Security UPDATE, May 14, 2003

[InfoSec News <isn () c4i org>]

********************

Windows & .NET Magazine Security UPDATE--brought to you by Security
Administrator, a print newsletter bringing you practical, how-to
articles about securing your Windows Server 2003, Windows 2000, and
Windows NT systems.
   http://www.secadministrator.com

********************

~~~~ THIS ISSUE SPONSORED BY ~~~~

Sygate
   http://list.winnetmag.com/cgi-bin3/DM/y/eQty0CJgSH0CBw0BAIK0AF

Research In Motion
   http://list.winnetmag.com/cgi-bin3/DM/y/eQty0CJgSH0CBw0BAIL0AG
   (below IN FOCUS)

~~~~~~~~~~~~~~~~~~~~

~~~~ SPONSOR: SYGATE ~~~~
   STOP INSTANT MESSAGING, MP3s AND MORE
   FREE GUIDE: Learn how "endpoint security" technology helps you put
an end to unwanted instant messaging, eliminate MP3s and other
unauthorized downloads, enforce anti-virus, firewalls, patches, and
other software updates, and improve the effectiveness of your existing
security infrastructure.
   Get a free guide from the enterprise security experts at Sygate and
discover how to enforce security policy across the entire network. For
your free copy, including white papers, product reviews, case studies,
audio interviews, and more, click here:
   http://list.winnetmag.com/cgi-bin3/DM/y/eQty0CJgSH0CBw0BAIK0AF 
~~~~~~~~~~~~~~~~~~~~

May 14, 2003--In this issue:

1. IN FOCUS
     - Email Onslaught: Canning Spam

2. SECURITY RISKS
     - DoS in MDG Web Server 4D Version 3.6.0
     - Multiple Vulnerabilities in Mirabilis ICQ Pro 2003a Client
     - Buffer-Overrun Vulnerability in Floosietek FTGatePro Mail
       Server 1.22

3. ANNOUNCEMENTS
     - Get the eBook That Will Help You Get Certified!
     - Cast Your Vote in Our Annual Readers' Choice Awards!

4. SECURITY ROUNDUP
     - News: Problems with Microsoft Security Patch and IIS
       Transactions
     - News: Microsoft Updates Security Patch for Windows TSE
     - Feature: Will a Fatal Bug Kill NT?

5. HOT RELEASE (ADVERTISEMENT)
     - Hewlett-Packard
 
6. INSTANT POLL
     - Results of Previous Poll: Cyber-Insurance
     - New Instant Poll: Managing Junk Mail

7. SECURITY TOOLKIT
     - Virus Center
     - FAQ: How Can I Add or Remove the IE Enhanced Security
       Configuration in Windows 2003?

8. NEW AND IMPROVED
     - Install All-in-One Security Suite
     - Scan for Viruses at Lightning Speed
     - Submit Top Product Ideas

9. HOT THREAD
     - Windows & .NET Magazine Online Forums
         - Featured Thread: Auditing Software for Win2K

10. CONTACT US
   See this section for a list of ways to contact us.

~~~~~~~~~~~~~~~~~~~~

1. ==== IN FOCUS ====
   (contributed by Mark Joseph Edwards, News Editor,
mark () ntsecurity net)

* EMAIL ONSLAUGHT: CANNING SPAM

Is everybody tired of junk email yet? Everyone but the spammers, I
think. Lately, people have dedicated much energy to ending unsolicited
commercial email (UCE). Some, though not all, of the traffic deserves
to be stopped. For example, you might want to receive unsolicited ads
from your favorite vendors. However, you might not want another
unsolicited ad for a cheap cable TV descrambler or another
guaranteed-get-rich-quick scheme.

At least one ISP has lashed back at a devious and corrupt spammer.
EarthLink won a judgment against a spammer to the tune of $16.4
million dollars. The perpetrator, Howard Carmack, of Buffalo, New York
("the Buffalo Spammer"), lied, cheated, and stole to get his spam out
the door. EarthLink said Carmack has sent over 825 million junk emails
since March 2002.

To cover his tracks, he and his associates stole credit cards, used
them to establish bogus Internet access accounts, performed bank
fraud, and presumably raked in loads of money in the process.
According to EarthLink, he favored sending out advertisements for
computer virus scripts, "work at home" and get-rich-quick schemes,
bulk email software and lists other spammers could use, and cable TV
descramblers. EarthLink is getting adept at chasing down spammers. In
1998, EarthLink won a $2-million-dollar judgment against Sanford
Wallace of Cyber Promotions and last year, a $25-million-dollar
judgment against KC Smith, whose operation purportedly generated more
than a billion pieces of junk mail.

But we need an easier way than litigation to stop spam. The Federal
Trade Commission (FTC) recently held a 3-day forum (see the first URL
below), April 30 through May 2, to discuss the proliferation of UCE.
The forum explored the technical, legal, and financial concerns
associated with such email. I don't have follow-up information about
the forum, but the FTC Web site has a page that offers tips about
preventing spam and reporting fraudulent advertisements (see the
second URL below).
   http://www.ftc.gov/opa/2003/02/spamforum.htm
   http://www.ftc.gov/bcp/conline/pubs/online/inbox.htm

One highlight of the forum was a proposal for a new standard, the
Trusted Email Open Standard (TEOS), designed to augment current SMTP
email technology to help prevent unwanted email from reaching users'
Inboxes. Various organizations, including the ePrivacy Group,
developed the TEOS draft proposal and published it in a white paper.
   http://2cobbs.com/spam/teos.html

Stephen Cobb, who worked on the proposal, outlined 10 basic points
that serve as a road map for understanding TEOS. Cobb said that the
nature of STMP-based email makes spam possible because it lets senders
lie about who they are to lure users into reading the email.

The TEOS approach tries to address matters of technology and human
behavior--while taking into consideration the legitimate ways people
use email. Any solution to spam should try to avoid requiring that
people replace the widely used SMTP-based mail servers and instead
enhance existing technologies. TEOS proposes that such enhancements
include a way for email senders to more reliably identify themselves.
Enhancements can let senders make assertions about messages (included
in SMTP message headers) so that mail servers know how to process
email. For example, a magazine could assert that the message contains
a user's copy of a newsletter.

TEOS also proposes including a "trust stamp" in messages. Trust stamps
would be encrypted and unique to an individual message. Mail servers
and users could use the stamps to verify whether a message sender is a
member in good standing of a "responsible email" organization. An
international oversight board would certify organizations.

Obviously, TEOS will work only if the proposal is widely accepted. If
it were adopted, TEOS would stop dishonest people from sending spam
because if senders lied about who they were and what their messages
contained, those messages wouldn't be delivered. It's a good plan that
makes sense.

Other solutions to junk mail add on to existing mail platforms. For
example, whitelist and blacklist solutions automate the process of
building lists of verified and unacceptable email senders.
Mail-filtering packages help trim the amount of received junk mail at
the gateway, and add-ons for mail clients trim junk at the desktop by
using virtual networks of people to identify and tag spam as it
travels the Internet.

One irony about this push to stamp out junk mail is that we still
often overlook paper-based junk mail. People everywhere still receive
reams of unsolicited paper mail. By now, each of us has probably
received enough pizza coupons in the mail to wallpaper an entire
college dormitory. Countless others and I toss those ads straight into
the trash along with reams of other unwanted paper junk mail. Should
the fact that we haven't solved the paper junk-mail problem serve as a
warning about the difficulties to be encountered in ending spam? Naah.
Cyberspace is different.

~~~~~~~~~~~~~~~~~~~~

~~~~ SPONSOR: RESEARCH IN MOTION ~~~~
   NEW BLACKBERRY SECURITY WHITE PAPER
   Prevent wireless handhelds from compromising your enterprise
security! Download the BlackBerry Security White Paper for Microsoft
Exchange and learn how the BlackBerry security architecture addresses
data encryption, corporate firewalls, lost devices, and other critical
security concerns.
   http://list.winnetmag.com/cgi-bin3/DM/y/eQty0CJgSH0CBw0BAIN0AI

~~~~~~~~~~~~~~~~~~~~

2. ==== SECURITY RISKS ====
   (contributed by Ken Pfeil, ken () winnetmag com)

* DoS IN MDG WEB SERVER 4D VERSION 3.6.0
   Tom Ferris discovered a Denial of Service (DoS) vulnerability in
MDG Computer Services' MDG Web Server 4D 3.6.0 that can result in the
execution of arbitrary code on the vulnerable system. This
vulnerability stems from a buffer-overflow condition. By issuing a GET
/ request with 4096 caret brackets, a malicious user can cause the Web
server to crash with a runtime error. MDG has not yet responded to
this problem.
   http://www.secadministrator.com/articles/index.cfm?articleid=38978

* MULTIPLE VULNERABILITIES IN MIRABILIS ICQ PRO 2003A CLIENT
   Core Security Technologies discovered six new vulnerabilities in
Mirabilis' ICQ Pro 2003a and earlier clients, the most serious of
which can result in the execution of arbitrary commands on the
vulnerable computer. These vulnerabilities range in severity from
Denial of Service (DoS) to remotely exploitable buffer overflows. For
a detailed analysis of each of these vulnerabilities, go to the
discoverer's Web site. The vendor has not yet responded to these
vulnerabilities.
   http://www.secadministrator.com/articles/index.cfm?articleid=38976

* BUFFER-OVERRUN VULNERABILITY IN FLOOSIETEK FTGATEPRO MAIL SERVER
1.22
   Dennis Rand discovered a vulnerability in FTGatePro Mail Server
1.22 (build 1328) that can result in the execution of arbitrary code
on the vulnerable system. This vulnerability stems from a
buffer-overflow condition. If an attacker sends a large amount of code
into the MAIL FROM and the RCPT TO fields, the buffer will overflow.
Using carefully crafted code, the attacker can use system privileges
to execute arbitrary commands. Floosietek has released build 1330,
which isn't vulnerable to this condition.
   http://www.secadministrator.com/articles/index.cfm?articleid=38977

3. ==== ANNOUNCEMENTS ====
   (brought to you by Windows & .NET Magazine and its partners)

* GET THE eBOOK THAT WILL HELP YOU GET CERTIFIED!
   The "Insider's Guide to IT Certification," from the Windows & .NET
Magazine Network, has one goal: to help you save time and money on
your quest for certification. Find out how to choose the best study
guides, save hundreds of dollars, and be successful as an IT
professional. The amount of time you spend reading this book will be
more than made up by the time you save preparing for your
certification exams. Order your copy today!
   http://list.winnetmag.com/cgi-bin3/DM/y/eQty0CJgSH0CBw06cX0Ab

* CAST YOUR VOTE IN OUR ANNUAL READERS' CHOICE AWARDS!
   Which companies and products are the best on the market? Tell us by
nominating your favorites in the annual Windows & .NET Magazine
Readers' Choice Awards survey. Click here!
   http://list.winnetmag.com/cgi-bin3/DM/y/eQty0CJgSH0CBw0zMs0Ao

4. ==== SECURITY ROUNDUP ====

* NEWS: PROBLEMS WITH MICROSOFT SECURITY PATCH AND IIS TRANSACTIONS
   Windows XP, Windows 2000, and Windows NT newsgroup users have been
discussing security patch problems. The discussions center around
problems with the Microsoft patch that Security Bulletin MS03-010
(Flaw in RPC Endpoint Mapper Could Allow Denial of Service Attacks)
describes. Russ Cooper posted a message to the NTBugTraq mailing list
summarizing the newsgroup discussion. Apparently, people who use
Microsoft IIS with COM+ have experienced Active Server Pages (ASP)
transaction processing problems after installing the patch. According
to Cooper, the problems are varied and disappear when users remove the
patch from affected systems or apply a private patch available from
Microsoft Product Support Services (PSS).
   http://www.secadministrator.com/articles/index.cfm?articleid=38975

* NEWS: MICROSOFT UPDATES SECURITY PATCH FOR WINDOWS TSE
   In December 2002, Microsoft released a patch for Windows NT Server
4.0, Terminal Server Edition (WTS) to correct problems with certain
message-handling functions. A problem in WTS let intruders elevate
privileges on a system. However, the patch installation routine that
installed the patch on Japanese versions of NT multiprocessor systems
contained a bug. The installation routine didn't copy the correct
binary files onto the system, and as a result, WTS would fail. The
installation error didn't affect users who installed the patch on
Windows XP and Windows 2000.
   http://www.secadministrator.com/articles/index.cfm?articleid=38901

* FEATURE: WILL A FATAL BUG KILL NT?
   Not too long ago, Microsoft released Security Bulletin MS03-010
(Flaw in RPC Endpoint Mapper Could Allow Denial of Service Attacks).
Mark Minasi wonders whether this flaw might lead not just to Denial of
Service (DoS) attacks but also to a "denial of existence" ultimatum
for Windows NT 4.0. Be sure to read the article to find out why.
   http://www.secadministrator.com/articles/index.cfm?articleid=38823&pg=1&show=937

5. ==== HOT RELEASE (ADVERTISEMENT) ====

* HEWLETT-PACKARD
   HP OpenView for Windows Test Drive
   Monitor the availability and performance of your corporate website
-- FREE for 30 days, using powerful HP OpenView management software
for Windows. Simulate activity. Monitor complex transactions. Meet
business demands. Manage web services. Click here.
   http://list.winnetmag.com/cgi-bin3/DM/y/eQty0CJgSH0CBw08fJ0AS

6. ==== INSTANT POLL ====
 
* RESULTS OF PREVIOUS POLL: CYBER-INSURANCE
   The voting has closed in Windows & .NET Magazine's Security
Administrator Channel nonscientific Instant Poll for the question,
"Does your company have cyber-insurance?" Here are the results from
the 85 votes. (Deviations from 100 percent are due to rounding.)
   -  6% Yes--We have it
   -  4% No--But we plan to obtain it
   - 25% No--We won't get it until it's required by law
   - 66% No
 
* NEW INSTANT POLL: MANAGING JUNK MAIL
   The next Instant Poll question is, "Does your company use junk-mail
filtering technologies?" Go to the Security Administrator Channel home
page and submit your vote for a) Yes--Whitelists, b) Yes--Blacklists,
c) Yes--Mail filters, d) Yes--Two or more of the above, or e) No.
   http://www.secadministrator.com

7. ==== SECURITY TOOLKIT ====

* VIRUS CENTER
   Panda Software and the Windows & .NET Magazine Network have teamed
to bring you the Center for Virus Control. Visit the site often to
remain informed about the latest threats to your system security.
   http://www.secadministrator.com/panda

* FAQ: How Can I Add or Remove the IE Enhanced Security Configuration
in Windows 2003?
   ( contributed by John Savill, http://www.windows2000faq.com )

A. Windows Server 2003 introduces the Microsoft Internet Explorer (IE)
Enhanced Security Configuration and enables this configuration by
default for all users and groups. This locked-down configuration
protects your computer from exposure on the Web by initially blocking
connections to most Web sites, although you can add any Web sites that
you regularly visit as part of a trusted zone. By default, the IE
Enhanced Security Configuration considers the Windows Update and Error
Reporting Web sites, and not much else, to be trusted sites.

To add or remove the Windows 2003 IE Enhanced Security Configuration
feature, perform the following steps:
   1. Start the Control Panel Add/Remove Programs applet.
   2. Click Add/Remove Windows Components in the left pane of the
dialog box.
   3. Scroll down to Internet Explorer Enhanced Security Configuration
and select the check box to activate the locked-down configuration or
clear the check box to deactivate the locked-down configuration.
   4. If you're enabling the locked-down configuration, click Details
to select the users to whom (e.g., administrator groups, all other
user groups) you want the policy to apply.
   5. Click Next, then follow the onscreen instructions to finish
configuring the settings.

8. ==== NEW AND IMPROVED ====
   (contributed by Sue Cooper, products () winnetmag com)

* INSTALL ALL-IN-ONE SECURITY SUITE
   NetWolves Technologies released the NetWolves Security Suite, a
combination hardware/software solution to maintain your network's
security. The WolfPac Security Platforms are hardware devices
available in two configurations--both with 3 Ethernet 10/100 interface
cards and housed in tamper-resistant, rack-mountable, 2U (3.5") steel
cases. Software included in the suite provides an Internet Computer
Security Association (ICSA)-certified firewall, an IP Security (IPSec)
and Inter Key Exchange (IKE)-compliant VPN, connectivity failover,
hardware failover, dynamic VPN routing, intrusion detection, content
filtering, antivirus, Net Metrics to measure performance parameters, a
split proxy, a mail server/gateway, an Apache Web server, and file
sharing. Software also provides logging, reporting, and archiving
features in a browser-based management interface. Managed security
services include monitoring and notification, management and
configuration, and security policy management. Contact NetWolves
Technologies at 813-286-8644 or sales () netwolves com.
   http://www.netwolves.com

* SCAN FOR VIRUSES AT LIGHTNING SPEED
   Eset Software announced NOD32 2.0, virus detection software that
uses advanced heuristic technology and professes to scan at twice the
speed of the next-best product on the market. Improvements include a
fully integrated planner/scheduler, an improved email filter, a
quarantine feature, better on-demand scanning, central log management,
and an installation program written in XML. NOD32 2.0 supports Windows
XP/2000/NT/Me/9.x, MS-DOS, UNIX, Novell, Lotus Domino Server,
Microsoft Exchange Server, and Kerio MailServer. Prices start at $39
for a 1-user license or $170 for a 5-user license. Contact Eset
Software at 619-437-7037 or sales () nod32 com.
   http://www.nod32.com

* SUBMIT TOP PRODUCT IDEAS
   Have you used a product that changed your IT experience by saving
you time or easing your daily burden? Do you know of a terrific
product that others should know about? Tell us! We want to write about
the product in a future What's Hot column. Send your product
suggestions to whatshot () winnetmag com.

9. ==== HOT THREAD ====

* WINDOWS & .NET MAGAZINE ONLINE FORUMS
   http://www.winnetmag.com/forums

Featured Thread: Auditing Software for Win2K
   (Two messages in this thread)

A user writes that he wants to monitor his users' logon and logoff
activity. He runs a small Windows 2000 domain and all of his users run
Windows XP. He's familiar with the capabilities that let the domain
controller (DC) generate audits in the Event Viewer under the Security
log. He's looking for an interface that will let him see when users
log on and log off and generate an easy-to-understand report for the
company's owner. Currently, he must look at each event in Event Viewer
to determine who's responsible for that event. He wonders whether
Win2K has a feature that can accomplish the task, but he would also
appreciate recommendations for any third-party software tool that
would work well. Lend a hand or read the responses:
   http://www.winnetmag.com/forums/rd.cfm?cid=42&tid=58457

10. ==== CONTACT US ====
   Here's how to reach us with your comments and questions:

* ABOUT IN FOCUS -- mark () ntsecurity net

* ABOUT THE NEWSLETTER IN GENERAL -- letters () winnetmag com (please
mention the newsletter name in the subject line)

* TECHNICAL QUESTIONS -- http://www.winnetmag.com/forums

* PRODUCT NEWS -- products () winnetmag com

* QUESTIONS ABOUT YOUR SECURITY UPDATE SUBSCRIPTION? Customer
Support -- securityupdate () winnetmag com

* WANT TO SPONSOR SECURITY UPDATE? emedia_opps () winnetmag com

********************
   This email newsletter is brought to you by Security Administrator,
the print newsletter with independent, impartial advice for IT
administrators securing a Windows 2000/Windows NT enterprise.
Subscribe today!
   http://www.secadministrator.com/sub.cfm?code=saei25xxup

   Receive the latest information about the Windows and .NET topics of
your choice. Subscribe to our other FREE email newsletters.
   http://www.winnetmag.com/email

|-+-|-+-|-+-|-+-|-+-|

Thank you for reading Security UPDATE.

MANAGE YOUR ACCOUNT
   You can manage your entire Windows & .NET Magazine Network email
newsletter account on our Web site. Simply log on and you can change
your email address, update your profile information, and subscribe or
unsubscribe to any of our email newsletters all in one place.
   http://www.winnetmag.com/email

Thank you!
__________________________________________________________
Copyright 2003, Penton Media, Inc.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.