******************** Windows 2000 Magazine Security UPDATE--brought to you by Security Administrator, a print newsletter bringing you practical, how-to articles about securing your Windows 2000 and NT systems. http://www.secadministrator.com ******************** ~~~~ THIS ISSUE SPONSORED BY ~~~~ IBM Infrastructure http://lists.win2000mag.net/cgi-bin3/flo?y=eJIE0CJgSH0BVg0olx0Aa Lieberman & Associates New User Manager Pro!! http://lists.win2000mag.net/cgi-bin3/flo?y=eJIE0CJgSH0BVg0oly0Ab (below IN FOCUS) ~~~~~~~~~~~~~~~~~~~~ ~~~~ SPONSOR: IBM INFRASTRUCTURE ~~~~ Not worried about hackers? You should be. Because they can put your e-business out of business. If your customers don't feel comfortable dealing with you online, they'll work with someone else. With IBM infrastructure, you'll have the security your company needs to operate effectively and to keep your clients comfortable. Your networks and servers are the backbone of your company. It's time you treated them that way. In today's ever-changing e-environment, keeping network security tight is something that can't be ignored. So is keeping your clients happy. Find out more from our latest security white paper today. Download at: http://lists.win2000mag.net/cgi-bin3/flo?y=eJIE0CJgSH0BVg0olx0Aa ******************** November 28, 2001--In this issue: 1. IN FOCUS - Everything Is Fallible in Its Own Way 2. ANNOUNCEMENTS - Zero-Cost Conference for IT Professionals! - Get the First Issue of WebSphere Professional Free! 3. SECURITY ROUNDUP - News: New Cyclone Programming Language: Bugs Be Gone! 4. HOT RELEASE (ADVERTISEMENT) - Sponsored by VeriSign -- The Value of Trust 5. INSTANT POLL - Results of Previous Poll: Regulating Software Security - Instant Poll: Personal Firewalls 6. SECURITY TOOLKIT - Virus Center - Virus Alert: W32/Badtrans.B - FAQ: Why Does an EAP-TLS Resumed Session Generate Error 691? 7. NEW AND IMPROVED - Secure PDAs - Test the Vulnerability of Your Email System 8. HOT THREADS - Windows 2000 Magazine Online Forums - Featured Thread: IE 5.0 Update Files - HowTo Mailing List: - Featured Thread: Security Patch Distribution 9. CONTACT US See this section for a list of ways to contact us. ~~~~~~~~~~~~~~~~~~~~ 1. ==== IN FOCUS ==== Hello everyone, In the November 14, 2001 Security UPDATE, I mentioned a story about TruSecure's PC Firewall Certification program. TruSecure awarded certification to three firewalls: ZoneAlarm Pro, Tiny Personal Firewall for Windows 2000, and Norton Personal Firewall for Windows. You can read more about this story at the URL below. http://www.secadministrator.com/articles/index.cfm?articleid=23173 Shortly after we published that story, I received email from a reader who wrote that a group of researchers has discovered a weakness in ZoneAlarm: The firewall might not protect a system against attack under certain circumstances. Users can reproduce the problem, and the firewall-maker, Zone Labs, is aware of the problem. No patch is available yet, but help is on the way I spoke with Zone Labs CEO and founder, Gregor Freund, who says the company expects to make a patch available within the next 2 weeks. Freund said that the company hasn't finished its research yet, so it isn't certain which legacy versions of the firewall the problem affects, but that the current version (2.6.362) is definitely vulnerable. A glitch in multilevel communication is causing the vulnerability. ZoneAlarm uses high-level filtering to govern activity at the application level, and low-level, stateful-inspection filtering to handle activity at the lower layers of the network. The two filtering levels communicate with each other, and a bug in the related code might cause a monitoring oversight. Freund said that Zone Labs hopes to make the patch available before any exploit details become public knowledge. ZoneAlarm users can expect to see a pop-up notice when the patch becomes available. http://www.zonealarm.com Consumers need to be aware that even the most well-intentioned product makers and certification agencies are fallible, and users shouldn't adopt the opinion that these organizations' security solutions are totally secure. We're conducting a new poll this week. If you use a personal firewall, we'd like to know which one? ZoneAlarm, Tiny Personal Firewall, Norton Personal Firewall, Sygate, or another? Please stop by the Security Administrator home page and answer the poll! http://www.secadministrator.com Until next time, have a great week. Mark Joseph Edwards, News Editor, markat_private ******************** ~~~~ SPONSOR: LIEBERMAN & ASSOCIATES NEW USER MANAGER PRO!! ~~~~ Need to manage the registry security on thousands of machines? Want to do it in just a few clicks? With the updated User Manager Pro you can rapidly scan and report on all your subnets where you have administrative access. Scan machines for blank administrator password vulnerability. Award winning. Microsoft Gold Certified. Visit our web site and download a FREE TRIAL, full featured, 5 licenses: http://lists.win2000mag.net/cgi-bin3/flo?y=eJIE0CJgSH0BVg0oly0Ab 2. ==== ANNOUNCEMENTS ==== * ZERO-COST CONFERENCE FOR IT PROFESSIONALS! IT-FREE is a no-cost information-technology conference delivering 30 compelling educational sessions and CEO keynotes from AOL, Compaq, Genuity, Oracle, and RealNetworks. Whether you're replacing your IT infrastructure, assessing security needs, or simply unable to travel to more distant events, IT-FREE's conference program will inform and enlighten. Register today. http://www.itfree.org * GET THE FIRST ISSUE OF WEBSPHERE PROFESSIONAL FREE! WebSphere Professional magazine launches this winter, and you won't want to miss it! This solution-packed publication will help you plan effective development and deployment strategies, solve real problems encountered in enterprise-level Web application development and deployment, save time and money by acquiring the best tools and adopting the best practices, and so much more! Sign up to receive the FREE premiere issue of WebSphere Professional at the following URL. http://www.webspherepro.com 3. ==== SECURITY ROUNDUP ==== * NEW CYCLONE PROGRAMMING LANGUAGE: BUGS BE GONE! Cornell University and AT&T Labs are developing Cyclone, a new computer-programming language similar to C, but which makes introducing bugs into the code much more difficult. The developers claim that Cyclone's data representation and calling conventions are interoperable with C-like programming styles, which will simplify porting code to Cyclone. http://lists.win2000mag.net/cgi-bin3/flo?y=eJIE0CJgSH0BVg0olz0Ac 4. ==== HOT RELEASE (ADVERTISEMENT) ==== * SPONSORED BY VERISIGN -- THE VALUE OF TRUST Secure your servers with 128-bit SSL encryption! Grab your copy of VeriSign's FREE Guide, "Securing Your Web site for Business," and learn about using SSL to encrypt e-commerce transactions. Get it now! http://www.verisign.com/cgi-bin/go.cgi?a=n094456100057000 5. ==== INSTANT POLL ==== * RESULTS OF PREVIOUS POLL: REGULATING SOFTWARE SECURITY The voting has closed in Windows 2000 Magazine's Security Administrator Channel nonscientific Instant Poll for the question, "Do faulty PC products increase the risk against national security-- should we regulate product-makers to help curb that risk?" a) Yes, b) No, or c) I'm not sure. Here are the results (+/-2 percent) from the 626 votes: 72% a) Yes. 22% b) No. 6% c) I'm not sure. * INSTANT POLL: PERSONAL FIREWALLS The current Instant Poll question is, "If you use a personal firewall, which one do you use?" a) ZoneAlarm, b) Tiny Personal Firewall, c) Norton Personal Firewall, d) Other. Go to the Security Administrator Channel home page and submit your vote. http://www.secadministrator.com 6. ==== SECURITY TOOLKIT ==== * VIRUS CENTER Panda Software and the Windows 2000 Magazine Network have teamed to bring you the Center for Virus Control. Visit the site often to remain informed about the latest threats to your system security. http://www.secadministrator.com/panda Virus Alert: W32/Badtrans.B Badtrans.B is a worm that spreads rapidly through email by using a file attachment whose name varies randomly. As with W32/Aliz, W32/Badtrans.B exploits a security problem in Internet Explorer (IE) 5.01 and 5.5. The problem in IE lets Microsoft Outlook's preview pane activate the file. When the attachment executes, the worm copies itself to the Windows system directory and attempts to obtain data from the system. Learn more about this worm at the URL below. http://126.96.36.199/panda/index.cfm?fuseaction=virus&virusid=1123 * FAQ: WHY DOES AN EAP-TLS RESUMED SESSION GENERATE ERROR 691? ( contributed by John Savill, http://www.windows2000faq.com ) A. Extensible Authentication Protocol-Transport Layer Security (EAP- TLS) is a Point-to-Point Protocol (PPP) extension supporting additional authentication methods within PPP. TLS provides mutual authentication, integrity-protected cipher-suite negotiation, and key exchange between two endpoints. When you try to reconnect an EAP-TLS connection, the session sometimes stops working and returns error 691 Access was denied because the username and/or password was invalid on the domain. To work around the problem, wait at least 2 minutes before you try to reconnect. Note: If you're using smart cards for remote-access authentication in Windows 2000, you must use the EAP-TLS authentication method. http://www.windows2000faq.com 7. ==== NEW AND IMPROVED ==== (contributed by Scott Firestone, IV, productsat_private) * SECURE PDAS Trust Digital released PDASecure Policy Editor, software that works in conjunction with the company's PDASecure Enterprise security software. You can install PDASecure Policy Editor on a server in a network and install PDASecure Enterprise on each PDA. You can then use the software to push security policies to every PDA device. The software supports Pocket PC, the Palm OS, and PDAs running Microsoft Windows CE. For pricing, contact Trust Digital at 703-246-9198. http://www.trustdigital.com * TEST THE VULNERABILITY OF YOUR EMAIL SYSTEM GFI announced the Email Security Testing Zone, a Web site that lets companies check the vulnerability of their email system. An organization can instantly discover whether its system is secure against current and future email threats, such as email messages containing infected attachments and malformed MIME headers, and HTML email messages with embedded scripts. Users submit their names and email addresses at GFI's Email Security Testing Zone, and GFI sends the users harmless tests to check their email system's vulnerability. Contact GFI at 919-388-3373 or 888-243-4329. http://www.gfi.com 8. ==== HOT THREADS ==== * WINDOWS 2000 MAGAZINE ONLINE FORUMS http://www.win2000mag.net/forums Featured Thread: IE 5.0 Update Files (Six messages in this thread) Chris said he's updating Internet Explorer (IE) 5.0 with Service Pack 2 (SP2) to close holes the Nimda worm exploits. However, he finds that the ie5setup.exe program is only an installer that pulls actual update files from a site on the Internet. This method is slow, and he wonders whether a way exists to download a copy of the entire update to a file or set of files so that he can more easily install it across his network. Can you help? Read the responses or lend a hand at the following URL: http://www.secadministrator.com/forums/thread.cfm?thread_id=79499 * HOWTO MAILING LIST http://www.secadministrator.com/listserv/page_listserv.asp?s=howto Featured Thread: Security Patch Distribution (Four messages in this thread) Chris wonders what methods people use to distribute Microsoft's security patches. He also wonders whether System Management Services (SMS) is capable of distributing patches. Can you help? Read the responses or lend a hand at the following URL: http://188.8.131.52/listserv/page_listserv.asp?a2=ind0111d&l=howto&p=965 9. ==== CONTACT US ==== Here's how to reach us with your comments and questions: * ABOUT IN FOCUS -- markat_private * ABOUT THE NEWSLETTER IN GENERAL -- mlibbeyat_private (please mention the newsletter name in the subject line) * TECHNICAL QUESTIONS -- http://www.win2000mag.net/forums * PRODUCT NEWS -- productsat_private * QUESTIONS ABOUT YOUR SECURITY UPDATE SUBSCRIPTION? Email Customer Support -- securityupdateat_private * WANT TO SPONSOR SECURITY UPDATE? emedia_oppsat_private ******************** Receive the latest information about the Windows and .NET topics of your choice. Subscribe to our other FREE email newsletters. http://www.win2000mag.net/email |-+-+-+-+-+-+-+-+-+-| Thank you for reading Security UPDATE. - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Thu Nov 29 2001 - 18:46:01 PST