-based
greeting cards. That company, Permissioned Media, runs a Web site
called FriendGreetings.com, which lets one person send another person
an electronic greeting card. The friendly facilitation seems simple
and harmless, but it has a rather insidious side.

When you receive a greeting from FriendGreetings.com, the message says
that someone sent you the greeting and that to read it, you must click
a URL that takes you to the Web site hosting the greeting. When you
click the URL, you're prompted to install an ActiveX control before
you view the greeting. As the greeting-card recipient, you would
probably assume that you must install the ActiveX control to view the
greeting; however, that's not the case. Instead, FriendGreetings.com
has designed the ActiveX control, complete with an End User License
Agreement (EULA), to interact with your mail client software and
harvest information about your email contacts. After the ActiveX
control obtains your private contact list information, it sends a
similar greeting card to everyone in your contact list, probably
unbeknownst to you!

If you took time to read the EULA from FriendGreetings.com, you'd
discover that the EULA clearly states Permissioned Media's intention
to do just that. A section of the EULA reads, "As part of the
installation process, Permissioned Media will access your Microsoft
Outlook contacts list and send an e-mail to persons on your contacts
list inviting them to download FriendGreetings or related products."
By accepting the EULA and installing the ActiveX control, you give the
company permission to perform that activity.

In essence, the greeting cards that FriendGreetings.com delivers
resemble many worms that travel the Internet: They're parasitic,
intrusive, devious, elusive, and most of all, probably unwanted. Even
some antivirus vendors issued warnings about the greeting card last
week. However, we can't completely blame FriendGreetings.com for its
use because, although the company counts on most users' acceptance of
the unread EULA, the EULA does spell out some of its intention. By
agreeing to the EULA, users agree to the ActiveX control activity.
Nevertheless, the lesson here should be obvious: When you encounter a
EULA, don't take anything for granted. Read it word for word to
understand exactly what you're accepting and think through what the
consequences of acceptance might be.

Permissioned Media bills itself as a "behavioral marketing network"
with more than 100 clients that advertise online. The company also
operates Cool-Downloads.com. You can read Permissioned Media's EULA at
the URL below. Take note that it grants the company "the right to add
additional features or functions to the version of PerMedia you
install, or to add new applications to PerMedia, at any time." Yikes!
   http://permissionedmedia.com/license.htm

If you've received a greeting card from FriendGreetings.com and
installed the associated ActiveX control, you might want to remove its
software from your system. To find out how, be sure to read the
related news article, "Protect Your Contact List: Read the EULA!" in
this newsletter.
   http://www.secadministrator.com/articles/index.cfm?articleid=27122

And if you're a security administrator for your network, consider
blocking FriendGreetings.com to help ensure that none of your network
users inadvertently compromise private contact information by
accepting a greeting card from that Web site.

~~~~~~~~~~~~~~~~~~~~

~~~~ SPONSOR: REAL TIME MONITORING IS A SECURITY REQUIREMENT ~~~~
   A proactive IT Manager installed ELM Enterprise Manager 3.0 on his
critical servers to assess the benefits of real time monitoring. A
week later, EEM 3.0 paged him as a disgruntled employee was attempting
to access confidential personal files. Within minutes, the hacker was
escorted off company property. Use ELM Enterprise Manager 3.0 to
monitor the health and status of your systems, protect your
intellectual property, and prevent avoidable downtime. Download your
FREE 30-day evaluation copy at:
   http://list.winnetmag.com/cgi-bin3/flo?y=eOEi0CJgSH0CBw02Jr0AT

~~~~~~~~~~~~~~~~~~~~

2. ==== SECURITY RISKS ====
   (contributed by Ken Pfeil, ken () winnetmag com)

* REMOTE FILE DELETION VULNERABILITY IN WINDOWS XP
   Distributed Systems Technology Centre (DSTC) discovered a
vulnerability in Windows XP that lets an attacker remotely delete any
file or folder on the vulnerable system. Microsoft has released
Security Bulletin MS02-060 (Flaw in Windows XP Help and Support Center
Could Enable File Deletion) to address this vulnerability and
recommends that affected users apply XP Service Pack 1 (SP1) mentioned
in the bulletin. A patch is also available for users who are unable to
apply the service pack.
   http://www.secadministrator.com/articles/index.cfm?articleid=27032

* PRIVILEGE ESCALATION VULNERABILITY IN MICROSOFT SQL SERVER, MSDE
2000, AND MSDE 1.0
   David Litchfield of Next Generation Security Software (NGSSoftware)
discovered a vulnerability in Microsoft SQL Server, Microsoft Desktop
Engine (MDSE) 2000, and Microsoft Data Engine (MSDE) 1.0 that lets a
low-privileged user run, delete, insert, and update Web tasks.
Microsoft has released Security Bulletin MS02-061 (Elevation of
Privilege in SQL Server Web Tasks) to address this vulnerability and
recommends that affected users apply the appropriate patch mentioned
in the bulletin.
   http://www.secadministrator.com/articles/index.cfm?articleid=27033

3. ==== ANNOUNCEMENTS ====
   (brought to you by Windows & .NET Magazine and its partners)

* SAFEGUARD YOUR DATA AND PROTECT YOUR PRIVACY
   Get armed with the same security protection used by Department of
Defense, US Army and Federal Aviation Administration. For $69.95,
safeguard your data with the most accurate and comprehensive
vulnerability assessment tool available. STAT Scanner Home Edition
enables users to identify and eliminate security deficiencies that can
allow hacker intrusion.
   http://www.softwareshelf.com/products/display_homeuser.asp?p=91

* ATTEND OUR FREE TIPS & TRICKS WEB SUMMIT
   Join us on December 19th for our Tips & Tricks Web Summit featuring
three eye-opening events: Disaster Recovery Tips & Tricks, Intrusion
Detection: Win2K Security Log Secrets, and Merging Exchange Systems:
Tips for Managing 5 Key Challenges. There is no charge for this event,
but space is limited so register today!
   http://list.winnetmag.com/cgi-bin3/flo?y=eOEi0CJgSH0CBw05nz0AG

4. ==== SECURITY ROUNDUP ====

* NEWS: PROTECT YOUR CONTACT LIST: READ THE EULA!
   Users on our HowTo for Security mailing list recently disclosed a
rather insidious End User License Agreement (EULA). The EULA pertains
to a Web-based greeting card--the kind that people exchange for
various reasons. If you receive a greeting card from
FriendGreetings.com (operated by Permissioned Media) and read and
accept the associated EULA, you're giving FriendGreetings.com
permission to copy your entire contact list for its own use.
   http://www.secadministrator.com/articles/index.cfm?articleid=27122

* NEWS: PGP BACK IN ACTION: 8.0 BETA RELEASED TO PUBLIC
   PGP announced the release of PGP 8.0 Beta (for Windows and Mac OS
X), which is available for download at the company's Web site. The new
beta is open to anyone, and the beta products expire on December 6,
2002. PGP 8.0 for Windows will include PGP Mail, PGP Disk, and PGP
 Admin.
   http://www.secadministrator.com/articles/index.cfm?articleid=27103

* NEWS: DNS ROOT SERVERS ATTACKED
   According to a story by "The Washington Post," the DNS root servers
that provide fundamental DNS support for global Internet operations
suffered a Distributed Denial of Service (DDoS) attack. The report
said that the DDoS attack struck all 13 of the root servers about 5:00
P.M. on October 21.
   http://www.secadministrator.com/articles/index.cfm?articleid=27052

* FEATURE: SONICWALL GLOBAL MANAGEMENT SYSTEM 2.2
   Most firewall vendors offer software to remotely maintain, monitor,
and manage distributed firewalls. SonicWALL's Global Management System
(GMS) Standard Edition 2.2 differs from the competition because it
lets you centrally manage any SonicWALL security appliance--from the
company's enterprise-class firewall to its entry-level TELE3 firewall,
which SonicWALL markets to telecommuters. Although proprietary to
SonicWALL, GMS's functionality is useful. Other vendors should
consider providing centralized management (or even cross-vendor
interoperability) that includes low-end security appliances.
   http://www.secadministrator.com/articles/index.cfm?articleid=26691

5. ==== HOT RELEASES (ADVERTISEMENTS) ====

* FREE SECURITY ASSESSMENT TOOL FROM AELITA!
   HIPAA? Gramm-Leach-Bliley? New Aelita InTrust(tm) 7.0 consolidates,
archives, and analyzes heterogeneous IT audit data and offers reports
to assist in documenting compliance. Get started with the FREE
security assessment tool: Aelita InTrust Audit Advisor!
   http://list.winnetmag.com/cgi-bin3/flo?y=eOEi0CJgSH0CBw05qk0A3

* SPI DYNAMICS
   ALERT! -Cross-Site Scripting Attacks on Web Applications Cross-site
scripting vulnerabilities in web applications allow hackers to
compromise confidential information, manipulate or steal cookies.
Download this *FREE* white paper from SPI Dynamics for a guide to
protection!
   http://list.winnetmag.com/cgi-bin3/flo?y=eOEi0CJgSH0CBw05ql0A4

6. ==== INSTANT POLL ====
 
* RESULTS OF PREVIOUS POLL: MICROSOFT .NET PASSPORT
   The voting has closed in Windows & .NET Magazine's Security
Administrator Channel nonscientific Instant Poll for the question, "Do
you currently use Microsoft .NET Passport?" Here are the results (+/-
2 percent) from the 472 votes:
   -  37% Yes
   -  63% No
 
* NEW INSTANT POLL: READING THE EULA
   The next Instant Poll question is, "Do you read the End User
License Agreement (EULA) before you install new software?" Go to the
Security Administrator Channel home page and submit your vote for a)
Always, b) Sometimes, c) Rarely, d) Never.
   http://www.secadministrator.com

7. ==== SECURITY TOOLKIT ====

* VIRUS CENTER
   Panda Software and the Windows & .NET Magazine Network have teamed
to bring you the Center for Virus Control. Visit the site often to
remain informed about the latest threats to your system security.
   http://www.secadministrator.com/panda

* FAQ: HOW CAN I PREVENT REGEDIT FROM REMEMBERING THE LAST REGISTRY
KEY LOCATION I ACCESSED UNDER WINDOWS XP?
   ( contributed by John Savill, http://www.windows2000faq.com )

A. In a previous FAQ, I explained how to write a script to
automatically reset the last key location every time you log on to the
OS. Another option for clearing the last registry key accessed is to
use registry permissions to disable Write access to the key. To do so,
perform the following steps:
   1. Start the registry editor.
   2. Navigate to the
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit
registry subkey.
   3. Select LastKey.
   4. If you're working in XP, open the Edit menu and select
Permissions; if you're working in Windows 2000, open the Security menu
and select Permissions.
   5. Remove Full Control access and grant Read-only access.
   6. Click OK.

You'll need to repeat this process for all users who don't want
regedit to remember the last key location they accessed.

8. ==== NEW AND IMPROVED ====
   (contributed by Judy Drennen, products () winnetmag com)

* INTERNET SECURITY PROTECTION AND REMEDIATION SOLUTION
   St. Bernard Software announced an agreement with Internet Security
Systems (ISS) to deliver St. Bernard Software's remediation technology
with a future ISS intrusion-protection offering scheduled for release
later this year. This agreement between ISS and St. Bernard Software
represents a coupling of complementary technologies that effectively
addresses both sides of the network security equation and completes
the security life cycle process. For more information, contact St.
Bernard Software at 800-782-3762 or go to the Web site.
   http://www.stbernard.com

* WEB OPTIMIZATION TOOLS AND ENHANCED VIRUS PROTECTION UPGRADE
   Symantec announced Norton SystemWorks 2003, a problem-solving suite
that offers a comprehensive integrated solution to help keep PCs
running at optimal performance levels. The suite now features new Web
optimization tools and improved antivirus protection to help users get
the most out of their online activities by integrating tools that
maximize hard disk space and maintain dial-up connections while
online. Norton SystemWorks 2003 also includes enhanced antivirus
protection through Norton AntiVirus 2003, which offers new Instant
Messaging (IM) scanning, worm blocking, and automatic removal of
Trojan horses and worms. Norton SystemWorks costs $69.95 ($99.95 for
the Professional edition). Contact Symantec at
http://www.symantecstore.com for more information and to purchase.
   http://www.symantec.com

* SUBMIT TOP PRODUCT IDEAS
   Have you used a product that changed your IT experience by saving
you time or easing your daily burden? Do you know of a terrific
product that others should know about? Tell us! We want to write about
the product in a future What's Hot column. Send your product
suggestions to whatshot () winnetmag com.

9. ==== HOT THREADS ====

* WINDOWS & .NET MAGAZINE ONLINE FORUMS
   http://www.winnetmag.com/forums

Featured Thread: Why Doesn't Netscape Communicator 4.7 Work with ISA
Server 2000?
   (Three messages in this thread)

A user writes that he has installed Internet Security and Acceleration
(ISA) Server 2000 in his office. All the Microsoft Internet Explorer
(IE) clients work with ISA Server 2000 just fine, but when he tries to
use ISA Server 2000 as a proxy for Netscape Communicator 4.7, it
doesn't work at all, nor does it work with Yahoo! Messenger (MSN
Messenger software works fine). He wants to know why. Lend a hand or
read the responses:
   http://www.winnetmag.com/forums/rd.cfm?cid=42&tid=48390

* HOWTO MAILING LIST
   http://63.88.172.96/listserv/page_listserv.asp?a0=howto

Featured Thread: Password Protection on Backups
   (One message in this thread)

A user wants to use NT Backup to back up his Exchange Server. He wants
to know whether he can protect the backup with a password. Read the
responses or lend a hand at the following URL:
   http://63.88.172.96/listserv/page_listserv.asp?a2=ind0210d&l=howto&p=745

10. ==== CONTACT US ====
   Here's how to reach us with your comments and questions:

* ABOUT IN FOCUS -- mark () ntsecurity net

* ABOUT THE NEWSLETTER IN GENERAL -- letters () winnetmag com (please
mention the newsletter name in the subject line)

* TECHNICAL QUESTIONS -- http://www.winnetmag.com/forums

* PRODUCT NEWS -- products () winnetmag com

* QUESTIONS ABOUT YOUR SECURITY UPDATE SUBSCRIPTION? Customer
Support -- securityupdate () winnetmag com

* WANT TO SPONSOR SECURITY UPDATE? emedia_opps () winnetmag com

********************

   This email newsletter is brought to you by Security Administrator,
the print newsletter with independent, impartial advice for IT
administrators securing a Windows 2000/Windows NT enterprise.
Subscribe today!
   http://www.secadministrator.com/sub.cfm?code=saei25xxup

   Receive the latest information about the Windows and .NET topics of
your choice. Subscribe to our other FREE email newsletters.
   http://www.winnetmag.com/email

|-+-|-+-|-+-|-+-|-+-|

Thank you for reading Security UPDATE.

MANAGE YOUR ACCOUNT
   You can manage your entire Windows & .NET Magazine Network email
newsletter account on our Web site. Simply log on and you can change
your email address, update your profile information, and subscribe or
unsubscribe to any of our email newsletters all in one place.
   http://www.winnetmag.com/email

Thank you!



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.