Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Windows & .NET Magazine Security UPDATE--July 16, 2003

From: InfoSec News <isn () c4i org>
Date: Thu, 17 Jul 2003 02:44:58 -0500 (CDT)
====================

==== This Issue Sponsored By ====

HP & Microsoft Network Storage Solutions Road Show
http://list.winnetmag.com/cgi-bin3/DM/y/eRm20CJgSH0CBw07cD0Az

====================

1. In Focus: Antispam Movement: Readers Respond

2. Security Risks
     - Buffer Overflow in XP SP1's Rundll32.exe
     - Buffer Overrun in Windows SMB
     - Buffer Overrun in Windows HTML Converter
     - Privilege-Elevation Vulnerability in Win2K

3. Announcements
     - Exchange 2003: Do You Plan to Migrate or Wait?
     - Find Your Next Job at Our IT Career Center

4. Security Roundup
     - News: One Last Follow-Up: The Future of Patch Management
     - News: Watch Out for the Scammers
     - Feature: Win2K SP4 Tightens Security for Programs and Services
 
5. Security Toolkit
     - Virus Center
     - FAQ: What's the Easiest Way to View the Contents of the Windows
       NT 4.0 SAM Database on a Remote Machine?

6. Event
     - New Active Directory Web Seminar!
 
7. New and Improved
     - Install a Not-So-Tiny Firewall
     - Replace Passwords with Biometrics
     - Submit Top Product Ideas

8. Hot Thread
     - Windows & .NET Magazine Online Forums
         - Featured Thread: Possible Attempt to Compromise Security

9. Contact Us
   See this section for a list of ways to contact us.

====================

==== Sponsor: HP & Microsoft Network Storage Solutions Road Show
====

   Missed the Network Storage Solutions Road Show?
   If you couldn't make the HP & Microsoft Network Storage Solutions
Road Show, you missed Mark Smith talking about Windows-Powered NAS,
file server consolidation, and more.  The good news is that you can
now view the Webcast event in its entirety at:
   http://list.winnetmag.com/cgi-bin3/DM/y/eRm20CJgSH0CBw07cD0Az

====================

==== 1. In Focus: Antispam Movement: Readers Respond ====
   by Mark Joseph Edwards, News Editor, mark () ntsecurity net

In last week's Security UPDATE commentary (see the URL below), I
discussed spam and presented some news stories that reveal the
tug-of-war taking place between lawmakers and companies whose
interests might be jeopardized in one way or another by various
proposals for legal solutions. Several readers wrote to share their
opinions about unsolicited email. I thank everyone who responded and
offer you some of those responses.
   http://www.secadministrator.com/articles/index.cfm?articleid=39554

Jay C. described his concerns about do-not-spam lists. Using such
lists might become cost-prohibitive for companies that rely on
unsolicited commercial email (UCE) to gain new business leads.
Legitimate small businesses rely on email advertising to help them
compete against large corporations. He believes that the opt-in
approach offers a better direction because it lets advertisers target
people who've indicated that they don't mind receiving the advertising
from a reputable source.

For example, when you sign up for newsletters from Windows & .NET
Magazine, you can choose whether you want to receive email from third
parties connected with the company. That's a responsible opt-in
policy, I think. However, some companies sell their email lists to
anyone who pays for them. You can help avoid such UCE messages by
looking for a privacy policy when vendors ask for your contact
information. Try to learn how they might use your information before
you provide it.

Steve W. wrote that he's concerned about the ever-increasing
sophistication of spammers, who continue to discover ways to get their
messages past spam filtering systems. Steve is also concerned about
the increasing amount of malicious software (malware) that email
messages help propagate, which affects many e-commerce companies,
including banks and supply chains. He thinks the best solution will be
authenticated email, the use of IP Security (IPSec), and encryption.
Steve points out that standards and applications to handle junk email
and address other privacy concerns will emerge because they're in
demand.

Pat M. wrote that identity management could help curb UCE. If email
were authenticated, taking action against abusers would be easier. Pat
also thinks that "truth in advertising" laws should apply to
advertising message subjects, which would make the email messages far
easier to filter.

George S. wrote, "You mentioned some possibilities for controlling
spam but left out the most important and effective one: Make spamming
a capital crime." I laughed because junk mail obviously aggravates
George. I also sympathize--but hope he was joking about the "capital
crime" designation.

Greg F. points out that a big problem with stopping spammers is that
many of them aren't located in the United States or in countries that
might take action against them. Furthermore, he points out that even
when an entity is found to have an open SMTP relay (or proxy for that
matter), you can't necessarily find someone to contact to close
it--because it's often difficult to determine exactly who was using a
given IP address. In addition, few people want to do the work to trace
a spammer who uses open relays and proxies--the work is tedious.

Bill P. points out that open proxies, open relays, and open Wi-Fi (the
802.11b wireless standard) networks contribute hugely to spam.
Tracking spammers who use such gateways is difficult but not
impossible. However, Bill acknowledges that sometimes even when you
successfully track a spammer to a given domain, you encounter another
problem in trying to identify the culprit: false domain registration
information.

Bill also notes that antispam legislation probably won't do much good
unless technological provisions back it up. For example, you'd have to
disable registrars who don't enforce accurate contact information;
disable domain names that contain inaccurate contact information;
disconnect any site that operates (knowingly or not) an open proxy,
mail relay, Wi-Fi network, or another device that spammers can use;
and cancel peering agreements between ISPs when an ISP is lax about
preventing spam. You would also need legal exceptions that would let
someone probe a mail-sending service to determine whether it's
spammer-friendly because it operates an open relay or proxy.
(Currently, people can be charged with a crime in some areas of the
country for simply probing a system without first getting permission
to do so.)

David Norris Carden sent me a copy of "Federal SPAM Legislation," a
paper that he wrote while working on his master's degree in
Information Security at Capella University. In the paper, he examined
various proposals for legislation. Of the eight proposals he analyzed,
he found that several would do little to mitigate the overall problem
of junk email. However, one stood out as having more preventive
measures than the rest: H.R. 2515, dubbed "The Anti-Spam Act of 2003."

If passed into law, the act would require email advertising to contain
a subject ID, adult-content ID, opt-out mechanism, valid return
address, and physical address. In addition, it would make false email
headers and subject lines illegal, restrict the harvesting of email
addresses, and let victims bring civil action against violators.

Norris's "Federal SPAM Legislation" paper is online (see the first URL
below); read it to learn more about antispam legislation. To read more
about H.R. 2515, visit the Spamlaws.com Web site (see the second URL
below).
   http://rasquel.com/security.htm
   http://www.spamlaws.com/federal/108hr2515.html

Spamlaws.com is a great place to review existing and proposed laws
from all over the world. You can drill down (e.g., to a given state)
to see the local issues. You can also look at case law, such as the
recent Intel versus Hamidi case in California. Check out the Web site
periodically; it's a great resource.
   http://www.spamlaws.com

==== 2. Security Risks ====
   contributed by Ken Pfeil, ken () winnetmag com

Buffer Overflow in XP SP1's Rundll32.exe
   Rick Patel has reported a buffer-overflow vulnerability in Windows
XP Service Pack 1's (SP1's) rundll32.exe file. Microsoft hasn't yet
responded to this problem.
   http://www.secadministrator.com/articles/index.cfm?articleid=39547

Buffer Overrun in Windows SMB
   Jeremy Allison and Andrew Tridgell discovered a new vulnerability
in Windows XP, Windows 2000, and Windows NT 4.0  that can result in
the execution of arbitrary code on the vulnerable computer. Microsoft
has released Security Bulletin MS03-024 (Buffer Overrun in Windows
Could Lead to Data Corruption) to address this vulnerability and
recommends that affected users immediately apply the patch mentioned
in the bulletin.
   http://www.secadministrator.com/articles/index.cfm?articleid=39558

Buffer Overrun in Windows HTML Converter
   Microsoft reported a new vulnerability in its HTML converter that
can result in the execution of arbitrary code on the vulnerable
computer. Microsoft has released Security Bulletin MS03-023 (Buffer
Overrun In HTML Converter Could Allow Code Execution) to address this
vulnerability and recommends that affected users immediately apply the
patch mentioned in the bulletin.
   http://www.secadministrator.com/articles/index.cfm?articleid=39557

Privilege-Elevation Vulnerability in Win2K
   Chris Paget of Next Generation Security Software (NGSSoftware)
discovered a new vulnerability in Windows 2000 that could result in
system compromise through privilege escalation. This vulnerability
stems from a flaw in the way Utility Manager handles Windows messages.
Microsoft has released Security Bulletin MS03-025 (Flaw in Windows
Message Handling through Utility Manager Could Enable Privilege
Elevation) to address this vulnerability and recommends that affected
users immediately apply the patch mentioned in the bulletin.
   http://www.secadministrator.com/articles/index.cfm?articleid=39559

==== 3. Announcements ====
   (from Windows & .NET Magazine and its partners)

Exchange 2003: Do You Plan to Migrate or Wait?
   Windows & .NET Magazine and Aelita Software would like to know
about your organization's plans to migrate to Exchange Server 2003.
Take our brief survey, "Windows & .NET Magazine: The State of Exchange
Migration," and sign up to receive a free white paper titled, "Upgrade
or Migrate? Deployment Options for Exchange 2000/2003." Give us your
feedback today!
   http://list.winnetmag.com/cgi-bin3/DM/y/eRm20CJgSH0CBw0BBLs0Ag

Find Your Next Job at Our IT Career Center
   Check out our new online career center, in which you can browse
current job openings, post your resume, and create automated
notifications to notify you when a job is posted that meets your
specifications. It's effective, it's private, and there's no charge. 
Visit today!
   http://list.winnetmag.com/cgi-bin3/DM/y/eRm20CJgSH0CBw0BBGS0A4

==== 4. Security Roundup ====

One Last Follow-Up: The Future of Patch Management
   Paul Thurrott discusses a few additional issues about patch
management. Included in the discussion are Windows Update, Automatic
Update, Software Update Services (SUS), Systems Management Server
(SMS), and future changes to the Windows OS that will affect patch
management in the Longhorn long run. Be sure to read the article to
learn what Microsoft is up to.
   http://www.winnetmag.com/windowsserver2003/index.cfm?articleid=39545
 
News: Watch Out for the Scammers
   SurfControl is warning users to use extra security precautions
against "brand spoofing," which is a tactic used to defraud people.
The technique involves scammers who send out mass email messages
hoping to lure people to fake Web sites that appear to be the Web
sites of legitimate companies.
   http://www.secadministrator.com/articles/index.cfm?articleid=39556
 
Feature: Win2K SP4 Tightens Security for Programs and Services
   Windows 2000 Service Pack 4 (SP4) introduces two new rights that
tighten Win2K's security model and make it compatible with Windows
Server 2003. To avoid problems with installed programs, you need to
understand how these new rights restrict previously allowed activity.
Learn about the new rights in Paula Sharick's article on our Web site.
   http://www.secadministrator.com/articles/index.cfm?articleid=39534

==== 5. Security Toolkit ====

Virus Center
   Panda Software and the Windows & .NET Magazine Network have teamed
to bring you the Center for Virus Control. Visit the site often to
remain informed about the latest threats to your system security.
   http://www.secadministrator.com/panda

FAQ: What's the Easiest Way to View the Contents of the Windows NT 4.0
SAM Database on a Remote Machine?
   contributed by Jan De Clercq, jan.declercq () hp com

A. You don't need remote control software; NT 4.0 User Manager
includes a feature that lets you connect to the NT 4.0 security
database of another domain or another machine. To connect to another
SAM, choose Select Domain from the User menu to open the Select Domain
dialog box. In this dialog box, you can select a domain or type the
name of a machine that isn't a domain controller (DC). If you type a
name, make sure that you precede it with two backslashes.

Select the Low Speed Connection check box if you want to connect to a
remote SAM over a connection with relatively low bandwidth (e.g., a
RAS connection). If you select this option, User Manager won't display
the list of users and groups stored in the remote SAM. You'll need to
use the options under User Manager's User menu to manage remote users
and groups. In addition, you won't be able to manage remote global
groups.

==== 6. Event ====

New Active Directory Web Seminar!
   Discover how to securely manage Active Directory in a multiforest
environment, establish attribute-level auditing without affecting AD
performance, and more! Space is limited--register today!
   http://list.winnetmag.com/cgi-bin3/DM/y/eRm20CJgSH0CBw0BAyl0AJ

==== 7. New and Improved ====
   by Sue Cooper, products () winnetmag com

Install a Not-So-Tiny Firewall
   Tiny Software released Tiny Firewall 5.0 Enterprise Edition,
software that now offers integrated security for the desktop and
server with a network firewall, intrusion prevention and detection,
files and registry access, and Windows resources control. As an
administrator, you can define the granularity of populating security
policies based on your organizational structure. You can create rules
for specific applications running under specific accounts and apply
them simultaneously on Windows Server 2003 and Windows XP/2000
computers. The intrusion detection and prevention modules are
signature-based and fully configurable down to the user level. Contact
Tiny Software at 408-919-7360 or on the company's Web site.
   http://www.tinysoftware.com

Replace Passwords with Biometrics
   SAFLINK announced that its new version of SAFsolution supports
Microsoft's new identity management product, Active Directory
Application Mode (ADAM) for the Windows Server 2003 environment.
Expected to ship this fall, the biometric security software lets you
tighten network security by replacing text passwords with an
authentication system that uses unique physical characteristics, such
as fingerprints, irises, voice patterns, and facial contours. It's
compatible with nearly 30 hardware devices and offers COM+ private
components, network load balancing, and COM+ application recycling.
Contact SAFLINK at 800-762-9595 or 425-278-1100.
   http://www.saflink.com

Submit Top Product Ideas
   Have you used a product that changed your IT experience by saving
you time or easing your daily burden? Do you know of a terrific
product that others should know about? Tell us! We want to write about
the product in a future What's Hot column. Send your product
suggestions to whatshot () winnetmag com.

==== 8. Hot Thread ====

Windows & .NET Magazine Online Forums
   http://www.winnetmag.com/forums

Featured Thread: Possible Attempt to Compromise Security
   (Ten messages in this thread)

A user on a network who runs Windows XP Professional with Service Pack
1 (SP1) and Microsoft Office XP with SP1 receives the following error
message in Microsoft Word when he attempts to browse a mapped network
drive on a Windows 2000 Server system:

"The system detected a possible attempt to compromise security. Please
ensure that you can contact the server that authenticated you"

The user can't access the server and is locked out. After the account
is unlocked, he manages to log on successfully. However, if he tries
to browse the file again, he's locked out again. Why does this happen,
and how can the problem be corrected? Lend a hand or read the
responses:
   http://www.winnetmag.com/forums/rd.cfm?cid=42&tid=55214

==== Sponsored Link ====

AutoProf
    Jerry Honeycutt Desktop Deployment Whitepaper
   http://list.winnetmag.com/cgi-bin3/DM/y/eRm20CJgSH0CBw0BBDo0AU

Sybari
    Learn about the new security features of Exchange 2003 -- FREE!
   http://list.winnetmag.com/cgi-bin3/DM/y/eRm20CJgSH0CBw0BBOG0Az

===================

==== 9. Contact Us ====

About the newsletter -- letters () winnetmag com
About technical questions -- http://www.winnetmag.com/forums
About product news -- products () winnetmag com
About your subscription -- securityupdate () winnetmag com
About sponsoring Security UPDATE -- emedia_opps () winnetmag com

====================
   This email newsletter is brought to you by Security Administrator,
the print newsletter with independent, impartial advice for IT
administrators securing Windows and related technologies. Subscribe
 today.
   http://www.secadministrator.com/sub.cfm?code=saei25xxup

Thank you!
__________________________________________________________
Copyright 2003, Penton Media, Inc.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.
Previous By Date Next
Previous By Thread Next

Current thread: