[ISN] Security UPDATE, December 18, 2002

From: InfoSec News (isnat_private)
Date: Thu Dec 19 2002 - 00:56:51 PST

  • Next message: InfoSec News: "[ISN] Feds Delay Launch of Cyber-Security Plan"

    ********************
    Windows & .NET Magazine Security UPDATE--brought to you by Security
    Administrator, a print newsletter bringing you practical, how-to
    articles about securing your Windows .NET Server, Windows 2000, and
    Windows NT systems.
       http://www.secadministrator.com
    ********************
    
    ~~~~ THIS ISSUE SPONSORED BY ~~~~
    
    Protect Your Systems with Real Time Monitoring
       http://list.winnetmag.com/cgi-bin3/flo?y=eOzD0CJgSH0CBw067B0Ag 
    
    Lieberman & Associates
       http://list.winnetmag.com/cgi-bin3/flo?y=eOzD0CJgSH0CBw067C0Ah 
       (below IN FOCUS)
    
    ~~~~~~~~~~~~~~~~~~~~
    
    ~~~~ SPONSOR: PROTECT YOUR SYSTEMS WITH REAL TIME MONITORING ~~~~
       A proactive Security Administrator installed TNT Software's ELM
    Enterprise Manager 3.0 on his critical servers to assess the benefits
    of real time monitoring. During the first week, EEM 3.0 paged him as a
    disgruntled employee attempted to access confidential files, emailed
    him during a port scan barrage, and automatically restarted a failed
    anti-virus service. As a result, ELM Enterprise Manager was purchased
    and fully deployed during the second week. To experience how real time
    monitoring with ELM Enterprise Manager will protect your systems,
    download your FREE 30-day evaluation copy from:
       http://list.winnetmag.com/cgi-bin3/flo?y=eOzD0CJgSH0CBw067B0Ag 
    
    ~~~~~~~~~~~~~~~~~~~~
    
    December 18, 2002--In this issue:
    
    1. IN FOCUS
         - Critical Updates for Microsoft VM
    
    2. SECURITY RISKS
         - Buffer Overrun in Enceladus Web Server for Windows
    
    3. ANNOUNCEMENTS
         - Black Hat Briefings & Training: Windows Security
         - Planning on Getting Certified? Make Sure to Pick Up Our New
           eBook!
    
    4. SECURITY ROUNDUP
         - News: Microsoft Releases MBSA 1.1
         - Feature: 7 Steps to SSL Encryption
    
    5. HOT RELEASE (ADVERTISEMENT)
         - Get your FREE InTrust Audit Advisor tool
    
    6. SECURITY TOOLKIT
         - Virus Center
         - FAQ: How Can I Enable Saving Attachments in Microsoft Outlook
           Express 6.0?
    
    7. NEW AND IMPROVED
         - Protect NetApp Filers from Viruses
         - Secure Heterogeneous Enterprises
         - Correction: Control Spam with Firewall Appliance
         - Submit Top Product Ideas
     
    8. HOT THREADS
         - Windows & .NET Magazine Online Forums
             - Featured Thread: Forensics Tools
         - HowTo Mailing List
             - Featured Thread: Account Lockout
     
    9. CONTACT US
       See this section for a list of ways to contact us.
    
    ~~~~~~~~~~~~~~~~~~~~
    
    1. ==== IN FOCUS ====
       (contributed by Mark Joseph Edwards, News Editor,
    markat_private)
    
    * CRITICAL UPDATES FOR MICROSOFT VM
    
    Are you keeping up with all the patches Microsoft has issued?
    Microsoft has issued 71 security bulletins so far this year. One
    bulletin in particular, MS02-069 (Flaw in Microsoft VM Could Enable
    System Compromise) issued December 11, addresses several problems with
    the Microsoft Virtual Machine (VM) used for Java code. Versions of the
    VM software through version 5.0.3805 are vulnerable. According to
    Microsoft, "The most serious of these issues could enable a Web site
    to compromise your system and take actions such as changing data,
    loading and running programs, and reformatting the hard disk." The
    patch is a critical update, and everyone should install it.
       http://www.microsoft.com/security/security_bulletins/ms02-069.asp
    
    In the past, Microsoft has indicated that it will remove Java support
    from Windows. In June, Microsoft announced that because of a legal
    settlement with Sun Microsystems, after January 1, 2004, the company
    can no longer make modifications to Sun's Java code, including
    security fixes. Because of the settlement, Microsoft said, the company
    wouldn't include Java with Windows after that date. The decision stems
    from a legal argument between the two companies (to read more about
    that story, see the WinInfo Web site at the first URL below; to find
    the latest updates about the legal proceedings between Sun and
    Microsoft, see the second URL below).
       http://www.wininformant.com/articles/index.cfm?articleid=25620
       http://search.winnetmag.com/query.html?col=wininfo&qt=Java
    
    Even if Microsoft removes Java support from Windows, you might still
    use the Microsoft VM in the future, so consider loading the latest
    patch anyway, just in case. The patch will replace the "jview" program
    on your system with the latest version. While you're updating the
    Microsoft VM on your systems, consider upgrading other Java runtime
    components. You can do that by downloading the latest Java runtime
    environment (the Java 2 Platform) directly from Sun's Java Web site.
    Sun's runtime environment works with Windows XP, Windows 2000, Windows
    NT, Windows Me, Windows 9x, Sun Solaris, Linux, and Macintosh
    platforms.
       http://java.sun.com/getjava/download.html
    
    Speaking of patches, have you visited PivX Solutions' list of
    unpatched security holes in Microsoft products lately? Last updated
    December 9, 2002, the page lists 19 unpatched security
    vulnerabilities. Two items listed pertain to Java, and I can't tell
    whether this latest patch from Microsoft fixes those items. However,
    even if the patch does fix the Java vulnerabilities, take note of the
    17 other unpatched holes that you should be aware of.
    
    The problems range from the simple to the complex, including
    circumventing Microsoft Internet Explorer's (IE's) security zones,
    reading local files on a user's computer, and executing arbitrary
    code. The oldest problem listed on the Web page was reported almost a
    year ago, December 22, 2001, and relates to man-in-the-middle attacks
    against Secure Sockets Layer (SSL) traffic. The newest problem, posted
    December 3, 2002, pertains to cookie theft and monitoring users' Web
    activity. Be sure to read the Web page--and guard your systems against
    those holes until Microsoft develops a patch.
       http://www.pivx.com/larholm/unpatched/
    
    ~~~~~~~~~~~~~~~~~~~~
    
    ~~~~ SPONSOR: LIEBERMAN & ASSOCIATES ~~~
       Massive Workstation Security Hole...Ignored!
       In just a few minutes any of your domain users could become the
    administrator of ALL your machines without your knowledge. A quick
    search of Google.com for password crackers is all it takes. There is a
    solution. Download our guide to plugging the DISTRIBUTED CREDENTIALS
    FLAW in Windows.
       http://list.winnetmag.com/cgi-bin3/flo?y=eOzD0CJgSH0CBw067C0Ah ~~~~~~~~~~~~~~~~~~~~
    
    2. ==== SECURITY RISKS ====
       (contributed by Ken Pfeil, kenat_private)
    
    * BUFFER OVERRUN IN ENCELADUS WEB SERVER FOR WINDOWS
       Tamer Sahin discovered that a buffer-overrun vulnerability in
    Enceladus Web and FTP Server Suite 3.9 can let an attacker execute
    arbitrary code on the vulnerable system. If an attacker supplies a
    long sequence of characters as an argument to the CD command, thereby
    exceeding the length of the input buffer, the excess data will
    overwrite other variables on the stack and the stack frame. As a
    result, an attacker can execute arbitrary code. Mollensoft Software
    has been notified but hasn't yet released a patch for this problem.
       http://www.secadministrator.com/articles/index.cfm?articleid=27545
    
    3. ==== ANNOUNCEMENTS ====
       (brought to you by Windows & .NET Magazine and its partners)
    
    * BLACK HAT BRIEFINGS & TRAINING: WINDOWS SECURITY
       Attend the world's premier technical event for Windows and .NET
    security experts, February 25-28, 2002 in Seattle. You'll find six
    tracks, seven training sessions, and full support from Microsoft.  See
    for yourself what the Black Hat buzz is all about. Register today!
       http://list.winnetmag.com/cgi-bin3/flo?y=eOzD0CJgSH0CBw0pHV0AH
     
    * PLANNING ON GETTING CERTIFIED? MAKE SURE TO PICK UP OUR NEW EBOOK!
       "The Insider's Guide to IT Certification" eBook is hot off the
    presses and contains everything you need to know to help you save time
    and money while preparing for certification exams from Microsoft,
    Cisco Systems, and CompTIA and have a successful career in IT. Get
    your copy of the Insider's Guide today!
       http://list.winnetmag.com/cgi-bin3/flo?y=eOzD0CJgSH0CBw06cX0Am
    
    4. ==== SECURITY ROUNDUP ====
    
    * NEWS: MICROSOFT RELEASES MBSA 1.1
       Microsoft recently released a new version of Microsoft Baseline
    Security Analyzer (MBSA), which Shavlik Technologies developed for
    Microsoft. New features in MBSA 1.1 include Exchange and Windows Media
    Player (WMP) security update detection, full HFNetChk 3.81 support in
    the MBSA command-line interface, support for Microsoft Software Update
    Services (SUS) during security update scans, compatibility with
    Microsoft Systems Management Server (SMS) 2.0 Software Update Services
    Feature Pack, and detection for multiple Microsoft SQL Server
    instances.
       http://www.secadministrator.com/articles/index.cfm?articleid=27551
    
    * FEATURE: 7 STEPS TO SSL ENCRYPTION
       In Microsoft SQL Server 2000, Microsoft introduced new features to
    satisfy its customers' growing concerns about data security. One
    little-understood feature is automatic support of Secure Sockets Layer
    (SSL)-encrypted network traffic between the clients and the server.
    Encryption slightly slows performance because it requires extra
    actions on both sides of the network connection. However, for users
    who are concerned about the security of their network communications,
    the benefits of encryption outweigh this slight performance penalty.
    Encryption is especially useful when clients connect to the SQL Server
    across the Internet and data travels across public networks.
       http://www.secadministrator.com/articles/index.cfm?articleid=26908
    
    5. ==== HOT RELEASE (ADVERTISEMENT) ====
    
    * GET YOUR FREE INTRUST AUDIT ADVISOR TOOL
       Do you meet security regulations & corporate rules? Get your FREE
    InTrust Audit Advisor tool to estimate the resources needed to deploy
    and implement auditing practices, for a secure environment. Close the
    security gap with InTrust.
       http://list.winnetmag.com/cgi-bin3/flo?y=eOzD0CJgSH0CBw067D0Ai 
    
    6. ==== SECURITY TOOLKIT ====
    
    * VIRUS CENTER
       Panda Software and the Windows & .NET Magazine Network have teamed
    to bring you the Center for Virus Control. Visit the site often to
    remain informed about the latest threats to your system security.
       http://www.secadministrator.com/panda
    
    * FAQ: HOW CAN I ENABLE SAVING ATTACHMENTS IN MICROSOFT OUTLOOK
    EXPRESS 6.0?
       ( contributed by John Savill, http://www.windows2000faq.com )
    
    By default and as a security precaution to avoid saving a virus to
    your computer, Outlook Express doesn't let you save files locally. To
    enable file saving within Outlook Express, perform the following
    steps:
       1. Start Outlook Express.
       2. From the Tools menu, select Options.
       3. Select the Security tab.
       4. Clear the "Do not allow attachments to be saved or opened that
    could potentially be a virus" check box, then click OK.
    
    7. ==== NEW AND IMPROVED ====
       (contributed by Sue Cooper, productsat_private)
    
    * PROTECT NETAPP FILERS FROM VIRUSES
       Symantec announced Symantec AntiVirus for NetApp Filers, software
    that provides scalable virus scanning and repair services to protect
    data on Network Appliance (NetApp) storage solutions. One scanner can
    service multiple filers, protecting your data from damage or deletion
    because of virus infection. A Central Quarantine feature lets you
    redirect irreparable, virus-infected files to a safe area on a
    centralized server for further inspection. For trialware, licensing
    information, or reseller locations, go to
       http://enterprisesecurity.symantec.com.
       http://symantec.com
    
    * SECURE HETEROGENEOUS ENTERPRISES
       SnapGear is shipping the SnapGear SME5xx family of VPN firewall
    appliances. Based on the Hitachi SuperH SH4 microprocessor, the
    appliances are built for small to midsized enterprises. These
    appliances offer narrowband and broadband access, intrusion detection,
    a URL content-filtering option, a stateful firewall, a VPN, LAN
    throughputs up to 50Mbps, VPN throughputs up to 10Mbps, no built-in
    user limitation, and lifetime firmware upgrades. Management is
    browser-based. Prices start at $349. Contact SnapGear at 801-282-8492
    and salesat_private
       http://www.snapgear.com
    
    * CORRECTION: CONTROL SPAM WITH FIREWALL APPLIANCE
       In last week's Security UPDATE item about BorderWare Technologies'
    MXtreme Mail Firewall, the first of the two phone numbers listed was
    incorrect. Here's the corrected information: Contact BorderWare at
    905-804-1855, 877-814-7900, and salesat_private
       http://www.borderware.com
    
    * SUBMIT TOP PRODUCT IDEAS
       Have you used a product that changed your IT experience by saving
    you time or easing your daily burden? Do you know of a terrific
    product that others should know about? Tell us! We want to write about
    the product in a future What's Hot column. Send your product
    suggestions to whatshotat_private
    
    8. ==== HOT THREADS ====
    
    * WINDOWS & .NET MAGAZINE ONLINE FORUMS
       http://www.winnetmag.com/forums
    
    Featured Thread: Forensics Tools
       (Three messages in this thread)
    
    A user who's studying computer forensics wants to know which network
    tools (in addition to Netstat, Snort, and Tcpdump) are helpful. Lend a
    hand or read the responses:
       http://www.winnetmag.com/forums/rd.cfm?cid=42&tid=51198
    
    * HOWTO MAILING LIST
       http://63.88.172.96/listserv/page_listserv.asp?a0=howto
    
    Featured Thread: Account Lockout
       (Nine messages in this thread)
    
    A user has a problem with a particular user account that's locked out
    two or three times a day. When he searches the domain controllers'
    (DCs') event logs, no events are logged against the user's account.
    Event auditing is turned on, and he would expect to see event ID 529
    (Unknown username or bad password) and event ID 539 (Account locked
    out), but those events aren't logged. Read the responses or lend a
    hand at the following URL:
       http://63.88.172.96/listserv/page_listserv.asp?A2=IND0212B&L=HOWTO&P=984
    
    9. ==== CONTACT US ====
       Here's how to reach us with your comments and questions:
    
    * ABOUT IN FOCUS -- markat_private
    
    * ABOUT THE NEWSLETTER IN GENERAL -- lettersat_private (please
    mention the newsletter name in the subject line)
    
    * TECHNICAL QUESTIONS -- http://www.winnetmag.com/forums
    
    * PRODUCT NEWS -- productsat_private
    
    * QUESTIONS ABOUT YOUR SECURITY UPDATE SUBSCRIPTION? Customer
    Support -- securityupdateat_private
    
    * WANT TO SPONSOR SECURITY UPDATE? emedia_oppsat_private
    
    ********************
    
       This email newsletter is brought to you by Security Administrator,
    the print newsletter with independent, impartial advice for IT
    administrators securing a Windows 2000/Windows NT enterprise.
    Subscribe today!
       http://www.secadministrator.com/sub.cfm?code=saei25xxup
    
       Receive the latest information about the Windows and .NET topics of
    your choice. Subscribe to our other FREE email newsletters.
       http://www.winnetmag.com/email
    
    |-+-|-+-|-+-|-+-|-+-|
    
    Thank you for reading Security UPDATE.
    
    MANAGE YOUR ACCOUNT
       You can manage your entire Windows & .NET Magazine Network email
    newsletter account on our Web site. Simply log on and you can change
    your email address, update your profile information, and subscribe or
    unsubscribe to any of our email newsletters all in one place.
       http://www.winnetmag.com/email
    
    Thank you!
    
    __________________________________________________________
    Copyright 2002, Penton Media, Inc.
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Thu Dec 19 2002 - 19:35:01 PST