[ISN] Security UPDATE, December 19, 2001

From: InfoSec News (isnat_private)
Date: Wed Dec 19 2001 - 22:26:48 PST

  • Next message: InfoSec News: "[ISN] Conn. hacker indicted in attacks on San Diego auto site"

    ********************
    Windows & .NET Magazine Security UPDATE--brought to you by Security
    Administrator, a print newsletter bringing you practical, how-to
    articles about securing your Windows .NET, 2000, and NT systems.
       http://www.secadministrator.com
    ********************
    
    ~~~~ THIS ISSUE SPONSORED BY ~~~~
    
    Free WebTrends Firewall Suite Trial from NetIQ
    http://lists.win2000mag.net/cgi-bin3/flo?y=eJpv0CJgSH0BVg0pYN0A3 
    
    Lieberman & Associates--Shore Up Your Back Doors
       http://lists.win2000mag.net/cgi-bin3/flo?y=eJpv0CJgSH0BVg0pYO0A4 
       (below IN FOCUS)
    
    ~~~~~~~~~~~~~~~~~~~~
    
    ~~~~ SPONSOR: FREE WEBTRENDS FIREWALL SUITE TRIAL FROM NETIQ ~~~~
       Do you need to capture every move, incoming and outgoing, across 
    your company's firewall? Then leave nothing to chance--download a FREE 
    trial of WebTrends' award-winning Firewall Suite from NetIQ. Firewall 
    Suite provides immediate alerts, identifies and reports on critical 
    security events and generates more than 200 reports for IT managers and 
    security professionals. It also provides support for more than 35 
    leading firewall and proxy servers, including Check Point and Cisco. 
    Download your free trial today at:
    http://lists.win2000mag.net/cgi-bin3/flo?y=eJpv0CJgSH0BVg0pYN0A3 
    
    ********************
    
    December 19, 2001--In this issue:
    
    1. IN FOCUS
         - Office XP SP1: No More HTML Messages
    
    2. SECURITY RISK
         - DoS in Win2K Internet Key Exchange
         
    3. ANNOUNCEMENTS
         - Check Out the New WebSphere Professional Site!
         - What Does a Connected Home Look Like?
    
    4. SECURITY ROUNDUP
         - News: A Quick Look at the First Office XP Service Pack
         - News: BlackICE Now Offers VPN Protection
         - News: Specially Formed Script in HTML Mail Can Execute in 
    Exchange 5.5 OWA
         - Feature: Securing Exchange 2000 Servers
    
    5. HOT RELEASE (ADVERTISEMENT)
         - Sponsored by VeriSign--The Value of Trust
    
    6. SECURITY TOOLKIT
         - Virus Center
         - FAQ: How Can I Enable Users to Set the Administrator Password 
           During a Remote Installation Services Installation?
    
    7. NEW AND IMPROVED
         - Security Partnership
         - Protect Your Password
    
    8. HOT THREADS
         - Windows 2000 Magazine Online Forums
             - Featured Thread: To Whom Do I Report an Ongoing Attack?
         - HowTo Mailing List:
             - Featured Thread: How Can I Monitor Third-Party Email?
    
    9. CONTACT US
       See this section for a list of ways to contact us.
    
    ~~~~~~~~~~~~~~~~~~~~
    
    1. ==== IN FOCUS ====
    
    [Editor's note: Windows 2000 Magazine has a new name: Windows & .NET 
    Magazine. But, our mission hasn't changed: We're still providing 
    technical, how-to content to help you do your job now--and help you 
    make smart decisions about new technology for the future. We think the 
    new name better conveys the scope of our coverage--we hope you think so 
    too.]
    
    * OFFICE XP SP1: NO MORE HTML MESSAGES
    
    Hello everyone,
    
    Are you using Microsoft Office XP 2002? If so, you'll want to read Paul 
    Thurrott's article about Office XP Service Pack 1 (SP1). Thurrott spoke with 
    Office XP Product Manager Nicole von Kaenel about some of the changes 
    and improvements SP1 offers, including use of the suite's error-
    feedback tool. You can find the story at the URL below.
       http://www.secadministrator.com/articles/index.cfm?articleid=23525
    
    SP1 also includes all of the previous Office suite security fixes, and 
    future suite updates will depend on this service pack already being 
    installed, so be sure to consider loading it (first URL below). You can 
    read Paul's original story about the service pack on our WinInfo Web 
    site (second URL below). 
       http://support.microsoft.com/default.aspx?scid=kb;en-us;q307841
       http://www.wininformant.com/articles/index.cfm?articleid=23492
    
    One slick feature of SP1 is its ability to read nonsecure email as 
    plain text. As you'll learn in Microsoft article Q307594, by adjusting 
    an Outlook-related registry key, all nondigitally-signed email and 
    nonencrypted email will appear in plain text whether the message is 
    opened separately or displayed in the preview pane. Individual users 
    can use the feature, and administrators can set policies for Outlook 
    2002 that apply across the enterprise.
       http://support.microsoft.com/default.aspx?scid=kb;en-us;Q307594
    
    On December 4, I wrote a news story about Russ Cooper's NoHTML tool 
    (first URL below) for Outlook 2002 and Outlook 2000 clients. The new 
    functionality in SP1 goes beyond the capability Cooper introduced; 
    however, SP1 contains no such feature for Outlook 2000 clients, so 
    Cooper's tool is a great way to introduce more security into those 
    products. You can find the tool by going to the second URL below.
       http://www.secadministrator.com/articles/index.cfm?articleid=23391   
       http://ntbugtraq.ntadvice.com/default.asp?sid=1&pid=55&did=38
    
    This week, I learned about a new Java-based packet sniffer and analyzer 
    called Mognet, which is free and comes complete with source code. It 
    runs on handheld devices or on desktops and is available under the GNU 
    General Public License (GPL). 
       http://chocobospore.org/mognet
    
    Until the next issue, on January 2, have a great holiday.
    
    Mark Joseph Edwards, News Editor, markat_private
    
    ********************
    
    ~~~~ SPONSOR: LIEBERMAN & ASSOCIATES--SHORE UP YOUR BACK DOORS ~~~~
       THE NEW YEAR IS KNOCKING! Use your year-end budget dollars for 
    management tools you have always wanted. With Service Account Manager 
    you can report and change service settings on all your servers in 
    seconds. With User Manager Pro you can make the same changes to all 
    your workstations in a few mouse clicks. Get the award winning tools 
    you've been waiting for all year. Year-end discounts through December 
    31. Microsoft Gold Certified FREE TRIAL at 
    http://lists.win2000mag.net/cgi-bin3/flo?y=eJpv0CJgSH0BVg0pYO0A4 
    
    2. ==== SECURITY RISK ====
    
    * DOS IN WIN2K INTERNET KEY EXCHANGE
       A Denial of Service (DoS) condition exists in Microsoft Windows 2000 
    Internet Key (IKE) Exchange Service. If an attacker connects to a Win2K 
    system on port 500 and floods the service with UDP packets of 800 bytes 
    or greater, the system stops responding. Microsoft has not released a 
    fix or workaround for this problem. As a temporary workaround, affected 
    users who aren't using IP Security (IPSec) in their Win2K firewall can 
    turn off port 500.
       http://www.secadministrator.com/articles/index.cfm?articleid=23515
    
    3. ==== ANNOUNCEMENTS ====
    
    * CHECK OUT THE NEW WEBSPHERE PROFESSIONAL SITE!
       Look to this great new site for invaluable resources, such as our V4 
    Portal, which brings you fast, in-depth information about V4, the 
    WebSphere Road Map that will help you get started, DocFinder for help 
    finding IBM WebSphere reference materials, and forums for your 
    questions and comments. While you're there, sign up for FREE email 
    newsletters with news you can use!
       http://www.webspherepro.com
    
    * WHAT DOES A CONNECTED HOME LOOK LIKE?
       You've never seen anything like the Connected Home Magazine Virtual 
    Tour. Experience (room by room) the latest home entertainment, home 
    networking, and home automation options that are going to change how 
    you work and play. While you're there, enter to win a free copy of 
    Windows XP!
       http://www.connectedhomemag.com/virtualtour
    
    4. ==== SECURITY ROUNDUP ====
    
    * NEWS: A QUICK LOOK AT THE FIRST OFFICE XP SERVICE PACK
       Microsoft expects last week's Office XP Service Pack 1 (SP1) release 
    to usher in a new era of corporate adoptions of the product because 
    many organizations wait for the first consolidated update package 
    before upgrading. In this case, that expectation is probably warranted: 
    In addition to focusing on the three general areas of security, 
    stability, and performance, Office XP SP1 includes a number of Windows 
    XP-specific performance improvements that let the two systems work more 
    efficiently together. Paul Thurrott spoke with Office XP product 
    manager Nicole von Kaenel about the release (see URL below).
       http://www.secadministrator.com/articles/index.cfm?articleid=23525
    
    * NEWS: BLACKICE NOW OFFERS VPN PROTECTION
       Internet Security Systems (ISS) announced BlackICE Agent for 
    Workstations 3.1, a combination firewall and Intrusion Detection System 
    (IDS) that analyzes network activity on servers, workstations, and 
    network segments that VPN connections use. The product can protect 
    mobile users, remote users, and systems inside a network perimeter. 
    Learn more about the new version at the following URL.
       http://www.secadministrator.com/articles/index.cfm?articleid=23466
    
    * NEWS: SPECIALLY FORMED SCRIPT IN HTML MAIL CAN EXECUTE IN EXCHANGE 
    5.5 OWA
       Microsoft released a patch for Exchange Server 5.5 to fix an Outlook 
    Web Access (OWA) problem in which special script in an HTML-format 
    message could execute and perform operations on the user's Exchange 
    mailbox when the user opens the message. This patch is suitable only 
    for OWA servers running Internet Explorer (IE) 5.0 or later. Because no 
    full set of security patches exists for IE 5.0, Microsoft recommends 
    that companies with earlier versions of IE upgrade their OWA servers to 
    either IE 5.5 Service Pack 2 (SP2) or IE 6.0.
       http://www.microsoft.com/technet/security/bulletin/ms01-057.asp
    
    * FEATURE: SECURING EXCHANGE 2000 SERVERS
       In this feature article for Exchange and Outlook UPDATE, Tony 
    Redmond discusses techniques that can help you better secure your 
    Microsoft Exchange Servers. Be sure to stop by our Web site and check 
    it out!
       http://www.secadministrator.com/articles/index.cfm?articleid=23516
    
    5. ==== HOT RELEASE (ADVERTISEMENT) ====
    
    * SPONSORED BY VERISIGN -- THE VALUE OF TRUST
       Secure your servers with 128-bit SSL encryption! Grab your copy of 
    VeriSign's FREE Guide, "Securing Your Web Site for Business," and learn 
    about using SSL to encrypt e-commerce transactions. Get it now!
       http://lists.win2000mag.net/cgi-bin3/flo?y=eJpv0CJgSH0BVg0Lo50AP 
    
    6. ==== SECURITY TOOLKIT ====
    
    * VIRUS CENTER
       Panda Software and the Windows 2000 Magazine Network have teamed to 
    bring you the Center for Virus Control. Visit the site often to remain 
    informed about the latest threats to your system security.
       http://www.secadministrator.com/panda
    
    * FAQ: HOW CAN I ENABLE USERS TO SET THE ADMINISTRATOR PASSWORD DURING 
    A REMOTE INSTALLATION SERVICES INSTALLATION?
       ( contributed by John Savill, http://www.windows2000faq.com )
    
    A. When you use the Microsoft Remote Installation Services (RIS), by 
    default the Administrator password is set to null (blank) during the 
    installation. You can, however, let the user set a password during the 
    final GUI portion of installation by following these steps: 
    
    On the RIS server, open the .sif file of the installation you want to 
    modify. By default, this file is in the 
    RemoteInstall\Setup\[language]\Images\[folder name]\I386\Templates 
    folder with a name of ristndrd.sif. 
    
    Go to the [GuiUnattended] section of the .sif file, and find the 
    following line:
    
       AdminPassword = * 
    
       Change this line to read as follows:
    
       AdminPassword = "" 
    
       Save the change. 
    
    During installation, the system will prompt the user to type an 
    Administrator password. You should test this change to ensure that it 
    works correctly.
    
    As a side note, instead of "" you could type a password (e.g., 
    AdminPassword = "fred"), which sets the Administrator password to the 
    password you specify and doesn't prompt the user. However, this 
    password travels as clear text, so I don't recommend this approach.
    
    The Microsoft Windows 2000 Server Resource Kit describes another 
    option: You can use a Custom Installation Wizard and let the user type 
    in a password. However, this approach is quite complex.
    
    7. ==== NEW AND IMPROVED ====
       (contributed by Scott Firestone, IV, productsat_private)
    
    * SECURITY PARTNERSHIP
       Symantec and TruSecure announced a partnership that lets Symantec 
    Security Services use the TruSecure Service Provider 2001 service to 
    certify the security position of its Security Operations Centers. 
    Symantec Security Services will offer its customers the TruSecure 2001 
    service, which provides a process for managing information security 
    risks. TruSecure will also utilize NetRecon, Symantec's vulnerability 
    assessment tool, as part of its security assurance services. Contact 
    Symantec at 408-517-8000.
       http://www.symantec.com
    
    * PROTECT YOUR PASSWORD
       SSH Communications Security released SSH Secure Shell 3.1, software 
    that protects you from people who try to steal passwords from the 
    Internet. The software supports Online Certificate Status Protocol for 
    improved security through realtime verification of a certificate's 
    validity. The new version also supports Secure File Transfer Protocol 
    event logging at the server end, enabling recording of user actions for 
    improved security. Pricing starts at $99 per workstation license, $475 
    per UNIX server license, and $565 per Windows server license. Contact 
    SSH Communications Security at 650-251-2700.
       http://www.ssh.com
    
    8. ==== HOT THREADS ====
    
    * WINDOWS 2000 MAGAZINE ONLINE FORUMS
       http://www.winnetmag.net/forums 
    
    Featured Thread: To Whom Do I Report an Ongoing Attack? 
       (Four messages in this thread)
       
    Our server was hit earlier this year with the Code Red worm. I applied 
    all the recommended security fixes. However, our server continues to log 
    ongoing probes from changing IP addresses in the Web service log.  
       
    Every day we get hits searching for root.exe and cmd.exe in different 
    directories. Currently, I manually enter all originating IP addresses in 
    the "Excluded Computer" property sheet in the Directory Security tab. 
    However, I want to track down the perpetrators and stop the probes. The 
    machine is running an intranet site and needs to be connected so 
    employees in different states can access it. 
       
    Is there any law enforcement entity or other agency that can help? Can 
    you help? Read the responses or lend a hand at the 
    following URL:
       http://www.secadministrator.com/forums/thread.cfm?thread_id=87730
    
    * HOWTO MAILING LIST
       http://www.secadministrator.com/listserv/page_listserv.asp?s=howto
    
    Featured Thread: How Can I Monitor Third-Party Email? 
       (Six messages in this thread)
    
    Sebastian wonders how a business can monitor the email messages that 
    users send using third-party mail servers such as Hotmail and Yahoo. Can 
    you help? Read the responses or lend a hand at the following URL:
    http://63.88.172.96/listserv/page_listserv.asp?a2=ind0112b&L=howto&F=&S=&P=84
    
    9. ==== CONTACT US ====
       Here's how to reach us with your comments and questions:
    
    * ABOUT IN FOCUS -- markat_private
    
    * ABOUT THE NEWSLETTER IN GENERAL -- mlibbeyat_private (please
    mention the newsletter name in the subject line)
    
    * TECHNICAL QUESTIONS -- http://www.winnetmag.net/forums
    
    * PRODUCT NEWS -- productsat_private
    
    * QUESTIONS ABOUT YOUR SECURITY UPDATE SUBSCRIPTION? Customer
    Support -- securityupdateat_private
    
    * WANT TO SPONSOR SECURITY UPDATE? emedia_oppsat_private
    
    ********************
    
       Receive the latest information about the Windows and .NET topics of 
    your choice. Subscribe to our other FREE email newsletters.
       http://www.winnetmag.net/email
    
    |-+-+-+-+-+-+-+-+-+-| 
    
    Thank you for reading Security UPDATE.
    
    SUBSCRIBE
    To subscribe, send a blank email to mailto:Security_UPDATE_Subat_private
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.
    



    This archive was generated by hypermail 2b30 : Thu Dec 20 2001 - 16:34:47 PST