[ISN] Security UPDATE, September 4, 2002

From: InfoSec News (isnat_private)
Date: Wed Sep 04 2002 - 22:40:37 PDT

  • Next message: InfoSec News: "[ISN] Computer Security Standards Ready"

    ********************
    Windows & .NET Magazine Security UPDATE--brought to you by Security
    Administrator, a print newsletter bringing you practical, how-to
    articles about securing your Windows .NET Server, Windows 2000, and
    Windows NT systems.
       http://www.secadministrator.com
    ********************
    
    ~~~~ THIS ISSUE SPONSORED BY ~~~~
    
    VeriSign - The Value of Trust
       http://list.winnetmag.com/cgi-bin3/flo?y=eNMf0CJgSH0CBw04Wc0AX
    
    Exchange & Outlook Administrator Web Site
       http://list.winnetmag.com/cgi-bin3/flo?y=eNMf0CJgSH0CBw023p0A7
       (below IN FOCUS)
    
    ~~~~~~~~~~~~~~~~~~~~
    
    ~~~~ SPONSOR: VERISIGN - THE VALUE OF TRUST ~~~~
       FREE E-COMMERCE SECURITY GUIDE
       Is your e-business built on a strong, secure foundation? Find out
    with VeriSign's FREE White Paper, "Building an E-Commerce Trust
    Infrastructure." Learn how to authenticate your site to customers,
    secure your web servers with 128-Bit SSL encryption, and accept secure
    payments online. Click here:
       http://list.winnetmag.com/cgi-bin3/flo?y=eNMf0CJgSH0CBw04Wc0AX
    
    ~~~~~~~~~~~~~~~~~~~~
    
    September 4, 2002--In this issue:
    
    1. IN FOCUS
         - Can Others Stumble into Your Wireless Network?
    
    2. SECURITY RISKS
         - Digital Certificate Deletion Vulnerability in Windows
    
    3. ANNOUNCEMENTS
         - Mark Minasi and Paul Thurrott Are Bringing Their Security
           Expertise to You!
         - The Security Solutions You've Been Searching For!
    
    4. SECURITY ROUNDUP
         - News: Microsoft Settles with the FTC over .NET Passport
         - Feature: Introducing UDDI 3.0: Support for Digital Signatures
    
    5. HOT RELEASES (ADVERTISEMENTS)
         - FREE Security Assessment Tool
         - Prevent the 7 Deadly Classes of Network Attack
    
    6. INSTANT POLL
         - Results of Previous Poll: Biometric Scanners
         - New Instant Poll: Warchalking
    
    7. SECURITY TOOLKIT
         - Virus Center
         - FAQ: How Can I Easily View Which Cookies Are Stored on My
           Machine?
         - Event Highlight: Security Strategy Workshop
    
    8. NEW AND IMPROVED
         - End-to-End Security Solution for WLANs
         - Freeware Antipiracy Software Program
         - Submit Top Product Ideas
     
    9. HOT THREADS
         - Windows & .NET Magazine Online Forums
             - Featured Thread: Interpreting an Attack
          - HowTo Mailing List
             - Featured Thread: VIGILANTe's SecureScan NX Experience?
    
    10. CONTACT US
       See this section for a list of ways to contact us.
    
    ~~~~~~~~~~~~~~~~~~~~
    
    1. ==== IN FOCUS ====
       (contributed by Mark Joseph Edwards, News Editor,
    markat_private)
    
    * CAN OTHERS STUMBLE INTO YOUR WIRELESS NETWORK?
    
    In the August 7, 2002, edition of Security UPDATE, I wrote about a new
    trend called warchalking. As you know, warchalking is the act of
    marking buildings in the vicinity of wireless networks. The idea is to
    provide a visual clue indicating the presence of wireless networks so
    that people can obtain a free Internet connection. Warchalkers use
    distinctive markings and include information about bandwidth and
    various connection perimeters.
       http://www.secadministrator.com/articles/index.cfm?articleid=26207
    
    The trend is catching on, so much so that, according to VNU Business
    Publications, the Federal Bureau of Investigation (FBI) recently
    issued an unofficial warning that businesses should check the security
    of their wireless LAN (WLAN) equipment to ensure that adequate
    security is in place.
       http://www.vnunet.com/news/1134451
    
    Recently, I learned about a new Internet site, NetStumbler.com, that
    aids users in identifying and locating WLANs around the country. Among
    other features, the site hosts a national map that shows cities that
    have open WLANs and a searchable database that helps users query for
    information about specific locations.
       http://www.netstumbler.com
    
    NetStumbler.com also hosts a downloadable program called NetStumbler
    that lets users investigate a given WLAN's security. Security
    administrators can use it to test their sites. Anyone can download a
    copy (291KB) at the first URL below. According to the Web site,
    "NetStumbler is a Windows tool that allows you to [scan for] 802.11b
    (and 802.11a, if using Windows XP) wireless LANs. It includes [global
    positioning satellite (GPS)] integration and a simple, intuitive user
    interface. Though primarily targeted at owners of wireless LANs, it
    has been the de facto tool for casual users such as war drivers for
    over a year." The tool apparently even won a "PC Magazine" award
    earlier this year (see the second URL below), which named the tool its
    favorite innovative networking technology in the wireless software
    category.
       http://www.netstumbler.com/download.php?op=getit&lid=22
       http://www.pcmag.com/article2/0,4149,3666,00.asp
    
    NetStumbler runs on Windows 2000, Windows 98, and Win95 but doesn't
    work yet on Windows XP, Windows NT 4.0, or Windows Me. To see what it
    was like, I downloaded a copy and installed the tool. NetStumbler has
    a typical GUI, lets you choose a wireless NIC to use for scanning, and
    has scripting capabilities. After you've scanned an area and
    discovered WLANs, you can save the NetStumbler output and upload it to
    the NetStumbler.com Web site, where an application on the Web site
    converts it to Microsoft MapPoint 2002-compatible output. The process
    helps you plot WLAN points on a graphical map.
       http://www.microsoft.com/mappoint/overview.htm
    
    With resources such as NetStumbler and NetStumbler.com freely
    available, you should definitely take time to ensure that your WLAN
    security is adjusted to permit only authorized users access--unless
    you want to intentionally leave it open and available to anyone. The
    bottom line is that if you run a wireless network, you must keep it
    secure. If you don't, expect that someone will identify your network,
    chalk it up, and possibly submit it to the NetStumbler.com Web
    site--where everyone can find it quickly. For information about
    securing your WLANs, read Allen Jones' article, "Securing 802.11
    Wireless Networks" (see the first URL below) and Paul Thurrott's
    article "Securing Your Wireless Networks" (see the second URL below).
       http://www.secadministrator.com/articles/index.cfm?articleid=24873
       http://www.secadministrator.com/articles/index.cfm?articleid=24521
    
    ~~~~~~~~~~~~~~~~~~~~
    
    ~~~~ SPONSOR: EXCHANGE & OUTLOOK ADMINISTRATOR WEB SITE ~~~~
      GOT A MESSAGING PROBLEM YOU CAN'T SEEM TO FIX?
       Visit our Exchange & Outlook Administrator Web site for news,
    articles, discussion forums, FAQs, and technical solutions in one,
    easy-to-navigate Web site. While you're there, check out the helpful
    article "Common .pst File Questions" at
       http://www.exchangeadmin.com/articles/index.cfm?articleid=24017
       http://list.winnetmag.com/cgi-bin3/flo?y=eNMf0CJgSH0CBw023p0A7
    
    ~~~~~~~~~~~~~~~~~~~~
    
    2. ==== SECURITY RISKS ====
       (contributed by Ken Pfeil, kenat_private)
    
    * DIGITAL CERTIFICATE DELETION VULNERABILITY IN WINDOWS
       A vulnerability exists in all versions of Windows that could let a
    potential attacker delete digital certificates located on a vulnerable
    system. This vulnerability results from a flaw in the Certificate
    Enrollment Control ActiveX control that Windows uses to submit and
    store Public-Key Cryptography Standards (PKCS) #10-compliant
    certificate requests in the user's local certificate store. An
    attacker who successfully exploits the vulnerability could corrupt
    trusted root certificates, Encrypting File System (EFS) encryption
    certificates, email-signing certificates, and any other certificates
    on the vulnerable system. Microsoft has released Security Bulletin
    MS02-048 (Flaw in Certificate Enrollment Control Could Allow Deletion
    of Digital Certificates) to address this vulnerability and recommends
    that affected users immediately download and apply the patch that the
    bulletin mentions.
       http://www.secadministrator.com/articles/index.cfm?articleid=26481
    
    3. ==== ANNOUNCEMENTS ====
       (brought to you by Windows & .NET Magazine and its partners)
    
    * MARK MINASI AND PAUL THURROTT ARE BRINGING THEIR SECURITY EXPERTISE
    TO YOU!
       Windows & .NET Magazine Network Road Show 2002 is coming this
    October to New York, Chicago, Denver, and San Francisco!  Industry
    experts Mark Minasi and Paul Thurrott will show you how to shore up
    your system's security and what desktop security features are planned
    for Microsoft .NET and beyond. Sponsored by NetIQ, Microsoft, and
    Trend Micro. Registration is free, but space is limited so sign up
    now!
       http://list.winnetmag.com/cgi-bin3/flo?y=eNMf0CJgSH0CBw03lK0AT
    
    * THE SECURITY SOLUTIONS YOU'VE BEEN SEARCHING FOR!
       Our popular Interactive Product Guides (IPGs) are online catalogs
    of the hottest vendor solutions around. Our latest IPG highlights the
    security solutions and services that will help you protect your data
    and your network before disaster strikes. Check it out at:
       http://list.winnetmag.com/cgi-bin3/flo?y=eNMf0CJgSH0CBw04VJ0A6
    
    4. ==== SECURITY ROUNDUP ====
    
    * NEWS: MICROSOFT SETTLES WITH THE FTC OVER .NET PASSPORT
       Within the scope of Microsoft's wider antitrust problems, the
    company's recent settlement with the Federal Trade Commission (FTC)
    regarding privacy concerns with the Microsoft .NET Passport service
    might not rate as dramatic news. But by admitting that it hasn't done
    enough to respect and protect users' privacy, Microsoft ultimately
    will better serve its customers and engender trust in a service that
    so far hasn't been a success.
       http://www.secadministrator.com/articles/index.cfm?articleid=26425
    
    * FEATURE: INTRODUCING UDDI 3.0: SUPPORT FOR DIGITAL SIGNATURES
       In the August 8 issue of .NET UPDATE, Christa Anderson started
    looking at the new features in Universal Description, Discovery, and
    Integration (UDDI) 3.0. In this column, Christa discusses UDDI's new
    support for digital signatures. Digital signature use has a twofold
    purpose. First, by signing data in a UDDI registry, publishers of the
    data can be sure that they can't be impersonated. Second, users of
    digitally signed data in a registry can be sure that the identified
    publisher of the data is genuine and that the data hasn't changed
    since it was published. Support for digital signatures lets anyone who
    queries a UDDI registry view only entities that have been digitally
    signed.
       http://www.secadministrator.com/articles/index.cfm?articleid=26427
    
    5. ==== HOT RELEASES (ADVERTISEMENTS) ====
    
    * FREE SECURITY ASSESSMENT TOOL
       Aelita InTrust(TM) closes the gap between policy and IT
    infrastructure, simplifying your regulatory compliance efforts. HIPAA?
    Gramm-Leach-Bliley? BS7799/ISO17799? Let Aelita provide your
    compliance solution. Start with our FREE security assessment tool:
    Aelita InTrust Audit Advisor!
       http://list.winnetmag.com/cgi-bin3/flo?y=eNMf0CJgSH0CBw04Wd0AY
    
    * PREVENT THE 7 DEADLY CLASSES OF NETWORK ATTACK
       Taking down a webserver for patching is never convenient. A new
    offering by eEye Digital Security enables you to prevent attacks by
    known and unknown IIS vulnerabilities -- even when you don't have time
    to patch.
       Free whitepaper & free trial downloads at:
       http://list.winnetmag.com/cgi-bin3/flo?y=eNMf0CJgSH0CBw04We0AZ
    
    6. ==== INSTANT POLL ====
    
    * RESULTS OF PREVIOUS POLL: BIOMETRIC SCANNERS
          The voting has closed in Windows & .NET Magazine's Security
    Administrator Channel nonscientific Instant Poll for the question,
    "Which of the following types of biometric scanners are currently in
    use on your network?" Here are the results (+/- 2 percent) from the
    279 votes:
       -  10% Fingerprint
       -   3% Retina
       -   1% Facial
       -   3% Two or more of the above
       -  84% None of the above
    
    * NEW INSTANT POLL: WARCHALKING
       The next Instant Poll question is, "Has your wireless network been
    warchalked?" Go to the Security Administrator Channel home page and
    submit your vote for a) Yes, b) No, or c) I'm not sure.
       http://www.secadministrator.com
    
    7. ==== SECURITY TOOLKIT ====
    
    * VIRUS CENTER
       Panda Software and the Windows & .NET Magazine Network have teamed
    to bring you the Center for Virus Control. Visit the site often to
    remain informed about the latest threats to your system security.
       http://www.secadministrator.com/panda
    
    * FAQ: HOW CAN I EASILY VIEW WHICH COOKIES ARE STORED ON MY MACHINE?
       ( contributed by John Savill, http://www.windows2000faq.com )
    
    A. NirSoft has released IECookiesView, a free utility you can download
    from Simtel.net that lets you easily view cookies on your machine,
    check the values within the cookies, and delete those values. To view
    the contents of a cookie, you simply select the cookie in the GUI, and
    to delete a cookie, you press Delete and click Yes to confirm.
       http://www.simtel.net/pub/pd/59299.html
    
    * EVENT HIGHLIGHT: SECURITY STRATEGY WORKSHOP
       September 16 through 20, 2002
       Redmond, Washington
    
       September 30 through October 4, 2002
       Boston, Massachusetts
    
    NetIQ offers hands-on 1-day workshops in which you can learn to
    identify threats, assess security problems, outline a security
    strategy, and then strengthen a network in a controlled lab setting.
    You can attend the Digital Crime Prevention Labs workshops for $499
    per person. For more information, go to
       http://www.netiq.com/events/seminars/digitalcrimeprevention/default.asp
    
    8. ==== NEW AND IMPROVED ====
       (contributed by Judy Drennen, productsat_private)
    
    * END-TO-END SECURITY SOLUTION FOR WLANS
       Funk Software announced Odyssey, an end-to-end 802.1x security
    solution that lets users securely access wireless LANs (WLANs) and can
    be widely deployed and managed across an enterprise network. Odyssey
    includes client and server software and a protocol that a single user
    can deploy from any machine that's compatible with existing
    authentication databases and infrastructure. The solution runs on
    Windows XP, Windows 2000, Windows Me, and Windows 98 and supports all
    wireless adapter cards. Odyssey costs $2500, which includes the
    Odyssey Server and 25 Odyssey Client licenses. Standalone licenses are
    available for $50 each; quantity discounts are available. Contact Funk
    Software at 1-617-497-6339 or 1-800-828-4146.
       http://www.funk.com
    
    * FREEWARE ANTIPIRACY SOFTWARE PROGRAM
       The Trialware Professional Association (TPA) has released Crack
    Killer, a freeware Windows program that lets software authors track
    and report Web sites hosting cracks, serials, and pirated versions of
    their software. Crack Killer uses a solid database engine that tracks
    active and inactive pirated-software sites. Software vendors can use
    this software to track sites that contain links to pirated versions of
    their software. Crack Killer runs on Windows XP, Windows 2000, Windows
    NT, Windows Me, and Windows 9x. Contact TPA at infoat_private or
    go to the Web site.
       http://www.trialware.org/crackkiller.html
    
    * SUBMIT TOP PRODUCT IDEAS
       Have you used a product that changed your IT experience by saving
    you time or easing your daily burden? Do you know of a terrific
    product that others should know about? Tell us! We want to write about
    the product in a future What's Hot column. Send your product
    suggestions to whatshotat_private
    
    9. ==== HOT THREADS ====
    
    * WINDOWS & .NET MAGAZINE ONLINE FORUMS
       http://www.winnetmag.com/forums
    
    Featured Thread: Interpreting an Attack
       (One message in this thread)
    
    A reader writes that he works at a client company that refuses to put
    its Windows network behind a firewall. As a result, the company is the
    target of many attacks. Below is an audit record from the Security log
    of a Windows 2000 Server, which is a member server of a Windows NT 4.0
    domain. PLS-HQ is the NT domain name and Monitor is the name of the
    server. The reader said it looks to him as if the attacker has taken
    the server name and added a dollar sign (Monitor$) and is using that
    to gain access. He wants to know the nature of the exploit and how to
    foil it.
       Event Type: Success Audit
       Event Source: Security
       Event Category: Account Management
       Event ID: 627
       Date: 8/29/2002
       Time: 9:02:40 AM
       User: NT AUTHORITY\SYSTEM
       Computer: MONITOR
       Description:
       Change Password Attempt:
       Target Account Name: TsInternetUser
       Target Domain: MONITOR
       Target Account ID: MONITOR\TsInternetUser
       Caller User Name: MONITOR$
       Caller Domain: PLS-HQ
       Caller Logon ID: (0x0,0x3E7)
    
    Read the responses or lend a hand:
       http://www.winnetmag.com/forums/rd.cfm?cid=42&tid=45273
    
    * HOWTO MAILING LIST
       http://www.secadministrator.com/listserv/page_listserv.asp?s=howto
    
    Featured Thread: VIGILANTe's SecureScan NX Experience?
       (One message in this thread)
    
    A reader wants to know whether anyone has hands-on experience with
    VIGILANTe's SecureScan NX vulnerability-assessment tool. Read the
    responses or lend a hand at the following URL:
       http://63.88.172.96/listserv/page_listserv.asp?a2=ind0208e&l=howto&p=195
    
    10. ==== CONTACT US ====
       Here's how to reach us with your comments and questions:
    
    * ABOUT IN FOCUS -- markat_private
    
    * ABOUT THE NEWSLETTER IN GENERAL -- vpattersonat_private (please
    mention the newsletter name in the subject line)
    
    * TECHNICAL QUESTIONS -- http://www.winnetmag.com/forums
    
    * PRODUCT NEWS -- productsat_private
    
    * QUESTIONS ABOUT YOUR SECURITY UPDATE SUBSCRIPTION? Customer
    Support -- securityupdateat_private
    
    * WANT TO SPONSOR SECURITY UPDATE? emedia_oppsat_private
    
    ********************
    
       This email newsletter is brought to you by Security Administrator,
    the print newsletter with independent, impartial advice for IT
    administrators securing a Windows 2000/Windows NT enterprise.
    Subscribe today!
       http://www.secadministrator.com/sub.cfm?code=saei25xxup
    
       Receive the latest information about the Windows and .NET topics of
    your choice. Subscribe to our other FREE email newsletters.
       http://www.winnetmag.com/email
    
    |-+-|-+-|-+-|-+-|-+-|
    
    Thank you for reading Security UPDATE.
    
    MANAGE YOUR ACCOUNT
       You can manage your entire Windows & .NET Magazine Network email
    newsletter account on our Web site. Simply log on and you can change
    your email address, update your profile information, and subscribe or
    unsubscribe to any of our email newsletters all in one place.
       http://www.winnetmag.com/email
    
    Thank you!
    
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Thu Sep 05 2002 - 01:03:53 PDT