[ISN] Security UPDATE, January 23, 2002

From: InfoSec News (isnat_private)
Date: Thu Jan 24 2002 - 00:19:17 PST

  • Next message: InfoSec News: "[ISN] Advice sought in survey about vulnerability lifecycle, hacker ability"

    ********************
    Windows & .NET Magazine Security UPDATE--brought to you by Security 
    Administrator, a print newsletter bringing you practical, how-to 
    articles about securing your Windows .NET, 2000, and NT systems. 
       http://www.secadministrator.com 
    ******************** 
    
    ~~~~ THIS ISSUE SPONSORED BY ~~~~ 
    
    Secure Your Network: Free Trial from NetIQ
    
    http://www.webtrends.com/register/trial.htm?regtype=Trial%20Install&prodtype=EntSecurity&sourceid=NSSAW2KSU0111 
    
    Sponsored by VeriSign--The Value of Trust
       http://list.winnetmag.com/cgi-bin3/flo?y=eKQQ0CJgSH0CBw0p5N0AI 
       (below IN FOCUS) 
    
    ~~~~~~~~~~~~~~~~~~~~ 
    
    ~~~~ SPONSOR: SECURE YOUR NETWORK: FREE TRIAL FROM NETIQ ~~~~
       Need to proactively prevent security breaches and strengthen security 
    defenses by uncovering and resolving vulnerabilities? Protect your network with 
    NetIQ's award-winning, multi-platform vulnerability scanning and assessment 
    product, Security Analyzer. It automatically detects the latest known security 
    vulnerabilities, provides reports and guidance on how to address them and 
    seamlessly updates via an auto synchronization process. Prevent intrusions, 
    halt internal abuse and maximize the security and availability of your Internet 
    systems and corporate network today ... download a free trial of Security 
    Analyzer!
       
    http://www.webtrends.com/register/trial.htm?regtype=Trial%20Install&prodtype=EntSecurity&sourceid=NSSAW2KSU0111 
    
    ~~~~~~~~~~~~~~~~~~~~ 
    
    January 23, 2002--In this issue: 
    
    1. IN FOCUS
         - Updated Security Tools
    
    2. SECURITY RISKS
         - DoS in ZBServer Pro 1.5 for Windows 
         - File-Deletion Vulnerability in RaidenFTPD for Windows 
         - Weak Protection of Credentials in MiraMail 1.4 for Windows
    
    3. ANNOUNCEMENTS
         - Want 24 x 7 Availability?
         - Great Opportunity for .NET Developers
    
    4. SECURITY ROUNDUP
         - News: Mosaic Software Enhances Credit Card Fraud Prevention 
         - News: Tumbleweed Communications Introduces Secure Guardian OneChannel 
         - News: Complete Text of the Bill Gates "Trustworthy Computing" Memo 
         - News: New MKS Toolkit 8.0 Now Includes Secure Shell 
         - News: Microsoft to Promote Security Over New Features 
         - News: Reflex Magnetics Offers Free ScreenMail for Outlook
    
    5. HOT RELEASE (ADVERTISEMENT)
         - St. Bernard's iPrism, When Surfing Isn't Working
    
    6. SECURITY TOOLKIT
         - Virus Center
         - FAQ: How Can I Access the Windows Update Catalog for Windows XP and 
    Windows .NET Server?
    
    7. NEW AND IMPROVED
         - Encrypt and Digitally Sign Any File
         - Monitor PC Use
    
    8. HOT THREADS
         - Windows & .NET Magazine Online Forums
             - Featured Thread: How to Back Up and Restore NT Users
         - HowTo Mailing List
             - Featured Thread: Audit Policy Becomes Reset
    
    9. CONTACT US 
       See this section for a list of ways to contact us. 
    ~~~~~~~~~~~~~~~~~~~~ 
    
    1. ==== IN FOCUS ==== 
    
    * UPDATED SECURITY TOOLS 
    
    Hello everyone, 
    
    Microsoft's latest claim about bettering the security of its products came last 
    week in a supposedly leaked email from Microsoft Chairman and Chief Software 
    Architect Bill Gates to employees, in which Gates said, "When we face a choice 
    between adding features and resolving security issues, we need to choose 
    security." You can read the full text of the email--it's linked in the SECURITY 
    ROUNDUP section of this newsletter. 
    
    Do you know that Microsoft has updated its HFNetChk scanning tool? HFNetChk 3.3 
    scans systems to determine which hotfixes you have or haven't installed and 
    compares the system-information scans to an XML database. Shavlik Technologies 
    developed the tool for Microsoft. You can use the tool to scan local and remote 
    systems for patches related to Windows XP, Windows 2000, Windows NT 4.0, 
    Internet Information Services (IIS) 5.0 and Internet Information Server (IIS) 
    4.0, Internet Explorer (IE) 5.01 and later, SQL Server 2000, and SQL Server 
    7.0. HFNetChk also identifies .NET and IIS 6.0 servers, but the XML database 
    doesn't contain information to scan those systems yet. 
    
    HFNetChk 3.3 has several new features, including the ability to scan systems 
    that have disabled the Server service. The 3.3 version lets users specify a 
    username and password for scanning remote systems, write output to a specified 
    filename, and scan systems based on files containing lists of IP addresses or 
    NetBIOS machine names. 
    
    You can learn more about HFNetChk in Microsoft article Q303215, and the article 
    contains links to two other Microsoft articles (Q305385 and Q306460) that 
    contain further information. You can download a copy of the tool at Microsoft's 
    Web site. Be sure to view the readme.txt included with the program to learn 
    about all the latest changes to the new version.
       http://www.microsoft.com/technet/support/kb.asp?id=303215
       http://www.microsoft.com/downloads/release.asp?releaseid=31154
    
    Another updated tool you can download is Application Security's AppDetective. 
    Formerly available only for Oracle and Lotus Domino servers, AppDetective for 
    Microsoft SQL Server is now available in beta as a free download. The tool 
    performs database discovery and penetration testing, attack simulation, and in-
    depth security audits. AppDetective checks for Denial of Service (DoS) 
    conditions and server misconfigurations and also tests password strength. You 
    can download a beta version at the company's Web site.
       http://www.appsecinc.com/products/appdetective/mssql
    
    Until next time, have a great week. 
    
    Sincerely, 
    Mark Joseph Edwards, News Editor 
    markat_private 
    
    ~~~~~~~~~~~~~~~~~~~~ 
    
    ~~~~ SPONSOR: VERISIGN--THE VALUE OF TRUST ~~~~
       Is your e-business secure enough? Learn why it's vital to encrypt your 
    business transactions, secure your intranets, and authenticate your Web site 
    with the strongest encryption available--128-bit SSL. To learn more, get 
    VeriSign's FREE Guide, "Securing Your Web Site for Business" now: 
       http://list.winnetmag.com/cgi-bin3/flo?y=eKQQ0CJgSH0CBw0p5N0AI
    
    ~~~~~~~~~~~~~~~~~~~~ 
    
    2. ==== SECURITY RISKS ==== 
       (contributed by Ken Pfeil, kenat_private) 
    
    * DOS IN ZBSERVER PRO 1.5 FOR WINDOWS 
       Tamer Sahin of Security Office reported a Denial of Service (DoS) condition 
    in ZBServer Pro 1.5. If an attacker repeatedly sends a URL request with more 
    than 25,000 characters, the server quits responding. ZBSoft has been notified 
    but hasn't issued a patch.
       http://www.secadministrator.com/articles/index.cfm?articleid=23785
    
    * FILE-DELETION VULNERABILITY IN RAIDENFTPD FOR WINDOWS
       Tamer Sahin of Security Office reported a vulnerability in Raiden FTPD 2.2 
    that lets an attacker delete any file on the system located in the root 
    directory (e.g., C:\, D:\). The vendor, RaidenFTPD, has been notified but 
    hasn't issued a patch.
       http://www.secadministrator.com/articles/index.cfm?articleid=23786
    
    * WEAK PROTECTION OF CREDENTIALS IN MIRAMAIL 1.4 FOR WINDOWS
      Chris Lathem reported that a vulnerability exists in Nevrona MiraMail 1.4 
    because the system stores all account information and variables that it uses in 
    .ini files in plain text. Any user with access to these .ini files can steal or 
    modify account information, passwords, and groups with impunity. The vendor, 
    Nevrona Designs, has been notified and will issue version 1.5, which will 
    encrypt the vulnerable .ini files.
       http://www.secadministrator.com/articles/index.cfm?articleid=23787
    
    3. ==== ANNOUNCEMENTS ==== 
    
    * WANT 24 X 7 AVAILABILITY?
       High-availability networks, systems, and applications are crucial to every 
    business. Sign up for our (free!) Webinar taking place February 26 and 
    sponsored by MKS, and find out how to achieve 24 x 7 availability on Windows 
    2000. Windows & .NET Magazine author Tim Huckaby shares his expertise on load 
    balancing, monitoring, and more. Register today!
       http://list.winnetmag.com/cgi-bin3/flo?y=eKQQ0CJgSH0CBw0qQh0AD 
    
    * GREAT OPPORTUNITY FOR .NET DEVELOPERS
       Microsoft ASP.NET Connections, Visual Basic Connections, and WinDev are co-
    locating their events to deliver the largest independent .NET developer-focused 
    event in 2002. Three events for the price of one--more than 145 sessions 
    covering Web development, XML and data management, .NET framework internals, 
    Web forms, .NET basics, .NET Web security, VB6, C++, C#, debugging apps, and 
    more. Register now before this event sells out.
       http://list.winnetmag.com/cgi-bin3/flo?y=eKQQ0CJgSH0CBw0qSH0Ah 
    
    4. ==== SECURITY ROUNDUP ==== 
    
    * NEWS: MOSAIC SOFTWARE ENHANCES CREDIT CARD FRAUD PREVENTION 
       Mosaic Software, an Electronic Funds Transfer (EFT) software provider, 
    announced that clients using its Postilion credit card-processing software will 
    soon be able to route transactions through Retail Decisions, a fraud-prevention 
    services company. 
       http://www.secadministrator.com/articles/index.cfm?articleid=23818
    
    * NEWS: TUMBLEWEED COMMUNICATIONS INTRODUCES SECURE GUARDIAN ONECHANNEL 
       Tumbleweed Communications announced its new Secure Guardian OneChannel 
    software suite that helps companies communicate securely with business 
    partners. 
       http://www.secadministrator.com/articles/index.cfm?articleid=23821
    
    * NEWS: COMPLETE TEXT OF THE BILL GATES "TRUSTWORTHY COMPUTING" MEMO 
     Microsoft Chairman and Chief Software Architect Bill Gates writes, "Even more 
    important than any ... new capabilities is the fact that it is designed from 
    the ground up to deliver Trustworthy Computing. Customers will always be able 
    to rely on these systems."
       http://www.secadministrator.com/articles/index.cfm?articleid=23801
    
    * NEWS: NEW MKS TOOLKIT 8.0 NOW INCLUDES SECURE SHELL 
       MKS announced the release of MKS Toolkit 8.0, which includes a new secure 
    shell service for connectivity to UNIX and Windows systems. 
       http://www.secadministrator.com/articles/index.cfm?articleid=23791
    
    * NEWS: MICROSOFT TO PROMOTE SECURITY OVER NEW FEATURES 
       In an email message to the company's 40,000 employees last Wednesday, 
    Microsoft Chairman and Chief Software Architect Bill Gates announced a major 
    strategy shift across all of the company's products that will emphasize 
    security and privacy over new features
       http://www.secadministrator.com/articles/index.cfm?articleid=23792
    
    * NEWS: REFLEX MAGNETICS OFFERS FREE SCREENMAIL FOR OUTLOOK 
       UK-based Reflex Magnetics announced that it is offering its new ScreenMail 
    plugin for Outlook free of charge. The plugin works on Outlook Express 5.0 
    through 6.0 and Outlook 97 through 2002.
       http://www.secadministrator.com/articles/index.cfm?articleid=23790
    
    5. ==== HOT RELEASE (ADVERTISEMENT) ====
    
    * ST. BERNARD'S IPRISM, WHEN SURFING ISN'T WORKING 
       The cost of running your IT department is on the rise due to Internet abuse. 
    iPrism, PC Magazines editor's choice winner, can help. Not sure if Web abuse is 
    a problem, download our sample monitoring tool.
       http://list.winnetmag.com/cgi-bin3/flo?y=eKQQ0CJgSH0CBw0pE60AA
    
    6. ==== SECURITY TOOLKIT ==== 
    
    * VIRUS CENTER 
       Panda Software and the Windows 2000 Magazine Network have teamed to 
    bring you the Center for Virus Control. Visit the site often to remain 
    informed about the latest threats to your system security. 
       http://www.secadministrator.com/panda 
    
    * FAQ: HOW CAN I ACCESS THE WINDOWS UPDATE CATALOG FOR WINDOWS XP AND WINDOWS 
    .NET SERVER?
     ( contributed by John Savill, http://www.windows2000faq.com ) 
    
    A. Windows Update contains patches and upgrades for XP and .NET Server; 
    however, you can't save these fixes to a local machine. To save the patches and 
    upgrades locally, you must use the corporate Windows Update Catalog, which lets 
    you store fixes locally for subsequent installation. To access this catalog, 
    follow these steps: 
    
       1. Go to the general Windows Update Web site. 
       2. Under Other Options, select Personalize Windows Update. 
       3. Select the "Display the link to the Windows Update Catalog" under the 
    "See Also" option. 
       4. Click Save Settings. 
       5. Under See Also, you'll now have Windows Update Catalog. 
    
    You can also access the corporate Windows Update Catalog directly at this 
    Microsoft Web site. After you access the catalog, you can add several fixes to 
    your "basket" that Windows Update will download to your machine.
       http://www.windows2000faq.com/articles/index.cfm?articleid=23679
    
    7. ==== NEW AND IMPROVED ==== 
       (contributed by Scott Firestone, IV, productsat_private) 
    
    * ENCRYPT AND DIGITALLY SIGN ANY FILE
       Information Security released SecretAgent 5.5, file-encryption and digital-
    signature software that features support for Public Key Cryptography Standards 
    (PKCS) #11, improved certificate revocation list (CRL) support, Microsoft 
    CryptoAPI integration, an improved PKCS #12 export process, an archive-
    inspection feature, and easier setup and configuration features. Information 
    Security also released PolicyAgent, an administration tool that lets you 
    control the security settings within SecretAgent. SecretAgent 5.5 and 
    PolicyAgent run on Windows XP, Windows 2000, Windows Me, Windows NT, and 
    Windows 9x systems and each costs $179.95 for a single-user license. Contact 
    Information Security at 847-405-0500.
       http://www.infoseccorp.com
    
    * MONITOR PC USE
       Zemerick Software released Watchful Eye, software that provides secret and 
    secure PC monitoring for homes and small businesses concerned with Internet 
    safety and abuse. The software can capture all system keystrokes, capture Web 
    sites that the user visits, capture screenshots, and keep a record of executed 
    programs. Watchful Eye runs on Windows XP, Windows 2000, Windows Me, Windows 
    NT, and Windows 9x systems and costs $30. Contact Zemerick Software at 
    infoat_private
       http://www.zemericks.com
    
    8. ==== HOT THREADS ==== 
    
    * WINDOWS & .NET MAGAZINE ONLINE FORUMS 
       http://www.winnetmag.net/forums 
    
    Featured Thread: How to Back Up and Restore NT Users
       (Nine messages in this thread)
       Makus wants to know how to back up a system's Windows NT users, then restore 
    the users when he reinstalls the OS. Can you help? Read more about the problem 
    or lend a helping hand at the following URL:
       http://www.secadministrator.com/forums/thread.cfm?thread_id=86707
    
    * HOWTO MAILING LIST 
       http://www.secadministrator.com/listserv/page_listserv.asp?s=howto 
    
    Featured Thread: Audit Policy Becomes Reset
       (One message in this thread)
    
    Rick is having trouble with a server on which the audit policies keep resetting. 
    Whenever a user makes a change to the audit policy, Rick's logs indicate that 
    the SYSTEM account has changed the policies back to the original settings. This 
    activity is detailed in the event log by two "audit_policy_changed" events that 
    occur one right after the other. The first event shows the user that made the 
    audit policy change and also reflects the altered flags. The second event shows 
    the SYSTEM account restoring the flags to their original settings. Do you know 
    why? Read the responses or lend a hand at the following URL:
       http://63.88.172.96/listserv/page_listserv.asp?a2=ind0201c&l=howto&p=1830
    
    9. ==== CONTACT US ==== 
       Here's how to reach us with your comments and questions: 
    
    * ABOUT IN FOCUS -- markat_private 
    
    * ABOUT THE NEWSLETTER IN GENERAL -- mlibbeyat_private (please 
    mention the newsletter name in the subject line) 
    
    * TECHNICAL QUESTIONS -- http://www.winnetmag.net/forums 
    
    * PRODUCT NEWS -- productsat_private 
    
    * QUESTIONS ABOUT YOUR SECURITY UPDATE SUBSCRIPTION? Customer 
    Support -- securityupdateat_private 
    
    * WANT TO SPONSOR SECURITY UPDATE? emedia_oppsat_private 
    
    ******************** 
    
       Receive the latest information about the Windows and .NET topics of 
    your choice. Subscribe to our other FREE email newsletters. 
       http://www.winnetmag.net/email 
    
    |-+-+-+-+-+-+-+-+-+-| 
    
    Thank you for reading Security UPDATE.
    
    SUBSCRIBE
    To subscribe, send a blank email to mailto:Security-UPDATE_Subat_private
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.
    



    This archive was generated by hypermail 2b30 : Thu Jan 24 2002 - 04:30:54 PST