[ISN] Security UPDATE, October 23, 2002

From: InfoSec News (isnat_private)
Date: Wed Oct 23 2002 - 23:36:29 PDT

  • Next message: InfoSec News: "[ISN] Net attack flops, but threat persists"

    ********************
    Windows & .NET Magazine Security UPDATE--brought to you by Security
    Administrator, a print newsletter bringing you practical, how-to
    articles about securing your Windows .NET Server, Windows 2000, and
    Windows NT systems.
       http://www.secadministrator.com
    ********************
    
    ~~~~ THIS ISSUE SPONSORED BY ~~~~
    
    FREE Security Assessment Tool
       http://list.winnetmag.com/cgi-bin3/flo?y=eN6p0CJgSH0CBw05iM0AH
    
    VeriSign - The Value of Trust
       http://list.winnetmag.com/cgi-bin3/flo?y=eN6p0CJgSH0CBw05iN0AI
       (below IN FOCUS)
    
    ~~~~~~~~~~~~~~~~~~~~
    
    ~~~~ SPONSOR: FREE SECURITY ASSESSMENT TOOL ~~~~
       Aelita InTrust(tm) 7.0 bridges the gap between industry regulations
    & policies and your IT infrastructure.  InTrust consolidates,
    archives, and analyzes heterogeneous IT audit data and offers reports
    to assist in documenting compliance. And InTrust's data repositories
    enable efficient, permanent storage of all event data. Get started
    with the FREE security assessment tool: Aelita InTrust Audit Advisor!
       http://list.winnetmag.com/cgi-bin3/flo?y=eN6p0CJgSH0CBw05iM0AH
    
    ~~~~~~~~~~~~~~~~~~~~
    
    October 23, 2002--In this issue:
    
    1. IN FOCUS
         - Increasing Wireless Security with TKIP
    
    2. SECURITY RISKS
         - Information Disclosure Vulnerability in Word and Excel
         - Unchecked Buffer in Outlook Express S/MIME Parser
    
    3. ANNOUNCEMENTS
         - Subscribe to Windows & .NET Magazine and Receive an eBook Gift!
         - Real-World Tips and Solutions Here for You
    
    4. SECURITY ROUNDUP
         - News: Microsoft Licenses RSA Security Technology
         - News: Foundstone Files Suit Against NT OBJECTives
         - Feature: Limited-Function Server Roles
    
    5. SECURITY TOOLKIT
         - Virus Center
         - FAQ: How Can I Stop Windows 2000 from Using an Encrypted Format
           When I Copy Encrypted Files to a Server?
    
    6. NEW AND IMPROVED
         - Security Software Package Released
         - Fight Back Against Unauthorized PC Monitoring
         - Submit Top Product Ideas
     
    7. HOT THREADS
         - Windows & .NET Magazine Online Forums
             - Featured Thread: Administrator Accounts
    
    8. CONTACT US
       See this section for a list of ways to contact us.
    
    ~~~~~~~~~~~~~~~~~~~~
    
    1. ==== IN FOCUS ====
       (contributed by Mark Joseph Edwards, News Editor,
    markat_private)
    
    * INCREASING WIRELESS SECURITY WITH TKIP
    
    The current wireless networking standards use security technology
    that's far less secure than it could be. For example, most wireless
    network administrators are familiar with the Wired Equivalent Privacy
    (WEP) protocol, which uses RC4 encryption to help protect data as it
    travels over the airwaves.
    
    However, researchers have proven that intruders can easily crack WEP.
    Last year, a team of researchers published "Weakness in the Key
    Scheduling Algorithm of RC4," a paper that describes a series of
    vulnerabilities that make WEP vulnerable. In roughly the same time
    frame that the paper was published, someone posted Perl scripts on the
    Internet that helped demonstrate how vulnerabilities in WEP could be
    verified. You can read about the paper and the scripts in an editorial
    I wrote in August 2001 (see the URL below).
       http://www.secadministrator.com/articles/index.cfm?articleid=22147
    
    Because of the weaknesses in WEP security, several entities are
    developing stronger security technology, such as the 802.11a and
    802.11b specifications, for use with wireless network technologies. If
    you aren't familiar with the various 802.11x network specifications,
    you can learn more about them by reading Mark Weitz's article at the
    URL below.
       http://www.winnetmag.com/articles/index.cfm?articleid=23322
    
    One up-and-coming 802.11x specification, 802.11i, is still involved in
    development and approval processes. The specification might be
    officially released by early 2003. After it's available, 802.11i will
    provide replacement technology for WEP security. Initially, 802.11i
    will provide Temporal Key Integrity Protocol (TKIP) security that you
    can add to existing hardware with a firmware upgrade. Upgraded units
    should be backward-compatible with hardware that still uses WEP.
    Sometime later, new chip-based security that uses the stronger
    Advanced Encryption Standard (AES) protocol will replace TKIP, and the
    new chips will probably be backward-compatible with TKIP. In effect,
    TKIP is a temporary protocol for use until manufacturers implement AES
    at the hardware level.
    
    TKIP is a quick-fix method to quickly overcome the inherent weaknesses
    in WEP security, especially the reuse of encryption keys. According to
    "802.11 Planet," "The TKIP [security] process begins with a 128-bit
    'temporal key,' [which is] shared among clients and access points.
    TKIP combines the temporal key with the [client machine's] MAC address
    and then adds a relatively large 16-octet initialization vector to
    produce the key that will encrypt the data. This procedure ensures
    that each station uses different key streams to encrypt the data. TKIP
    uses RC4 to perform the encryption, which is the same as WEP. A major
    difference from WEP, however, is that TKIP changes temporal keys every
    10,000 packets. This provides a dynamic distribution method that
    significantly enhances the security of the network."
       http://www.80211-planet.com/tutorials/article.php/1377171
    
    In relation to TKIP, some companies have implemented TKIP-like
    solutions called Simple Secure Networks (SSNs), which also use an
    encryption key that changes periodically. One company, Symbol
    Technologies, currently has SSN-based products on the market. In
    addition, vendors such as Atheros Communications and Resonext
    Communications are producing chips that support WEP, TKIP, and AES
    security technologies, and wireless network gear vendors, such as
    Nokia, are already shipping hardware that's ready for TKIP security,
    waiting for the standard to be finalized.
       http://www.symbol.com
       http://www.atheros.com
       http://www.resonext.com
       http://www.nokia.com
    
    For a more in-depth look at wireless encryption technology, especially
    WEP and TKIP, be sure to read the two articles from Intel listed
    below. The first article discusses encryption key management in both
    WEP and TKIP protocols, and the second article discusses TKIP in
    considerable detail.
       http://cedar.intel.com/media/pdf/wireless/80211_1.pdf
       http://cedar.intel.com/media/pdf/security/80211_part2.pdf
    
    ~~~~~~~~~~~~~~~~~~~~
    
    ~~~~ SPONSOR: VERISIGN - THE VALUE OF TRUST ~~~~
       Get the strongest server security -- 128-bit SSL encryption!
    Download VeriSign's FREE guide, "Securing Your Web Site for Business"
    and learn everything you need to know about using SSL to encrypt your
    e-commerce transactions for serious online security. Click here!
       http://list.winnetmag.com/cgi-bin3/flo?y=eN6p0CJgSH0CBw05iN0AI
    
    ~~~~~~~~~~~~~~~~~~~~
    
    2. ==== SECURITY RISKS ====
       (contributed by Ken Pfeil, kenat_private)
    
    * INFORMATION DISCLOSURE VULNERABILITY IN WORD AND EXCEL
       An information-disclosure vulnerability in Microsoft Word and
    Microsoft Excel lets an attacker create a document that, when opened,
    updates itself to include the contents of any file from the vulnerable
    computer. Microsoft has released Security Bulletin MS02-059 (Flaw in
    Word Fields and Excel External Updates Could Lead to Information
    Disclosure) to address this vulnerability and recommends that affected
    users apply the appropriate patch mentioned in the bulletin.
       http://www.secadministrator.com/articles/index.cfm?articleid=27018
    
    * UNCHECKED BUFFER IN OUTLOOK EXPRESS S/MIME PARSER
       Noam Rathaus of Beyond Security discovered a buffer-overrun
    vulnerability in Microsoft Outlook Express's Secure MIME (S/MIME)
    parser that can lead to the execution of arbitrary code on the
    vulnerable system. This vulnerability stems from a problem in the code
    that generates a warning message when a particular error condition
    associated with digital signatures occurs. By creating a digitally
    signed email message, editing it to introduce specific data, and
    sending it to another user, an attacker can cause the vulnerable mail
    client to fail or execute arbitrary code. Microsoft has released
    Security Bulletin MS02-058 (Unchecked Buffer in Outlook Express S/MIME
    Parsing Could Enable System Compromise) to address this vulnerability
    and recommends that affected users immediately apply the patch
    mentioned in the bulletin.
       http://www.secadministrator.com/articles/index.cfm?articleid=27017
    
    3. ==== ANNOUNCEMENTS ====
       (brought to you by Windows & .NET Magazine and its partners)
    
    * SUBSCRIBE TO WINDOWS & .NET MAGAZINE AND RECEIVE AN EBOOK GIFT!
       Windows & .NET Magazine is a problem-solving manual designed to
    help systems administrators better manage their Windows 2000 and
    Windows NT enterprise. Subscribe today and, with your paid
    subscription, you can choose from one of three eBooks about Active
    Directory, public key infrastructure, or automating tasks with
    VBScript. Subscribe now!
       http://list.winnetmag.com/cgi-bin3/flo?y=eN6p0CJgSH0CBw05dS0AI
    
    * REAL-WORLD TIPS AND SOLUTIONS HERE FOR YOU
       Last Chance to register for Windows & .NET Magazine LIVE!--sign up
    today and you'll also receive access to sessions of concurrently run
    XML and Web Services Connections. Access more than 70 sessions and
    save $1395. Discover why more than half of our attendees choose only
    our conferences to attend each year. This conference is chock-full of
    "been there, done that" knowledge from people who use Microsoft
    technologies in the real world. Register today!
       http://list.winnetmag.com/cgi-bin3/flo?y=eN6p0CJgSH0CBw03lH0AD
    
    4. ==== SECURITY ROUNDUP ====
    
    * NEWS: MICROSOFT LICENSES RSA SECURITY TECHNOLOGY
       RSA Security announced that Microsoft has licensed RSA technology
    for use in Microsoft's products. The first initiative that stems from
    this agreement is the use of RSA Security's RSA SecurID two-factor
    authentication software.
       http://www.secadministrator.com/articles/index.cfm?articleid=26977
    
    * FOUNDSTONE FILES SUIT AGAINST NT OBJECTIVES
       Foundstone has filed a temporary restraining order and accompanying
    lawsuit against NT OBJECTives (NTO), claiming that NTO has violated
    Foundstone's trade secrets and harmed the company's business in the
    process. Foundstone is seeking to block the release of NTO's impending
    Fire and Water toolkit, which is slated for release in early November.
       http://www.secadministrator.com/articles/index.cfm?articleid=27041
    
    * FEATURE: LIMITED-FUNCTION SERVER ROLES
       Server roles debuted in Microsoft SQL Server 7.0. These helpful
    security tools assign a predefined set of permissions to one or more
    database logins. The sysadmin role is the most powerful fixed server
    role because its members can perform any function on the server. Learn
    to use the remaining limited-function fixed server roles, listed in
    this article, to grant limited permissions to specific types of users
    and revoke or reassign permissions as users' job duties change.
       http://www.secadministrator.com/articles/index.cfm?articleid=26247
    
    5. ==== SECURITY TOOLKIT ====
    
    * VIRUS CENTER
       Panda Software and the Windows & .NET Magazine Network have teamed
    to bring you the Center for Virus Control. Visit the site often to
    remain informed about the latest threats to your system security.
       http://www.secadministrator.com/panda
    
    * FAQ: * HOW CAN I STOP WINDOWS 2000 FROM USING AN ENCRYPTED FORMAT
    WHEN I COPY ENCRYPTED FILES TO A SERVER?
       ( contributed by John Savill, http://www.windows2000faq.com )
    
    A. By default, when you copy locally encrypted files to a server,
    Win2K retains the encryption format. However, you might not want
    server-based files to be encrypted. For example, a laptop user might
    want to encrypt files locally for security reasons but want the
    server-based files to be unencrypted so that other users can view the
    files. To stop Win2K from copying files to a server in an encrypted
    format, perform the following steps on the destination server:
       1. Start a registry editor (e.g., regedit.exe).
       2. Navigate to the
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\FileSystem
    registry subkey.
       3. Select the NtfsEncryptionService value, then select Edit, Delete
    from the menu bar.
       4. Close the registry editor.
       5. Reboot the server for the change to take effect.
    
    After you make this change, you'll no longer be able to encrypt files
    on the server and Win2K will decrypt any encrypted files that users
    copy to the server.
    
    6. ==== NEW AND IMPROVED ====
       (contributed by Judy Drennen, productsat_private)
    
    * SECURITY SOFTWARE PACKAGE RELEASED
       Butterfly Security announced CodeSeeker EX, a Web application
    security software package. CodeSeeker EX provides realtime blocking of
    malicious attacks that get past firewalls. The software also provides
    comprehensive reporting capabilities that reveal not only that an
    intruder has made an attack but also specific details about the attack
    and its origin. CodeSeeker EX runs on any combination of
    platforms--Windows XP, Windows 2000, Windows NT, Linux, and
    Solaris--from a single console. Policies and servers can be grouped
    and organized in the user interface any way you choose. Contact
    Butterfly at 408-333-9948 for pricing information.
       http://www.butterflysecurity.com
    
    * FIGHT BACK AGAINST UNAUTHORIZED PC MONITORING
       Raytown released Anti-keylogger, a software application that can
    provide computers with protection against most types of unauthorized
    activity monitoring. Unlike the typical antivirus pattern-matching
    product, Anti-keylogger works on new or unknown types of
    activity-monitoring programs to detect and eliminate threats to the
    integrity and security of your computer network. Anti-keylogger runs
    on Windows XP, Windows 2000, Windows NT, Windows Me, and Windows 9x
    and costs $59.95 for a single license. Contact Raytown at
    press@anti-keyloggers.com or go to the Web site.
       http://www.anti-keyloggers.com
    
    * SUBMIT TOP PRODUCT IDEAS
       Have you used a product that changed your IT experience by saving
    you time or easing your daily burden? Do you know of a terrific
    product that others should know about? Tell us! We want to write about
    the product in a future What's Hot column. Send your product
    suggestions to whatshotat_private
    
    7. ==== HOT THREADS ====
    
    * WINDOWS & .NET MAGAZINE ONLINE FORUMS
       http://www.winnetmag.com/forums
    
    Featured Thread: Administrator Accounts
       (Two messages in this thread)
    
    A user writes that several users in his IT department require Windows
    NT administrator access. He's considering the following options. He
    could have everyone use the same administrator account; he could
    provide each user with regular user account and a separate
    administrative account; or he could give each user limited
    administrator rights on his or her regular user accounts. Is there a
    best practice for handling this particular need? Read the responses or
    lend a hand:
       http://www.winnetmag.com/forums/rd.cfm?cid=42&tid=48142
     
    8. ==== CONTACT US ====
       Here's how to reach us with your comments and questions:
    
    * ABOUT IN FOCUS -- markat_private
    
    * ABOUT THE NEWSLETTER IN GENERAL -- lettersat_private (please
    mention the newsletter name in the subject line)
    
    * TECHNICAL QUESTIONS -- http://www.winnetmag.com/forums
    
    * PRODUCT NEWS -- productsat_private
    
    * QUESTIONS ABOUT YOUR SECURITY UPDATE SUBSCRIPTION? Customer
    Support -- securityupdateat_private
    
    * WANT TO SPONSOR SECURITY UPDATE? emedia_oppsat_private
    
    ********************
    
       This email newsletter is brought to you by Security Administrator,
    the print newsletter with independent, impartial advice for IT
    administrators securing a Windows 2000/Windows NT enterprise.
    Subscribe today!
       http://www.secadministrator.com/sub.cfm?code=saei25xxup
    
       Receive the latest information about the Windows and .NET topics of
    your choice. Subscribe to our other FREE email newsletters.
       http://www.winnetmag.com/email
    
    |-+-|-+-|-+-|-+-|-+-|
    
    Thank you for reading Security UPDATE.
    
    MANAGE YOUR ACCOUNT
       You can manage your entire Windows & .NET Magazine Network email
    newsletter account on our Web site. Simply log on and you can change
    your email address, update your profile information, and subscribe or
    unsubscribe to any of our email newsletters all in one place.
       http://www.winnetmag.com/email
    
    Thank you!
    __________________________________________________________
    Copyright 2002, Penton Media, Inc.
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Thu Oct 24 2002 - 02:38:19 PDT