[ISN] Security UPDATE, July 24, 2002

From: InfoSec News (isnat_private)
Date: Thu Jul 25 2002 - 03:41:04 PDT

  • Next message: InfoSec News: "[ISN] FC: Just in time for P2P-hacking bill: Disrupting KaZaa clients"

    ********************
    Windows & .NET Magazine Security UPDATE--brought to you by Security
    Administrator, a print newsletter bringing you practical, how-to
    articles about securing your Windows .NET Server, Windows 2000, and
    Windows NT systems.
       http://www.secadministrator.com
    ********************
    
    ~~~~ THIS ISSUE SPONSORED BY ~~~~
    
    Got security challenges? Come see solutions.
       http://list.winnetmag.com/cgi-bin3/flo?y=eMmj0CJgSH0CBw03Rz0AP
    
    Free White Paper: Content Filtering Strategies
       http://list.winnetmag.com/cgi-bin3/flo?y=eMmj0CJgSH0CBw03R10AC
       (below IN FOCUS)
    
    ~~~~~~~~~~~~~~~~~~~~
    
    ~~~~ SPONSOR: GOT SECURITY CHALLENGES? COME SEE SOLUTIONS.~~~~
       What is Microsoft really doing to improve the security in their
    products? What are your responsibilities vs. Microsoft's for security?
    How can you quickly locate and eliminate security vulnerabilities? Why
    were some companies protected from Nimda and Code Red when others were
    not? How can you become proactive, rather than reactive with security
    issues? Find out the answers to these and other questions at one of
    more than 15 free, half-day seminars co-sponsored by Microsoft and
    BindView Corporation, "Proactive Security Management for the Microsoft
    Enterprise." To find a location near you and to register, go to
       http://list.winnetmag.com/cgi-bin3/flo?y=eMmj0CJgSH0CBw03Rz0AP
    
    ~~~~~~~~~~~~~~~~~~~~
    
    July 24, 2002--In this issue:
    
    1. IN FOCUS
         - Security Statistics Abound: What Do They Tell Us?
    
    2. SECURITY RISKS
         - Remote PGP Outlook Encryption Plug-in Vulnerability
         - Buffer Overrun in Semantic Norton Personal Security Firewall
    
    3. ANNOUNCEMENTS
         - Energize Your Enterprise at MEC 2002, October 8 Through 11,
           Anaheim, CA
         - Real-World Tips and Solutions Here for You
    
    4. SECURITY ROUNDUP
         - News: New Win2K Pro Security Benchmarks
         - News: Internet Security Threat Report, Volume II
         - Feature: * #@$&% SECURITY
         - Feature: WMP EULA and DRM System Security
    
    5. INSTANT POLL
         - Results of Previous Poll: Credit Card Information Theft
         - New Instant Poll: Security Budget
    
    6. SECURITY TOOLKIT
         - Virus Center
            - Virus Alert: W32/Dadinu
            - Virus Alert: W32/Calil
            - Virus Alert: W32/Frethem.K
         - FAQ: How Can I Remove the Link Between Outlook 2002 and MSN
           Messenger?
    
    7. NEW AND IMPROVED
         - Learn about Web Security, Privacy, and Commerce
         - Restrict File and Folder Access
         - Submit Top Product Ideas
    
    8. HOT THREADS
         - Windows & .NET Magazine Online Forums
             - Featured Thread: Can DHCP Authenticate a Workstation Before
               Issuing an IP Address?
          - HowTo Mailing List:
             - Featured Thread: Event ID 1000 and Event ID 1202 in Win2K DCs
    
    9. CONTACT US
       See this section for a list of ways to contact us.
    
    ~~~~~~~~~~~~~~~~~~~~
    
    1. ==== IN FOCUS ====
       (contributed by Mark Joseph Edwards, News Editor,
    markat_private)
    
    * SECURITY STATISTICS ABOUND: WHAT DO THEY TELL US?
    
    Are you ready for more security statistics? Newly published
    information indicates that Linux systems suffered an increasing number
    of attacks in the first half of 2002, compared with 2001. According to
    London company mi2g, Linux systems have suffered 7630 attacks so far
    in 2002, not including viruses and worms. During all of 2001, Linux
    systems suffered only 5736 attacks. The company said the attacks are
    largely because of third-party applications with vulnerabilities that
    administrators don't patch quickly enough.
    
    On the other hand, attacks against Microsoft IIS systems have
    diminished. According to mi2g, attackers launched 9404 attacks against
    IIS systems in the first half of 2002, compared with 11,828 attacks in
    the first half of 2001.
    
    Overall, however, the number of attacks against all systems rose 27
    percent over last year. In the first half of 2001, organizations
    reported 16,007 attacks; so far this year, organizations have reported
    20,371 attacks.
    
    Government online systems are experiencing fewer attacks. Fifty-four
    US government systems reported attacks so far this year, compared with
    204 such attacks in the first half of 2001. In the UK, only 12
    government systems reported attacks this year, compared with 38
    attacks in the first half of 2001. According to mi2g, the US Cyber
    Security Enhancement Act (CSEA) has probably helped reduce the number
    of attacks against government systems because the act permits much
    stiffer penalties for cybercrime.
       http://www.mi2g.com/cgi/mi2g/press/110702.php
    
    The recently published Computer Emergency Response Team (CERT)
    statistics reflect an increase in the number of vulnerabilities
    reported this year. According to CERT, organizations have reported
    2148 vulnerabilities so far this year, compared with 2437 reported
    vulnerabilities in 2001 and 1090 reported in 2000.
       http://www.cert.org/stats/cert_stats.html
    
    The Computer Security Institute (CSI) released statistics in April
    2002 that CSI gathered in conjunction with the Federal Bureau of
    Investigation (FBI). CSI polled 503 security practitioners; 80 percent
    of those polled reported financial losses because of system breaches.
    Forty-four percent (223 entities) were willing to quantify their
    losses, which totaled about $455,848,000.
       http://www.gocsi.com/press/20020407.html
    
    Riptech, a Virginia-based security services firm, recently released an
    interesting set of statistics. Riptech gathered log information from
    400 companies in more than 30 countries and confirmed that more than
    180,000 attacks took place in the first half of 2002. The report shows
    that 80 percent of all attacks originate from 10 countries, including
    the United States, Germany, South Korea, China, France, Canada, Italy,
    Taiwan, the UK, and Japan. You can read more about Riptech's report in
    the related news story in the Security Roundup section of this
    newsletter.
       http://www.secadministrator.com/articles/index.cfm?articleid=25897
    
    With the exception of a few bright spots, the unsurprising news is
    that attacks are increasing. Some of the increase might be a function
    of a trend feeding on itself. For example, more organizations and
    individuals discover and report more vulnerabilities in some detail.
    Then, unscrupulous individuals use the details to perpetrate
    additional attacks. Also, each reported vulnerability--if left
    unpatched for too long--lets intruders attack an increasing number of
    systems. Because intruders use search-engine tactics to identify many
    vulnerable Web servers, the numbers can soar higher.
    
    Given the current climate, patch your systems quickly. And take a
    moment to answer today's Instant Poll question about the security
    resources you need to keep your organization from becoming a negative
    security statistic.
    
    ~~~~~~~~~~~~~~~~~~~~
    
    ~~~~ SPONSOR: FREE WHITE PAPER: CONTENT FILTERING STRATEGIES ~~~~
       Defeat cyber-threats. Avoid false alarms. Filter out the most
    dangerous file extensions. Block undesirable material from entering
    your company. Check out Panda Software's new white paper and discover
    how to protect your company against a whole range of threats - from
    rampant malware to email-transmitted viruses. All of this crucial
    information is offered to you completely FREE of charge. CLICK the
    following URL to DOWNLOAD now:
       http://list.winnetmag.com/cgi-bin3/flo?y=eMmj0CJgSH0CBw03R10AC
    
    ~~~~~~~~~~~~~~~~~~~~
    
    2. ==== SECURITY RISKS ====
       (contributed by Ken Pfeil, kenat_private)
    
    * REMOTE PGP OUTLOOK ENCRYPTION PLUG-IN VULNERABILITY
       Marc Maiffret and Riley Hassell of eEye Digital Security discovered
    a vulnerability in Network Associates' (NAI's) pretty good privacy
    (PGP) Outlook Encryption plugin. The vulnerability can result in
    remote compromise of the vulnerable system. By sending a specially
    crafted email to a vulnerable system, an attacker can execute code
    remotely on that system. Read eEye Digital Security's advisory for a
    detailed explanation of this vulnerability. NAI has released a patch
    for the latest version of the PGP Outlook plugin to address this
    vulnerability.
       http://www.secadministrator.com/articles/index.cfm?articleid=25875
    
    * BUFFER OVERRUN IN SEMANTIC NORTON PERSONAL SECURITY FIREWALL
       Ollie Whitehouse of @stake discovered a buffer-overflow
    vulnerability in Symantec's Norton Personal Firewall that an attacker
    can exploit to execute code on the vulnerable system. An intruder can
    exploit this vulnerability even if the requesting application isn't
    configured in the firewall permission settings to make outgoing
    requests. See the @stake advisory for a detailed technical
    explanation. The vendor, Symantec, has released an advisory regarding
    this vulnerability and recommends that affected users download the
    patch from the advisory URL when the patch becomes available.
       http://www.secadministrator.com/articles/index.cfm?articleid=25895
    
    3. ==== ANNOUNCEMENTS ====
       (brought to you by Windows & .NET Magazine and its partners)
    
    * ENERGIZE YOUR ENTERPRISE AT MEC 2002, OCTOBER 8 THROUGH 11, ANAHEIM,
    CA
       Don't miss the essential Microsoft infrastructure conference where
    you'll connect with a world of expert information, technical training
    sessions, best practices, and hands-on labs. Be among the first 1000
    to register and receive a free MEC 2002 DVD valued at $695--plus save
    $300!
       http://list.winnetmag.com/cgi-bin3/flo?y=eMmj0CJgSH0CBw02lL0A3
    
    * REAL-WORLD TIPS AND SOLUTIONS HERE FOR YOU
       Windows & .NET Magazine LIVE!'s full-conference schedule is now
    online. Don't miss this chance to network with the finest gathering of
    Windows gurus on the planet. This conference is chock full of "been
    there, done that" knowledge from people who use Microsoft products in
    the real world. Register now and access concurrently run XML Web
    Services Connections for FREE.
       http://list.winnetmag.com/cgi-bin3/flo?y=eMmj0CJgSH0CBw026q0Al
    
    4. ==== SECURITY ROUNDUP ====
    
    * NEWS: NEW WIN2K PRO SECURITY BENCHMARKS
       On July 17, the Center for Internet Security (CIS) released new
    security benchmarking tools for Windows 2000 Professional. The new
    benchmarking set consists of a scoring tool along with security
    templates that you can use to analyze and adjust system security
    settings.
       http://www.secadministrator.com/articles/index.cfm?articleid=25949
    
    * NEWS: INTERNET SECURITY THREAT REPORT, VOLUME II
       Riptech released Volume II of its Internet Security Threat Report,
    which shows that Internet attacks grew at an annualized rate of 64
    percent during the period between January 2002 and June 2002. The
    report is based on data mining and analysis of more than 11 billion
    firewall logs and Intrusion Detection System (IDS) alerts from more
    than 400 companies in more than 30 countries around the world.
       http://www.secadministrator.com/articles/index.cfm?articleid=25897
    
    * FEATURE: *#@$&% SECURITY
       As you know, securing your networks requires vigilance and a lot of
    work. However, you ignore security at your peril, risking your job and
    possibly your company's entire future. But when you adopt the right
    mind-set, security tasks aren't so bad. What's important is to address
    security problems before it's too late.
       http://www.secadministrator.com/articles/index.cfm?articleid=25928
    
    * FEATURE: WMP EULA AND DRM SYSTEM SECURITY
       On June 27, 2002, Microsoft posted a security update to the Windows
    Media Player (WMP). That update included an End User Licensing
    Agreement (EULA) covering, among other things, the Digital Rights
    Management (DRM) system.
       http://www.secadministrator.com/articles/index.cfm?articleid=25910
    
    5. ==== INSTANT POLL ====
    
    * RESULTS OF PREVIOUS POLL: CREDIT CARD INFORMATION THEFT
       The voting has closed in Windows & .NET Magazine's Security
    Administrator Channel nonscientific Instant Poll for the question,
    "Have you or has your company experienced credit card information
    theft through the Internet?" Here are the results (+/- 2 percent) from
    the 197 votes:
       - 23% I have experienced Internet credit card information theft
       -  5% My company has experienced Internet credit card information
     theft
       -  1% Both have experienced Internet credit card information theft
       - 71% Neither has experienced Internet credit card information
     theft
    
    * NEW INSTANT POLL: SECURITY BUDGET
       The next Instant Poll question is, "Is your current level of
    network security a function of budget constraints?" Go to the Security
    Administrator Channel home page and submit your vote for a) Yes--We
    need more security staff, b) Yes--We need additional security tools,
    c) Yes--We need additional staff and tools, d) No--We budget for
    adequate network security, or e) No--We "spare no expense" for network
    security.
       http://www.secadministrator.com
    
    6. ==== SECURITY TOOLKIT ====
    
    * VIRUS CENTER
       Panda Software and the Windows & .NET Magazine Network have teamed
    to bring you the Center for Virus Control. Visit the site often to
    remain informed about the latest threats to your system security.
       http://www.secadministrator.com/panda
    
    * VIRUS ALERT: W32/DADINU
       W32/Dadinu is a worm that spreads by sending itself to every
    address in the Microsoft Messenger Address Book. The worm creates a
    large number of files on infected computers. The files are copies of
    the worm.
       http://63.88.172.127/panda/index.cfm?fuseaction=virus&virusid=1183
    
    * VIRUS ALERT: W32/CALIL
       W32/Calil emails itself to every address in the Microsoft Outlook
    Address Book. The message containing the worm has a subject field that
    reads "FW:FW: LILAC project video attach."
       http://63.88.172.127/panda/index.cfm?fuseaction=virus&virusid=1185
    
    * VIRUS ALERT: W32/FRETHEM.K
       W32/Frethem.K is a worm that spreads through email with a subject
    that reads "Re: Your password!." This message contains a file
    attachment called "decrypt-password.exe file." The worm exploits a
    vulnerability in Microsoft Internet Explorer (IE) 5.5 and IE 5.01 that
    lets files attached to an email message run automatically simply by
    viewing the message.
       http://63.88.172.127/panda/index.cfm?fuseaction=virus&virusid=1187
    
    * FAQ: HOW CAN I REMOVE THE LINK BETWEEN OUTLOOK 2002 AND MSN
    MESSENGER?
       ( contributed by John Savill, http://www.windows2000faq.com )
    
    A. By default, Microsoft Outlook 2002 and MSN Messenger are linked. If
    both applications are running and you attempt to close MSN Messenger,
    the following error appears on the screen:
    
    "There are other applications currently using features provided by
    Windows Messenger. You must close these other applications before you
    can exit Windows Messenger. These applications may include Outlook,
    Outlook Express, MSN Explorer, and Internet Explorer."
    
    To remove the link between Outlook 2002 and MSN Messenger, perform the
    following steps:
       1. Start Outlook.
       2. From the Tools menu, select Options.
       3. Select the Other tab.
       4. Clear the "Enable Instant Messaging in Microsoft Outlook" check
    box in the Instant Messaging section, then click OK.
       5. Close and restart Outlook for the change to take effect.
    
    7. ==== NEW AND IMPROVED ====
       (contributed by Judy Drennen, productsat_private)
    
    * LEARN ABOUT WEB SECURITY, PRIVACY, AND COMMERCE
       O'Reilly & Associates released "Web Security, Privacy & Commerce,"
    a book by Simson Garfinkel and Gene Spafford that provides a reference
    on Web security risks and the techniques and technologies that you can
    use to protect yourself against these risks. Topics include
    cryptography, passwords, digital signatures, biometrics, cookies, log
    files, spam, Web logs, the Secure Sockets Layer (SSL), digital
    payments, client-side signatures, pornography filtering, intellectual
    property, and legal issues. The 756-page book costs $44.95. Contact
    O'Reilly at 800-998-9938.
       http://www.oreilly.com
    
    * RESTRICT FILE AND FOLDER ACCESS
       CenturionSoft and SoftClan released SoftClan Security Suite, a
    security and auditing program that can provide Windows Me and Windows
    9x systems with protection levels similar to Windows NT on NTFS. You
    can administer the software by using a transparent monitoring process
    that doesn't affect system performance. The software restricts file
    and folder access to protect a system from intruders, accidents, and
    viruses. The software controls and audits PC use for each user, which
    is important for PCs that have multiple users. SoftClan Security Suite
    costs $39.95. Contact CenturionSoft or SoftClan at 202-293-5151.
       http://www.centurionsoft.com
    
    * SUBMIT TOP PRODUCT IDEAS
       Have you used a product that changed your IT experience by saving
    you time or easing your daily burden? Do you know of a terrific
    product that others should know about? Tell us! We want to write about
    the product in a future What's Hot column. Send your product
    suggestions to whatshotat_private
    
    8. ==== HOT THREADS ====
    
    * WINDOWS & .NET MAGAZINE ONLINE FORUMS
       http://www.winnetmag.com/forums
    
    Featured Thread: Can DHCP Authenticate a Workstation Before Issuing an
    IP Address?
       (One message in this thread)
    
    Rich writes that he'll be migrating to a Windows 2000 DHCP server
    soon. He has a requirement that nonauthorized machines not be allowed
    on the network. Right now, Rich registers valid media access control
    (MAC) addresses through DHCP to prevent nonauthorized machines on the
    network, but performing this task is an administrative nightmare. Rich
    wants to know whether DHCP performs some other type of machine/user
    authentication before it issues an IP address so that if the
    authentication fails, the machine doesn't receive an address on the
    network. Do you know of any other solution to keep nonauthorized
    machines off a network? Read the responses or lend a hand:
       http://www.secadministrator.com/forums/thread.cfm?thread_id=109634
    
    * HOWTO MAILING LIST [need to move this item under HOT THREADS]
       http://www.secadministrator.com/listserv/page_listserv.asp?s=howto
    
    Featured Thread: Event ID 1000 and Event ID 1202 in Win2K DCs
       (One message in this thread)
    
    Eric recently had to take down the root server in his domain forest to
    reinstall the OS. Because he was running a second domain controller
    (DC) in the domain, the second controller took over as the root of the
    forest. He repaired the original domain root and put it back on the
    network as a DC. However, Eric now keeps receiving Event ID 1000 and
    Event ID 1202 error messages in the Application log every 5 minutes.
    He has reapplied the group policy link for the Domain Controller OU,
    but the error messages still appear. How can he resolve this problem?
    Read the responses or lend a hand at the following URL:
      http://63.88.172.96/listserv/page_listserv.asp?a2=ind0207c&l=howto&p=738
    
    9. ==== CONTACT US ====
       Here's how to reach us with your comments and questions:
    
    * ABOUT IN FOCUS -- markat_private
    
    * ABOUT THE NEWSLETTER IN GENERAL -- vpattersonat_private (please
    mention the newsletter name in the subject line)
    
    * TECHNICAL QUESTIONS -- http://www.winnetmag.com/forums
    
    * PRODUCT NEWS -- productsat_private
    
    * QUESTIONS ABOUT YOUR SECURITY UPDATE SUBSCRIPTION? Customer
    Support -- securityupdateat_private
    
    * WANT TO SPONSOR SECURITY UPDATE? emedia_oppsat_private
    
    ********************
    
       This email newsletter is brought to you by Security Administrator,
    the print newsletter with independent, impartial advice for IT
    administrators securing a Windows 2000/Windows NT enterprise.
    Subscribe today!
       http://www.secadministrator.com/sub.cfm?code=saei25xxup
    
       Receive the latest information about the Windows and .NET topics of
    your choice. Subscribe to our other FREE email newsletters.
       http://www.winnetmag.com/email
    
    |-+-|-+-|-+-|-+-|-+-|
    
    Thank you for reading Security UPDATE.
    
    
    MANAGE YOUR ACCOUNT
    You can manage your entire Windows & .NET Magazine Network email
    newsletter account on our Web site. Simply log on and you can change
    your email address, update your profile information, and subscribe or
    unsubscribe to any of our email newsletters all in one place.
       http://www.winnetmag.com/email
    
    Thank you!
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Thu Jul 25 2002 - 07:01:12 PDT