Next message: InfoSec News: "[ISN] FBI's cyber-cops warn of "significant rise" in Unix exploits"
********************
Windows 2000 Magazine Security UPDATE--brought to you by the Windows
2000 Magazine Network
**Watching the Watchers**
http://www.win2000mag.net/Channels/Security
********************
>>>> SPONSOR: SURFCONTROL: EMAIL FILTERING SOFTWARE <<<<
SECURITY ALERT: This threat comes from inside your company.
Confidentiality leaks and "inappropriate" jokes can cost your company
millions. It doesn't stop there -- your unmanaged email system is left
vulnerable to spam and spoof attacks -- even worse, virus attacks!
Improve your email system efficiency, increase security and limit legal
liability the easy way. Install SuperScout Email Filter -- Try it FREE
for 30-days. DOWNLOAD now at:
http://www.surfcontrol.com/offer/W2KSU0502
~~~~~~~~~~~~~~~~~~~~
May 2, 2001--In this issue:
1. IN FOCUS
- One Million Reasons to Hack a System
2. SECURITY RISKS
- RobTex Viking Web/Proxy Server Relative Path Vulnerability
- Buffer Overflow Condition in IPSwitch IMail 6
3. ANNOUNCEMENTS
- There Is Such a Thing as a Free Lunch!
- We're Watching Out for You!
4. SECURITY ROUNDUP
- News: W3C Releases Working Draft for XML Encryption
- News: FunLove Virus Infects Microsoft Hotfixes
- News: Polish Hackers Tame PitBull
- Review: UserManagemeNT 5.3 Professional and Import
5. SECURITY TOOLKIT
- Book Highlight: Intrusion Signatures and Analysis
- Virus Center
Virus Alert: W32/Stator
Virus Alert: W32/Hello
- FAQ: How Do I Enter a Shutdown Description from the Command
Line?
- Windows 2000 Security: Internet Explorer Security Options,
Part 3
6. NEW AND IMPROVED
- Early Warning System Organized
- Web Site to Educate IT Market About Firewalls
- Automated Access Control Solution
7. HOT THREADS
- Windows 2000 Magazine Online Forums
Problems with MS01-015
- Win2KsecAdvice Mailing List
ISA Server Update
8. CONTACT US
See this section for a list of ways to contact us.
>>>> THIS ISSUE SPONSORED BY <<<<
Surfcontrol: Email Filtering Software
http://www.surfcontrol.com/offer/W2KSU0502
...15 Min. Later He Was in the Principal's Office!
http://www.tntsoftware.com/security
(below SECURITY RISKS)
~~~~~~~~~~~~~~~~~~~~
1. ==== COMMENTARY ====
Hello everyone,
Are you ready for another hacking contest? Various organizations have
held hacking contests in the past, some with prize incentives and some
without. In 1999, Microsoft hosted a contest to break into Windows 2000,
and this year, the company launched another contest to hack the new
Windows XP OS. Neither contest offered prizes for winners. To counter
Microsoft's Win2K contest, the PowerPC Linux Project (LinuxPPC) launched
its own hacking contest in 1999; the winner got to keep the LinuxPPC
server that hosted the contest.
In January 2001, the Honeynet Project hosted a forensic challenge to see
who could determine how a hacker broke in to a system by examining the
supplied forensics data. The prize for successful detectives was a copy
of the great book, "Hacking Exposed." And just last week, Argus Systems
launched a challenge to see who could break into its PitBull security
product. The company offered $30,000 to the winner, and a group of
Polish hackers took the prize quickly. See the related news item in the
SECURITY ROUNDUP section below.
Thirty thousand dollars is a lot of money, especially when the winners
earned it by hacking into one system over the course of a few days. On
the other hand, Argus gained incredibly useful insight about how its
product and the system it runs on might be vulnerable to attack. So the
money is well spent in my opinion.
This week, I learned about a new contest that takes prize offerings to
an entirely new level. All you have to do is break the security of
Saafnet's upcoming AlphaShield 2000 product--and win a cool $1 million
cash.
AlphaShield 2000 is Saafnet's soon-to-be-released $149 USB add-on that
introduces security by virtually disconnecting the system from the
Internet while the user isn't actively receiving data. The product
targets home users and small-business networks. The technology's premise
is that without an active virtual connection, an intruder can't reach
the system. Sounds interesting.
Each time someone launches a hacking challenge, I never wonder whether
someone will win the challenge; I wonder how much time it will take.
Information security technologies have never been 100 percent
unbreakable for various reasons, so it stands to reason that someone
will eventually win any security hacking challenge. And even though
Saafnet's technology sounds strong, it's unproven; I tend to think a
chink exists in the armor somewhere. We'll have to wait and see. But
even if no one wins the million-dollar prize money, we should still err
on safety's side and assume that the technology has a chink somewhere.
I'm not sure when Saafnet ( http://www.saafnet.com ) will officially
launch the challenge, but I'll let you know when I hear about a launch
date. Until next time, have a great week.
Sincerely,
Mark Joseph Edwards, News Editor
markat_private
2. ========== SECURITY RISKS =========
(contributed by Mark Joseph Edwards, markat_private)
* ROBTEX VIKING WEB/PROXY SERVER RELATIVE PATH VULNERABILITY
A vulnerability exists in the RobTex Viking Web/Proxy Server that
lets an attacker break out of the Web root by using relative paths. For
example, an attacker can gain access to files outside of the Web root
directory by connecting to a vulnerable host and issuing the command
http://>/\...\<file outside of Web root>. The vendor,
RobTex, has released build 378 that corrects this problem.
http://www.windowsitsecurity.com/Articles/Index.cfm?ArticleID=20873
* BUFFER OVERFLOW CONDITION IN IPSWITCH IMAIL 6
eEye Digital Security discovered that a vulnerability exists in the
IPSwitch IMail 6.06 mail server that can let a remote attacker gain
system-level access to servers running the SMTP daemon. This
vulnerability exists because the IMail SMTP daemon doesn't perform
proper bounds checking on the input data that passes to the IMail
Mailing List handler code. IPSwitch has released a patch to correct this
vulnerability.
http://www.windowsitsecurity.com/articles/index.cfm?articleID=20851
********************
>>>> SPONSOR: ...15 MIN. LATER HE WAS IN THE PRINCIPAL'S OFFICE! <<<<
A high school network administrator installed Event Log Monitor on
classroom servers to evaluate system performance. The next day, ELM
alerted him that a student was trying to break into the system. Within
15 minutes, the would-be hacker was in the Principal's office waiting
for his parents to arrive. Use Event Log Monitor to keep tabs on your
security perimeter. Because these aren't the only computers teenagers
like to hack into.
For more information, visit http://www.tntsoftware.com/security
~~~~~~~~~~~~~~~~~~~~
3. ==== ANNOUNCEMENTS ====
* THERE IS SUCH A THING AS A FREE LUNCH!
Do you subscribe to Windows 2000 Magazine? Plan to attend N+I in Las
Vegas this May? We're seeking readers for a focus group at N+I.
Participants get $100 and a free lunch. If you're interested, email
kcollinsat_private Include your name, job title, and phone.
* WE'RE WATCHING OUT FOR YOU!
While you're busy doing your job, someone is out there preparing to
unleash a nasty virus. That's why Panda Software and the Windows 2000
Magazine Network have launched the Center for Virus Control. Find out
which viruses could threaten your systems when you're not looking. Check
it out!
http://www.windowsitsecurity.com/Panda/Index.cfm
4. ==== SECURITY ROUNDUP ====
* NEWS: W3C RELEASES WORKING DRAFT FOR XML ENCRYPTION
The World Wide Web Consortium (W3C) has released a working draft of a
new standard for encrypting XML-based documents. The organization
published the document, "XML Encryption Requirements," April 20, 2001.
According to the draft, W3C will design encryption methods to protect
all or parts of an XML-based document using existing encryption
specifications, such as Advanced Encryption Standard (AES) and Triple
Data Encryption Standard (3DES).
http://www.windowsitsecurity.com/Articles/Index.cfm?ArticleID=20863
* NEWS: FUNLOVE VIRUS INFECTS MICROSOFT HOTFIXES
Microsoft stopped all access to its hotfixes this week when someone
discovered that many of the hotfixes contained the FunLove virus, which
first appeared in November 1999. The virus infects Windows-based
portable executable documents, ActiveX controls (.ocx files), and screen
saver files. When FunLove runs on a Windows NT system, the virus grants
Administrator rights to any user who logs on.
http://www.windowsitsecurity.com/Articles/Index.cfm?ArticleID=20864
* NEWS: POLISH HACKERS TAME PITBULL
Argus Systems, makers of the PitBull security software for Solaris,
planned to highlight its 5th Argus Hacking Challenge at the Infosecurity
Europe conference this week in London. However, a group of Polish
hackers broke in to the system, effectively winning the challenge before
Argus ever made it to the conference.
http://www.windowsitsecurity.com/Articles/Index.cfm?ArticleID=20844
* REVIEW: USERMANAGEMENT 5.3 PROFESSIONAL AND IMPORT
Windows 2000 and Windows NT include easy-to-use graphical functions
to help you create, modify, and delete user accounts. However, both
products lack the flexibility to manage large user numbers. Tools4ever's
UserManagemeNT 5.3 product suite includes powerful enterprise-class NT
utilities that let you manage user-account and user-resource creation,
movement, and deletion from within any configured domain. You can also
use the product with Win2K. Learn all about it in Marty Scher's review
on our Web site.
http://www.win2000mag.com/Articles/Index.cfm?ArticleID=20392
5. ==== SECURITY TOOLKIT ====
* BOOK HIGHLIGHT: INTRUSION SIGNATURES AND ANALYSIS
By Stephen Northcutt, Mark Cooper, Matt Fearow, and Karen Federick
List Price: $39.99
Fatbrain Online Price: $31.99
Softcover, 408 pages
Published by New Riders Publishing, January 2001
ISBN 0735710635
For more information or to purchase this book, go to
http://www1.fatbrain.com/asp/bookinfo/bookinfo.asp?theisbn=0735710635
and enter WIN2000MAG as the discount code when you order the book.
* VIRUS CENTER
Panda Software and the Windows 2000 Magazine Network have teamed to
bring you the Center for Virus Control. Visit the site often to remain
informed about the latest threats to your system security.
http://www.windowsitsecurity.com/panda
Virus Alert: W32/Stator
W32/Stator is a worm designed to propagate itself when certain
programs, such as Notepad, Windows Media Player (WMP), Control Panel,
and Windows Help, execute. The worm renames several existing .vxd files
and then creates copies of itself using the original file names.
http://63.88.172.96/panda/index.cfm?FuseAction=Virus&VirusID=1087
Virus Alert: W32/Hello
W32Hello is a worm that propagates through Microsoft's MSN Messenger
program. The worm is written in Visual Basic (VB) 5.0. The file that
contains the worm is 10KB and has no icon.
http://63.88.172.96/panda/index.cfm?FuseAction=Virus&VirusID=1085
* FAQ: HOW DO I ENTER A SHUTDOWN DESCRIPTION FROM THE COMMAND LINE?
( contributed by John Savill, http://www.windows2000faq.com )
In Windows XP, the new version of shutdown.exe (the tool used to
shutdown/reboot from the command line) contains support for tracker
descriptions via the -d (description/reason code) and -c (comment)
attributes. For example, the command
shutdown -t 10 -d up:125:1 -c "Testing"
shuts down the system in 10 seconds, with a description of user-defined,
planned, major reason 125, minor reason 1, and a comment of "Testing."
* WINDOWS 2000 SECURUTY: INTERNET EXPLORER SECURITY OPTIONS, PART 3
Because Web browsing provides so many ways for malicious users to
attack your workstations and internal network, make sure your users
don't expose your systems to risk while they browse the Web. In Part 1
and Part 2, Randy Franklin Smith described security zones and settings
in Microsoft Internet Explorer (IE) 5.0. In Part 3, Randy shows you the
IE security settings that let you control cookies and file downloads. Be
sure to read the article on our Web site.
http://www.windowsitsecurity.com/Articles/Index.cfm?ArticleID=20700
7. ==== NEW AND IMPROVED ====
(contributed by Judy Drennen, productsat_private)
* EARLY WARNING SYSTEM ORGANIZED
Segura Solutions announced that organizations representing more than
1.5 million users have signed on to the Segura Virus Early Warning
System (EWS) Network. Segura-based EWS provides information about new
threats and potential problems before they are filtered through the
virus labs and public relations arms at antivirus companies. Segura
Solutions hosts the EWS for the Anti-Virus Information Exchange Network
(AVIEN). Membership in the EWS is available for $99 per year for each
two participants per organization. Find more information about the
Segura EWS at following Web site.
http://www.segura.ca/ewsnetwork.htm
* WEB SITE TO EDUCATE IT MARKET ABOUT FIREWALLS
Network-1 Security Solutions launched a new Web site to promote and
educate the IT market about distributed firewalls. "This seemed an ideal
time to provide a place on the Web where IT professionals could go for
information and technical resources to further their understanding of
this important network security topic," said Avi Fogel, president and
CEO of Network-1. The site features general editorial content about
distributed firewalls, white papers, articles, news releases, and case
studies.
http://www.DistributedFirewalls.com
* AUTOMATED ACCESS CONTROL SOLUTION
Camelot announced the launch of Hark!, an automated access control
solution. Based on Network Intelligence technology, Hark! defines,
manages, and enforces access control in the interconnected e-business
world. The Network Intelligence technology uses proprietary algorithms
to analyze network events and deduce an organization's functional
structure. This analysis lets network and security administrators manage
network users, resources and applications, while controlling the flow of
the right information to the right people. Hark! runs on Windows NT,
Solaris, and Novell, and the company says a Windows 2000 version should
be available this spring. For more information, go to the Camelot Web
site.
http://www.camelot.com
8. ==== HOT THREADS ====
* WINDOWS 2000 MAGAZINE ONLINE FORUMS
http://www.win2000mag.net/forums
Featured Thread: Problems with MS01-015
(Two messages in this thread)
Dave and his coworkers are unable to install patch MS01-015 on their
systems, even though these systems should still require the patch. Read
more about his setup and perhaps lend a helping hand at the following
URL.
http://www.win2000mag.net/Forums/Application/Thread.cfm?CFApp=64&Thread_ID=65787&mc=2
* WIN2KSECADVICE MAILING LIST
http://63.88.172.96/go/win2ks-l.asp?A0=WIN2KSECADVICE
Featured Thread: Microsoft ISA Server Vulnerability
(Three messages in this thread)
Microsoft claims that the ISA Server vulnerability won't let an
attacker take control of the ISA Server. Read why this user disagrees at
the following URL.
http://63.88.172.96/go/win2ks-l.asp?A2=IND0104D&L=WIN2KSECADVICE&P=225
8. ==== CONTACT US ====
Here's how to reach us with your comments and questions:
* ABOUT THE COMMENTARY -- Mark Joseph Edwards, markat_private
* ABOUT THE NEWSLETTER IN GENERAL -- tfaubionat_private; please
mention the newsletter name in the subject line.
* TECHNICAL QUESTIONS -- http://www.win2000mag.net/forums
* PRODUCT NEWS -- productsat_private
* QUESTIONS ABOUT YOUR SECURITY UPDATE SUBSCRIPTION? -- Email Customer
Support at securityupdateat_private
* WANT TO SPONSOR Security UPDATE? -- emedia_oppsat_private
********************
This weekly email newsletter is brought to you by Windows 2000
Magazine, the leading publication for Windows 2000/NT professionals who
want to learn more and perform better. Subscribe today.
http://www.win2000mag.com/sub.cfm?code=ws00inxupb
Receive the latest information about the Windows 2000 and Windows NT
topics of your choice. Subscribe to our other FREE email newsletters.
http://www.win2000mag.com/sub.cfm?code=up00inxwnf
|-+-+-+-+-+-+-+-+-+-|
Thank you for reading Security UPDATE.
ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERVat_private with a message body of
"SIGNOFF ISN".
This archive was generated by hypermail 2b30
: Thu May 03 2001 - 04:11:30 PDT