Windows & .NET Magazine Security UPDATE--September 17, 2003

[InfoSec News <isn () c4i org>]

====================

==== This Issue Sponsored By ====

Shavlik HFNetChkPro Patch Management
   http://list.winnetmag.com/cgi-bin3/DM/y/ecoZ0CJgSH0CBw076e0Am

TNT Software
   http://list.winnetmag.com/cgi-bin3/DM/y/ecoZ0CJgSH0CBw0BCdH0AN

====================

1. In Focus: Digital Rights Management

2. Security Risks
     - Arbitrary Code Execution and Denial of Service in Microsoft
       RPCSS
     - Weak Authentication in SNMPc

3. Announcements
     - Active Directory eBook Chapter 4 Published!
     - New Web Seminars on Exchange, Active Directory, and More!

4. Security Roundup
     - News: Here We Go Again: Microsoft Issues New Security Fix
     - Feature: IIS Application Authentication Security
     - Feature: Readers' Choice Awards

5. Instant Poll
     - Results of Previous Poll: Rolling Out Service Packs
     - New Instant Poll: DRM Use

6. Security Toolkit
     - Virus Center
     - FAQ: How Do I Detect and Remove Remote Access Trojans?

7. Event
     - New--Mobile & Wireless Road Show!

8. New and Improved
     - Protect Small Offices from Online Risks
     - Secure Confidential Data
     - Tell Us About a Hot Product and Get a T-Shirt

9. Hot Threads
     - Windows & .NET Magazine Online Forums
         - Featured Thread: DoS Attack Defense
      - HowTo Mailing List:
         - Featured Thread: Is It Possible to Restrict Logon Times?

10. Contact Us
   See this section for a list of ways to contact us.

====================

==== Sponsor: Shavlik HFNetChkPro Patch Management ====
   Get Patched Now with Shavlik HFNetChkPro
   Immediately deploy critical patches, including MS03-039, with
Shavlik HFNetChkPro patch management software and make a powerful
impact on your enterprise security. HFNetChkPro is a must-have for any
busy network administrator in charge of security updates. Its
easy-to-use interface makes patch management a breeze. Create machine
groups or patch groups for quick scanning and deployment and produce
management reports in minutes. Download the free version of
HFNetChkPro with no time-outs at 
   http://list.winnetmag.com/cgi-bin3/DM/y/ecoZ0CJgSH0CBw076e0Am

====================

==== 1. In Focus: Digital Rights Management ====
   by Mark Joseph Edwards, News Editor, mark () ntsecurity net

Last week, I mentioned the OpenOffice.org suite of productivity tools.
A reader raised the question of whether any Digital Rights Management
(DRM) features are in progress for that platform. It's a good
question. I don't know of any current DRM projects directly related to
OpenOffice.org, but that doesn't mean they don't exist or won't exist
in the future.

Several DRM efforts not directly related to OpenOffice.org are
underway. As you probably know, Microsoft is developing its own
implementations of DRM technology, and they promise to be a powerful
way of placing restrictions on many kinds of content. The new
Microsoft Office 2003 suite ( http://www.microsoft.com/office )
contains DRM features.

For example, Office Word 2003 contains information rights management
functionality that lets a document owner define how recipients can
handle documents in terms of forwarding, copying, and printing them
and determine expiration dates for those permissions. A document owner
can also designate sections of a document that only certain people can
change, force the use of revision marks for changes, and force the use
of certain formatting and styles. Microsoft has integrated the same
type of functionality into Office Excel 2003 and Office Outlook 2003.

If you want to use Office 2003's rights management features, your
network must implement Windows Rights Management Services (RMS) for
Windows Server 2003. RMS is based on the Extensible Rights Markup
Language (XrML), which is a method for defining rights and policies.
You can learn more about RMS at the first URL below. You'll find RMS
add-ons for Windows clients and Microsoft Internet Explorer (IE) at
the second URL below, along with links to other Microsoft Web pages
related to RMS technologies. Keep in mind that RMS currently is
available only in limited beta; however, Microsoft says that it
expects to release the technology sometime this year. I suppose that
unless the company pushes the date back, that means within the next 3
months.
http://www.microsoft.com/windowsserver2003/technologies/rightsmgmt/default.mspx
http://search.microsoft.com/search/results.aspx?qu=rights+management+services

While I was looking for projects supporting DRM, I came across an
interesting Web site, Cover Pages, that has a section dedicated to DRM
technology and associated topics. The Organization for the Advancement
of Structured Information Standards (OASIS) hosts the site.
   http://xml.coverpages.org/drm.html
   http://www.oasis-open.org/home/index.php

At the site, you'll find links to two dozen DRM-related projects,
including OASIS Rights Language, Open Digital Rights Language (ODRL),
Extensible Rights Markup Language (XrML), Digital Property Rights
Language (DPRL), MPEG Rights Expression Language and Data Dictionary,
Open Ebook Initiative Rights and Rules Working Group, Electronic Book
Exchange (EBX) Working Group, and many others.

Also at the site, you'll find links to DRM-related events and a list
of news stories, papers, and other articles. The site is kept current
with timely and relevant information, so consider bookmarking it, or
use Cover Pages' Remote Storage Service (RSS) feed, which is available
in XML format and uses the RSS 0.91 format. The feed is available at
the first URL below. Alternatively, if you use RSS feed reading
software that has Web page scraping functionality (such as
Syndirella), you might want to scrape the news headlines page at the
second URL below.
   http://xml.coverpages.org/covernews.xml
   http://xml.coverpages.org/coverNewsHeadlines.html

For loads of information regarding DRM in general, check a major
search engine, such as AlltheWeb.com, where you'll find plenty of
links to facts, opinions, news stories, resource sites, editorials,
and more. I think DRM can be useful at times, but keep in mind that
although many major vendors support the DRM concept, DRM also provokes
a lot of industry criticism. To obtain a more balanced viewpoint, be
sure to read some critical opinions too. In addition to using the
basic search URL below, also use the search engines at some of the
major computing news outlets that focus on cross-platform coverage of
the computing industry.
   http://www.alltheweb.com/search?cat=web&q=digital+rights+management

====================

==== Sponsor: TNT Software ====
   FREE Download: Automate Event Log Monitoring
   Automate event log monitoring, provide real-time intrusion
detection, and satisfy mandated auditing requirements all with TNT
Software's ELM Log Manager. Preferred by small businesses because of
its ease of use and Fortune 500 companies because of its reliability,
ELM 3.1 is the affordable solution with the scalability to consolidate
MILLIONs of events and Syslog messages a day, display them in custom
views, launch critical alerts, and schedule reports. Download your
FREE 30 day fully functional evaluation software NOW and start
experiencing the benefits of automated log monitoring.
   http://list.winnetmag.com/cgi-bin3/DM/y/ecoZ0CJgSH0CBw0BCdH0AN

====================

==== 2. Security Risks ====
   contributed by Ken Pfeil, ken () winnetmag com

Arbitrary Code Execution and Denial of Service in Microsoft RPCSS
   eEye Digital Security, the NSFOCUS Security Team, and Xue Yong Zhi
and Renaud Deraison from Tenable Network Security have discovered that
three new vulnerabilities exist in the part of Remote Procedure Call
Subsystem (RPCSS) Service that deals with RPC messages for Distributed
COM (DCOM) activation. Two of these vulnerabilities could allow
arbitrary code execution on the vulnerable system. The third
vulnerability could result in a Denial of Service (DoS) condition.
Microsoft has released Security Bulletin MS03-039 (Buffer Overrun In
RPCSS Service Could Allow Code Execution), which addresses these
vulnerabilities and recommends that affected users immediately apply
the appropriate patch listed in the bulletin. This patch supersedes
the patch listed in Microsoft Security Bulletin MS03-026 (Buffer
Overrun In RPC Interface Could Allow Code Execution).
   http://www.secadministrator.com/articles/index.cfm?articleid=40255

Weak Authentication in SNMPc
   Alexander V. Nickolenko discovered that a vulnerability in Castle
Rock Computing's SNMPc 6.0.8 and earlier can let any remote user gain
Supervisor access to the vulnerable system. This vulnerability is a
result of a weak authentication protocol. Castle Rock has released
fixes for versions 6.0.8 and 6.0.5 and a full version fix for release
5.1.
   http://www.secadministrator.com/articles/index.cfm?articleid=40207

====================

==== Sponsor: Virus Update from Panda Software ====
   Check for the latest anti-virus information and tools, including
weekly virus reports, virus forecasts, and virus prevention tips, at
Panda Software's Center for Virus Control.
   http://list.winnetmag.com/cgi-bin3/DM/y/ecoZ0CJgSH0CBw0BBlT0Ag

   Viruses routinely infect "fully protected" networks. Is total
protection possible? Find answers in the free guide HOW TO KEEP YOUR
COMPANY 100% VIRUS FREE from Panda Software. Learn how viruses enter
networks, what they do, and the most effective weapons to combat them.
Protect your network effectively and permanently - download today!
   http://list.winnetmag.com/cgi-bin3/DM/y/ecoZ0CJgSH0CBw0BBDp0AU

====================

==== 3. Announcements ====
   (from Windows & .NET Magazine and its partners)

Active Directory eBook Chapter 4 Published!
   The fourth chapter of Windows & .NET Magazine's popular eBook
"Windows 2003: Active Directory Administration Essentials" is now
available at no charge! Chapter 4 looks at what's inside Windows
Server 2003 forests and DNS. Download it now!
   http://list.winnetmag.com/cgi-bin3/DM/y/ecoZ0CJgSH0CBw0BCD80AZ

New Web Seminars on Exchange, Active Directory, and More!
   Check out the latest lineup of Web seminars from Windows & .NET
Magazine. Prepare your enterprise for Exchange Server 2003, discover
the legal ramifications of deterring email abuse, and find out how
Active Directory can help you create and maintain a rock-solid
infrastructure. There is no charge for these events, but space is
limited, so register today!
   http://list.winnetmag.com/cgi-bin3/DM/y/ecoZ0CJgSH0CBw02lB0A1

==== 4. Security Roundup ====

News: Here We Go Again: Microsoft Issues New Security Fix
   In July, Microsoft released a critical security fix, warning users
that attackers could use the specified vulnerability to take over
users' systems and wreak havoc on the Internet. A month later, the
infamous MSBlaster worm exploited that vulnerability. Yesterday,
Microsoft released another critical security patch that fixes a
vulnerability that's painfully similar to the one that led to
MSBlaster. If you didn't feel sufficiently warned the first time
around, says Paul Thurrott, you should feel that way now and install
this fix immediately.
   http://www.winnetmag.com/windowsserver2003/index.cfm?articleid=40233

Feature: IIS Application Authentication Security
   In today's atmosphere of security hysteria, security is such a
broad topic that we can't hope to find a one-stop shopping center for
learning how to protect our systems. Even the security experts
concentrate on only one or two major security areas or levels because
they can't possibly be experts on every security-related thing. In
this article, Tim Huckaby discusses the narrow topic of the various
levels of Microsoft IIS application authentication security.
   http://www.winnetmag.com/windowsserver2003/index.cfm?articleid=40217

Feature: Readers' Choice Awards
   Reader response to our second annual Readers' Choice Awards was
gratifying. We asked you to let us know which products and services
merit your confidence and support. In response, nearly 7800 of
you--almost quadruple the number who responded to last year's Readers'
Choice Awards survey--voted on products in 16 general categories:
storage, training and certification, utilities, Web-based services,
security, systems management, messaging, network infrastructure,
network management, remote computing, telephony, business
applications, client hardware, development tools, disaster-recovery
tools, and Internet and intranet solutions. Within these 16
categories, you chose 84 of the best products among hundreds of
products and services. In addition, you voted for five special awards:
Best Hardware, Best Software, Most Innovative Product, Best
Service/Support, and Rookie of the Year. To view the winners of the
security category, visit the first URL below. To view winners in other
categories, visit the second URL below, where you'll find individual
articles for each category covered.
   http://www.secadministrator.com/articles/index.cfm?articleid=39916
   http://www.winnetmag.com/issues/index.cfm?issueid=666

==== 5. Instant Poll ====

Results of Previous Poll: Rolling Out Service Packs
   The voting has closed in Windows & .NET Magazine's Security
Administrator Channel nonscientific Instant Poll for the question,
"What is your primary method of rolling out service packs?" Here are
the results from the 175 votes.
   - 21% Software Update Services (SUS) by itself
   - 11% Systems Management Server (SMS), or SMS with SUS
   - 15% Scripts and/or Group Policy
   - 38% Windows automatic updates
   - 14% Third-party tools
(Deviations from 100 percent are due to rounding.)

New Instant Poll: DRM Use
   The next Instant Poll question is, "Is your company using or
planning to use Digital Rights Management (DRM)?" Go to the Security
Administrator Channel home page and submit your vote for a) We have a
DRM application in production, b) We're experimenting with DRM, c) We
see some possible applications for DRM but aren't working with it yet,
or d) We aren't interested in DRM.
   http://www.secadministrator.com

==== 6. Security Toolkit ====

Virus Center
   Panda Software and the Windows & .NET Magazine Network have teamed
to bring you the Center for Virus Control. Visit the site often to
remain informed about the latest threats to your system security.
   http://www.secadministrator.com/panda

FAQ: How Do I Detect and Remove Remote Access Trojans?
   Remote access Trojans are dangerous because they can gather
confidential financial information from computers and a network. To
learn about some of the more common Trojans, how to detect them, and
how to clean up after them, read Roger Grimes's article, "Danger:
Remote Access Trojans."
   http://www.secadministrator.com/articles/index.cfm?articleid=26103

==== 7. Event ====

New--Mobile & Wireless Road Show!
   Learn more about the wireless and mobility solutions that are
available today! Register now for this free event!
   http://list.winnetmag.com/cgi-bin3/DM/y/ecoZ0CJgSH0CBw0BA8Y0As

==== 8. New and Improved ====
   by Sue Cooper, products () winnetmag com

Protect Small Offices from Online Risks
   Symantec announced Norton Internet Security 2004 Professional, an
online security and privacy suite for your small office/home office
(SOHO). This tightly integrated suite includes Symantec's antivirus,
firewall, intrusion detection, privacy protection, spam filtering, and
content filtering solutions. Data recovery capability protects and
restores your applications and files from accidental deletion and
virus damage. Data cleaning features remove traces of deleted
confidential files. One license of Norton Internet Security 2004
Professional costs $99.95, and 5- and 10-user packs have estimated
prices of $449.95 and $799.95, respectively. The software is expected
to be available in mid-September at http://www.symantecstore.com and
from other retailers.
   http://www.symantec.com

Secure Confidential Data
   NEC Solutions released the NEC MobilePro Tricryption System, a
three-layered data security solution for health care or enterprise
applications. You can add it on top of a preexisting database to
encrypt database entries so that they're protected if a network
security system or firewall is breached. You can encrypt individual
fields within a record separately, so a search application need not
unencrypt an entire record or database to locate a field. Features
include dynamic data security, secure content delivery, a unique key
per transaction, complete access control with real-time audit trails,
and rights ownership that's enforced onto the key itself. For more
information, go to http://www.necsolutions-am.com/mobilesolutions or
call 888-632-8701.

Tell Us About a Hot Product and Get a T-Shirt
   Have you used a product that changed your IT experience by saving
you time or easing your daily burden? Tell us about the product, and
we'll send you a Windows & .NET Magazine T-shirt if we write about the
product in a future Windows & .NET Magazine What's Hot column. Send
your product suggestions with information about how the product has
helped you to whatshot () winnetmag com.

==== 9. Hot Threads ====

Windows & .NET Magazine Online Forums
   http://www.winnetmag.com/forums

Featured Thread: DoS Attack Defense
   (Four messages in this thread)
Mikes wants to know how to mount a defense against a Denial of Service
(DoS) attack on his server and network. Lend a hand or read the
responses:
   http://www.winnetmag.com/forums/messageview.cfm?catid=42&threadid=62969

HowTo Mailing List
   http://63.88.172.96/listserv/page_listserv.asp?s=howto

Featured Thread: Is It Possible to Restrict Logon Times?
   (Five messages in this thread)
Chris wants to know whether you can limit an account on a Windows 2000
Professional system so that a user can log on locally only at certain
times of the day. He doesn't want to set a BIOS password but is
looking for a Windows-based solution, perhaps some type of script,
configuration, or freeware or shareware program. Lend a hand or read
the responses:
   http://63.88.172.127/ListServ/page_listserv.asp?A1=ind0309b&L=howto

====================

==== Sponsored Links ====

Aelita Software
   Free message-level Exchange recovery web seminar October 9th
   http://list.winnetmag.com/cgi-bin3/DM/y/ecoZ0CJgSH0CBw0BCKG0Av

CrossTec
   Free Download - NEW NetOp 7.6 - faster, more secure, remote support
   http://list.winnetmag.com/cgi-bin3/DM/y/ecoZ0CJgSH0CBw0BBnb0Aw

MailFrontier
   Eliminate spam once and for all. MailFrontier Anti-Spam Gateway.
   http://list.winnetmag.com/cgi-bin3/DM/y/ecoZ0CJgSH0CBw0BCEC0Al

===================

==== 10. Contact Us ====

About the newsletter -- letters () winnetmag com
About technical questions -- http://www.winnetmag.com/forums
About product news -- products () winnetmag com
About your subscription -- securityupdate () winnetmag com
About sponsoring Security UPDATE -- emedia_opps () winnetmag com

====================
   This email newsletter is brought to you by Security Administrator,
the print newsletter with independent, impartial advice for IT
administrators securing Windows and related technologies. Subscribe
today.
   http://www.secadministrator.com/sub.cfm?code=saei25xxup

Thank you!
__________________________________________________________
Copyright 2003, Penton Media, Inc.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.