[ISN] Security UPDATE, November 28, 2001

From: InfoSec News (isnat_private)
Date: Wed Nov 28 2001 - 23:59:46 PST

  • Next message: InfoSec News: "[ISN] Tim May: Rumors of the death of Cypherpunks are greatly exaggerated"

    ********************
    
    Windows 2000 Magazine Security UPDATE--brought to you by Security
    Administrator, a print newsletter bringing you practical, how-to
    articles about securing your Windows 2000 and NT systems.
       http://www.secadministrator.com
    
    ********************
    
    ~~~~ THIS ISSUE SPONSORED BY ~~~~
    
    IBM Infrastructure
       http://lists.win2000mag.net/cgi-bin3/flo?y=eJIE0CJgSH0BVg0olx0Aa 
    
    Lieberman & Associates New User Manager Pro!!
       http://lists.win2000mag.net/cgi-bin3/flo?y=eJIE0CJgSH0BVg0oly0Ab 
       (below IN FOCUS)
    
    ~~~~~~~~~~~~~~~~~~~~
    
    ~~~~ SPONSOR: IBM INFRASTRUCTURE ~~~~
       Not worried about hackers? You should be. Because they can put your 
    e-business out of business. If your customers don't feel comfortable 
    dealing with you online, they'll work with someone else. With IBM 
    infrastructure, you'll have the security your company needs to operate 
    effectively and to keep your clients comfortable. Your networks and 
    servers are the backbone of your company. It's time you treated them 
    that way. In today's ever-changing e-environment, keeping network 
    security tight is something that can't be ignored. So is keeping your 
    clients happy. Find out more from our latest security white paper 
    today.
       Download at: http://lists.win2000mag.net/cgi-bin3/flo?y=eJIE0CJgSH0BVg0olx0Aa 
    
    ********************
    
    November 28, 2001--In this issue:
    
    1. IN FOCUS
         - Everything Is Fallible in Its Own Way
    
    2. ANNOUNCEMENTS
         - Zero-Cost Conference for IT Professionals!
         - Get the First Issue of WebSphere Professional Free!
    
    3. SECURITY ROUNDUP
         - News: New Cyclone Programming Language: Bugs Be Gone!
    
    4. HOT RELEASE (ADVERTISEMENT)
         - Sponsored by VeriSign -- The Value of Trust
    
    5. INSTANT POLL
         - Results of Previous Poll: Regulating Software Security
         - Instant Poll: Personal Firewalls
    
    6. SECURITY TOOLKIT
         - Virus Center
              - Virus Alert: W32/Badtrans.B
         - FAQ: Why Does an EAP-TLS Resumed Session Generate Error 691?
    
    7. NEW AND IMPROVED
         - Secure PDAs
         - Test the Vulnerability of Your Email System
    
    8. HOT THREADS
         - Windows 2000 Magazine Online Forums
             - Featured Thread: IE 5.0 Update Files
         - HowTo Mailing List:
             - Featured Thread: Security Patch Distribution
    
    9. CONTACT US
       See this section for a list of ways to contact us.
    
    ~~~~~~~~~~~~~~~~~~~~
    
    1. ==== IN FOCUS ====
    
    Hello everyone,
    
    In the November 14, 2001 Security UPDATE, I mentioned a story about 
    TruSecure's PC Firewall Certification program. TruSecure awarded 
    certification to three firewalls: ZoneAlarm Pro, Tiny Personal Firewall 
    for Windows 2000, and Norton Personal Firewall for Windows. You can 
    read more about this story at the URL below.
       http://www.secadministrator.com/articles/index.cfm?articleid=23173
    
    Shortly after we published that story, I received email from a reader 
    who wrote that a group of researchers has discovered a weakness in 
    ZoneAlarm: The firewall might not protect a system against attack under 
    certain circumstances. Users can reproduce the problem, and the 
    firewall-maker, Zone Labs, is aware of the problem. No patch is 
    available yet, but help is on the way
    
    I spoke with Zone Labs CEO and founder, Gregor Freund, who says the 
    company expects to make a patch available within the next 2 weeks. 
    Freund said that the company hasn't finished its research yet, so it 
    isn't certain which legacy versions of the firewall the problem 
    affects, but that the current version (2.6.362) is definitely 
    vulnerable.
    
    A glitch in multilevel communication is causing the vulnerability. 
    ZoneAlarm uses high-level filtering to govern activity at the 
    application level, and low-level, stateful-inspection filtering to 
    handle activity at the lower layers of the network. The two filtering 
    levels communicate with each other, and a bug in the related code might 
    cause a monitoring oversight. Freund said that Zone Labs hopes to make 
    the patch available before any exploit details become public knowledge. 
    ZoneAlarm users can expect to see a pop-up notice when the patch 
    becomes available. 
       http://www.zonealarm.com
    
    Consumers need to be aware that even the most well-intentioned product 
    makers and certification agencies are fallible, and users shouldn't 
    adopt the opinion that these organizations' security solutions are 
    totally secure.
    
    We're conducting a new poll this week. If you use a personal firewall, 
    we'd like to know  which one? ZoneAlarm, Tiny Personal Firewall, Norton 
    Personal Firewall, Sygate, or another? Please stop by the Security 
    Administrator home page and answer the poll!
       http://www.secadministrator.com 
    
    Until next time, have a great week.
    
    Mark Joseph Edwards, News Editor, markat_private
    
    ********************
    
    ~~~~ SPONSOR: LIEBERMAN & ASSOCIATES NEW USER MANAGER PRO!! ~~~~
       Need to manage the registry security on thousands of machines? Want 
    to do it in just a few clicks? With the updated User Manager Pro you 
    can rapidly scan and report on all your subnets where you have 
    administrative access. Scan machines for blank administrator password 
    vulnerability. Award winning. Microsoft Gold Certified. Visit our web 
    site and download a FREE TRIAL, full featured, 5 licenses:
       http://lists.win2000mag.net/cgi-bin3/flo?y=eJIE0CJgSH0BVg0oly0Ab 
    
    2. ==== ANNOUNCEMENTS ====
    
    * ZERO-COST CONFERENCE FOR IT PROFESSIONALS!
       IT-FREE is a no-cost information-technology conference delivering 30 
    compelling educational sessions and CEO keynotes from AOL, Compaq, 
    Genuity, Oracle, and RealNetworks. Whether you're replacing your IT 
    infrastructure, assessing security needs, or simply unable to travel to 
    more distant events, IT-FREE's conference program will inform and 
    enlighten. Register today. 
       http://www.itfree.org
    
    * GET THE FIRST ISSUE OF WEBSPHERE PROFESSIONAL FREE!
       WebSphere Professional magazine launches this winter, and you won't 
    want to miss it! This solution-packed publication will help you plan 
    effective development and deployment strategies, solve real problems 
    encountered in enterprise-level Web application development and 
    deployment, save time and money by acquiring the best tools and 
    adopting the best practices, and so much more! Sign up to receive the 
    FREE premiere issue of WebSphere Professional at the following URL.
       http://www.webspherepro.com
    
    3. ==== SECURITY ROUNDUP ====
    
    * NEW CYCLONE PROGRAMMING LANGUAGE: BUGS BE GONE!
       Cornell University and AT&T Labs are developing Cyclone, a new 
    computer-programming language similar to C, but which makes introducing 
    bugs into the code much more difficult. The developers claim that 
    Cyclone's data representation and calling conventions are interoperable 
    with C-like programming styles, which will simplify porting code to 
    Cyclone.
       http://lists.win2000mag.net/cgi-bin3/flo?y=eJIE0CJgSH0BVg0olz0Ac
    
    4. ==== HOT RELEASE (ADVERTISEMENT) ====
    
    * SPONSORED BY VERISIGN -- THE VALUE OF TRUST
       Secure your servers with 128-bit SSL encryption! Grab your copy of 
    VeriSign's FREE Guide, "Securing Your Web site for Business," and learn 
    about using SSL to encrypt e-commerce transactions. Get it now!
       http://www.verisign.com/cgi-bin/go.cgi?a=n094456100057000 
    
    5. ==== INSTANT POLL ====
    
    * RESULTS OF PREVIOUS POLL: REGULATING SOFTWARE SECURITY
       The voting has closed in Windows 2000 Magazine's Security 
    Administrator Channel nonscientific Instant Poll for the question, 
    "Do faulty PC products increase the risk against national security--
    should we regulate product-makers to help curb that risk?" a) Yes, b) 
    No, or c) I'm not sure. Here are the results 
    (+/-2 percent) from the 626 votes:
      72% a) Yes.
      22% b) No.
       6% c) I'm not sure.
    
    * INSTANT POLL: PERSONAL FIREWALLS
       The current Instant Poll question is, "If you use a personal 
    firewall, which one do you use?" a) ZoneAlarm, b) Tiny Personal 
    Firewall, c) Norton Personal Firewall, d) Other. Go to the Security 
    Administrator Channel home page and submit your vote.
       http://www.secadministrator.com 
    
    6. ==== SECURITY TOOLKIT ====
    
    * VIRUS CENTER
       Panda Software and the Windows 2000 Magazine Network have teamed to 
    bring you the Center for Virus Control. Visit the site often to remain 
    informed about the latest threats to your system security.
       http://www.secadministrator.com/panda
    
    Virus Alert: W32/Badtrans.B
       Badtrans.B is a worm that spreads rapidly through email by using a 
    file attachment whose name varies randomly. As with W32/Aliz, 
    W32/Badtrans.B exploits a security problem in Internet Explorer (IE) 
    5.01 and 5.5. The problem in IE lets Microsoft Outlook's preview pane 
    activate the file. When the attachment executes, the worm copies itself 
    to the Windows system directory and attempts to obtain data from the 
    system. Learn more about this worm at the URL below. 
       http://63.88.172.96/panda/index.cfm?fuseaction=virus&virusid=1123
    
    * FAQ: WHY DOES AN EAP-TLS RESUMED SESSION GENERATE ERROR 691?
       ( contributed by John Savill, http://www.windows2000faq.com )
    
    A. Extensible Authentication Protocol-Transport Layer Security (EAP-
    TLS) is a Point-to-Point Protocol (PPP) extension supporting additional 
    authentication methods within PPP. TLS provides mutual authentication, 
    integrity-protected cipher-suite negotiation, and key exchange between 
    two endpoints.
       When you try to reconnect an EAP-TLS connection, the session 
    sometimes stops working and returns error 691 Access was denied because 
    the username and/or password was invalid on the domain. To work around 
    the problem, wait at least 2 minutes before you try to reconnect. Note: 
    If you're using smart cards for remote-access authentication in Windows 
    2000, you must use the EAP-TLS authentication method. 
       http://www.windows2000faq.com
    
    7. ==== NEW AND IMPROVED ====
       (contributed by Scott Firestone, IV, productsat_private)
    
    * SECURE PDAS
       Trust Digital released PDASecure Policy Editor, software that works 
    in conjunction with the company's PDASecure Enterprise security 
    software. You can install PDASecure Policy Editor on a server in a 
    network and install PDASecure Enterprise on each PDA. You can then use 
    the software to push security policies to every PDA device. The 
    software supports Pocket PC, the Palm OS, and PDAs running Microsoft 
    Windows CE. For pricing, contact Trust Digital at 703-246-9198.
       http://www.trustdigital.com
    
    * TEST THE VULNERABILITY OF YOUR EMAIL SYSTEM
       GFI announced the Email Security Testing Zone, a Web site that lets 
    companies check the vulnerability of their email system. An 
    organization can instantly discover whether its system is secure 
    against current and future email threats, such as email messages 
    containing infected attachments and malformed MIME headers, and HTML 
    email messages with embedded scripts. Users submit their names and 
    email addresses at GFI's Email Security Testing Zone, and GFI sends the 
    users harmless tests to check their email system's vulnerability. 
    Contact GFI at 919-388-3373 or 888-243-4329.
       http://www.gfi.com
    
    8. ==== HOT THREADS ====
    
    * WINDOWS 2000 MAGAZINE ONLINE FORUMS
       http://www.win2000mag.net/forums 
    
    Featured Thread: IE 5.0 Update Files
       (Six messages in this thread)
    
    Chris said he's updating Internet Explorer (IE) 5.0 with Service Pack 2 
    (SP2) to close holes the Nimda worm exploits. However, he finds that 
    the ie5setup.exe program is only an installer that pulls actual update 
    files from a site on the Internet. This method is slow, and he wonders 
    whether a way exists to download a copy of the entire update to a file 
    or set of files so that he can more easily install it across his 
    network. Can you help? Read the responses or lend a hand at the 
    following URL:
       http://www.secadministrator.com/forums/thread.cfm?thread_id=79499
    
    * HOWTO MAILING LIST
       http://www.secadministrator.com/listserv/page_listserv.asp?s=howto
    Featured Thread: Security Patch Distribution
       (Four messages in this thread)
    
    Chris wonders what methods people use to distribute Microsoft's security 
    patches. He also wonders whether System Management Services (SMS) is 
    capable of distributing patches. Can you help? Read the responses or 
    lend a hand at the following URL:
      
    http://63.88.172.96/listserv/page_listserv.asp?a2=ind0111d&l=howto&p=965
    
    9. ==== CONTACT US ====
       Here's how to reach us with your comments and questions:
    
    * ABOUT IN FOCUS -- markat_private
    
    * ABOUT THE NEWSLETTER IN GENERAL -- mlibbeyat_private (please
      mention the newsletter name in the subject line)
    
    * TECHNICAL QUESTIONS -- http://www.win2000mag.net/forums
    
    * PRODUCT NEWS -- productsat_private
    
    * QUESTIONS ABOUT YOUR SECURITY UPDATE SUBSCRIPTION? Email Customer
      Support -- securityupdateat_private
    
    * WANT TO SPONSOR SECURITY UPDATE? emedia_oppsat_private
    
    ********************
    
       Receive the latest information about the Windows and .NET topics of 
       your choice. Subscribe to our other FREE email newsletters.
       http://www.win2000mag.net/email
    
    |-+-+-+-+-+-+-+-+-+-| 
    
    Thank you for reading Security UPDATE.
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.
    



    This archive was generated by hypermail 2b30 : Thu Nov 29 2001 - 18:46:01 PST