[ISN] Security UPDATE, July 3, 2002

From: InfoSec News (isnat_private)
Date: Mon Jul 08 2002 - 04:17:22 PDT

  • Next message: InfoSec News: "Re: [ISN] Apple: Taking OS X security seriously -- finally"

    ********************
    Windows & .NET Magazine Security UPDATE--brought to you by Security
    Administrator, a print newsletter bringing you practical, how-to
    articles about securing your Windows .NET Server, Windows 2000, and
    Windows NT systems.
       http://www.secadministrator.com
    ********************
    
    ~~~~ THIS ISSUE SPONSORED BY ~~~~
    
    Connected Home Virtual Tour
       http://list.winnetmag.com/cgi-bin3/flo?y=eMYH0CJgSH0CBw0LTe0Ab <track>
    
    Protection Where You're Most Vulnerable
       http://list.winnetmag.com/cgi-bin3/flo?y=eMYH0CJgSH0CBw02yQ0AS <track>
       (below IN FOCUS)
    
    ~~~~~~~~~~~~~~~~~~~~
    
    ~~~~ SPONSOR: Connected Home Virtual Tour ~~~~
       WIN A FREE DIGITAL VIDEO RECORDER FROM SONICBLUE!
       Visit the Connected Home Virtual Tour and check out our summer
    feature on networking your home. Sign up for prize drawings, too, and
    you might win a free digital video recorder from SONICblue. Take the
    tour today!
       http://list.winnetmag.com/cgi-bin3/flo?y=eMYH0CJgSH0CBw0LTe0Ab <track>
    
    ~~~~~~~~~~~~~~~~~~~~
    
    July 3, 2002--In this issue:
    
    1. IN FOCUS
         - Patch Your Apache Servers Now
    
    2. ANNOUNCEMENTS
         - Windows Scripting Solutions for the Systems Administrator
         - Attend Black Hat Briefings & Training, July 29 through August
           1, Las Vegas
     
    3. SECURITY ROUNDUP
         - News: Microsoft's Secret Plan to Secure the PC
         - Feature: Guard Your Data with Kerberos
         - Feature: Personal Firewalls
    
    4.SECURITY TOOLKIT
         - Virus Center
         - FAQ: How Can I Modify the Installation Credential Settings in
           Win2K?
    
    5. NEW AND IMPROVED
         - Network Protection Solution
         - Internet Security Solution for Data Centers
     
    6. HOT THREADS
         - Windows & .NET Magazine Online Forums
             - Featured Thread: Outlook Personal Folders
          - HowTo Mailing List
             - Featured Thread: PC Configuration and Software Inventory
    
    7. CONTACT US
       See this section for a list of ways to contact us.
    
    ~~~~~~~~~~~~~~~~~~~~
    
    1. ==== IN FOCUS ====
       (contributed by Mark Joseph Edwards, News Editor, markat_private)
    
    * PATCH YOUR APACHE SERVERS NOW
    
    Do you use an Apache Web server? Two weeks ago, a user reported a
    vulnerability in the popular Web server software that lets intruders
    run arbitrary code and possibly gain root access to a system. The
    vulnerability relates to chunk-encoded data, per the HTTP 1.1 standard
    that Internet Engineering Task Force (IETF) Request for Comments (RFC)
    2616 outlines. The Apache Software Foundation hurried to release
    patched code to protect against exploits, which were first thought to
    affect only 64-bit platforms. However, a user released source code for
    an exploit against 32-bit x86-based systems, which means users running
    Apache on 32-bit platforms are also vulnerable.
    
    On June 19 and June 21, a user identifying himself as "Gobbles" posted
    the working exploit code to the BugTraq mailing list. Not
    surprisingly, last Friday, June 28, users detected a new worm
    spreading on the Internet, which exploits the chunked-encoding
    vulnerability.
    
    One user, Domas Mituzas, captured the worm in a honeypot system and
    analyzed it, revealing several aspects of the worm's activity. The
    worm spreads by scanning for other vulnerable Apache servers. It also
    contains a command interface that listens on UDP port 2001 and lets
    the worm be instructed to perform Distributed Denial of Service (DDoS)
    attacks against specified targets. Shortly after Mituzas posted the
    worm's binary executables to the Web, he received the complete source
    code for the worm through email and subsequently posted that code to
    the Web as well.
       http://dammit.lt/apache-worm
    
    The problem is very serious because approximately 50 million Apache
    Web servers operate on the Internet. The fact that many vendors, such
    as Dell, have used Apache code to build Web management interfaces into
    their various network-management products compounds the problem.
    
    The Computer Emergency Response Team (CERT) issued an advisory
    (CA-2002-17) about the vulnerability, which is available at the first
    URL below. The Apache team has released updated software that helps
    protect 64-bit and 32-bit versions and recommends that all users
    upgrade to Apache 2.0.39 or Apache 1.3.26. Some users might be relying
    on third-party patches to help correct the matter. However, not all of
    those third-party patches address the complete scope of the
    vulnerabilities. Therefore, I urge users to immediately obtain and
    install patched code directly from the Apache Software Foundation.
       http://www.cert.org/advisories/CA-2002-17.html
       http://httpd.apache.org/info/security_bulletin_20020620.txt
    
    But even with the new version, Apache 2.0.39, installed, Apache
    servers might have trouble. Another user, Brett Glass, reported that
    one of his Apache 2.0.39 servers "went berserk" by spawning the
    maximum number of child processes, which locked up his system. His
    logs revealed that the child processes had been attempting to free
    memory space that had already been freed. No more information about
    this anomaly is available right now. However, I'll keep you posted
    regarding any significant new information. In the meantime, help ward
    off a potential DDoS nightmare: Patch your Apache servers now.
    
    ~~~~~~~~~~~~~~~~~~~~
    
    ~~~~ SPONSOR: PROTECTION WHERE YOU'RE MOST VULNERABLE ~~~~
       In spite of your efforts, nearly 80% of Internet Attacks pass thru
    your network firewall, targeting your Internet application and web
    servers. Isn't it time you spent your budget on a solution that
    actually works AND provides a tangible ROI for the guys upstairs?
    Since 1999, Turillion's eServer Secure web application firewall has
    saved thousands in IT mans hours without a single compromise. WANT
    PROOF - Protect your enterprise today DOWNLOAD THE FREE 15-DAY EVAL OF
    ESERVER SECURE--The 3rd Generation of Internet Security
       http://list.winnetmag.com/cgi-bin3/flo?y=eMYH0CJgSH0CBw02yQ0AS <track>
    
    ~~~~~~~~~~~~~~~~~~~~
    
    2. ==== ANNOUNCEMENTS ====
       (brought to you by Windows & .NET Magazine and its partners)
    
    * WINDOWS SCRIPTING SOLUTIONS FOR THE SYSTEMS ADMINISTRATOR
       So, you're not a programmer, but that doesn't mean you can't learn
    to create and deploy timesaving, problem-solving scripts. Discover
    Windows Scripting Solutions online, the Web site that can help you
    tackle common problems and automate everyday tasks with simple tools,
    tricks, and scripts. While you're there, check out this article
    ( http://list.winnetmag.com/cgi-bin3/flo?y=eMYH0CJgSH0CBw02aD0Ap )
    on WMI scripting for beginners!
       http://list.winnetmag.com/cgi-bin3/flo?y=eMYH0CJgSH0CBw02aE0Aq
    
    * ATTEND BLACK HAT BRIEFINGS & TRAINING, JULY 29 THROUGH AUGUST 1, LAS
    VEGAS
       This is the world's premier technical security event! Includes 8
    tracks, 12 training sessions, a Richard Clarke keynote, 1500 delegates
    from 30 nations, and lots of new sessions and sponsors just added.
    Some classes are near sellouts. See what the buzz is about for
    yourself. Visit:
       http://list.winnetmag.com/cgi-bin3/flo?y=eMYH0CJgSH0CBw0pHV0Ak
    
    3. ==== SECURITY ROUNDUP ====
    
    * NEWS: MICROSOFT'S SECRET PLAN TO SECURE THE PC
       You've heard of Trustworthy Computing and the massive corporate
    remodeling going on at Microsoft: The company has asked all its
    developers, product managers, and executive assistants to rethink
    everything they do in the context of security. Well, that's just the
    tip of the iceberg. Secretly, the company has been working on a plan
    to rearchitect the PC from the ground up, to address the security,
    privacy, and intellectual property theft concerns that dog the
    industry today.
       http://www.secadministrator.com/articles/index.cfm?articleid=25681
    
    * FEATURE: GUARD YOUR DATA WITH KERBEROS
       Servers depend on the twin processes of authentication and
    authorization. If the server doesn't have total confidence in the
    user's identity and thus can't be sure of the permissions a user has,
    all attempts to control access to data fail. Microsoft has long
    preferred Windows NT-authenticated logons over SQL
    Server-authenticated logins because Windows has more effective
    mechanisms for verifying users' identities than just comparing an
    account and password combination. Kerberos authentication, Windows
    2000's default authentication protocol, improves on NT's
    authentication protocol in several ways and offers identification of
    both the client and the server.
       http://www.secadministrator.com/articles/index.cfm?articleid=25080
    
    * FEATURE: PERSONAL FIREWALLS
       All you want to do is use your computer to do your job, play games,
    learn, buy, and surf the Web. You don't want to worry about malicious
    intruders, port scans, Trojan horses, worms, and all the other
    mischievous stuff that hunts your computer. You shouldn't have to
    worry, but you must; thousands of malicious programs exist solely to
    break into your PC. That's where personal firewalls come in. Roger A.
    Grimes reviews six personal firewalls. Be sure to read the review on
    our Web site!
       http://www.secadministrator.com/articles/index.cfm?articleid=25348
    
    4. ==== SECURITY TOOLKIT ====
    
    * VIRUS CENTER
       Panda Software and the Windows & .NET Magazine Network have teamed
    to bring you the Center for Virus Control. Visit the site often to
    remain informed about the latest threats to your system security.
       http://www.secadministrator.com/panda
    
    * FAQ: HOW CAN I MODIFY THE INSTALLATION CREDENTIAL SETTINGS IN WIN2K?
       ( contributed by John Savill, http://www.windows2000faq.com )
    
    A. An administrator can lock down a system to prevent a user from
    installing new software or configure the system so that the user can
    provide credentials to let the installation continue. To modify the
    installation credential settings for one machine, perform the
    following steps:
       1. Start a registry editor (e.g., regedit.exe).
       2. Navigate to the
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\
    Explorer registry subkey.
       3. Double-click the NoRunasInstallPrompt value; set it to 1 to
    disable credentials or 0 to allow credentials.
       4. Click OK.
    
    To modify the installation credential settings for network
    installations, perform the following steps:
       1. Start a registry editor (e.g., regedit.exe).
       2. Navigate to the
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\
    Explorer registry subkey.
       3. Double-click the PromptRunasInstallNetPath value; set it to 1 to
    disable credentials or 0 to allow credentials.
       4. Click OK.
    
    5. ==== NEW AND IMPROVED ====
       (contributed by Judy Drennen, productsat_private)
    
    * NETWORK PROTECTION SOLUTION
       Internet Security Systems (ISS) announced RealSecure Server Sensor
    for Microsoft Internet Security and Acceleration (ISA) Server 2000.
    RealSecure is an advanced protection solution designed to help
    Microsoft users in small to midsize organizations detect, prevent, and
    respond to an ever-changing spectrum of online threats. RealSecure
    continuously detects and responds to unauthorized or suspicious
    network behavior in realtime. For pricing information, contact ISS at
    888-901-7477.
       http://www.iss.net/isaserver
    
    * INTERNET SECURITY SOLUTION FOR DATA CENTERS
       Check Point Software Technologies announced Check Point
    VPN-1/FireWall-1 VSX, a carrier-class multipolicy Internet security
    solution for service providers and corporate data centers. Through
    software virtualization and Virtual LAN (VLAN) technology,
    VPN-1/FireWall-1 VSX scales the Check Point VPN-1/FireWall-1 to create
    up to 100 separate virtual systems on one hardware platform.
    VPN-1/FireWall-1 VSX costs $24,000 for 10 customer policies. Contact
    Check Point at 800-429-4391.
       http://www.checkpoint.com
    
    6. ==== HOT THREADS ====
    
    * WINDOWS & .NET MAGAZINE ONLINE FORUMS
       http://www.winnetmag.com/forums
    
    Featured Thread: Outlook Personal Folders
       (One message in this thread)
    
    Magnus has a Windows NT domain with a few Windows 2000 clients. All
    users have roaming profiles. When a user has been working on a Win2K
    client system, then goes to an NT client system, that user profile
    does not work correctly. When the user checks email, he or she gets a
    message requesting them to enter a Windows password, which doe'''t
    exist. Magnus has found two solutions to the problem: He either
    disables the service for Outlook Personal Folders or recreates the
    user whole profile. Do you have a better solution?
       http://www.secadministrator.com/forums/thread.cfm?thread_id=107785
    
    * HOWTO MAILING LIST
       http://www.secadministrator.com/listserv/page_listserv.asp?s=howto
    
    Featured Thread: PC Configuration and Software Inventory
       (Twenty-one messages in this thread)
    
    Julias must perform a security audit that includes auditing installed
    software. At the same time, he needs to obtain information about the
    computer hardware configuration for several PCs on his network. He
    wants to know whether anyone knows of a PC configuration or software
    audit program that he can run from a 3.5" disk. The PCs he must audit
    run Windows 2000, Windows NT, Windows 9x, and DOS. Read the responses
    or lend a hand at the following URL:
      http://63.88.172.96/listserv/page_listserv.asp?a2=ind0206c&l=howto&p=80
    
    7. ==== CONTACT US ====
       Here is how to reach us with your comments and questions:
    
    * ABOUT IN FOCUS -- markat_private
    
    * ABOUT THE NEWSLETTER IN GENERAL -- vpattersonat_private (please
    mention the newsletter name in the subject line)
    
    * TECHNICAL QUESTIONS -- http://www.winnetmag.com/forums
    
    * PRODUCT NEWS -- productsat_private
    
    * QUESTIONS ABOUT YOUR SECURITY UPDATE SUBSCRIPTION? Customer
    Support -- securityupdateat_private
    
    * WANT TO SPONSOR SECURITY UPDATE? emedia_oppsat_private
    
    ********************
    
       This email newsletter is brought to you by Security Administrator,
    the print newsletter with independent, impartial advice for IT
    administrators securing a Windows 2000/Windows NT enterprise.
    Subscribe today!
       http://www.secadministrator.com/sub.cfm?code=saei25xxup
    
       Receive the latest information about the Windows and .NET topics of
    your choice. Subscribe to our other FREE email newsletters.
       http://www.winnetmag.com/email
    
    |-+-|-+-|-+-|-+-|-+-|
    
    Thank you for reading Security UPDATE.
    
    MANAGE YOUR ACCOUNT
    You can manage your entire Windows & .NET Magazine Network email
    newsletter account on our Web site. Simply log on and you can change
    your email address, update your profile information, and subscribe or
    unsubscribe to any of our email newsletters all in one place.
       http://www.winnetmag.com/email
    
    Thank you!
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Mon Jul 08 2002 - 06:50:07 PDT