Security UPDATE, September 4, 2002

[InfoSec News <isn () c4i org>]

********************
Windows & .NET Magazine Security UPDATE--brought to you by Security
Administrator, a print newsletter bringing you practical, how-to
articles about securing your Windows .NET Server, Windows 2000, and
Windows NT systems.
   http://www.secadministrator.com
********************

~~~~ THIS ISSUE SPONSORED BY ~~~~

VeriSign - The Value of Trust
   http://list.winnetmag.com/cgi-bin3/flo?y=eNMf0CJgSH0CBw04Wc0AX

Exchange & Outlook Administrator Web Site
   http://list.winnetmag.com/cgi-bin3/flo?y=eNMf0CJgSH0CBw023p0A7
   (below IN FOCUS)

~~~~~~~~~~~~~~~~~~~~

~~~~ SPONSOR: VERISIGN - THE VALUE OF TRUST ~~~~
   FREE E-COMMERCE SECURITY GUIDE
   Is your e-business built on a strong, secure foundation? Find out
with VeriSign's FREE White Paper, "Building an E-Commerce Trust
Infrastructure." Learn how to authenticate your site to customers,
secure your web servers with 128-Bit SSL encryption, and accept secure
payments online. Click here:
   http://list.winnetmag.com/cgi-bin3/flo?y=eNMf0CJgSH0CBw04Wc0AX

~~~~~~~~~~~~~~~~~~~~

September 4, 2002--In this issue:

1. IN FOCUS
     - Can Others Stumble into Your Wireless Network?

2. SECURITY RISKS
     - Digital Certificate Deletion Vulnerability in Windows

3. ANNOUNCEMENTS
     - Mark Minasi and Paul Thurrott Are Bringing Their Security
       Expertise to You!
     - The Security Solutions You've Been Searching For!

4. SECURITY ROUNDUP
     - News: Microsoft Settles with the FTC over .NET Passport
     - Feature: Introducing UDDI 3.0: Support for Digital Signatures

5. HOT RELEASES (ADVERTISEMENTS)
     - FREE Security Assessment Tool
     - Prevent the 7 Deadly Classes of Network Attack

6. INSTANT POLL
     - Results of Previous Poll: Biometric Scanners
     - New Instant Poll: Warchalking

7. SECURITY TOOLKIT
     - Virus Center
     - FAQ: How Can I Easily View Which Cookies Are Stored on My
       Machine?
     - Event Highlight: Security Strategy Workshop

8. NEW AND IMPROVED
     - End-to-End Security Solution for WLANs
     - Freeware Antipiracy Software Program
     - Submit Top Product Ideas
 
9. HOT THREADS
     - Windows & .NET Magazine Online Forums
         - Featured Thread: Interpreting an Attack
      - HowTo Mailing List
         - Featured Thread: VIGILANTe's SecureScan NX Experience?

10. CONTACT US
   See this section for a list of ways to contact us.

~~~~~~~~~~~~~~~~~~~~

1. ==== IN FOCUS ====
   (contributed by Mark Joseph Edwards, News Editor,
mark () ntsecurity net)

* CAN OTHERS STUMBLE INTO YOUR WIRELESS NETWORK?

In the August 7, 2002, edition of Security UPDATE, I wrote about a new
trend called warchalking. As you know, warchalking is the act of
marking buildings in the vicinity of wireless networks. The idea is to
provide a visual clue indicating the presence of wireless networks so
that people can obtain a free Internet connection. Warchalkers use
distinctive markings and include information about bandwidth and
various connection perimeters.
   http://www.secadministrator.com/articles/index.cfm?articleid=26207

The trend is catching on, so much so that, according to VNU Business
Publications, the Federal Bureau of Investigation (FBI) recently
issued an unofficial warning that businesses should check the security
of their wireless LAN (WLAN) equipment to ensure that adequate
security is in place.
   http://www.vnunet.com/news/1134451

Recently, I learned about a new Internet site, NetStumbler.com, that
aids users in identifying and locating WLANs around the country. Among
other features, the site hosts a national map that shows cities that
have open WLANs and a searchable database that helps users query for
information about specific locations.
   http://www.netstumbler.com

NetStumbler.com also hosts a downloadable program called NetStumbler
that lets users investigate a given WLAN's security. Security
administrators can use it to test their sites. Anyone can download a
copy (291KB) at the first URL below. According to the Web site,
"NetStumbler is a Windows tool that allows you to [scan for] 802.11b
(and 802.11a, if using Windows XP) wireless LANs. It includes [global
positioning satellite (GPS)] integration and a simple, intuitive user
interface. Though primarily targeted at owners of wireless LANs, it
has been the de facto tool for casual users such as war drivers for
over a year." The tool apparently even won a "PC Magazine" award
earlier this year (see the second URL below), which named the tool its
favorite innovative networking technology in the wireless software
category.
   http://www.netstumbler.com/download.php?op=getit&lid=22
   http://www.pcmag.com/article2/0,4149,3666,00.asp

NetStumbler runs on Windows 2000, Windows 98, and Win95 but doesn't
work yet on Windows XP, Windows NT 4.0, or Windows Me. To see what it
was like, I downloaded a copy and installed the tool. NetStumbler has
a typical GUI, lets you choose a wireless NIC to use for scanning, and
has scripting capabilities. After you've scanned an area and
discovered WLANs, you can save the NetStumbler output and upload it to
the NetStumbler.com Web site, where an application on the Web site
converts it to Microsoft MapPoint 2002-compatible output. The process
helps you plot WLAN points on a graphical map.
   http://www.microsoft.com/mappoint/overview.htm

With resources such as NetStumbler and NetStumbler.com freely
available, you should definitely take time to ensure that your WLAN
security is adjusted to permit only authorized users access--unless
you want to intentionally leave it open and available to anyone. The
bottom line is that if you run a wireless network, you must keep it
secure. If you don't, expect that someone will identify your network,
chalk it up, and possibly submit it to the NetStumbler.com Web
site--where everyone can find it quickly. For information about
securing your WLANs, read Allen Jones' article, "Securing 802.11
Wireless Networks" (see the first URL below) and Paul Thurrott's
article "Securing Your Wireless Networks" (see the second URL below).
   http://www.secadministrator.com/articles/index.cfm?articleid=24873
   http://www.secadministrator.com/articles/index.cfm?articleid=24521

~~~~~~~~~~~~~~~~~~~~

~~~~ SPONSOR: EXCHANGE & OUTLOOK ADMINISTRATOR WEB SITE ~~~~
  GOT A MESSAGING PROBLEM YOU CAN'T SEEM TO FIX?
   Visit our Exchange & Outlook Administrator Web site for news,
articles, discussion forums, FAQs, and technical solutions in one,
easy-to-navigate Web site. While you're there, check out the helpful
article "Common .pst File Questions" at
   http://www.exchangeadmin.com/articles/index.cfm?articleid=24017
   http://list.winnetmag.com/cgi-bin3/flo?y=eNMf0CJgSH0CBw023p0A7

~~~~~~~~~~~~~~~~~~~~

2. ==== SECURITY RISKS ====
   (contributed by Ken Pfeil, ken () winnetmag com)

* DIGITAL CERTIFICATE DELETION VULNERABILITY IN WINDOWS
   A vulnerability exists in all versions of Windows that could let a
potential attacker delete digital certificates located on a vulnerable
system. This vulnerability results from a flaw in the Certificate
Enrollment Control ActiveX control that Windows uses to submit and
store Public-Key Cryptography Standards (PKCS) #10-compliant
certificate requests in the user's local certificate store. An
attacker who successfully exploits the vulnerability could corrupt
trusted root certificates, Encrypting File System (EFS) encryption
certificates, email-signing certificates, and any other certificates
on the vulnerable system. Microsoft has released Security Bulletin
MS02-048 (Flaw in Certificate Enrollment Control Could Allow Deletion
of Digital Certificates) to address this vulnerability and recommends
that affected users immediately download and apply the patch that the
bulletin mentions.
   http://www.secadministrator.com/articles/index.cfm?articleid=26481

3. ==== ANNOUNCEMENTS ====
   (brought to you by Windows & .NET Magazine and its partners)

* MARK MINASI AND PAUL THURROTT ARE BRINGING THEIR SECURITY EXPERTISE
TO YOU!
   Windows & .NET Magazine Network Road Show 2002 is coming this
October to New York, Chicago, Denver, and San Francisco!  Industry
experts Mark Minasi and Paul Thurrott will show you how to shore up
your system's security and what desktop security features are planned
for Microsoft .NET and beyond. Sponsored by NetIQ, Microsoft, and
Trend Micro. Registration is free, but space is limited so sign up
now!
   http://list.winnetmag.com/cgi-bin3/flo?y=eNMf0CJgSH0CBw03lK0AT

* THE SECURITY SOLUTIONS YOU'VE BEEN SEARCHING FOR!
   Our popular Interactive Product Guides (IPGs) are online catalogs
of the hottest vendor solutions around. Our latest IPG highlights the
security solutions and services that will help you protect your data
and your network before disaster strikes. Check it out at:
   http://list.winnetmag.com/cgi-bin3/flo?y=eNMf0CJgSH0CBw04VJ0A6

4. ==== SECURITY ROUNDUP ====

* NEWS: MICROSOFT SETTLES WITH THE FTC OVER .NET PASSPORT
   Within the scope of Microsoft's wider antitrust problems, the
company's recent settlement with the Federal Trade Commission (FTC)
regarding privacy concerns with the Microsoft .NET Passport service
might not rate as dramatic news. But by admitting that it hasn't done
enough to respect and protect users' privacy, Microsoft ultimately
will better serve its customers and engender trust in a service that
so far hasn't been a success.
   http://www.secadministrator.com/articles/index.cfm?articleid=26425

* FEATURE: INTRODUCING UDDI 3.0: SUPPORT FOR DIGITAL SIGNATURES
   In the August 8 issue of .NET UPDATE, Christa Anderson started
looking at the new features in Universal Description, Discovery, and
Integration (UDDI) 3.0. In this column, Christa discusses UDDI's new
support for digital signatures. Digital signature use has a twofold
purpose. First, by signing data in a UDDI registry, publishers of the
data can be sure that they can't be impersonated. Second, users of
digitally signed data in a registry can be sure that the identified
publisher of the data is genuine and that the data hasn't changed
since it was published. Support for digital signatures lets anyone who
queries a UDDI registry view only entities that have been digitally
signed.
   http://www.secadministrator.com/articles/index.cfm?articleid=26427

5. ==== HOT RELEASES (ADVERTISEMENTS) ====

* FREE SECURITY ASSESSMENT TOOL
   Aelita InTrust(TM) closes the gap between policy and IT
infrastructure, simplifying your regulatory compliance efforts. HIPAA?
Gramm-Leach-Bliley? BS7799/ISO17799? Let Aelita provide your
compliance solution. Start with our FREE security assessment tool:
Aelita InTrust Audit Advisor!
   http://list.winnetmag.com/cgi-bin3/flo?y=eNMf0CJgSH0CBw04Wd0AY

* PREVENT THE 7 DEADLY CLASSES OF NETWORK ATTACK
   Taking down a webserver for patching is never convenient. A new
offering by eEye Digital Security enables you to prevent attacks by
known and unknown IIS vulnerabilities -- even when you don't have time
to patch.
   Free whitepaper & free trial downloads at:
   http://list.winnetmag.com/cgi-bin3/flo?y=eNMf0CJgSH0CBw04We0AZ

6. ==== INSTANT POLL ====

* RESULTS OF PREVIOUS POLL: BIOMETRIC SCANNERS
      The voting has closed in Windows & .NET Magazine's Security
Administrator Channel nonscientific Instant Poll for the question,
"Which of the following types of biometric scanners are currently in
use on your network?" Here are the results (+/- 2 percent) from the
279 votes:
   -  10% Fingerprint
   -   3% Retina
   -   1% Facial
   -   3% Two or more of the above
   -  84% None of the above

* NEW INSTANT POLL: WARCHALKING
   The next Instant Poll question is, "Has your wireless network been
warchalked?" Go to the Security Administrator Channel home page and
submit your vote for a) Yes, b) No, or c) I'm not sure.
   http://www.secadministrator.com

7. ==== SECURITY TOOLKIT ====

* VIRUS CENTER
   Panda Software and the Windows & .NET Magazine Network have teamed
to bring you the Center for Virus Control. Visit the site often to
remain informed about the latest threats to your system security.
   http://www.secadministrator.com/panda

* FAQ: HOW CAN I EASILY VIEW WHICH COOKIES ARE STORED ON MY MACHINE?
   ( contributed by John Savill, http://www.windows2000faq.com )

A. NirSoft has released IECookiesView, a free utility you can download
from Simtel.net that lets you easily view cookies on your machine,
check the values within the cookies, and delete those values. To view
the contents of a cookie, you simply select the cookie in the GUI, and
to delete a cookie, you press Delete and click Yes to confirm.
   http://www.simtel.net/pub/pd/59299.html

* EVENT HIGHLIGHT: SECURITY STRATEGY WORKSHOP
   September 16 through 20, 2002
   Redmond, Washington

   September 30 through October 4, 2002
   Boston, Massachusetts

NetIQ offers hands-on 1-day workshops in which you can learn to
identify threats, assess security problems, outline a security
strategy, and then strengthen a network in a controlled lab setting.
You can attend the Digital Crime Prevention Labs workshops for $499
per person. For more information, go to
   http://www.netiq.com/events/seminars/digitalcrimeprevention/default.asp

8. ==== NEW AND IMPROVED ====
   (contributed by Judy Drennen, products () winnetmag com)

* END-TO-END SECURITY SOLUTION FOR WLANS
   Funk Software announced Odyssey, an end-to-end 802.1x security
solution that lets users securely access wireless LANs (WLANs) and can
be widely deployed and managed across an enterprise network. Odyssey
includes client and server software and a protocol that a single user
can deploy from any machine that's compatible with existing
authentication databases and infrastructure. The solution runs on
Windows XP, Windows 2000, Windows Me, and Windows 98 and supports all
wireless adapter cards. Odyssey costs $2500, which includes the
Odyssey Server and 25 Odyssey Client licenses. Standalone licenses are
available for $50 each; quantity discounts are available. Contact Funk
Software at 1-617-497-6339 or 1-800-828-4146.
   http://www.funk.com

* FREEWARE ANTIPIRACY SOFTWARE PROGRAM
   The Trialware Professional Association (TPA) has released Crack
Killer, a freeware Windows program that lets software authors track
and report Web sites hosting cracks, serials, and pirated versions of
their software. Crack Killer uses a solid database engine that tracks
active and inactive pirated-software sites. Software vendors can use
this software to track sites that contain links to pirated versions of
their software. Crack Killer runs on Windows XP, Windows 2000, Windows
NT, Windows Me, and Windows 9x. Contact TPA at info () trialware org or
go to the Web site.
   http://www.trialware.org/crackkiller.html

* SUBMIT TOP PRODUCT IDEAS
   Have you used a product that changed your IT experience by saving
you time or easing your daily burden? Do you know of a terrific
product that others should know about? Tell us! We want to write about
the product in a future What's Hot column. Send your product
suggestions to whatshot () winnetmag com.

9. ==== HOT THREADS ====

* WINDOWS & .NET MAGAZINE ONLINE FORUMS
   http://www.winnetmag.com/forums

Featured Thread: Interpreting an Attack
   (One message in this thread)

A reader writes that he works at a client company that refuses to put
its Windows network behind a firewall. As a result, the company is the
target of many attacks. Below is an audit record from the Security log
of a Windows 2000 Server, which is a member server of a Windows NT 4.0
domain. PLS-HQ is the NT domain name and Monitor is the name of the
server. The reader said it looks to him as if the attacker has taken
the server name and added a dollar sign (Monitor$) and is using that
to gain access. He wants to know the nature of the exploit and how to
foil it.
   Event Type: Success Audit
   Event Source: Security
   Event Category: Account Management
   Event ID: 627
   Date: 8/29/2002
   Time: 9:02:40 AM
   User: NT AUTHORITY\SYSTEM
   Computer: MONITOR
   Description:
   Change Password Attempt:
   Target Account Name: TsInternetUser
   Target Domain: MONITOR
   Target Account ID: MONITOR\TsInternetUser
   Caller User Name: MONITOR$
   Caller Domain: PLS-HQ
   Caller Logon ID: (0x0,0x3E7)

Read the responses or lend a hand:
   http://www.winnetmag.com/forums/rd.cfm?cid=42&tid=45273

* HOWTO MAILING LIST
   http://www.secadministrator.com/listserv/page_listserv.asp?s=howto

Featured Thread: VIGILANTe's SecureScan NX Experience?
   (One message in this thread)

A reader wants to know whether anyone has hands-on experience with
VIGILANTe's SecureScan NX vulnerability-assessment tool. Read the
responses or lend a hand at the following URL:
   http://63.88.172.96/listserv/page_listserv.asp?a2=ind0208e&l=howto&p=195

10. ==== CONTACT US ====
   Here's how to reach us with your comments and questions:

* ABOUT IN FOCUS -- mark () ntsecurity net

* ABOUT THE NEWSLETTER IN GENERAL -- vpatterson () winnetmag com (please
mention the newsletter name in the subject line)

* TECHNICAL QUESTIONS -- http://www.winnetmag.com/forums

* PRODUCT NEWS -- products () winnetmag com

* QUESTIONS ABOUT YOUR SECURITY UPDATE SUBSCRIPTION? Customer
Support -- securityupdate () winnetmag com

* WANT TO SPONSOR SECURITY UPDATE? emedia_opps () winnetmag com

********************

   This email newsletter is brought to you by Security Administrator,
the print newsletter with independent, impartial advice for IT
administrators securing a Windows 2000/Windows NT enterprise.
Subscribe today!
   http://www.secadministrator.com/sub.cfm?code=saei25xxup

   Receive the latest information about the Windows and .NET topics of
your choice. Subscribe to our other FREE email newsletters.
   http://www.winnetmag.com/email

|-+-|-+-|-+-|-+-|-+-|

Thank you for reading Security UPDATE.

MANAGE YOUR ACCOUNT
   You can manage your entire Windows & .NET Magazine Network email
newsletter account on our Web site. Simply log on and you can change
your email address, update your profile information, and subscribe or
unsubscribe to any of our email newsletters all in one place.
   http://www.winnetmag.com/email

Thank you!




-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.