Security UPDATE--Checking Up on Products--June 9, 2004

[InfoSec News <isn () c4i org>]

====================

==== This Issue Sponsored By ====

OpenNetwork
   http://list.winnetmag.com/cgi-bin3/DM/y/egGh0CJgSH0CBw0BIp70A1

Windows & .NET Magazine
   http://list.winnetmag.com/cgi-bin3/DM/y/egGh0CJgSH0CBw0BEuX0Aa

====================

1. In Focus: Checking Up on Products

2. Security News and Features
   - Recent Security Vulnerabilities
   - News: SP2 for Web Developers
   - Book Review: Hardening Windows
   - Feature: Performing Forensic Analyses, Part 1

3. Security Toolkit
   - FAQ
   - Featured Thread

4. New and Improved
   - Secure Your Property with Network Camera Surveillance

====================

==== Sponsor: OpenNetwork ====
   Concerned about meeting auditing and compliance requirements for
controlling access to sensitive information? Quickly enable and
disable employee access to corporate applications and resources with
an effective Identity Management strategy. Read OpenNetwork's free
whitepaper, Understanding the Identity Management Roadmap, at
   http://list.winnetmag.com/cgi-bin3/DM/y/egGh0CJgSH0CBw0BIp70A1

====================

==== 1. In Focus: Checking Up on Products ====
   by Mark Joseph Edwards, News Editor, mark at ntsecurity dot net

When you configure your software and hardware to operate in a specific
manner, how do you know they really perform as configured? Do you
trust that the vendors have developed their products to operate
properly? Of course you don't. Right? We all know that vendors, like
everybody else, make mistakes.

A case in point appeared on the Bugtraq mailing list last week. A
researcher discovered that some Linksys WRT54G wireless routers under
some circumstances might expose the administration interface to the
WAN interface (typically connected to the Internet), even if the
routers are configured to disable remote administration.

So if you turned off remote administration and put the router on an
Internet link, assuming the administration interface was disabled, a
hacker could use the admin interface to break in. However, if you took
a few minutes to probe the router from the WAN side, you might
discover that the admin interface still answers even though it's
supposedly disabled.

Linksys, a division of Cisco Systems, released a new beta version of
the WRT54G firmware to correct the problem, so if you use the device,
you might consider loading the beta firmware. You might also consider
placing your wireless routers behind a firewall, even if your routers
have a built-in firewall, to help minimize unwanted system exposure
and unwanted access.
   http://www.linksys.com/download/firmware.asp?fwid=201

A case in point for that suggestion pertains to another wireless
router, the NETGEAR WG602, also mentioned on Bugtraq last week.
Apparently, for some unknown reason, NETGEAR has integrated an
undocumented administrator account into its router's firmware. The
account can't be disabled, is accessible from the LAN and WAN sides of
the router, and has a plaintext logon name and password that
researchers have of course discovered. Anybody who uses the router is
vulnerable to attack. If you have the router behind some other
firewall that blocks access to its administration interface, then at
least you're protected against attacks from the outside, but
unauthorized users inside the local network could still log on to the
router.

The Linksys router vulnerability apparently stemmed from a programming
error and has been fixed. But I have no idea why NETGEAR would
implement an undocumented administrator account. Maybe it was
inadvertently left in place. Clearly, you shouldn't blindly trust
products--you need to consider checking them to make sure they perform
as expected.

====================

==== Sponsor: Windows & .NET Magazine ====
   Get 2 Sample Issues of Windows & .NET Magazine!
   Every issue of Windows & .NET Magazine includes intelligent,
impartial, and independent coverage of security, Active Directory,
Exchange, scripting, and much more. Our expert authors deliver how-to
articles and product evaluations that will help you do your job
better. Try two, no-risk sample issues today, and find out why 100,000
IT professionals rely on Windows & .NET Magazine each month!
   http://list.winnetmag.com/cgi-bin3/DM/y/egGh0CJgSH0CBw0BEuX0Aa

====================

==== 2. Security News and Features ====

Recent Security Vulnerabilities
   If you subscribe to this newsletter, you also receive Security
Alerts, which inform you about recently discovered security
vulnerabilities. You can also find information about these discoveries
at
   http://www.winnetmag.com/departments/departmentid/752/752.html

News: SP2 for Web Developers
   Microsoft has published a document on the Microsoft Developer
Network (MSDN) titled "How to Make Your Web Site Work with Windows XP
Service Pack 2." The article covers design changes you might need to
consider regarding ActiveX controls, file download mechanisms, pop-up
windows, Java, HTML dialog boxes, and window-positioning restrictions.
   http://www.winnetmag.com/article/articleid/42843/42843.html

Book Review: Hardening Windows
   For professionals who are heavily involved with Windows, a book
titled "Hardening Windows" just cries out to be read. The author of
"Hardening Windows" is Jonathan Hassell, a systems administrator and
IT consultant who defines the term "hardening" as "the process of
protecting a system against unknown threats." He points out that the
four cornerstones of any such policy are privacy, trust, authenticity,
and integrity. Privacy is the capability that a company or
organization possesses to keep information confidential, and trust
questions the validity of data and objects by not simply accepting
things at face value. Authenticity involves ensuring that people
really are who they say they are, and integrity ensures that systems
aren't compromised in any way. You can read the entire book review on
our Web site.
   http://www.winnetmag.com/article/articleid/42751/42751.html

Feature: Performing Forensic Analyses, Part 1
   In the "Security Administrator" articles "Building and Using an
Incident Response Toolkit, Part 1" (April 2004, InstantDoc ID 41900)
and "Building and Using an Incident Response Toolkit, Part 2" (May
2004, InstantDoc ID 42173), Matt Lesko discusses how to quickly and
appropriately respond to a computer security incident. In the
follow-up article "Performing Forensic Analyses, Part 1," he prepares
to analyze the compromised machine by creating a bootable CD-ROM and
duplicating the compromised machine's hard disk.
   http://www.winnetmag.com/article/articleid/42445/42445.html

====================

==== Announcements ====
   (from Windows & .NET Magazine and its partners)

Get 5 Years Worth of SQL Server Tools, Tips, & Content
   Introducing version 8 of the SQL Server Magazine Master CD.
Subscribe today and get portable, high-speed access to all articles,
code, tips, tricks, and expertise published in SQL Server Magazine and
T-SQL Solutions. Let this helpful resource save you some time anywhere
you are. Subscribe now and get 25% off!
   http://list.winnetmag.com/cgi-bin3/DM/y/egGh0CJgSH0CBw0BI270Ay

Does Your Company Currently Use Microsoft Windows NT Server?
   If your answer is "yes," Windows & .NET Magazine wants your
opinion! Take a short survey and register to win an Xbox. Click the
link below to help us understand why more than 3 million servers
currently run Windows NT Server. Give your opinion about consolidating
file print servers and upgrading to Windows 2003.
   http://list.winnetmag.com/cgi-bin3/DM/y/egGh0CJgSH0CBw0BIuP0AW

The Conference on Securing and Auditing Windows Technologies, July
20-21
   New for 2004, The Conference on Securing and Auditing Windows
Technologies will be held July 20-21, 2004, at the Fairmont Copley
Plaza in Boston, MA. In vendor-neutral sessions on today's hottest
topics, you'll get practical strategies for mitigating risk and
safeguarding your systems. For more information, call 508-879-7999 or
go to:
   http://list.winnetmag.com/cgi-bin3/DM/y/egGh0CJgSH0CBw0BHtU0AZ

====================

==== Hot Release ====

CipherTrust
   Spammers are attacking the security and integrity of corporations.
   In this white paper, you'll learn to defend your organization
against these threats. Topics include:
   * The security threat presented by spam
   * Spammer methods and techniques
   * The impact, including liability and damage to your reputation
   http://list.winnetmag.com/cgi-bin3/DM/y/egGh0CJgSH0CBw0BHFc0A2

====================

==== 4. Security Toolkit ====

FAQ: How can I recover Microsoft Office Outlook Messages that have
been removed by a hard delete?
   by John Savill, http://www.winnetmag.com/windowsnt20002003faq

A. Usually when you delete a message, Exchange Server moves it to the
Deleted Items folder, which you can empty by right-clicking Deleted
Items and selecting Empty "Deleted Items" Folder from the displayed
context menu. Alternatively, you can configure Outlook to empty the
Deleted Items folder each time you close Outlook. To do so, select
Tools, Options and click the Other tab. In the General section, select
the "Empty the Deleted Items folder upon exiting" check box.

After Exchange removes items from the Deleted Items folder, it keeps
them for 7 days. During this time, you can recover deleted messages
from the Deleted Items folder by selecting Tools, Recover Deleted
Items.

You can perform a hard delete of a message by highlighting the message
and pressing Shift+Del. Performing a hard delete removes the message
without moving it to the Deleted Items folder. When you attempt to
recover hard-deleted items, you'll see that they aren't listed in the
recovery dialog box. If you select the folder from which you performed
the hard delete (e.g., Inbox), you'll see that the option to recover
deleted items is unavailable from the Tools menu.

If you want to be able to recover items that have been deleted from an
Outlook folder--including hard-deleted items--you need to perform the
following steps or add the dumpster.reg entry to the registry. You can
download the dumpster.reg entry at the URL below.

   1. Start the registry editor (regedit.exe).
   2. Navigate to the
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Exchange\Client\Options subkey.
   3. From the Edit menu, select New and click DWORD Value.
   4. Enter the name DumpsterAlwaysOn and press Enter.
   5. Double-click the new value and set it to 1. Click OK.
   6. Close the registry editor.

When you restart Outlook, the option to recover messages should be
available for all folders.
   http://www.winnetmag.com/articles/download/dumpster_reg.zip

Featured Thread: Directory ACL Report Generator
   (Two messages in this thread)
   Chris writes that he's looking for a tool that will generate a
report of the directory structure and the assigned ACLs on his file
servers. He has tried some of the tools from the Windows 2000 Resource
Kit, such as showacls and showmbrs, but they don't seem to work on
large directory structures like his. Lend a hand or read the
responses:
http://www.winnetmag.com/forums/messageview.cfm?catid=42&threadid=121489

====================

==== Events Central ====
   (A complete Web and live events directory brought to you by Windows
& .NET Magazine: http://www.winnetmag.com/events )

The Exchange Server Seminar Series Coming to Your City in June
   Join industry experts Kieran McCorry, Donald Livengood, and Kevin
Laahs for this free event! Learn the benefits of migrating to an
integrated communications environment, consolidating and simplifying
implementation of technology, and accelerating worker productivity.
Register now and enter to win an HP iPAQ and $500 cash!
   http://list.winnetmag.com/cgi-bin3/DM/y/egGh0CJgSH0CBw0BG6C0AE

====================

==== 5. New and Improved ====
   by Jason Bovberg, products () winnetmag com

Secure Your Property with Network Camera Surveillance
   RFC Services released Visual Hindsight Professional Edition 1.01,
software that supports network cameras and video servers capable of
working with industry-standard JPEG still images or motion-JPEG image
streams. Version 1.01 permits real-time viewing of as many as 100
cameras and video servers, while simultaneously recording as many as
50 live video streams to disk as compressed AVI files. Visual
Hindsight, which costs $149, works with Windows XP, Windows 2000, and
Windows NT. You can download a trial version from the Visual Hindsight
Web site.
   http://www.visualhindsight.com/download.htm

Tell Us About a Hot Product and Get a T-Shirt!
   Have you used a product that changed your IT experience by saving
you time or easing your daily burden? Tell us about the product, and
we'll send you a Windows & .NET Magazine T-shirt if we write about the
product in a future Windows & .NET Magazine What's Hot column. Send
your product suggestions with information about how the product has
helped you to whatshot () winnetmag com.

====================

==== Sponsored Links ====

Argent
   Comparison Paper: The Argent Guardian Easily Beats Out MOM
   http://list.winnetmag.com/cgi-bin3/DM/y/egGh0CJgSH0CBw0BDWV0A2

Microsoft(R) TechNet
   Microsoft(R) TechNet Webcasts: essential guidance, industry experts
   http://list.winnetmag.com/cgi-bin3/DM/y/egGh0CJgSH0CBw0BG360Aw

====================

Editor's note: Share Your Security Discoveries and Get $100
   Share your security-related discoveries, comments, or problems and
solutions in the Security Administrator print newsletter's Reader to
Reader column. Email your contributions (500 words or less) to
r2rsecadmin () winnetmag com. If we print your submission, you'll get
$100. We edit submissions for style, grammar, and length.

====================

==== Contact Us ====

About the newsletter -- letters () winnetmag com
About technical questions -- http://www.winnetmag.com/forums
About product news -- products () winnetmag com
About your subscription -- securityupdate () winnetmag com
About sponsoring Security UPDATE -- emedia_opps () winnetmag com

====================

==== Contact Our Sponsors ====

Primary Sponsor:
   OpenNetwork -- http://www.opennetwork.com -- 1-877-561-9500
Hot Release Sponsor:
   CipherTrust -- http://www.ciphertrust.com -- 1-877-448-8625

====================

This email newsletter is brought to you by Windows & .NET Magazine,
the leading publication for IT professionals deploying Windows and
related technologies. Subscribe today.
   http://www.winnetmag.com/sub.cfm?code=wswi201x1z

You received this email message because you asked to receive
additional information about products and services from the Windows &
.NET Magazine Network. To unsubscribe, send an email message to
mailto:Security-UPDATE_Unsub () list winnetmag com. Thank you!

View the Windows & .NET Magazine privacy policy at
http://www.winnetmag.com/AboutUs/Index.cfm?action=privacy

Windows & .NET Magazine, a division of Penton Media, Inc.
221 East 29th Street, Loveland, CO 80538
Attention: Customer Service Department

Copyright 2004, Penton Media, Inc. All rights reserved.



_________________________________________
ISN mailing list
Sponsored by: OSVDB.org - For 15 cents a day, you could help feed an InfoSec junkie!
(Broke? Spend 15 minutes a day on the project!)