Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Windows & .NET Magazine Security UPDATE--June 4, 2003

From: InfoSec News <isn () c4i org>
Date: Thu, 5 Jun 2003 03:40:32 -0500 (CDT)
====================

==== This Issue Sponsored By ====

TNT Software
http://list.winnetmag.com/cgi-bin3/DM/y/eREo0CJgSH0CBw07mN0Ag

Panda Software
http://list.winnetmag.com/cgi-bin3/DM/y/eREo0CJgSH0CBw0BAft0AT 

====================

1. In Focus: Cybercrime; Microsoft Hotfix; Eliminating Spam

2. Security Risks
     - Multiple Vulnerabilities in Microsoft IIS
     - DoS in Microsoft WMS for Win2K and NT
     - Buffer Overrun in AnalogX Proxy Server for Windows
     - Remote Compromise Vulnerability in BadBlue Personal File
       Sharing Program

3. Announcements
     - Cast Your Vote in Our Annual Readers' Choice Awards!
     - Windows & .NET Magazine Connections: Fall Dates Announced

4. Security Roundup
     - News: Magazine Announces Best of Show Finalists
     - News: TrustZone Added to ARM Processor Architecture
     - News: HP Releases New Systems with Chip-Based Security

5. Security Toolkit
     - Virus Center
     - FAQ: Why Can't Some of Our Users Change Their Passwords?

6. Event
     - Security 2003 Road Show

7. New and Improved
     - Set a Trap for Intruders
     - Protect AD from Rogue Administrators
     - Submit Top Product Ideas

8. Hot Thread
     - Windows & .NET Magazine Online Forums
         - Featured Thread: Security Rights for Laptop Users

9. Contact Us
   See this section for a list of ways to contact us.

====================

==== Sponsor: TNT Software  ====

   Experience the Benefits of Real Time Monitoring
   Poring over event records after the fact? Are undetected DoS
attacks a constant threat? Could unauthorized webmasters take artistic
liberties to your homepage without you knowing about it? There is an
affordable solution. ELM Enterprise Manager monitors your security
perimeter and alerts you by page, email, or instant message in time to
take prompt action. Download your FREE full featured 30 Day evaluation
copy NOW and start experiencing the benefits for real time monitoring.
http://list.winnetmag.com/cgi-bin3/DM/y/eREo0CJgSH0CBw07mN0Ag


====================

==== 1. In Focus: Cybercrime; Microsoft Hotfix; Eliminating Spam ====
   by Mark Joseph Edwards, News Editor, mark () ntsecurity net

The Computer Security Institute (CSI) released the "2003 Computer
Crime and Security Survey," its eighth annual report conducted in
association with the FBI. The report shows that despite shifts in
trends, cybercrime remains a serious problem, as you well know.

Highlights from the report show that financial losses from security
breaches have dropped by about 56 percent. Last year, respondents
reported losses of about $455,848,000; this year, respondents reported
losses of about $201,797,340. However, though financial losses
dropped, roughly the same number of incidents occurred.

The report indicates a huge drop in losses from financial fraud, the
most costly security problem. Last year, losses totaled $116 million;
this year, losses totaled about $9.1 million. The largest losses came
through the theft of proprietary information, with respondents
reporting an average loss of about $2.7 million. For the second most
costly security problem, however, Denial of Service (DoS) attacks,
losses increased about 250 percent--to more than $65.6 million.

According to CSI Director Chris Keating, "The trends the CSI/FBI
survey has highlighted over the years are disturbing. [Cybercrimes]
and other information security breaches are widespread and diverse.
Fully 92 percent of respondents reported attacks; furthermore, such
incidents can result in serious damages ... Clearly, more must be done
in terms of adherence to sound practices, deployment of sophisticated
technologies, and most importantly adequate staffing and training of
information security practitioners in both the private sector and
government." If you want to see the complete survey results, you can
obtain a copy by submitting a request form at the CSI Web site.
   http://www.gocsi.com/forms/fbi/pdf.html

Microsoft Hotfix
   Speaking of cyber attacks, you're probably aware that Microsoft has
released a new security bulletin, MS03-019 (Flaw in ISAPI Extension
for Windows Media Services Could Cause Code Execution). According to
Microsoft, the problem affects Windows 2000 and Windows NT systems.
The company initially rated the problem's severity as "moderate,"
noting that the DoS would lead to the server rebooting itself.

However, Mark Maiffret of eEye Digital Security pointed out that
according to his company's tests as well as the tests that
vulnerability discoverer Brett Moore conducted, the problem is far
more serious than Microsoft first indicated. The tests show that the
problem isn't simply a Denial of Service (DoS) issue. According to
Maiffret, "If you're running Windows Media Services on IIS, attackers
can spawn a remote shell command prompt on your vulnerable system."
Microsoft has modified the vulnerability rating to "important" and
re-released its related security bulletin. Administrators should patch
their systems soon as possible to avoid having an intruder running
rampant through a remote command shell.

Eliminating Spam
   Because I've mentioned junk mail recently, I want to share a couple
of my experiences in "taking out the trash." I run a mail server with
a good built-in filtering subsystem. Typically, I receive anywhere
from several hundred messages per day (weekdays) to 50 messages per
day (weekend days). On average, my basic filters can eliminate at the
gateway about 30 percent of the junk mail that I receive. But that's
simply not effective enough.

I've found that if I relay my email messages through a server running
a Bayesian filtering system, I can eliminate more than 95 percent of
the junk mail once destined for my Inbox. For details about Bayesian
filtering, visit Paul Graham's Web site, on which you'll find several
excellent articles.
   http://www.paulgraham.com/articles.

Several Bayesian filtering systems are commercially available today.
However, because many of you are under serious budget constraints, you
might need a shareware solution. The shareware filtering solution I
use now is SpamAssassin, which many of you already know and use.
Although SpamAssassin was developed for Linux platforms (see the first
URL below), you can install it on Win32-based systems. (You can also
integrate it into Microsoft Outlook, Lotus Notes, and Novell
GroupWise.) For details about how to use SpamAssassin on Win32
platforms, see the second URL below. Because Windows users typically
prefer a GUI interface to handle configuration, check into the
Windows-based GUI configuration interface for SpamAssassin (see the
third URL below). SpamAssassin can probably also be integrated to work
with Microsoft Exchange Server, but I haven't come across exact
details. If you can direct me to such information, please send me an
email message.
   http://www.spamassassin.org
   http://www.openhandhome.com/howtosa.html
   http://www.openhandhome.com/saconf.html

SpamAssassin has many slick features, such as automatic learning for
whitelist creation. As with all junk-mail filtering software, you'll
have to tweak the parameters to suit your mail influx. After a few
days of use, you should be able to filter out 95 percent or more of
the junk mail you receive. So if you need a cheap way to deal with
junk mail and you have time to spend on such a project, be sure to
check out SpamAssassin.

====================

==== Sponsor: Panda Software ====

   YOU DESERVE FREE PROTECTION AT HOME! Tired of spending up to $50 on
AV and firewall licenses every year for each machine in your home?
Qualify on our industry perks program and never pay again! (Cover all
of your home machines too - for free.). You'll get Panda Software's
professional AV + firewall, the one that catches More Viruses,
Faster(tm), even on machines you thought were protected! (Limited
time, US-only program for qualified entrants only.)
   Click here now:
   http://list.winnetmag.com/cgi-bin3/DM/y/eREo0CJgSH0CBw0BAft0AT


====================

==== 2. Security Risks ====
   contributed by Ken Pfeil, ken () winnetmag com

Multiple Vulnerabilities in Microsoft IIS
   SPI Dynamics and NSFOCUS discovered four new vulnerabilities in
Microsoft IIS 5.1, IIS 5.0, and IIS 4.0, the most serious of which can
result in the execution of arbitrary code on the vulnerable system. A
cross-site scripting vulnerability affecting IIS 5.1, IIS 5.0, and IIS
4.0 involves an error message about the redirection of a requested
URL. IIS 5.0's incorrect validation of requests for certain types of
Web pages, known as server-side includes, results in a buffer overrun.
A flaw in the way IIS 5.0 and IIS 4.0 allocate memory requests when
constructing headers to be returned to a Web client results in a
Denial of Service (DoS) vulnerability. IIS 5.1 and IIS 5.0's incorrect
handling of an error condition when they receive an overly long Web
Distributed Authoring and Versioning (WebDAV) request also results in
a DoS vulnerability. Microsoft has released Security Bulletin MS03-018
(Cumulative Patch for Internet Information Service) to address these
vulnerabilities and recommends that affected users immediately apply
the appropriate patch mentioned in the bulletin.
   http://www.secadministrator.com/articles/index.cfm?articleid=39122

DoS in Microsoft WMS for Win2K and NT
   Brett Moore discovered a new vulnerability in Microsoft Windows
Media Services (WMS) for Windows 2000 and Windows NT that can result
in a Denial of Service (DoS) condition. This vulnerability stems from
a flaw in the way nsiislog.dll processes incoming requests. An
attacker can exploit this vulnerability by sending specially formed
communications to the server that cause Microsoft IIS to stop
responding to Internet requests. Microsoft has released Security
Bulletin MS03-019 (Flaw in ISAPI Extension for Windows Media Services
Could Cause Code Execution) to address this vulnerability and
recommends that affected users apply the appropriate patch mentioned
in the bulletin.
   http://www.secadministrator.com/articles/index.cfm?articleid=39123

Buffer Overrun in AnalogX Proxy Server for Windows
   K. K. Mookhey discovered a vulnerability in AnalogX Proxy 4.13 and
earlier that can result in the execution of arbitrary code on the
vulnerable system. This vulnerability stems from a buffer-overflow
condition. AnalogX has released version 4.14, which isn't vulnerable
to this condition.
   http://www.secadministrator.com/articles/index.cfm?articleid=39121

Remote Compromise Vulnerability in BadBlue Personal File Sharing
Program
   Matt Murphy discovered a vulnerability in BadBlue Web Based File
Sharing Program Personal Edition 1.7 through 2.2 that can let an
attacker gain full administrative control of the vulnerable system.
This vulnerability is partially the result of the software performing
two security checks (i.e., binary replacement of the first two
characters in the requested file extension and the requirement that
requests to access .hts files be submitted by 127.0.0.1 and contain a
proper 'Referer' header) in the wrong order. BadBlue has released
version 2.3, which isn't vulnerable to this condition.
   http://www.secadministrator.com/articles/index.cfm?articleid=39092

==== 3. Announcements ====
   (from Windows & .NET Magazine and its partners)

Cast Your Vote in Our Annual Readers' Choice Awards!
   Which companies and products are the best on the market? Tell us by
nominating your favorites in the annual Windows & .NET Magazine
Readers' Choice Awards survey. Click here!
   http://list.winnetmag.com/cgi-bin3/DM/y/eREo0CJgSH0CBw0zMs0As

Windows & .NET Magazine Connections: Fall Dates Announced
   Jump-start your fall 2003 training plans by securing your seat for
Windows & .NET Magazine Connections Fall, scheduled for November 2
through 6, 2003, in Orlando, Florida. Register now to receive the
lowest possible registration fee. Call 800-505-1201 or 203-268-3204
for more information.
   http://list.winnetmag.com/cgi-bin3/DM/y/eREo0CJgSH0CBw0qSH0A7

==== 4. Security Roundup ====

News: Magazine Announces Best of Show Finalists
   Windows & .NET Magazine announced the finalists of the Best of Show
Awards for TechEd 2003, which is being held June 1 through June 6 in
Dallas. The field included more than 211 entries in seven categories.
The Best of Show judges, who are technical editors for Windows & .NET
Magazine, will choose the winners during TechEd 2003. Windows & .NET
Magazine will announce the winners at a private function on Wednesday,
June 4. The list of winners will be publicly available on Thursday,
June 5.
   http://www.secadministrator.com/articles/index.cfm?articleid=39086

News: TrustZone Added to ARM Processor Architecture
   British chipmaker ARM announced its new TrustZone technology, which
the company will add to its ARM processor architecture to provide a
secure foundation for OSs and applications such as Palm OS, Symbian
OS, Linux, Windows CE, and Java.
   http://www.secadministrator.com/articles/index.cfm?articleid=39108

News: HP Releases New Systems with Chip-Based Security
   Hewlett-Packard (HP) has released its new ProtectTools Embedded
Security chip in its line of D530 series motherboards for business
computers. The new chip, called Trusted Platform Module (TPM),
operates independently of other system components such as the
processor, memory, and OS. According to HP, TPM will enhance file and
folder encryption in Microsoft OSs.
   http://www.secadministrator.com/articles/index.cfm?articleid=39095

Hot Release
Research in Motion
   * BlackBerry Security White Paper for Microsoft Exchange
   Download this free technical white paper now from Windows & .NET
Magazine's White Paper Central. Brought to you courtesy of Research in
Motion.
   http://ad.doubleclick.net/clk;5580710;7402808;g?http://www.blackberry.com/select/server_wp/index.shtml?CPID=AF22037

==== 5. Security Toolkit ====

Virus Center
   Panda Software and the Windows & .NET Magazine Network have teamed
to bring you the Center for Virus Control. Visit the site often to
remain informed about the latest threats to your system security.
   http://list.winnetmag.com/cgi-bin3/DM/y/eREo0CJgSH0CBw0BAeo0AN

FAQ: Why Can't Some of Our Users Change Their Passwords?
   (contributed by Jan De Clercq, jan.declercq () hp com)

A. Sometimes users receive the error message "You do not have
permission to change your password." Upon investigation, you might
find that only the Administrator account could change the password.
Windows NT 4.0 displays this error message if both of the following
items are selected in the User Manager for Domains utility: "User Must
Change Password at Next Logon" in the user account properties and
"User must log on in order to change password" in the account
policies. The administrator can resolve this problem by resetting the
user account's password or by clearing the "User must log on in order
to change password" option. By default, NT Server 4.0 doesn't have the
"User must log on in order to change password" option selected. For
more information about these particular configuration settings, read
the explanation on our Web site.
   http://www.secadministrator.com/articles/index.cfm?articleid=25024

==== 6. Event ====

Security 2003 Road Show
   Join Mark Minasi and Paul Thurrott as they deliver sound security
advice at our popular Security 2003 Road Show event.
   http://list.winnetmag.com/cgi-bin3/DM/y/eREo0CJgSH0CBw07Kz0Aq

==== 7. New and Improved ====
   by Sue Cooper, products () winnetmag com

Set a Trap for Intruders
   NETSEC released SPECTER 7.0, honeypot software that now supports
Windows XP and can simulate 14 different OSs. New features include
automated online updates of the application's decoy content and
vulnerability database, which constantly changes the honeypot, making
it nearly impossible for an attacker to detect. SPECTER now creates
executable programs that leave hidden marks on the attacker's
computer. Law enforcement officials can use the marks as evidence for
legal proceedings and security incident reconstructors can use them to
reconstruct an incident. SPECTER 7.0 runs on Windows XP/2000. NETSEC
offers SPECTER 7.0 as a free upgrade to SPECTER 6.x and SPECTER 5.x
users. Prices start at $899 for initial purchases. Contact NETSEC on
the Web.
   http://www.specter.com

Protect AD from Rogue Administrators
   NetPro Computing announced DirectoryLockdown 2.0, a security
solution to mitigate Active Directory (AD) attacks. The software
monitors the Configuration and Schema Naming Contexts (NCs) of AD for
unauthorized changes. If it detects modifications made to NC replicas,
the software notifies you immediately and disables replication to and
from the domain controller (DC), completely shutting it down.
DirectoryLockdown 2.0 includes a recovery utility that lets you
quickly restore the DC. DirectoryLockdown 2.0 is available with
NetPro's Secure Active Directory Lifecycle Suite or as a standalone
product. Contact NetPro at 602-346-3600 or on the Web.
   http://www.netpro.com

Submit Top Product Ideas
   Have you used a product that changed your IT experience by saving
you time or easing your daily burden? Do you know of a terrific
product that others should know about? Tell us! We want to write about
the product in a future What's Hot column. Send your product
suggestions to whatshot () winnetmag com.

==== 8. Hot Thread ====

Windows & .NET Magazine Online Forums
   http://www.winnetmag.com/forums

Featured Thread: Security Rights for Laptop Users
   (Two messages in this thread)

A user writes that for security reasons his company wants to restrict
laptop users to the Power User and User groups. The problem he
encounters with that setup is that sometimes he sends users programs
that require Administrator rights to install. How he can accomplish
the software installations without granting the users Administrator
access or giving them the Administrator password? Lend a hand or read
the responses:
   http://www.winnetmag.com/forums/rd.cfm?cid=42&tid=58902

==== Sponsored Links ====

FaxBack
Integrate FAX into Exchange/Outlook (Whitepaper, ROI, Trial)
   http://list.winnetmag.com/cgi-bin3/DM/y/eREo0CJgSH0CBw0BAb30AK



====================

==== 9. Contact Us ====

About the newsletter -- letters () winnetmag com
About technical questions -- http://www.winnetmag.com/forums
About product news -- products () winnetmag com
About your subscription -- securityupdate () winnetmag com
About sponsoring Security UPDATE -- emedia_opps () winnetmag com

====================
   This email newsletter is brought to you by Security Administrator,
the print newsletter with independent, impartial advice for IT
administrators securing Windows and related technologies. Subscribe
 today.
   http://www.secadministrator.com/sub.cfm?code=saei25xxup

Thank you!
__________________________________________________________
Copyright 2003, Penton Media, Inc.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.
Previous By Date Next
Previous By Thread Next

Current thread: