[ISN] Security UPDATE, March 5, 2003

From: InfoSec News (isnat_private)
Date: Thu Mar 06 2003 - 03:06:04 PST

  • Next message: InfoSec News: "[ISN] Cybercrime Follows Money Trail"

    ********************
    Windows & .NET Magazine Security UPDATE--brought to you by Security
    Administrator, a print newsletter bringing you practical, how-to
    articles about securing your Windows Server 2003, Windows 2000, and
    Windows NT systems.
       http://www.secadministrator.com
    ********************
    
    ~~~~ THIS ISSUE SPONSORED BY ~~~~
    
    NEW Shavlik HFNetChkPro 4.0
       http://list.winnetmag.com/cgi-bin3/flo/y/ePuR0CJgSH0CBw076e0AR
    
    RippleTech PatchWorks: Improve Security Today!
       http://list.winnetmag.com/cgi-bin3/flo/y/ePuR0CJgSH0CBw076f0AS
       (below IN FOCUS)
    ~~~~~~~~~~~~~~~~~~~~
    
    ~~~~ SPONSOR: NEW SHAVLIK HFNetChkPro 4.0 ~~~~
       Introducing Shavlik HFNetChkPro 4.0 - the next generation in
    security patch management. HFNetChkPro 4.0 is an automated scanning
    and remediation solution from Shavlik, the developers of HFNetChk and
    MBSA for Microsoft. It includes loads of new features that save time
    for busy security professionals while offering greater enterprise
    security. HFNetChkPro 4.0 automates patch remediation for Microsoft
    Office, Windows Server 2003, Exchange, SQL, Outlook, Java Virtual
    Machine and more. Its intuitive Drag-n-Drop Patch Management(tm)
    interface allows you to precisely control which groups will be
    scanned, by what criteria and when and how patches are deployed. Visit
    www.shavlik.com for details!
       http://list.winnetmag.com/cgi-bin3/flo/y/ePuR0CJgSH0CBw076e0AR
    ~~~~~~~~~~~~~~~~~~~~
    
    March 5, 2003--In this issue:
    
    1. IN FOCUS
         - Targeting Spam
    
    2. SECURITY RISKS
         - Unchecked Buffer in Microsoft Windows Me's Help and Support
           Center
    
    3. ANNOUNCEMENTS
         - Join The HP & Microsoft Network Storage Solutions Road Show!
         - Start Your Spring Training with Windows & .NET Magazine Web
           Seminars!
    
    4. SECURITY ROUNDUP
         - News: Securing Windows 2000 Server Guide Now Available
         - News: Microsoft Trustworthy Computing Academic Advisory Board
         - News: Windows Rights Management Services for Windows 2003
         - Feature: Snort Made Easy
    
    5. HOT RELEASES (ADVERTISEMENTS)
         - eToken USB-based 2-factor Authentication
         - Get a free "Rio Riot" MP3 Player!
    
    6. INSTANT POLL
         - Results of Previous Poll: Early Warning Network
         - New Instant Poll: Spam Filtering
    
    7. SECURITY TOOLKIT
         - Virus Center
         - FAQ: Why Does the "The Password Is Not Valid" Error Message
           Appear When I Log On to Windows XP's Recovery Console (RC), 
           Even Though I Enter the Correct Password?
    
    8. NEW AND IMPROVED
         - Prevent Viral Reinfections
         - Submit Top Product Ideas
    
    9. HOT THREAD
         - Windows & .NET Magazine Online Forums
             - Featured Thread: Policy Propagation Errors with Active
               Directory
    
    10. CONTACT US
       See this section for a list of ways to contact us.
    
    ~~~~~~~~~~~~~~~~~~~~
    
    1. ==== IN FOCUS ====
       (contributed by Mark Joseph Edwards, News Editor, markat_private)
    
    * TARGETING SPAM
    
    In December, I wrote about the nuisance of unsolicited email and one
    simple way to help filter it out before it reaches your Inbox. To read
    "Tired of Unwanted Email? Try This Simple Solution," visit the URL
    below.
       http://www.secadministrator.com/articles/index.cfm?articleid=27495
    
    Last week, I learned that the Internet Engineering Task Force (IETF)
    has created a new Anti-Spam Research Group that's now working to
    create standards that will help determine how to detect spam. Probably
    the biggest hurdle in detecting spam is determining exactly what
    constitutes junk mail. Does the term refer only to unsolicited email
    advertisements, or does it also refer to email sent to a wide array of
    people who didn't formally ask to receive mass mailings? Personally, I
    think of junk mail mainly as unwanted advertisements--the electronic
    version of paper-based advertisements that most of us receive and
    immediately throw in the nearest trash can.
    
    The Anti-Spam Research Group will hold its first meeting March 20 at
    the 56th IETF Meeting, to be held in San Francisco. The group expects
    hundreds of participants from all areas of the online industry. And I
    think we can expect a handful of spammers to slip into the meetings
    too, if for no other reason than to learn how their money-making
    schemes might become squashed.
       http://www.ietf.org/meetings/IETF-56.html
    
    In August of last year, Paul Graham released a paper that describes a
    plan to help stop unsolicited email. According to Graham, the paper
    "describes the spam-filtering techniques used in the new spamproof
    web-based mail reader we're building to exercise Arc" (Arc is an
    improved version of the Lisp programming language). At the
    Massachusetts Institute of Technology (MIT), Graham organized a
    conference, which about 500 programmers attended, to discuss ideas for
    creating a spam filter that would totally eliminate unwanted email.
    You can read more about the IETF group as well as Graham's conference
    at the first and second URLs below. You can read Graham's paper and
    more about Arc at the third and fourth URLs.
       http://www.pcworld.com/news/article/0,aid,109614,00.asp
       http://www.pcworld.com/news/article/0,aid,108859,00.asp
       http://www.paulgraham.com/spam.html
       http://www.paulgraham.com/arc.html
    
    If you're a Microsoft Outlook user interested in another way to help
    stop unsolicited email right now, I've discovered another helpful tool
    you can use. Cloudmark SpamNet is an Outlook plugin that sends
    information about spam back to a central network. The plugin is a
    filtering and reporting tool that includes a toolbar button in your
    Outlook client. When you receive new mail, the tool creates and sends
    a message digest (fingerprint signature) to Cloudmark. Cloudmark
    checks the message digest against the SpamNet database to see whether
    the message is known to be spam. If it's known junk mail, SpamNet tags
    the mail so that you can filter it into a spam folder. If previously
    unknown junk mail slips through, you can select that message and click
    the SpamNet button to report the message to the SpamNet network.
    SpamNet can then filter it from other users' Inboxes. I'm not sure
    whether SpamNet performs checks against submitted information to
    determine whether a given message truly is spam. However, the SpamNet
    tool checks messages individually, so even if someone were to report
    something you consider a legitimate message as spam, that wouldn't
    prevent you from sending a SpamNet user another message with different
    content. You can read more about how it works at the following URL.
       http://www.cloudmark.com/products/spamnet/learnmore/security.php
    
    SpamNet is a slick idea and easy to use. But it's not the only
    solution. Many similar networked solutions are available, such as
    SpamAssassin and SpamCop. Plugins and scripts are available to help
    you participate in those networks too. In addition, the Spam
    Prevention Early Warning System (SPEWS) provides a database that
    tracks known spammers and spam-friendly networks, so you can use the
    database to help filter your email. The site also maintains lists of
    other helpful email-filtering technologies that you might want to
    consider, including spam-filtering gateways.
       http://www.spamassassin.org
       http://www.spamcop.com
       http://www.spews.org
    
    If junk mail is a problem on your network--and I bet that it is--be
    sure to check out the resources I've mentioned. They definitely help
    you reduce the clutter in your Inbox and help you reduce wasted
    bandwidth and disk space.
    
    ~~~~~~~~~~~~~~~~~~~~
    
    ~~~~ SPONSOR: RIPPLETECH PATCHWORKS: IMPROVE SECURITY TODAY! ~~~~
      Code Red and the Slammer virus weren't a problem for many
    businesses. Why? They use PatchWorks! Many IT departments struggle
    to find time for patch management, so PatchWorks makes it easy to
    remotely manage and deploy security updates, hotfixes and service
    packs. Plus, our proprietary database contains information from
    analysts who research and test each patch. For research, software
    inventory, policy enforcement and more, try PatchWorks FREE today and
    increase security in your environment!
       http://list.winnetmag.com/cgi-bin3/flo/y/ePuR0CJgSH0CBw076f0AS
    ~~~~~~~~~~~~~~~~~~~~
    
    2. ==== SECURITY RISKS ====
       (contributed by Ken Pfeil, kenat_private)
    
    * UNCHECKED BUFFER IN MICROSOFT WINDOWS ME'S HELP AND SUPPORT CENTER
       A new vulnerability exists in the Windows Me Help and Support
    Center that could result in the execution of arbitrary code on the
    vulnerable system. This vulnerability stems from an unchecked buffer
    in the URL Handler used for the "hcp://" prefix. A potential attacker
    could exploit this vulnerability by constructing a URL that, when the
    user clicks on it, executes code of the attacker's choice in the
    context of Local Computer on the vulnerable system.
       http://www.secadministrator.com/articles/index.cfm?articleid=38197
    
    3. ==== ANNOUNCEMENTS ====
       (brought to you by Windows & .NET Magazine and its partners)
    
    * JOIN THE HP & MICROSOFT NETWORK STORAGE SOLUTIONS ROAD SHOW!
        Now is the time to start thinking of storage as a strategic weapon
    in your IT arsenal. Come to our 10-city Network Storage Solutions Road
    Show, and learn how existing and future storage solutions can save
    your company money--and make your job easier! There is no fee for this
    event, but space is limited. Register today!
       http://list.winnetmag.com/cgi-bin3/flo/y/ePuR0CJgSH0CBw07cD0Ad
    
    * START YOUR SPRING TRAINING WITH WINDOWS & .NET MAGAZINE WEB
    SEMINARS!
       March is a great time to strengthen your knowledge of security and
    Active Directory. Register today for one of our Web seminars, and find
    out what our experts know that could be saving you hours of time and
    your company bundles of money. Sign up now!
       http://list.winnetmag.com/cgi-bin3/flo/y/ePuR0CJgSH0CBw02lB0Af
    
    4. ==== SECURITY ROUNDUP ====
    
    * NEWS: SECURING WINDOWS 2000 SERVER GUIDE NOW AVAILABLE
       Microsoft's Solutions for Security team has released a new guide,
    "Securing Windows 2000 Server." The guide, published February 17,
    consists of 11 chapters of information and includes three supplemental
    guides for testing, delivery, and support readiness.
       http://www.secadministrator.com/articles/index.cfm?articleid=38162
    
    * NEWS: MICROSOFT TRUSTWORTHY COMPUTING ACADEMIC ADVISORY BOARD
       Microsoft has formed an academic advisory board to assist the
    company with its Trustworthy Computing initiative. The board consists
    of 14 people from various US and European universities. The board's
    purpose is to create a think tank of academic opinion regarding
    Microsoft's ideas for better Windows security.
       http://www.secadministrator.com/articles/index.cfm?articleid=38143
    
    * NEWS: WINDOWS RIGHTS MANAGEMENT SERVICES FOR WINDOWS 2003
       Microsoft announced that new Rights Management Service (RMS) will
    be included in Windows Server 2003. RMS will help companies secure
    internal business information such as reports and other documents.
    Microsoft said that RMS will let applications such as email clients,
    word processors, and information portals be built so that
    administrators can assign digital rights that control who has access
    to information and the type of access a user has.
       http://www.secadministrator.com/articles/index.cfm?articleid=38142
    
    * FEATURE: SNORT MADE EASY
       Snort is a free tool that's often described as a virus scanner for
    network packets. Snort has three modes: network sniffer, network
    packet logger, and network intrusion detector. Snort is perfect for
    detecting Denial of Service (DoS) attacks, fragmentation attacks, Code
    Red infiltration, and Microsoft SQL Server injection attacks.
    Originally written by Martin Roesch in 1998 for his personal use,
    Snort enjoys a large open-source-community support system. To learn
    how to implement Snort, see Roger A. Grimes' article on our Web site.
       http://www.secadministrator.com/articles/index.cfm?articleid=37789
    
    5. ==== HOT RELEASES (ADVERTISEMENTS) ====
    
    * eTOKEN USB-BASED 2-FACTOR AUTHENTICATION
       eToken from Aladdin offers simple, reliable and affordable 2-factor
    authentication for secure network logon, VPN access, web access,
    e-mail, and PC security. No reader or server required to securely
    store users' passwords, keys, and certificates.
       http://list.winnetmag.com/cgi-bin3/flo/y/ePuR0CJgSH0CBw076g0AT
    
    * GET A FREE "RIO RIOT" MP3 PLAYER!
       Close the gap on email predators with Sybari's Antigen! Go to
    http://list.winnetmag.com/cgi-bin3/flo/y/ePuR0CJgSH0CBw076h0AU to 
    register for an Antigen web demo and automatically get entered to win 
    an MP3 player! Attend the demo by March 25th, and get a free t-shirt!
    
    6. ==== INSTANT POLL ====
     
    * RESULTS OF PREVIOUS POLL: EARLY WARNING NETWORK
       The voting has closed in Windows & .NET Magazine's Security
    Administrator Channel nonscientific Instant Poll for the question, "Do
    you participate in an 'early warning' network that gathers forensic
    information from firewall and Intrusion Detection System (IDS) logs?"
    Here are the results from the 122 votes.
       - 11% Yes--DShield.org
       -  5% Yes--Symantec DeepSight Analyzer
       -  0% Both of the above
       - 15% Other
       - 69% No
     
    * NEW INSTANT POLL: SPAM FILTERING
       The next Instant Poll question is, "Do you participate in a
    spam-filtering network?" Go to the Security Administrator Channel home
    page and submit your vote for a) Yes--SpamAssassin, b) Yes--SpamNet,
    c) Yes--SpamCop, d) Yes--Other, or e) No.
       http://www.secadministrator.com
    
    7. ==== SECURITY TOOLKIT ====
    
    * VIRUS CENTER
       Panda Software and the Windows & .NET Magazine Network have teamed
    to bring you the Center for Virus Control. Visit the site often to
    remain informed about the latest threats to your system security.
       http://www.secadministrator.com/panda
    
    * FAQ: WHY DOES THE "THE PASSWORD IS NOT VALID" ERROR MESSAGE APPEAR 
    WHEN I LOG ON TO WINDOWS XP'S RECOVERY CONSOLE (RC), EVEN THOUGH I 
    ENTER THE CORRECT PASSWORD?
       ( contributed by John Savill, http://www.windows2000faq.com )
    
    A. This error message might appear if you originally installed XP from
    a Sysprep image or if you ran Sysprep 2.0 on the computer at one time.
    Sysprep.exe changes the way the registry stores password keys. As a
    result, these changes aren't compatible with the XP RC logon routine.
    To resolve this problem, follow the instructions in the Microsoft
    article "'The Password Is Not Valid' Error Message Appears When You
    Log On to Recovery Console in Windows XP."
       http://support.microsoft.com/?kbid=308402
    
    8. ==== NEW AND IMPROVED ====
       (contributed by Sue Cooper, productsat_private)
    
    * PREVENT VIRAL REINFECTIONS
       Global Hauri announced ViRobot Management Server (VMS) 2.7, a
    client/server antivirus management application that goes beyond
    quarantining by destroying most viruses and preventing reinfection.
    When a virus is detected in your network, VMS tracks the infection
    route to locate the source of the infection. It monitors the clients'
    status 24 hours a day, gathering data and providing the latest virus
    definition files through its server-based daemon. VMS 2.7 supports all
    Windows platforms and carries the Designed for Windows XP
    certification. Contact Global Hauri at 408-232-5463 or
    salesat_private
       http://www.globalhauri.com
    
    * SUBMIT TOP PRODUCT IDEAS
       Have you used a product that changed your IT experience by saving
    you time or easing your daily burden? Do you know of a terrific
    product that others should know about? Tell us! We want to write about
    the product in a future What's Hot column. Send your product
    suggestions to whatshotat_private
    
    9. ==== HOT THREAD ====
    
    * WINDOWS & .NET MAGAZINE ONLINE FORUMS
       http://www.winnetmag.com/forums
    
    Featured Thread: Policy Propagation Errors with AD
       (Three messages in this thread)
    
    A user writes that he's constantly receiving an event log item with
    event ID 1000 and event ID 1202, with an error code "-536870656," and
    he can't find any way to fix the problem. He writes that all clients
    on his network receive the same error message and that his domain
    policy isn't propagating down to any workstations or servers in any of
    his organizational units (OUs) in Active Directory (AD). He wants to
    know whether anyone understands what the error code means and how to
    fix the problem. Lend a hand or read the responses:
       http://www.winnetmag.com/forums/rd.cfm?cid=42&tid=54943
    
    10. ==== CONTACT US ====
       Here's how to reach us with your comments and questions:
    
    * ABOUT IN FOCUS -- markat_private
    
    * ABOUT THE NEWSLETTER IN GENERAL -- lettersat_private (please
    mention the newsletter name in the subject line)
    
    * TECHNICAL QUESTIONS -- http://www.winnetmag.com/forums
    
    * PRODUCT NEWS -- productsat_private
    
    * QUESTIONS ABOUT YOUR SECURITY UPDATE SUBSCRIPTION? Customer
    Support -- securityupdateat_private
    
    * WANT TO SPONSOR SECURITY UPDATE? emedia_oppsat_private
    
    ********************
    
       This email newsletter is brought to you by Security Administrator,
    the print newsletter with independent, impartial advice for IT
    administrators securing a Windows 2000/Windows NT enterprise.
    Subscribe today!
       http://www.secadministrator.com/sub.cfm?code=saei25xxup
    
       Receive the latest information about the Windows and .NET topics of
    your choice. Subscribe to our other FREE email newsletters.
       http://www.winnetmag.com/email
    
    |-+-|-+-|-+-|-+-|-+-|
    
    Thank you for reading Security UPDATE.
    
    MANAGE YOUR ACCOUNT
       You can manage your entire Windows & .NET Magazine Network email
    newsletter account on our Web site. Simply log on and you can change
    your email address, update your profile information, and subscribe or
    unsubscribe to any of our email newsletters all in one place.
       http://www.winnetmag.com/email
    
    Thank you!
    __________________________________________________________
    Copyright 2003, Penton Media, Inc.
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Thu Mar 06 2003 - 06:16:48 PST