******************** Windows & .NET Magazine Security UPDATE--brought to you by Security Administrator, a print newsletter bringing you practical, how-to articles about securing your Windows .NET Server, Windows 2000, and Windows NT systems. http://www.secadministrator.com ******************** ~~~~ THIS ISSUE SPONSORED BY ~~~~ VeriSign - The Value of Trust http://list.winnetmag.com/cgi-bin3/flo?y=eOEi0CJgSH0CBw05qj0A2 Real Time Monitoring Is a Security Requirement http://list.winnetmag.com/cgi-bin3/flo?y=eOEi0CJgSH0CBw02Jr0AT (below IN FOCUS) ~~~~~~~~~~~~~~~~~~~~ ~~~~ SPONSOR: VERISIGN - THE VALUE OF TRUST ~~~~ Secure all your Web servers now - with a proven 5-part strategy. The FREE Server Security Guide shows you how: * DEPLOY THE LATEST ENCRYPTION and authentication techniques * DELIVER TRANSPARENT PROTECTION with the strongest security without disrupting users. And more. Get your FREE Guide now: http://list.winnetmag.com/cgi-bin3/flo?y=eOEi0CJgSH0CBw05qj0A2 ~~~~~~~~~~~~~~~~~~~~ October 30, 2002--In this issue: 1. IN FOCUS - Sneak Attack Through a License Agreement 2. SECURITY RISKS - Remote File Deletion Vulnerability in Windows XP - Privilege Escalation Vulnerability in Microsoft SQL Server, MSDE 2000, and MSDE 1.0 3. ANNOUNCEMENTS - Safeguard Your Data and Protect Your Privacy - Attend Our Free Tips & Tricks Web Summit 4. SECURITY ROUNDUP - News: Protect Your Contact List: Read the EULA! - News: PGP Back in Action: 8.0 Beta Released to Public - News: DNS Root Servers Attacked - Feature: SonicWALL Global Management System 2.2 5. HOT RELEASES (ADVERTISEMENTS) - FREE Security Assessment Tool From Aelita! - SPI Dynamics 6. INSTANT POLL - Results of Previous Poll: Microsoft .NET Passport - New Instant Poll: Reading the EULA 7. SECURITY TOOLKIT - Virus Center - FAQ: How Can I Prevent Regedit from Remembering the Last Registry Key Location I Accessed Under Windows XP? 8. NEW AND IMPROVED - Internet Security Protection and Remediation Solution - Web Optimization Tools and Enhanced Virus Protection Upgrade - Submit Top Product Ideas 9. HOT THREADS - Windows & .NET Magazine Online Forums - Featured Thread: Why Doesn't Netscape Communicator 4.7 Work with ISA Server 2000? - HowTo Mailing List - Featured Thread: Password Protection on Backups 10. CONTACT US See this section for a list of ways to contact us. ~~~~~~~~~~~~~~~~~~~~ 1. ==== IN FOCUS ==== (contributed by Mark Joseph Edwards, News Editor, markat_private) * SNEAK ATTACK THROUGH A LICENSE AGREEMENT Have you ever received a Web-based greeting card from a friend or relative? They're common these days, and they seem to be taken for granted, in that people trust the intent of someone who might send them a greeting card. People like to be greeted with kindness, so they're inclined to look at and read the greeting card. It's one of the feel-good things that many people simply can't resist. Have you ever wondered why a company would spend its Internet resources delivering free greeting cards on behalf of people with whom it conducts no business otherwise? How does such an entity profit from those endeavors? What might its motives be? Last week, a user posted an interesting message to our HowTo for Security mailing list regarding one company that delivers Web-based greeting cards. That company, Permissioned Media, runs a Web site called FriendGreetings.com, which lets one person send another person an electronic greeting card. The friendly facilitation seems simple and harmless, but it has a rather insidious side. When you receive a greeting from FriendGreetings.com, the message says that someone sent you the greeting and that to read it, you must click a URL that takes you to the Web site hosting the greeting. When you click the URL, you're prompted to install an ActiveX control before you view the greeting. As the greeting-card recipient, you would probably assume that you must install the ActiveX control to view the greeting; however, that's not the case. Instead, FriendGreetings.com has designed the ActiveX control, complete with an End User License Agreement (EULA), to interact with your mail client software and harvest information about your email contacts. After the ActiveX control obtains your private contact list information, it sends a similar greeting card to everyone in your contact list, probably unbeknownst to you! If you took time to read the EULA from FriendGreetings.com, you'd discover that the EULA clearly states Permissioned Media's intention to do just that. A section of the EULA reads, "As part of the installation process, Permissioned Media will access your Microsoft Outlook contacts list and send an e-mail to persons on your contacts list inviting them to download FriendGreetings or related products." By accepting the EULA and installing the ActiveX control, you give the company permission to perform that activity. In essence, the greeting cards that FriendGreetings.com delivers resemble many worms that travel the Internet: They're parasitic, intrusive, devious, elusive, and most of all, probably unwanted. Even some antivirus vendors issued warnings about the greeting card last week. However, we can't completely blame FriendGreetings.com for its use because, although the company counts on most users' acceptance of the unread EULA, the EULA does spell out some of its intention. By agreeing to the EULA, users agree to the ActiveX control activity. Nevertheless, the lesson here should be obvious: When you encounter a EULA, don't take anything for granted. Read it word for word to understand exactly what you're accepting and think through what the consequences of acceptance might be. Permissioned Media bills itself as a "behavioral marketing network" with more than 100 clients that advertise online. The company also operates Cool-Downloads.com. You can read Permissioned Media's EULA at the URL below. Take note that it grants the company "the right to add additional features or functions to the version of PerMedia you install, or to add new applications to PerMedia, at any time." Yikes! http://permissionedmedia.com/license.htm If you've received a greeting card from FriendGreetings.com and installed the associated ActiveX control, you might want to remove its software from your system. To find out how, be sure to read the related news article, "Protect Your Contact List: Read the EULA!" in this newsletter. http://www.secadministrator.com/articles/index.cfm?articleid=27122 And if you're a security administrator for your network, consider blocking FriendGreetings.com to help ensure that none of your network users inadvertently compromise private contact information by accepting a greeting card from that Web site. ~~~~~~~~~~~~~~~~~~~~ ~~~~ SPONSOR: REAL TIME MONITORING IS A SECURITY REQUIREMENT ~~~~ A proactive IT Manager installed ELM Enterprise Manager 3.0 on his critical servers to assess the benefits of real time monitoring. A week later, EEM 3.0 paged him as a disgruntled employee was attempting to access confidential personal files. Within minutes, the hacker was escorted off company property. Use ELM Enterprise Manager 3.0 to monitor the health and status of your systems, protect your intellectual property, and prevent avoidable downtime. Download your FREE 30-day evaluation copy at: http://list.winnetmag.com/cgi-bin3/flo?y=eOEi0CJgSH0CBw02Jr0AT ~~~~~~~~~~~~~~~~~~~~ 2. ==== SECURITY RISKS ==== (contributed by Ken Pfeil, kenat_private) * REMOTE FILE DELETION VULNERABILITY IN WINDOWS XP Distributed Systems Technology Centre (DSTC) discovered a vulnerability in Windows XP that lets an attacker remotely delete any file or folder on the vulnerable system. Microsoft has released Security Bulletin MS02-060 (Flaw in Windows XP Help and Support Center Could Enable File Deletion) to address this vulnerability and recommends that affected users apply XP Service Pack 1 (SP1) mentioned in the bulletin. A patch is also available for users who are unable to apply the service pack. http://www.secadministrator.com/articles/index.cfm?articleid=27032 * PRIVILEGE ESCALATION VULNERABILITY IN MICROSOFT SQL SERVER, MSDE 2000, AND MSDE 1.0 David Litchfield of Next Generation Security Software (NGSSoftware) discovered a vulnerability in Microsoft SQL Server, Microsoft Desktop Engine (MDSE) 2000, and Microsoft Data Engine (MSDE) 1.0 that lets a low-privileged user run, delete, insert, and update Web tasks. Microsoft has released Security Bulletin MS02-061 (Elevation of Privilege in SQL Server Web Tasks) to address this vulnerability and recommends that affected users apply the appropriate patch mentioned in the bulletin. http://www.secadministrator.com/articles/index.cfm?articleid=27033 3. ==== ANNOUNCEMENTS ==== (brought to you by Windows & .NET Magazine and its partners) * SAFEGUARD YOUR DATA AND PROTECT YOUR PRIVACY Get armed with the same security protection used by Department of Defense, US Army and Federal Aviation Administration. For $69.95, safeguard your data with the most accurate and comprehensive vulnerability assessment tool available. STAT Scanner Home Edition enables users to identify and eliminate security deficiencies that can allow hacker intrusion. http://www.softwareshelf.com/products/display_homeuser.asp?p=91 * ATTEND OUR FREE TIPS & TRICKS WEB SUMMIT Join us on December 19th for our Tips & Tricks Web Summit featuring three eye-opening events: Disaster Recovery Tips & Tricks, Intrusion Detection: Win2K Security Log Secrets, and Merging Exchange Systems: Tips for Managing 5 Key Challenges. There is no charge for this event, but space is limited so register today! http://list.winnetmag.com/cgi-bin3/flo?y=eOEi0CJgSH0CBw05nz0AG 4. ==== SECURITY ROUNDUP ==== * NEWS: PROTECT YOUR CONTACT LIST: READ THE EULA! Users on our HowTo for Security mailing list recently disclosed a rather insidious End User License Agreement (EULA). The EULA pertains to a Web-based greeting card--the kind that people exchange for various reasons. If you receive a greeting card from FriendGreetings.com (operated by Permissioned Media) and read and accept the associated EULA, you're giving FriendGreetings.com permission to copy your entire contact list for its own use. http://www.secadministrator.com/articles/index.cfm?articleid=27122 * NEWS: PGP BACK IN ACTION: 8.0 BETA RELEASED TO PUBLIC PGP announced the release of PGP 8.0 Beta (for Windows and Mac OS X), which is available for download at the company's Web site. The new beta is open to anyone, and the beta products expire on December 6, 2002. PGP 8.0 for Windows will include PGP Mail, PGP Disk, and PGP Admin. http://www.secadministrator.com/articles/index.cfm?articleid=27103 * NEWS: DNS ROOT SERVERS ATTACKED According to a story by "The Washington Post," the DNS root servers that provide fundamental DNS support for global Internet operations suffered a Distributed Denial of Service (DDoS) attack. The report said that the DDoS attack struck all 13 of the root servers about 5:00 P.M. on October 21. http://www.secadministrator.com/articles/index.cfm?articleid=27052 * FEATURE: SONICWALL GLOBAL MANAGEMENT SYSTEM 2.2 Most firewall vendors offer software to remotely maintain, monitor, and manage distributed firewalls. SonicWALL's Global Management System (GMS) Standard Edition 2.2 differs from the competition because it lets you centrally manage any SonicWALL security appliance--from the company's enterprise-class firewall to its entry-level TELE3 firewall, which SonicWALL markets to telecommuters. Although proprietary to SonicWALL, GMS's functionality is useful. Other vendors should consider providing centralized management (or even cross-vendor interoperability) that includes low-end security appliances. http://www.secadministrator.com/articles/index.cfm?articleid=26691 5. ==== HOT RELEASES (ADVERTISEMENTS) ==== * FREE SECURITY ASSESSMENT TOOL FROM AELITA! HIPAA? Gramm-Leach-Bliley? New Aelita InTrust(tm) 7.0 consolidates, archives, and analyzes heterogeneous IT audit data and offers reports to assist in documenting compliance. Get started with the FREE security assessment tool: Aelita InTrust Audit Advisor! http://list.winnetmag.com/cgi-bin3/flo?y=eOEi0CJgSH0CBw05qk0A3 * SPI DYNAMICS ALERT! -Cross-Site Scripting Attacks on Web Applications Cross-site scripting vulnerabilities in web applications allow hackers to compromise confidential information, manipulate or steal cookies. Download this *FREE* white paper from SPI Dynamics for a guide to protection! http://list.winnetmag.com/cgi-bin3/flo?y=eOEi0CJgSH0CBw05ql0A4 6. ==== INSTANT POLL ==== * RESULTS OF PREVIOUS POLL: MICROSOFT .NET PASSPORT The voting has closed in Windows & .NET Magazine's Security Administrator Channel nonscientific Instant Poll for the question, "Do you currently use Microsoft .NET Passport?" Here are the results (+/- 2 percent) from the 472 votes: - 37% Yes - 63% No * NEW INSTANT POLL: READING THE EULA The next Instant Poll question is, "Do you read the End User License Agreement (EULA) before you install new software?" Go to the Security Administrator Channel home page and submit your vote for a) Always, b) Sometimes, c) Rarely, d) Never. http://www.secadministrator.com 7. ==== SECURITY TOOLKIT ==== * VIRUS CENTER Panda Software and the Windows & .NET Magazine Network have teamed to bring you the Center for Virus Control. Visit the site often to remain informed about the latest threats to your system security. http://www.secadministrator.com/panda * FAQ: HOW CAN I PREVENT REGEDIT FROM REMEMBERING THE LAST REGISTRY KEY LOCATION I ACCESSED UNDER WINDOWS XP? ( contributed by John Savill, http://www.windows2000faq.com ) A. In a previous FAQ, I explained how to write a script to automatically reset the last key location every time you log on to the OS. Another option for clearing the last registry key accessed is to use registry permissions to disable Write access to the key. To do so, perform the following steps: 1. Start the registry editor. 2. Navigate to the HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit registry subkey. 3. Select LastKey. 4. If you're working in XP, open the Edit menu and select Permissions; if you're working in Windows 2000, open the Security menu and select Permissions. 5. Remove Full Control access and grant Read-only access. 6. Click OK. You'll need to repeat this process for all users who don't want regedit to remember the last key location they accessed. 8. ==== NEW AND IMPROVED ==== (contributed by Judy Drennen, productsat_private) * INTERNET SECURITY PROTECTION AND REMEDIATION SOLUTION St. Bernard Software announced an agreement with Internet Security Systems (ISS) to deliver St. Bernard Software's remediation technology with a future ISS intrusion-protection offering scheduled for release later this year. This agreement between ISS and St. Bernard Software represents a coupling of complementary technologies that effectively addresses both sides of the network security equation and completes the security life cycle process. For more information, contact St. Bernard Software at 800-782-3762 or go to the Web site. http://www.stbernard.com * WEB OPTIMIZATION TOOLS AND ENHANCED VIRUS PROTECTION UPGRADE Symantec announced Norton SystemWorks 2003, a problem-solving suite that offers a comprehensive integrated solution to help keep PCs running at optimal performance levels. The suite now features new Web optimization tools and improved antivirus protection to help users get the most out of their online activities by integrating tools that maximize hard disk space and maintain dial-up connections while online. Norton SystemWorks 2003 also includes enhanced antivirus protection through Norton AntiVirus 2003, which offers new Instant Messaging (IM) scanning, worm blocking, and automatic removal of Trojan horses and worms. Norton SystemWorks costs $69.95 ($99.95 for the Professional edition). Contact Symantec at http://www.symantecstore.com for more information and to purchase. http://www.symantec.com * SUBMIT TOP PRODUCT IDEAS Have you used a product that changed your IT experience by saving you time or easing your daily burden? Do you know of a terrific product that others should know about? Tell us! We want to write about the product in a future What's Hot column. Send your product suggestions to whatshotat_private 9. ==== HOT THREADS ==== * WINDOWS & .NET MAGAZINE ONLINE FORUMS http://www.winnetmag.com/forums Featured Thread: Why Doesn't Netscape Communicator 4.7 Work with ISA Server 2000? (Three messages in this thread) A user writes that he has installed Internet Security and Acceleration (ISA) Server 2000 in his office. All the Microsoft Internet Explorer (IE) clients work with ISA Server 2000 just fine, but when he tries to use ISA Server 2000 as a proxy for Netscape Communicator 4.7, it doesn't work at all, nor does it work with Yahoo! Messenger (MSN Messenger software works fine). He wants to know why. Lend a hand or read the responses: http://www.winnetmag.com/forums/rd.cfm?cid=42&tid=48390 * HOWTO MAILING LIST http://188.8.131.52/listserv/page_listserv.asp?a0=howto Featured Thread: Password Protection on Backups (One message in this thread) A user wants to use NT Backup to back up his Exchange Server. He wants to know whether he can protect the backup with a password. Read the responses or lend a hand at the following URL: http://184.108.40.206/listserv/page_listserv.asp?a2=ind0210d&l=howto&p=745 10. ==== CONTACT US ==== Here's how to reach us with your comments and questions: * ABOUT IN FOCUS -- markat_private * ABOUT THE NEWSLETTER IN GENERAL -- lettersat_private (please mention the newsletter name in the subject line) * TECHNICAL QUESTIONS -- http://www.winnetmag.com/forums * PRODUCT NEWS -- productsat_private * QUESTIONS ABOUT YOUR SECURITY UPDATE SUBSCRIPTION? Customer Support -- securityupdateat_private * WANT TO SPONSOR SECURITY UPDATE? emedia_oppsat_private ******************** This email newsletter is brought to you by Security Administrator, the print newsletter with independent, impartial advice for IT administrators securing a Windows 2000/Windows NT enterprise. Subscribe today! http://www.secadministrator.com/sub.cfm?code=saei25xxup Receive the latest information about the Windows and .NET topics of your choice. Subscribe to our other FREE email newsletters. http://www.winnetmag.com/email |-+-|-+-|-+-|-+-|-+-| Thank you for reading Security UPDATE. MANAGE YOUR ACCOUNT You can manage your entire Windows & .NET Magazine Network email newsletter account on our Web site. Simply log on and you can change your email address, update your profile information, and subscribe or unsubscribe to any of our email newsletters all in one place. http://www.winnetmag.com/email Thank you! - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Thu Oct 31 2002 - 08:57:59 PST