Windows & .NET Magazine Security UPDATE--Will Leaked Code Increase Security Risks?--February 18, 2004

[InfoSec News <isn () c4i org>]

==== This Issue Sponsored By ====

Be Proactive with Real-Time Monitoring
   http://list.winnetmag.com/cgi-bin3/DM/y/eefA0CJgSH0CBw0BFg40Ab

Free Download: Shavlik Security Patch Management
   http://list.winnetmag.com/cgi-bin3/DM/y/eefA0CJgSH0CBw0BDoF0Az

====================

* In Focus: Will Leaked Code Increase Security Risks?

* Security News and Features
   - Recent Security Vulnerabilities
   - News: Windows 2000 and Windows NT Leaked to the Web
   - News: More Security Patches on the Way for Microsoft Platforms
   - News: Controversial Microsoft Security Fixes Have Company on
     Security Defensive
   - News: Security Webcasts for Microsoft Developers

* New and Improved
   - Combine Software and Hardware for Integrated Security
   - Increase Security with Real-Time Reporting

==== Sponsor: TNT Software's ELM Enterprise Manager ====
   There are two ways to manage your critical systems: Reactive and
Proactive. ELM Enterprise Manager supports the latter. ELM Enterprise
Manager is the affordable solution that monitors the health and status
of your systems and alerts you in time to take prompt corrective
action. Imagine the time savings and productivity increases when event
frequencies, performance trends, state changes, and quality of service
breaches are clearly displayed and easily accessible. Equally
important, be notified while the threat is small. Be proactive,
download your FREE 30-Day license of ELM Enterprise Manager NOW and
start experiencing the benefits for real-time monitoring.
   http://list.winnetmag.com/cgi-bin3/DM/y/eefA0CJgSH0CBw0BFg40Ab

====================

==== In Focus: Will Leaked Code Increase Security Risks? ====
   by Mark Joseph Edwards, News Editor, mark at ntsecurity dot net

Last week was interesting in the Windows world for two reasons. The
first reason, which I'm sure you're aware of by now, is that somehow,
Windows source code was leaked to the Internet. The news story
"Windows 2000 and Windows NT Leaked to the Web" below has a link to
more information about this event.
   Many are concerned that having the source code out in the open will
play into the hands of unscrupulous individuals looking for holes to
exploit. The amount of leaked code is substantial, but the code
appears to be an older version of Windows. Because Microsoft has
released service packs and hotfixes since the code was written, some
are hoping the leak won't result in many new security vulnerability
discoveries.
   Another obvious problem with the code release is that Microsoft's
intellectual property has been stolen and made public. If a programmer
views the code and later either intentionally or inadvertently
replicates it into some other body of code, any entity that relies on
that body of code could be in for significant ramifications down the
road.
   One can look at the open-source code community for an idea of how
much security trouble and plagiarism might result from the leak.
Open-source code is there for anybody to look at, and even so, the
number of vulnerabilities found and exploited isn't that much
different when compared with the number found in Windows. Open-source
code also hasn't resulted in any significant level of plagiarism. Of
course, the SCO Group is suing various entities for infringement, but
so far the company's allegations haven't been proven. That could
change; we'll have to wait and see.
   I think most security practitioners will agree that obscurity
doesn't provide much security. Obscurity offers protection only from
less sophisticated predators. As we've seen, plenty of people who've
never seen Microsoft's source code have found vulnerabilities by
probing the outside--the compiled runtime code.
   The second reason that last week was interesting was the reported
security vulnerability in Microsoft's ASN.1 implementation, which was
discovered by eEye Digital Security (see the two related news items
below). The problem could let an intruder access a computer under the
security context of the all-powerful System account.
   eEye worked with Microsoft to correct the problem while keeping
quiet about the exact details. Microsoft released a patch for the
problem only about a week ago, so surely many systems aren't yet
patched. Those systems are vulnerable to an exploit released by
someone who reverse-engineered the ASN.1 problem. So far, the exploit
code tries to attack only ports 139 and 445 and typically causes a
Denial of Service (DoS) on an affected machine by crashing the
Lsass.exe process. However, somebody could tweak the code into
something more sinister.
   I know of only one piece of advice that can help protect all of us.
When Microsoft releases a security patch or workaround or offers
advice on how to better protect a system, we all must listen and act.

====================

==== Sponsor: Free Download: Shavlik Security Patch Management ====
   Install the latest critical Microsoft security patch today with
HFNetChkPro. A free, fully functional, no time-out version of
HFNetChkPro is available to help you automate the delivery and testing
of this critical patch. HFNetChkPro offers unlimited scanning, a
complete GUI and Shavlik's exclusive PatchPush capabilities. Save time
on patch deployment, ensure systems are fully protected and safeguard
your systems from remote code execution, identity spoofing, arbitrary
code execution and other attacks. Its free, and it simplifies patch
management without agents. Learn more and download the free version of
HFNetChkPro at
   http://list.winnetmag.com/cgi-bin3/DM/y/eefA0CJgSH0CBw0BDoF0Az

====================

==== Announcements ====
   (from Windows & .NET Magazine and its partners)

Try a Sample Issue of Security Administrator!
   Security Administrator is the monthly newsletter from Windows &
.NET Magazine that shows you how to protect your network from external
intruders and control access for internal users. Sign up now to get a
1-month trial issue--you'll feel more secure just knowing you did.
Click here!
   http://list.winnetmag.com/cgi-bin3/DM/y/eefA0CJgSH0CBw0BFMs0AE

Download the Latest eBook--"Best Practices for Managing Linux and UNIX
Servers"
   This free eBook will educate systems managers about how to best
approach the complex realm of Linux and UNIX management and
performance monitoring. You'll learn core issues such as configuration
management, accounting, and monitoring performance with an eye toward
creating a long-term strategy for sustainable growth.
   http://list.winnetmag.com/cgi-bin3/DM/y/eefA0CJgSH0CBw0BFg50Ac

====================

==== Sponsor: Virus Update from Panda Software ====
   Are your traditional antivirus solutions really protecting your
network? Panda Antivirus GateDefender is a dedicated hardware device
installed at the Internet gateway to block viruses before they
contaminate your network. It scans 7 different communication
protocols, achieving optimum protection against external attacks.
Panda Antivirus GateDefender 7100 (25-500 seats) & Panda Antivirus
GateDefender 7200 (500 seats+) provide the highest scalability with
native load balancing that transparently adapts to traffic volume.
   Visit "Panda's GateDefender Stands Guard!" at
http://list.winnetmag.com/cgi-bin3/DM/y/eefA0CJgSH0CBw0BEGa0An for more information.

===============

==== Security News and Features ====

Recent Security Vulnerabilities
   If you subscribe to this newsletter, you also receive Security
Alerts, which inform you about recently discovered security
vulnerabilities. You can also find information about these discoveries
at
   http://www.winnetmag.com/departments/departmentid/752/752.html

News: Windows 2000 and Windows NT Leaked to the Web
   The story first broke on the Neowin Web site, and late last
Thursday, Microsoft confirmed that portions of Windows 2000 and
Windows NT 4.0 source code were leaked to various Web sites.
   http://www.winnetmag.com/article/articleid/41767/41767.html

News: More Security Patches on the Way for Microsoft Platforms
   Microsoft recently released a patch for problems with the ASN.1
library, a Windows component that interacts with multiple Windows
features, including file sharing and digital certificates. Researchers
at eEye Digital Security discovered the ASN.1 problem, and it's not
the only problem they've discovered that will be patched by Microsoft.
At least seven more security patches are on the horizon for Windows
platforms.
   http://www.winnetmag.com/article/articleid/41761/41761.html

News: Controversial Microsoft Security Fixes Have Company on Security
Defensive
   Last week, Microsoft issued its planned monthly set of security
updates, but Paul Thurrott writes that this month, the updates are
more serious and controversial than usual. One of the fixes, for the
ASN.1 library as mentioned above, is rated as critical and applies to
"an extremely deep and pervasive technology in Windows" that attackers
can compromise to take over PCs. The flaw was discovered 7 months ago
but was fixed only this week. Security experts describe the flaw as
one of the most devastating ever, and Microsoft recommends that all
users download and install the patch for this problem as soon as
possible.
   http://www.winnetmag.com/article/articleid/41744/41744.html

News: Security Webcasts for Microsoft Developers
   This week is "Developer Security Webcast Week" at Microsoft. The
company is offering a series of security-related Webcasts aimed at
developers. You can see a list of the topics at the URL below and
register to attend at the Microsoft Developer Network (MSDN) Web site.
   http://www.winnetmag.com/article/articleid/41760/41760.html

==== Security Toolkit ====

Virus Center
   Panda Software and the Windows & .NET Magazine Network have teamed
to bring you the Center for Virus Control. Visit the site often to
remain informed about the latest threats to your system security.
   http://www.winnetmag.com/windowssecurity/panda

Virus Alert: Nachi.B; DoomHunter.A; Deadhat.B; and Mitglieder.A
   In the time span of only a few hours, PandaLabs detected the
appearance of four new worms related to the epidemic caused by the
MyDoom worms. The new worms are Nachi.B, DoomHunter.A, Deadhat.B, and
Mitglieder.A. The first two worms try to remove MyDoom, and the latter
two worms try to enter a system through backdoors created by MyDoom.
For details about these new worms, go to
   http://www.pandasoftware.com/about/press/viewnews.aspx?noticia=4732

FAQ: How Can I Move a Computer Account from One Domain to Another?
   by John Savill, http://www.winnetmag.com/windowsnt20002003faq

A. The Netdom command-line tool lets you move a computer account from
one domain to another. For example, in the command

netdom move compmoveme /domain child1
  /ud:administrator () child1 savilltech com /pd:xxxxx

the /domain switch identifies the target domain to move the object to
and the /ud and /pd switches identify the account and password,
respectively, to use for the specified domain. To see other options
for Netdom, type

netdom move /?

at the command line.

Featured Thread: ACL Utility
   (Two messages in this thread)
   Jim is looking for an enterprisewide utility that will read the
ACLs on his folders and let him export or print the list. Lend a hand
or read the responses:
http://www.winnetmag.com/forums/messageview.cfm?catid=42&threadid=67310

==== Events Central ====
   (A complete Web and live events directory brought to you by Windows
& .NET Magazine: http://www.winnetmag.com/events )

New Web Seminar--Realizing the Return on Active Directory
   Join Mark Minasi and Indy Chakrabarti for a free Web seminar and
discover how to maximize the return on your Active Directory
investments and cut the cost of security exposures with secure task
delegation, centralized auditing, and Group Policy management.
Register now and receive NetIQ's free "Securing Access to Active
Directory-A Layered Security Approach" white paper.
   http://list.winnetmag.com/cgi-bin3/DM/y/eefA0CJgSH0CBw0BFE60A4

==== New and Improved ====
   by Jason Bovberg, products () winnetmag com

Combine Software and Hardware for Integrated Security
   CrypKey announced Casper BlackBox, a license-management solution
that provides copy protection, automated transaction authorization,
and prepaid serial number or credit card processing--as well as the
hardware to run it. Essentially a small computer that's slightly
smaller than a notebook, Casper BlackBox features CrypKey Automated
Software Purchasing & Electronic Registration (Casper) software, which
offers e-commerce capability by automating the authorization and
purchase of CrypKey-protected products by either serial number or
credit card processing. Vendors can customize security specifications
(which CrypKey then preconfigures on the hardware) and simply plug
Casper BlackBox into their network, permitting CrypKey software to
manage product licensing and authorization activities 24 x 7. Casper
BlackBox eRegister offers automatic authorization and verification of
CrypKey-protected products using serial numbers. Casper BlackBox
eCommerce provides automatic authorization and verifies credit card
processing of CrypKey-protected products. For more information about
Casper BlackBox, contact CrypKey on the Web.
   http://www.crypkey.com

Increase Security with Real-Time Reporting
   Hypersoft Information Systems announced OmniAnalyser 8.0, the
latest version of its real-time Windows NT monitoring software. Timely
data about system errors and warnings, as well as
application-generated information, is essential for system
optimization. OmniAnalyser 8.0 provides real-time monitoring of valid
and invalid system logons, access to files and folders, and changes to
accounts and groups. You can audit attempts by a particular user to
read a certain file, changes in security settings, and the creation
and deletion of specific objects. Information about such events
appears on a Web server; thus, you can check data at any time without
searching through Event Viewer. For more information about
OmniAnalyser 8.0, contact Hypersoft Information Systems on the Web.
   http://www.hypersoft.com

Tell Us About a Hot Product and Get a T-Shirt!
   Have you used a product that changed your IT experience by saving
you time or easing your daily burden? Tell us about the product, and
we'll send you a Windows & .NET Magazine T-shirt if we write about the
product in a future Windows & .NET Magazine What's Hot column. Send
your product suggestions with information about how the product has
helped you to whatshot () winnetmag com.

===================

==== Sponsored Links ====

NetSupport
   Free Trial - Fast and Easy Network Management. - NetSupport DNA
   http://list.winnetmag.com/cgi-bin3/DM/y/eefA0CJgSH0CBw0BFW60AN

===================

==== Contact Us ====

About the newsletter -- letters () winnetmag com
About technical questions -- http://www.winnetmag.com/forums
About product news -- products () winnetmag com
About your subscription -- securityupdate () winnetmag com
About sponsoring Security UPDATE -- emedia_opps () winnetmag com

This email newsletter is brought to you by Windows & .NET Magazine,
the leading publication for IT professionals deploying Windows and
related technologies. Subscribe today.
   http://www.winnetmag.com/sub.cfm?code=wswi201x1z

You received this email message because you asked to receive
additional information about products and services from the Windows &
.NET Magazine Network. To unsubscribe, send an email message to
mailto:Security-UPDATE_Unsub () list winnetmag com. Thank you!

View the Windows & .NET Magazine privacy policy at
http://www.winnetmag.com/AboutUs/Index.cfm?action=privacy

Windows & .NET Magazine, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department

Copyright 2004, Penton Media, Inc. All rights reserved.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.