[ISN] Security UPDATE, October 3, 2001

From: InfoSec News (isnat_private)
Date: Thu Oct 04 2001 - 01:04:21 PDT

  • Next message: InfoSec News: "Re: [ISN] Full Disclosure: How Much Security Info Is Too Much?"

    ********************
    Windows 2000 Magazine Security UPDATE--brought to you by Security
    Administrator, a print newsletter bringing you practical, how-to
    articles about securing your Windows 2000 and NT systems.
       http://www.secadministrator.com
    ********************
    
    ~~~~ THIS ISSUE SPONSORED BY ~~~~
    
    Windows 2000 Magazine 70-270 Question of the Day
       http://lists.win2000mag.net/cgi-bin3/flo?y=eHvs0CJgSH0BVg0KrD0Ah 
    
    ~~~~~~~~~~~~~~~~~~~~
    
    ~~~~ SPONSOR: WINDOWS 2000 MAGAZINE 70-270 QUESTION OF THE DAY ~~~~
       Test Your Windows XP Knowledge - Free!
       Our MCSE Exam 70-270 Question-of-the-Day email dives into the new 
    Windows XP topics such as installing and configuring handheld devices 
    and managing mobile users, while also measuring your skills in 
    networking basics, TCP/IP fundamentals, user accounts, protocol 
    features, and much more. Sign up (for FREE) today!
       http://lists.win2000mag.net/cgi-bin3/flo?y=eHvs0CJgSH0BVg0KrD0Ah 
    
    ********************
    
    October 3, 2001--In this issue:
    
    1. IN FOCUS
         - The Patriot Act and Great Security Tools
    
    2. SECURITY RISKS
         - Cisco PIX Firewalls Vulnerable to SMTP Filtering Bypass
         - Exchange 2000 OWA Vulnerable to DoS Attack
    
    3. ANNOUNCEMENT
         - What Does the Home of the Not-Too-Distant Future Look Like?
    
    4. SECURITY ROUNDUP
         - News: Attorney General Ashcroft Tells Hackers: You're an Enemy 
           of the State
         - News: Gartner: Enterprises Should Consider IIS Alternatives
         - Feature: Lock Down Your PDA
         - Expediting the Arduous Security Update Process
    
    5. SECURITY TOOLKIT
         - Book Highlight: Hack Attacks Encyclopedia: A Complete History of 
           Hacks, Phreaks, and Spies Over Time
         - Virus Center
         - FAQ: How Can I View the Contents of the Netlogon.chg File?
    
    6. NEW AND IMPROVED
         - Protect Your System from Viruses
         - Detect and Respond to Flood Attacks
    
    7. HOT THREADS
         - Windows 2000 Magazine Online Forums
             - Featured Thread: Clients Can't View SSL Web Sites
         - HowTo Mailing List:
             - Featured Thread: Blue Screen of Death
    
    8. CONTACT US
       See this section for a list of ways to contact us.
    
    ~~~~~~~~~~~~~~~~~~~~
    
    1. ==== COMMENTARY ====
    
    Hello everyone,
    
    Have you heard about the Anti-Terrorism Act (ATA) of 2001, which is 
    before the US House Judiciary Committee? If the present form of the 
    proposed bill becomes law, hacking a computer system becomes a 
    terrorist act punishable by up to life in prison. You can read about 
    the ATA in our related news story in the SECURITY ROUNDUP section of 
    this newsletter. 
    
    As a result of seeing the ATA in conjunction with public reaction, two 
    committee members presented an alternative bill--another set of 
    proposed changes to existing US Code. That subsequent proposal, dubbed 
    the Patriot Act, addresses concerns about classifying hacking as a 
    terrorism act. As you'll learn by reading the proposed Patriot Act (see 
    the URL below next paragraph), Section 309 makes it clear that 
    computer-related crimes would only become an act of terrorism if those 
    crimes "[are] calculated to influence or affect the conduct of 
    government by intimidation or coercion; or to retaliate against 
    government conduct."
    
    The House Judiciary Committee staff has prepared an interpretation of 
    the Patriot Act that further clarifies the lawmakers' intent to 
    reclassify computer crimes (see URL below). In the document, the staff 
    interprets Section 309 of the Patriot Act to mean, "a crime is only 
    considered to be [a] Federal terrorism offense if it can be proven to 
    be calculated to influence or affect the conduct of government by 
    intimidation or coercion; or to retaliate against government conduct."
       http://www.epic.org/privacy/terrorism/patriot_sec.pdf
    
    Even with such clarifications, however, many privacy groups are raising 
    concerns about what they interpret to be considerable privacy and civil 
    liberties issues that the Patriot Act presents. For viewpoints about 
    these concerns, visit the Electronic Privacy Information Center (EPIC) 
    at the following URL: 
       http://www.epic.org
    
    On another note, I want to tell you about two security tools that you 
    might find useful in your daily routines. The first tool is a freeware 
    package called Eraser. The tool helps remove disk data when you delete 
    files from your system. Eraser deletes the files by overwriting the 
    disk data numerous times. Such a process helps ensure that any residual 
    magnetic flux on the disk won't be sufficient for any nonauthorized 
    data-recovery operation attempts.
    
    Eraser runs on all Windows platforms from Windows 95 through Windows 
    2000. Eraser installs as a Windows Explorer shell extension, which adds 
    a new menu item to Explorer-related popup menus. For example, if you 
    right-click the Recycle Bin, in addition to the standard menu selection 
    "Empty Recycle Bin," you'll find a new menu selection called "Erase 
    Recycle Bin." The same holds true for the Explorer shell itself: When 
    you right-click any file or folder within Explorer, you'll find a new 
    menu item entitled "Erase" in addition to the standard "Delete" menu 
    selection. 
    
    Sami Tolvanen, a computer science major in Finland, developed Eraser. 
    You can download a copy at the URL below. You can also obtain the 
    source code for Eraser at the site--it's freely available under the 
    GNU's Not UNIX (GNU) General Public License (GPL).
       http://www.tolvanen.com/eraser/download.shtml
    
    The other tool I want to remind you about is our online Web-based 
    security forum. On our Security Administrator Web site, you'll find 
    four Web forums that cover security problems with Win2K, Windows NT, 
    Microsoft IIS, and Microsoft Proxy Server. These forums are a great 
    resource--a way to get help from or offer help to people who prefer not 
    to use mailing list-based discussion forums. Several of our forum pros 
    moderate the forums and also help answer questions. Be sure to stop by 
    the forums at the following URL:
       http://www.secadministrator.com/forums/Index.cfm
    
    And if you haven't heard the news, Gartner Group recommends that 
    Windows users not run IIS--that they immediately switch to another Web 
    server platform. Read Gartner's comments and what prompted such advice 
    in Paul Thurrott's related news story in the SECURITY ROUNDUP section 
    of this newsletter. Until next time, have a great week.
    
    Sincerely,
    
    Mark Joseph Edwards, News Editor, markat_private
    
    2. ==== SECURITY RISKS ====
       (contributed by Ken Pfeil, kenat_private)
    
    * CISCO PIX FIREWALLS VULNERABLE TO SMTP FILTERING BYPASS
       Cisco Systems Secure PIX Firewalls that provide access to SMTP mail 
    servers might let users bypass the firewall's SMTP command filtering. 
    In such events, intruders can gather information about email accounts 
    or perform exploits against the mail server if that server has any 
    vulnerabilities. To remedy the problem, Cisco is offering free software 
    upgrades to all affected customers.
       http://www.secadministrator.com/articles/index.cfm?articleid=22698
    
    * EXCHANGE 2000 OWA VULNERABLE TO DOS ATTACK
       Joao Gouveia reported a vulnerability in Microsoft Exchange 2000 
    Outlook Web Access (OWA) due to unchecked directory paths. Because 
    Exchange attempts to process requests without checking for the 
    existence of a directory, a user can instigate a Denial of Service 
    (DoS) attack against the server by repeatedly making requests that 
    include a deeply nested, nonexistent folder. Only users who can 
    authenticate to the server can launch attacks. Microsoft has released 
    Bulletin MS01-049 and a patch to fix this vulnerability. 
       http://www.secadministrator.com/articles/index.cfm?articleid=22697
    
    3. ==== ANNOUNCEMENT ====
    
    * WHAT DOES THE HOME OF THE NOT-TOO-DISTANT FUTURE LOOK LIKE? 
       You've never seen anything like the Connected Home Magazine Virtual 
    Tour. Experience (room by room) the latest home entertainment, home 
    networking, and home automation options that will change the way you 
    work and play. While you're there, enter to win a free copy of Windows 
    XP!
       http://lists.win2000mag.net/cgi-bin3/flo?y=eHvs0CJgSH0BVg0LTe0Al 
    
    4. ==== SECURITY ROUNDUP ====
    
    * NEWS: ATTORNEY GENERAL ASHCROFT TELLS HACKERS: YOU'RE AN ENEMY OF THE 
    STATE
       A new bill before the US House of Representatives--the Anti-
    Terrorism Act of 2001 (ATA)--would make any computer intrusion an act 
    of terrorism punishable by as much as life in prison. The authors 
    designed the bill to help America defend itself against terrorism, but 
    the bill includes several proposed changes to existing US Code that 
    have caused an outcry in the computer security community. Learn more 
    about the changes by reading the article on our Web site.
       http://www.secadministrator.com/articles/index.cfm?articleid=22704
    
    * NEWS: GARTNER: ENTERPRISES SHOULD CONSIDER IIS ALTERNATIVES
       Market Analysis firm Gartner has issued a stunning recommendation 
    regarding Microsoft IIS Web server: If you're currently deploying the 
    software, Gartner recommends that you look for an alternative, and if 
    you're not already running IIS, don't. Gartner blames the number of 
    recent hacker attacks on IIS, and the company says that Microsoft 
    doesn't respond quickly enough to keep its customers secure. See the 
    following URL for more details:
       http://www.secadministrator.com/articles/index.cfm?articleid=22587
    
    * FEATURE: LOCK DOWN YOUR PDA
       Randy Franklin Smith meets people everywhere who believe that 
    password protection is sufficient to protect their personal information 
    on computers and PDAs. This belief is dangerously naive. Microsoft Word 
    and Palm OS password protection is trivial: A thief who steals your 
    computer or PDA can easily figure out your passwords. Learn what Smith 
    has to say about locking down your PDA in this article in Connected 
    Home Magazine.
    http://www.connectedhomemag.com/mobile/articles/index.cfm?articleid=22456
    
    * FEATURE: EXPEDITING THE ARDUOUS SECURITY UPDATE PROCESS
       Along with many of you, Paula Sharick has been cleaning up her 
    computer systems in the wake of the Code Red worm and the W32.Nimda 
    virus. Paula has endured almost 2 months of nonstop troubleshooting and 
    updating system software. She can't believe the hoops that Microsoft 
    users must jump through to cross-reference a Microsoft security 
    bulletin number with a Microsoft article number, locate and download 
    individual hotfix updates, install the updates (either manually or with 
    a script), and perform a final audit to verify that all updates 
    installed properly. Paula has some suggestions for Microsoft regarding 
    ways to improve how users perform security updates. Be sure to read her 
    article on our Web site.
       http://www.secadministrator.com/articles/index.cfm?articleid=22667
    
    5. ==== SECURITY TOOLKIT ====
    
    * BOOK HIGHLIGHT: HACK ATTACKS ENCYCLOPEDIA: A COMPLETE HISTORY OF 
    HACKS, PHREAKS, AND SPIES OVER TIME
       By John Chirillo
       List Price: $64.99
       Fatbrain Online Price: $51.99
       Softcover; 960 pages
       Published by John Wiley & Sons, September 2001
       ISBN 0471055891
    
    For more information or to purchase this book, go to 
    http://www1.fatbrain.com/asp/bookinfo/bookinfo.asp?theisbn=0471055891 
    and enter WIN2000MAG as the discount code when you order the book.
    
    * VIRUS CENTER
       Panda Software and the Windows 2000 Magazine Network have teamed to 
    bring to you the Center for Virus Control. Visit the site often to 
    remain informed about the latest threats to your system security.
       http://www.secadministrator.com/panda
    
    * FAQ: HOW CAN I VIEW THE CONTENTS OF THE NETLOGON.CHG FILE?
       ( contributed by John Savill, http://www.windows2000faq.com )
    
    A. You can't use a standard text editor to read netlogon.chg, but 
    Windows 2000 Support Tools supplies the nltest.exe utility that you can 
    use to view the contents of netlogon.chg. Execute the following command:
    
       C:\> nltest /list_deltas:netlogon.chg
    
    The system displays a lot of information, listing all changes made to 
    the domain. The trust entry that appears in the Local Security 
    Authority (LSA) Database section consists of entries similar to the 
    following:
    
    Order: 1 DeltaType AddOrChangeLsaSecret (18) SerialNumber: 100 77bb 
    Immediately Name: 'G$$SAVTECHLON'
    Order: 2 DeltaType AddOrChangeLsaSecret (18) SerialNumber: 100 77bc
    
    6. ==== NEW AND IMPROVED ====
       (contributed by Scott Firestone, IV, productsat_private)
    
    * PROTECT YOUR SYSTEM FROM VIRUSES
       Central Command Software released AntiVirus eXpert Professional 6.0, 
    an antivirus defense and Internet application firewall. The system 
    features behavior-blocking to stop suspicious access to the Internet, 
    system registry, or file system; Internet filtering to block specific 
    Web sites, IP addresses, and TCP/IP port numbers; Internet application 
    control to intercept and block all unauthorized outbound Internet 
    connections; and privacy control to monitor incoming and outgoing 
    cookies. Prices start at $49.95. Contact Central Command Software at 
    330-723-2062 or 877-943-8287.
       http://www.centralcommand.com 
    
    * DETECT AND RESPOND TO FLOOD ATTACKS
       Reactive Network Solutions released FloodGuard, software that 
    manages other network infrastructure devices deployed within the 
    corporate or service-provider network to detect and mitigate flood 
    attacks launched over the Internet. The system confirms the presence of 
    the attack and manages filters in upstream routers and switches to 
    mitigate the attack's effects. For pricing, contact Reactive Network 
    Solutions at 650-365-4000.
       http://www.reactivenetworks.com
    
    7. ==== HOT THREADS ====
    
    * WINDOWS 2000 MAGAZINE ONLINE FORUMS
       http://www.win2000mag.net/forums 
    
    Featured Thread: Clients Can't View SSL Web Sites
       (Two messages in this thread)
    
    Fran used Secure Sockets Layer (SSL) to put the Microsoft Nimda patches 
    on her server. Now her users can't access the secured Web sites, and 
    she can't access sites with accounts that have domain administrative 
    permissions. Another user set up an SSL Web site for Microsoft Exchange 
    2000 Outlook Web Access (OWA) and received and installed the server 
    certificates, but now can't access the Web site. Read more about the 
    questions and responses, or lend a hand at the following URL: 
       http://www.win2000mag.net/forums/rd.cfm?app=64&id=79866
    
    * HOWTO MAILING LIST
       http://www.secadministrator.com/listserv/page_listserv.asp?s=howto
    
    Featured Thread: Blue Screen of Death
       (Five messages in this thread)
    
    This user is experiencing system crashes under Windows 2000 while 
    running NetMeeting 3.01. When the system crashes and presents the 
    standard blue screen, the error message is  
    MULTIPLE_IRP_COMPLETE_REQUESTS. The user wonders what the message means 
    and whether NetMeeting is causing the crashes. Can you help? Read the 
    responses or lend a hand at the following URL:
    http://63.88.172.96/listserv/page_listserv.asp?a2=ind0109d&l=howto&p=459
    
    8. ==== CONTACT US ====
       Here's how to reach us with your comments and questions:
    
    * ABOUT THE COMMENTARY -- markat_private
    
    * ABOUT THE NEWSLETTER IN GENERAL -- mlibbeyat_private; please
    mention the newsletter name in the subject line.
    
    * TECHNICAL QUESTIONS -- http://www.win2000mag.net/forums
    
    * PRODUCT NEWS -- productsat_private
    
    * QUESTIONS ABOUT YOUR SECURITY UPDATE SUBSCRIPTION? -- Email Customer
    Support at securityupdateat_private
    
    * WANT TO SPONSOR SECURITY UPDATE? -- emedia_oppsat_private
    
    ********************
    
       Receive the latest information about the Windows 2000 and Windows NT
    topics of your choice. Subscribe to our other FREE email newsletters.
       http://lists.win2000mag.net/cgi-bin3/flo?y=eHvs0CJgSH0BVg0KrD0Ah
    
    |-+-+-+-+-+-+-+-+-+-| 
    
    Thank you for reading Storage UPDATE.
    
    SUBSCRIBE
    To subscribe, send a blank email to mailto:Security_UPDATE_Subat_private
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.
    



    This archive was generated by hypermail 2b30 : Thu Oct 04 2001 - 04:47:21 PDT