[ISN] Security UPDATE, November 27, 2002

From: InfoSec News (isnat_private)
Date: Sun Dec 01 2002 - 23:42:20 PST

  • Next message: InfoSec News: "[ISN] Coast Guard turns HR helm over to vendor"

    ********************
    Windows & .NET Magazine Security UPDATE--brought to you by Security
    Administrator, a print newsletter bringing you practical, how-to
    articles about securing your Windows .NET Server, Windows 2000, and
    Windows NT systems.
       http://www.secadministrator.com
    ********************
    
    ~~~~ THIS ISSUE SPONSORED BY ~~~~
    
    VeriSign - The Value of Trust
       http://list.winnetmag.com/cgi-bin3/flo?y=eOgK0CJgSH0CBw05qj0A6
    
    Microsoft Mobility Tour
       http://list.winnetmag.com/cgi-bin3/flo?y=eOgK0CJgSH0CBw06Kw0Ah
       (below IN FOCUS)
    
    ~~~~~~~~~~~~~~~~~~~~
    
    ~~~~ SPONSOR: VERISIGN - THE VALUE OF TRUST ~~~~
       Secure all your Web servers now - with a proven 5-part strategy.
    The FREE Server Security Guide shows you how:
       * DEPLOY THE LATEST ENCRYPTION and authentication techniques
       * DELIVER TRANSPARENT PROTECTION with the strongest security
    without disrupting users. And more. Get your FREE Guide now:
       http://list.winnetmag.com/cgi-bin3/flo?y=eOgK0CJgSH0CBw05qj0A6
    ~~~~~~~~~~~~~~~~~~~~
    
    November 27, 2002--In this issue:
    
    1. IN FOCUS
         - Security Conferences in 2003
    
    2. SECURITY RISKS
        - Buffer-Overrun Vulnerability in Microsoft Data Access Components
        - Multiple Vulnerabilities in Microsoft IE
    
    3. ANNOUNCEMENTS
         - Happy 10th Anniversary SQL Server!
         - Give Us Your Feedback and Be Entered to Win an Xbox
    
    4. SECURITY ROUNDUP
         - News: Butterfly Security Releases CodeSeeker as Open Source
         - News: RSA Security's Crypto-J Receives FIPS 140-1 Certification
    
    5. INSTANT POLL
         - Results of Previous Poll: Using SAML
         - New Instant Poll: Using Open-Source Products
    
    6. SECURITY TOOLKIT
         - Virus Center
         - FAQ: How Can I Check a System's Availability?
    
    7. NEW AND IMPROVED
         - Reduce Network Threats
         - Secure Your IT Perimeter
         - Submit Top Product Ideas
     
    8. HOT THREADS
         - Windows & .NET Magazine Online Forums
             - Featured Thread: ISA Server 2000 Routing Problem
         - HowTo Mailing List
             - Featured Thread: User Account Creation Is Slow
     
    9. CONTACT US
       See this section for a list of ways to contact us.
    
    ~~~~~~~~~~~~~~~~~~~~
    
    1. ==== IN FOCUS ====
       (contributed by Mark Joseph Edwards, News Editor,
    markat_private)
    
    * SECURITY CONFERENCES IN 2003
    
    Are you planning to attend any security conferences in 2003? Many are
    already scheduled, and now is the time to put them on your calendar. 
    This week, I present six conferences that you might want to consider
    attending. They're listed below in chronological order.
    
    * BlackHat Windows Security 2003 Briefings and Training, February 24
    through 27 at the Sheraton Seattle Hotel & Towers in Seattle.
       The briefings will cover six tracks over 2 days. Subjects include
    policies, deep knowledge, networking and integration, and application
    development, as well as Microsoft .NET, Microsoft IIS, Microsoft SQL
    Server, and Microsoft Internet Security and Acceleration (ISA) Server
    2000. Training sessions include exposing Cisco Systems network
    vulnerabilities, analyzing software for security vulnerabilities,
    uncovering Web application vulnerabilities, using forensics tools and
    processes for Windows XP platforms, and securely deploying Microsoft
    technologies, as well as a National Security Agency (NSA) information
    security assessment methodology course.
       http://www.blackhat.com/html/win-usa-03/win-usa-03-index.html
       http://www.blackhat.com/html/win-usa-03/train-bh-win-03-index.html
    
    * SANS 2003, March 5 through 12 at the Sheraton San Diego Hotel and
    Marina in San Diego.
       The SysAdmin, Audit, Network, Security (SANS) Institute's Stephen
    Northcutt describes the conference as "our largest conference and
    vendor exhibition of the year." According to Northcutt, "The defensive
    information community enters 2003 with a wealth of great initiatives:
    the Gold Standards, the Cyber Defense Initiatives, more hands-on
    pragmatic advanced technical training and the wide array of new
    tools." At SANS 2003, many special activities will emphasize ways to
    fight back against cyber crime and how to use these initiatives to
    help you secure your organization.
       http://www.sans.org/SANS2003
    
    * RSA Conference 2003, April 13 through 17 at Moscone Center in San
    Francisco.
       The RSA conference has four main components: General Sessions,
    Expo, Tutorials, and Class Tracks. "The General Sessions bring
    everyone together for special keynote addresses, expert panels and
    discussions of general interest. This year's Expo will feature more
    than 138,000 square feet of exhibit space with more than 200 vendors
    demonstrating the very latest e-security products. Optional Sunday
    tutorials and immersion training sessions will provide the basics of
    e-security technology, enterprise security and security development
    techniques." The conference's 13 Class Tracks will feature many
    workshops, seminars, and talks. The 2003 conference offers a catalog
    of more than 200 classes.
       http://www.rsaconference.net/rsa2003
       http://www.rsasecurity.com/conference
    
    * 2003 Techno-Security Conference, April 27 through 30 at the Wyndham
    Myrtle Beach Resort in Myrtle Beach, South Carolina.
       The conference features a "blend of physical and cyber security
    forums ... the latest in computer forensics and related legal issues
    affecting federal, state and local law enforcement, as well as the
    Fortune 500 [companies]."
       Guidance Software hosts the conference. According to Robert
    Shields, senior director of marketing at Guidance Software, "Combining
    both physical and cyber security issues - Techno-Security addresses a
    common linkage surrounding the use of computer forensics software.
    With numerous sessions covering issues such as homeland defense,
    intrusion detection, and evidence management," the conference will
    serve many computer security experts and investigators.
       http://www.thetrainingco.com/html/Techno2003.html
       http://www.thetrainingco.com/html/Conferences.html
    
    * 15th Annual Computer Security Incident Handling Conference, June 22
    through 27 at the Westin Hotel in Ottawa.
       First.Org sponsors the FIRST Conference, which "focuses on the
    field of computer security incident handling and response. The
    presentations are international in scope and include the latest in
    incident response and prevention, vulnerability analysis, and computer
    security."
       http://www.first.org/conference/2003
    
    * NetSec 2003, June 23 through 25 at the Hyatt Regency New Orleans in
    New Orleans.
       Computer Security Institute's (CSI's) NetSec network security
    conference is "devoted exclusively to network security." NetSec 2003
    will offer more than 85 sessions about subjects such as
    Internet/intranet, secure ecommerce, VPNs, computer crime, Denial of
    Service (DoS) attacks, forensic investigation, response teams,
    cryptography/public key infrastructure (PKI), intrusion detection,
    Windows NT, privacy, policies, awareness, and remote access. The
    exhibition will feature more than 70 network security product
    exhibitors.
       http://www.gocsi.com
    
    Many security conferences will be held throughout the year. To find
    others that you might be interested in, go to your favorite search
    engine and search for "Security +conference +2003." Here are a few
    links to get you started.
       http://search.dogpile.com/texis/search?q=security%20%2bconference%20%2b2003
       http://search.yahoo.com/bin/search?p=security+%2bconference+%2b2003
       http://www.altavista.com/web/results?q=security+%2bconference+%2b2003
       http://www.google.com/search?q=security+%2bconference+%2b2003
     
    ~~~~~~~~~~~~~~~~~~~~
    
    ~~~~ SPONSOR: MICROSOFT MOBILITY TOUR ~~~~
       THE MICROSOFT MOBILITY TOUR IS COMING SOON TO A CITY NEAR YOU!
       Brought to you by Windows & .NET Magazine, this outstanding
    seven-city event will help support your growing mobile workforce!
    Industry guru Paul Thurrott discusses the coolest mobility hardware
    solutions around, demonstrates how to increase the productivity of
    your "road warriors" with the unique features of Windows XP and Office
    XP, and much more. There is no charge for these live events, but space
    is limited so register today!
       http://list.winnetmag.com/cgi-bin3/flo?y=eOgK0CJgSH0CBw06Kw0Ah
    ~~~~~~~~~~~~~~~~~~~~
    
    2. ==== SECURITY RISKS ====
       (contributed by Ken Pfeil, kenat_private)
    
    * BUFFER-OVERRUN VULNERABILITY IN MICROSOFT DATA ACCESS COMPONENTS
       Foundstone discovered that a Microsoft Data Access Components
    (MDAC) vulnerability might let a potential attacker execute arbitrary
    code on the vulnerable system. The vulnerability stems from an
    unchecked buffer in the Remote Data Services (RDS) Data Stub. By
    sending a specially malformed HTTP request to the Data Stub, a
    potential attacker can cause targeted data to overrun onto the heap.
    Microsoft has released Security Bulletin MS02-065 (Buffer Overrun in
    Microsoft Data Access Components Could Lead to Code Execution) to
    address this vulnerability and recommends that affected users
    immediately apply the appropriate patch that the bulletin mentions.
       http://www.secadministrator.com/articles/index.cfm?articleid=27357
    
    * MULTIPLE VULNERABILITIES IN MICROSOFT IE
       eEye Digital Security discovered that Microsoft Internet Explorer
    (IE) contains six newly discovered vulnerabilities, the most serious
    of which might let a potential attacker execute commands on the
    vulnerable system. Microsoft has released Security Bulletin MS02-066
    (Cumulative Patch for Internet Explorer) to address these
    vulnerabilities and recommends that affected users immediately apply
    the appropriate patch that the bulletin mentions. This cumulative
    patch also addresses all previously discovered IE vulnerabilities.
       http://www.secadministrator.com/articles/index.cfm?articleid=27364
    
    3. ==== ANNOUNCEMENTS ====
       (brought to you by Windows & .NET Magazine and its partners)
    
    * HAPPY 10TH ANNIVERSARY SQL SERVER!
       Microsoft and SQL Server Magazine want to thank you for your
    support over the past 10 years. To show our appreciation, we're
    running a 20-week contest that will test your SQL Server knowledge.
    Answer our quiz, and you'll be entered in a biweekly drawing for cool
    prizes such as Microsoft Press books and MCDBA exam vouchers, plus a
    grand prize: a Microsoft Xbox! Enter today at
       http://list.winnetmag.com/cgi-bin3/flo?y=eOgK0CJgSH0CBw06ST0AG
     
    * GIVE US YOUR FEEDBACK AND BE ENTERED TO WIN AN XBOX
       Tell us how well your enterprise is prepared for when disaster
    strikes. Complete our brief survey about backup and recovery, and you
    could win an Xbox. Click here!
       http://list.winnetmag.com/cgi-bin3/flo?y=eOgK0CJgSH0CBw06MJ0Ay
    
    4. ==== SECURITY ROUNDUP ====
    
    * NEWS: BUTTERFLY SECURITY RELEASES CODESEEKER AS OPEN SOURCE
       Butterfly Security released CodeSeeker as open source through the
    Open Web Application Security Project (OWASP). CodeSeeker is a Web
    application firewall and Intrusion Detection System (IDS) tool that
    runs on Windows NT, Sun Microsystem's Sun Solaris, and Linux.
       http://www.secadministrator.com/articles/index.cfm?articleid=27358
    
    * NEWS: RSA SECURITY'S CRYPTO-J RECEIVES FIPS 140-1 CERTIFICATION
       RSA Security announced that its Crypto-J software has attained
    Federal Information Processing Standards (FIPS) 140-1 certification.
    Crypto-J is part of RSA Security's BSAFE product line. BSAFE also
    includes implementations of Secure Sockets Layer (SSL), Secure MIME
    (S/MIME), Wireless Transport Layer Security (WTLS), IP Security
    (IPSec) and Public Key Cryptography Standards (PKCS).
       http://www.secadministrator.com/articles/index.cfm?articleid=27359
    
    5. ==== INSTANT POLL ====
     
    * RESULTS OF PREVIOUS POLL: USING SAML
       The voting has closed in Windows & .NET Magazine's Security
    Administrator Channel nonscientific Instant Poll for the question, "Do
    you use Security Assertion Markup Language (SAML) for security in your
    Web applications?" Here are the results (+/- 2 percent) from the 101
    votes:
       -  4% Yes
       - 77% No
       -  8% Not yet, but we will
       -  1% No--We use Extensible Rights Markup Language (XrML)
       - 10% No--We use other security technology
     
    * NEW INSTANT POLL: USING OPEN-SOURCE PRODUCTS
       The next Instant Poll question is, "Do you use open-source products
    on your network?" Go to the Security Administrator Channel home page
    and submit your vote for a) Yes, b) No, c) Not sure, or d) We plan to.
       http://www.secadministrator.com
    
    6. ==== SECURITY TOOLKIT ====
    
    * VIRUS CENTER
       Panda Software and the Windows & .NET Magazine Network have teamed
    to bring you the Center for Virus Control. Visit the site often to
    remain informed about the latest threats to your system security.
       http://www.secadministrator.com/panda
    
    * FAQ: HOW CAN I CHECK A SYSTEM'S AVAILABILITY?
       ( contributed by John Savill, http://www.windows2000faq.com )
    
    A. Microsoft's Uptime tool (available at the second URL below)
    displays basic system-uptime information. This tool can also list all
    startup and shutdown events, and you can use the /s switch to show the
    total percent time that your machine has been available. For an
    example of Uptime commands and associated output, visit this FAQ on
    our Web site.
       http://www.windows2000faq.com/articles/index.cfm?articleid=27249
      
     http://www.microsoft.com/ntserver/nts/downloads/management/uptime/default.asp
    
    7. ==== NEW AND IMPROVED ====
       (contributed by Sue Cooper, productsat_private)
    
    * REDUCE NETWORK THREATS
       eEye Digital Security announced Enterprise Vulnerability Assessment
    and Remediation Management Solution for large and distributed networks
    to proactively control and manage network security. The software
    consists of four fully integrated applications: Retina Network
    Security Scanner, Retina Remote Manager, REM Events Server, and REM
    Events Manager. It gathers security vulnerability events from Retina
    scanners, as well as other third-party vendor solutions, and reports
    to a centralized management system. The events can then be analyzed
    and delegated to your IT staff for remediation. For pricing or more
    information, contact eEye Digital Security at 949-349-9062,
    866-339-3732, and salesat_private
       http://www.eeye.com
    
    * SECURE YOUR IT PERIMETER
       eSoft announced the InstaGate xSP Business, a scalable VPN/firewall
    appliance for midsize enterprises wanting to integrate a simplified
    Internet security solution. Features include an IP Security
    (IPSec)/PPTP VPN, a firewall policy manager, Web proxy capabilities,
    mail relaying, and a demilitarized zone (DMZ)/failover network
    interface. Also included is a comprehensive catalog of SoftPak
    applications that includes antivirus, URL filtering, and centralized
    VPN management tools. InstaGate xSP Business, which costs $1999,
    supports up to 100 users and 100 VPN tunnels, as well as all OS
    environments. Contact eSoft at 303-444-1600, 888-903-7638, and sales
    @esoft.com.
       http://www.esoft.com
    
    * SUBMIT TOP PRODUCT IDEAS
       Have you used a product that changed your IT experience by saving
    you time or easing your daily burden? Do you know of a terrific
    product that others should know about? Tell us! We want to write about
    the product in a future What's Hot column. Send your product
    suggestions to whatshotat_private
    
    8. ==== HOT THREADS ====
    
    * WINDOWS & .NET MAGAZINE ONLINE FORUMS
       http://www.winnetmag.com/forums
    
    Featured Thread: ISA Server 2000 Routing Problem
       (Two messages in this thread)
    
    A user writes that he has a problem with Microsoft Internet Security
    and Acceleration (ISA) Server 2000 routing. He installed ISA Server on
    a computer with two NICs. One NIC is connected to an external router,
    and the other NIC is connected to an internal network. His router uses
    Network Address Translation (NAT). He created all the required
    policies for the internal network to access the Internet through the
    external router. However, users can't access systems outside the
    internal network. He wonders why. Lend a hand or read the responses.
       http://www.winnetmag.com/forums/rd.cfm?cid=42&tid=50285
    
    * HOWTO MAILING LIST
       http://63.88.172.96/listserv/page_listserv.asp?a0=howto
    
    Featured Thread: User Account Is Slow
       (One message in this thread)
    
    A user writes that he uses Windows 2000 as a standalone system. Any
    time he creates user accounts or makes changes to those account, it
    seems to take 1 minute or more for the system to process those
    changes. He wonders why this happens. Read the responses or lend a
    hand at the following URL:
       http://63.88.172.96/listserv/page_listserv.asp?a2=ind0211c&l=howto&p=2670
    
    9. ==== CONTACT US ====
       Here's how to reach us with your comments and questions:
    
    * ABOUT IN FOCUS -- markat_private
    
    * ABOUT THE NEWSLETTER IN GENERAL -- lettersat_private (please
    mention the newsletter name in the subject line)
    
    * TECHNICAL QUESTIONS -- http://www.winnetmag.com/forums
    
    * PRODUCT NEWS -- productsat_private
    
    * QUESTIONS ABOUT YOUR SECURITY UPDATE SUBSCRIPTION? Customer
    Support -- securityupdateat_private
    
    * WANT TO SPONSOR SECURITY UPDATE? emedia_oppsat_private
    
    ********************
    
       This email newsletter is brought to you by Security Administrator,
    the print newsletter with independent, impartial advice for IT
    administrators securing a Windows 2000/Windows NT enterprise.
    Subscribe today!
       http://www.secadministrator.com/sub.cfm?code=saei25xxup
    
       Receive the latest information about the Windows and .NET topics of
    your choice. Subscribe to our other FREE email newsletters.
       http://www.winnetmag.com/email
    
    |-+-|-+-|-+-|-+-|-+-|
    
    Thank you for reading Security UPDATE.
    
    MANAGE YOUR ACCOUNT
       You can manage your entire Windows & .NET Magazine Network email
    newsletter account on our Web site. Simply log on and you can change
    your email address, update your profile information, and subscribe or
    unsubscribe to any of our email newsletters all in one place.
       http://www.winnetmag.com/email
    
    Thank you!
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Mon Dec 02 2002 - 04:27:45 PST