[ISN] Security UPDATE, December 4, 2002

From: InfoSec News (isnat_private)
Date: Wed Dec 04 2002 - 22:59:43 PST

  • Next message: InfoSec News: "[ISN] REVIEW: "Information Security Policies, Procedures, and Standards", Thomas R. Peltier"

    ********************
    Windows & .NET Magazine Security UPDATE--brought to you by Security
    Administrator, a print newsletter bringing you practical, how-to
    articles about securing your Windows .NET Server, Windows 2000, and
    Windows NT systems.
       http://www.secadministrator.com
    ********************
    
    ~~~~ THIS ISSUE SPONSORED BY ~~~~
    
    Disaster Recovery -- Is Your Backup Plan Complete?
       http://list.winnetmag.com/cgi-bin3/flo?y=eOlE0CJgSH0CBw06iZ0Ah
    
    VeriSign - The Value of Trust
       http://list.winnetmag.com/cgi-bin3/flo?y=eOlE0CJgSH0CBw05Kz0Ai
       (below IN FOCUS)
    
    ~~~~~~~~~~~~~~~~~~~~
    
    ~~~~ SPONSOR: DISASTER RECOVERY -- IS YOUR BACKUP PLAN COMPLETE? ~~~~
       Disaster recovery for Microsoft Windows XP/2000/NT servers and
    workstations gets a big boost with UltraBac Disaster Recovery (UBDR)! 
    Do you have a product in place that performs the following?
       +  Image Backup to Local/Remote Tape or Disk
       +  Boot Floppy Bare Metal Disaster Recovery
       +  Backs up Partitions, Including All Files and ACLs
       +  Live OS Backup with Built-in Locked File Agent
       +  Restores OS Partitions with Zero User Interaction
       If you answered no to any of the above, UltraBac v7.0.2 is
    available for download now. Best of all, UBDR can co-exist with ALL
    backup software. To learn more visit
       http://list.winnetmag.com/cgi-bin3/flo?y=eOlE0CJgSH0CBw06iZ0Ah
    ~~~~~~~~~~~~~~~~~~~~
    
    December 4, 2002--In this issue:
    
    1. IN FOCUS
         - Tired of Unwanted Email? Try This Simple Solution
    
    2. SECURITY RISKS
         - Multiple Vulnerabilities in Sybase Adaptive Server 12.0 and
           12.5
    
    3. ANNOUNCEMENTS
         - Planning on Getting Certified? Make Sure to Pick Up Our New
           eBook!
         - Sample Our Security Administrator Newsletter!
    
    4. SECURITY ROUNDUP
         - News: PKWARE Teams with RSA Security to Enhance ZIP Technology
         - Feature: Serious About Security
    
    5. HOT RELEASE (ADVERTISEMENT)
         - Protect Your Infrastructure
    
    6. SECURITY TOOLKIT
         - Virus Center
         - FAQ: Under What Conditions Is Fast User Switching Available in
           Windows XP?
    
    7. NEW AND IMPROVED
         - Add Two-Factor Authentication to ISA Server 2000
         - Scan for Network Vulnerabilities
         - Submit Top Product Ideas
     
    8. HOT THREADS
         - Windows & .NET Magazine Online Forums
             - Featured Thread: How Do I Prevent Service and User Listing?
         - HowTo Mailing List
             - Featured Thread: Kazaa Lite Capturing Keystrokes?
     
    9. CONTACT US
       See this section for a list of ways to contact us.
    
    ~~~~~~~~~~~~~~~~~~~~
    
    1. ==== IN FOCUS ====
       (contributed by Mark Joseph Edwards, News Editor,
    markat_private)
    
    * TIRED OF UNWANTED EMAIL? TRY THIS SIMPLE SOLUTION
    
    Are you tired of junk mail yet? I am. At one point, I thought that if
    I received one more unsolicited email asking me to help a "poor widow
    in Nigeria" move $10 million into the United States or Canada I'd
    scream. What a scam!
    
    Recently, I found an easy and free way to filter email--a method that
    just about anyone can deploy on Windows and Novell systems. If you use
    the Mercury Mail Transport System, you can quickly establish custom
    filtering rules that can eliminate just about any kind of unwanted
    email.
       http://www.pmail.com/overviews/ovw_mercwin.htm
    
    Mercury is a full SMTP mail server with a lot of extras, such as an
    IMAP server, a Finger server, and a password-changing server. Two
    interesting Mercury components include its built-in POP3 client and
    its Content Control subsystem. The POP3 client lets the mail server
    pick up email from any POP3 accounts you specify, and the Content
    Control subsystem can filter email that the POP3 client receives or
    that comes through the SMTP server, if you use Mercury as a full-blown
    mail server. In effect, you can use Mercury as a junk-mail filtering
    system with just a few minor changes to the way you receive email.
    
    Configuring Mercury as an email-filtering system is simple: Install
    the Mercury server, configure the basic settings (e.g., host name, DNS
    servers, user mail accounts), configure the POP3 client to pick up
    your POP-based email, configure the content-filtering rules to
    eliminate unwanted email, and configure your regular POP3 mail client
    to pick up email from Mercury instead of your usual POP3 mail server.
    
    The Content Control filtering rules are flexible and easy to create,
    and Mercury ships with a predefined rule set that helps eliminate
    several common types of junk mail you're likely to receive. You can
    filter based on several email elements (e.g., header, subject).
    Writing custom rules involves deciding which aspects of an email
    message to base a filter on, specifying what content will trigger the
    rule, and giving the filter a weighted numeric value. The weighted
    value helps govern what happens to a message when it triggers a rule.
    For example, here's a rule that captures all email that contains the
    words "Make Money Fast":
     
       If body contains "make money fast" then weight 50
    
    If you configure the Content Control subsystem to delete all messages
    with a weight of 50 or above, no email containing the above keywords
    will ever reach your desktop email client.
    
    The rules are powerful. You can filter based on subject, sender,
    recipients, body content, and email headers. The rules use typical
    expressions such as "if," "and," "andnot," "or," and "ornot" and
    special markup codes for character pattern matching. In addition, the
    Content Control system lets you insert custom email headers into
    filtered messages you can then use to refilter the message headers in
    your desktop email client for special action upon receipt, such as
    sorting email messages into specific folders.
    
    Mercury supports multiple rule sets and separate blacklist and
    whitelist files. It also works with the Mail Abuse Prevention System
    (MAPS--see the URL below), which further helps prevent the spread and
    receipt of unsolicited email. In addition, Mercury includes other
    built-in filtering systems that let you automatically perform such
    actions as forwarding, replying to, copying, extracting, and appending
    email messages to files--all based on individual email
    characteristics.
       http://mail-abuse.org
    
    I find Mercury a powerful and inexpensive way to manage email traffic.
    It's a great full-blown standalone mail server and a terrific POP3
    mail relay to help you filter out unwanted email simply. And because
    it uses a small amount of memory, it won't significantly burden
    resources. What amazes me most about Mercury is that its developer,
    David Harris, provides this package free for personal and commercial
    use. You can download a copy of Mercury at the URL below.
       http://www.pmail.com/downloads.htm
    
    ~~~~~~~~~~~~~~~~~~~~
    
    ~~~~ SPONSOR: VERISIGN - THE VALUE OF TRUST ~~~
       FREE E-COMMERCE SECURITY GUIDE
       Is your e-business built on a strong, secure foundation? Find out
    with VeriSign's FREE White Paper, "Building an E-Commerce Trust
    Infrastructure." Learn how to authenticate your site to customers,
    secure your web servers with 128-Bit SSL encryption, and accept secure
    payments online. Click here:
       http://list.winnetmag.com/cgi-bin3/flo?y=eOlE0CJgSH0CBw05Kz0Ai
    ~~~~~~~~~~~~~~~~~~~~
    
    2. ==== SECURITY RISKS ====
       (contributed by Ken Pfeil, kenat_private)
    
    * MULTIPLE VULNERABILITIES IN SYBASE ADAPTIVE SERVER 12.0 AND 12.5
       Application Security discovered three new buffer-overrun
    vulnerabilities in Sybase's Adaptive Server 12.5 and Adaptive Server
    12.0. The vulnerabilities can grant an attacker complete control over
    the vulnerable system. The first vulnerability involves a buffer
    overflow in the Database Consistency Checker (DBCC) CHECKVERIFY
    function. The second vulnerability involves a buffer overflow in the
    DROP DATABASE function. The third vulnerability is a buffer-overflow
    condition in the xp_freedll stored procedure. For more information
    about these vulnerabilities, see the discoverer's Web site. Sybase has
    released patches that address these vulnerabilities and recommends
    that affected users download the appropriate patch from the company's
    Web site.
       http://www.secadministrator.com/articles/index.cfm?articleid=27459
    
    3. ==== ANNOUNCEMENTS ====
       (brought to you by Windows & .NET Magazine and its partners)
    
    * PLANNING ON GETTING CERTIFIED? MAKE SURE TO PICK UP OUR NEW EBOOK!
       "The Insider's Guide to IT Certification" eBook is hot off the
    presses and contains everything you need to know to help you save time
    and money while preparing for certification exams from Microsoft,
    Cisco Systems, and CompTIA and have a successful career in IT. Get
    your copy of the Insider's Guide today!
       http://list.winnetmag.com/cgi-bin3/flo?y=eOlE0CJgSH0CBw06cX0AZ
    
    * SAMPLE OUR SECURITY ADMINISTRATOR NEWSLETTER!
       Security breaches and viruses can happen to your enterprise. But
    there are steps you can take to prevent disaster, like subscribing to
    Security Administrator, the print newsletter from the experts at
    Windows & .NET Magazine. Every issue shows you how to protect your
    systems with informative, in-depth articles, timely tips, and
    practical advice. Don't just take our word for it--get a sample issue
    today!
       http://list.winnetmag.com/cgi-bin3/flo?y=eOlE0CJgSH0CBw06Kx0Ah
    
    4. ==== SECURITY ROUNDUP ====
    
    * NEWS: PKWARE TEAMS WITH RSA SECURITY TO ENHANCE ZIP TECHNOLOGY
       PKWARE and RSA Security announced that they've formed a new
    strategic technology, sales, and marketing partnership. Under the new
    partnership, PKWARE has licensed RSA BSAFE encryption software, and
    RSA Security has licensed PKWARE's PKZIP compression technology.
    PKWARE will use RSA BSAFE to enhance its product offerings across
    desktops, servers, and mainframe systems. RSA Security will use PKZIP
    in the products it offers through its direct sales and distribution
    channels. The companies pointed out that compression and encryption
    technologies complement each other in that compression reduces
    encryption overhead while encryption helps to protect data.
       http://www.secadministrator.com/articles/index.cfm?articleid=27438
    
    * FEATURE: SERIOUS ABOUT SECURITY
       In this age of rampant viruses and increasingly sophisticated
    system attacks, securing your Microsoft SQL Server system means more
    than just protecting your data--it also means protecting your network.
    Attackers can use a compromised SQL Server system to access other
    systems in your network. This year, Microsoft finally got serious
    about security. In January, Microsoft launched its much-publicized
    3-month security initiative, halting all new development, hunting for
    security holes, and training its developers to be security-conscious.
    But even with Microsoft's ramped-up security efforts, your systems are
    still only as secure as you make them. Microsoft and other companies
    might give you the lock, but you have to turn the key.
       http://www.secadministrator.com/articles/index.cfm?articleid=26942
    
    5. ==== HOT RELEASE (ADVERTISEMENT) ====
    
    * PROTECT YOUR INFRASTRUCTURE
       How do you make sure only the right people access your vital
    systems? IBM can help build trust into your e-business relationships.
    Get the IBM white paper, "Linking Security Needs to e-business
    Evolution" at http://list.winnetmag.com/cgi-bin3/flo?y=eOlE0CJgSH0CBw06ia0Ao
    
    6. ==== SECURITY TOOLKIT ====
    
    * VIRUS CENTER
       Panda Software and the Windows & .NET Magazine Network have teamed
    to bring you the Center for Virus Control. Visit the site often to
    remain informed about the latest threats to your system security.
       http://www.secadministrator.com/panda
    
    * FAQ: UNDER WHAT CONDITIONS IS FAST USER SWITCHING AVAILABLE IN
    WINDOWS XP?
       ( contributed by John Savill, http://www.windows2000faq.com )
    
    A. Fast User Switching is an XP feature that lets more than one user
    simultaneously log on, although only one user account can be active at
    any time. For example, say user John is currently logged on and Kevin
    needs to print a document from his desktop. Without logging off John,
    Kevin can log on, print his document, then make John's user account
    active again without logging off to perform the switch.
    
    Several factors determine whether Fast User Switching is available:
       - You must not be using a third-party Microsoft Graphical
    Identification and Authentication (GINA--msgina.dll) file.
       - The computer must not be a member of a domain (this factor
    applies to XP Professional only).
       - You must enable the Fast User Switching feature (go to the
    Control Panel User Accounts applet and select "Change the way users
    log on or off"). If the computer has more than 64MB of RAM, XP enables
    Fast User Switching by default.
       - The computer has sufficient free resources to create an
    additional Winlogon service thread (when multiple users are logged on,
    all the accounts--even those not currently in use--use resources).
       - If your computer video card uses Shared Video Memory (i.e., the
    computer uses a portion of the system's RAM for video display memory),
    the shared memory will minimize the amount of free RAM and can cause
    XP to disable Fast User Switching.
    
    7. ==== NEW AND IMPROVED ====
       (contributed by Sue Cooper, productsat_private)
    
    * ADD TWO-FACTOR AUTHENTICATION TO ISA SERVER 2000
       Authenex introduced AOne, which integrates two-factor
    authentication with Microsoft Internet Security and Acceleration (ISA)
    Server 2000. End users' passwords and A-Key USB tokens let you control
    inbound and outbound HTTP or HTTP Secure (HTTPS) page or file requests
    according to permissions established for groups or individual users.
    AOne supports Windows 2000 Server with Service Pack 2 (SP2) or later
    and requires an available USB port. Clients are supported on Windows
    XP, Win2K, Windows 98, and Windows Me. For pricing or more
    information, contact Authenex at 510-568-6558, 877-288-4363, and
    salesat_private
       http://www.authenex.com
     
    * SCAN FOR NETWORK VULNERABILITIES
       Latis Networks announced StillSecure Server VAM 1.1, which
    continuously and systematically scans for network vulnerabilities. You
    can customize scanning based on the type and importance of devices,
    and you can set frequency. After the application discovers weaknesses,
    you can track them through repair with the Workflow Management Engine.
    StillSecure Server VAM 1.1 is sold as an annual subscription based on
    the number of IP addresses. It's available as a software appliance
    with a hardened OS or as a preconfigured integrated hardware
    appliance. For pricing or more information, contact Latis Networks at
    303-642-4500 and salesat_private
       http://latis.com
    
    * SUBMIT TOP PRODUCT IDEAS
       Have you used a product that changed your IT experience by saving
    you time or easing your daily burden? Do you know of a terrific
    product that others should know about? Tell us! We want to write about
    the product in a future What's Hot column. Send your product
    suggestions to whatshotat_private
    
    8. ==== HOT THREADS ====
    
    * WINDOWS & .NET MAGAZINE ONLINE FORUMS
       http://www.winnetmag.com/forums
    
    Featured Thread: How Do I Prevent Service and User Listing?
       (One message in this thread)
    
    A user knows that programs such as DUMPSEC can list all running
    services on remote Windows 2000 and Windows NT systems. He wants to
    know whether he can lock down systems to prevent such applications
    from enumerating services and local users. Lend a hand or read the
    responses:
       http://www.winnetmag.com/forums/rd.cfm?cid=42&tid=50652
    
    * HOWTO MAILING LIST
       http://63.88.172.96/listserv/page_listserv.asp?a0=howto
    
    Featured Thread: Kazaa Lite Capturing Keystrokes?
       (One message in this thread)
    
    A user writes that while he was testing the OKENA StormWatch Intrusion
    Detection System (IDS), an alert stated that kazaa.exe was capturing
    keystrokes. He loaded a new image on another computer and loaded the
    StormWatch application first, then downloaded Kazaa Lite. He replaced
    the .exe per the instructions and executed the program. The same thing
    happened. He has looked at all the files and doesn't see that the
    application is writing to anything. He wonders whether anyone can tell
    him about this behavior. Read the responses or lend a hand at the
    following URL:
       http://63.88.172.96/listserv/page_listserv.asp?A2=IND0211D&L=HOWTO&P=687
    
    9. ==== CONTACT US ====
       Here's how to reach us with your comments and questions:
    
    * ABOUT IN FOCUS -- markat_private
    
    * ABOUT THE NEWSLETTER IN GENERAL -- lettersat_private (please
    mention the newsletter name in the subject line)
    
    * TECHNICAL QUESTIONS -- http://www.winnetmag.com/forums
    
    * PRODUCT NEWS -- productsat_private
    
    * QUESTIONS ABOUT YOUR SECURITY UPDATE SUBSCRIPTION? Customer
    Support -- securityupdateat_private
    
    * WANT TO SPONSOR SECURITY UPDATE? emedia_oppsat_private
    
    ********************
    
       This email newsletter is brought to you by Security Administrator,
    the print newsletter with independent, impartial advice for IT
    administrators securing a Windows 2000/Windows NT enterprise.
    Subscribe today!
       http://www.secadministrator.com/sub.cfm?code=saei25xxup
    
       Receive the latest information about the Windows and .NET topics of
    your choice. Subscribe to our other FREE email newsletters.
       http://www.winnetmag.com/email
    
    |-+-|-+-|-+-|-+-|-+-|
    
    Thank you for reading Security UPDATE.
    
    MANAGE YOUR ACCOUNT
       You can manage your entire Windows & .NET Magazine Network email
    newsletter account on our Web site. Simply log on and you can change
    your email address, update your profile information, and subscribe or
    unsubscribe to any of our email newsletters all in one place.
       http://www.winnetmag.com/email
    
    Thank you!
    
    __________________________________________________________
    Copyright 2002, Penton Media, Inc.
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Thu Dec 05 2002 - 01:37:09 PST