[ISN] Security UPDATE, May 14, 2003

From: InfoSec News (isnat_private)
Date: Thu May 15 2003 - 00:36:30 PDT

  • Next message: InfoSec News: "[ISN] Auditor critical of county's computer operations"

    ********************
    
    Windows & .NET Magazine Security UPDATE--brought to you by Security
    Administrator, a print newsletter bringing you practical, how-to
    articles about securing your Windows Server 2003, Windows 2000, and
    Windows NT systems.
       http://www.secadministrator.com
    
    ********************
    
    ~~~~ THIS ISSUE SPONSORED BY ~~~~
    
    Sygate
       http://list.winnetmag.com/cgi-bin3/DM/y/eQty0CJgSH0CBw0BAIK0AF
    
    Research In Motion
       http://list.winnetmag.com/cgi-bin3/DM/y/eQty0CJgSH0CBw0BAIL0AG
       (below IN FOCUS)
    
    ~~~~~~~~~~~~~~~~~~~~
    
    ~~~~ SPONSOR: SYGATE ~~~~
       STOP INSTANT MESSAGING, MP3s AND MORE
       FREE GUIDE: Learn how "endpoint security" technology helps you put
    an end to unwanted instant messaging, eliminate MP3s and other
    unauthorized downloads, enforce anti-virus, firewalls, patches, and
    other software updates, and improve the effectiveness of your existing
    security infrastructure.
       Get a free guide from the enterprise security experts at Sygate and
    discover how to enforce security policy across the entire network. For
    your free copy, including white papers, product reviews, case studies,
    audio interviews, and more, click here:
       http://list.winnetmag.com/cgi-bin3/DM/y/eQty0CJgSH0CBw0BAIK0AF 
    ~~~~~~~~~~~~~~~~~~~~
    
    May 14, 2003--In this issue:
    
    1. IN FOCUS
         - Email Onslaught: Canning Spam
    
    2. SECURITY RISKS
         - DoS in MDG Web Server 4D Version 3.6.0
         - Multiple Vulnerabilities in Mirabilis ICQ Pro 2003a Client
         - Buffer-Overrun Vulnerability in Floosietek FTGatePro Mail
           Server 1.22
    
    3. ANNOUNCEMENTS
         - Get the eBook That Will Help You Get Certified!
         - Cast Your Vote in Our Annual Readers' Choice Awards!
    
    4. SECURITY ROUNDUP
         - News: Problems with Microsoft Security Patch and IIS
           Transactions
         - News: Microsoft Updates Security Patch for Windows TSE
         - Feature: Will a Fatal Bug Kill NT?
    
    5. HOT RELEASE (ADVERTISEMENT)
         - Hewlett-Packard
     
    6. INSTANT POLL
         - Results of Previous Poll: Cyber-Insurance
         - New Instant Poll: Managing Junk Mail
    
    7. SECURITY TOOLKIT
         - Virus Center
         - FAQ: How Can I Add or Remove the IE Enhanced Security
           Configuration in Windows 2003?
    
    8. NEW AND IMPROVED
         - Install All-in-One Security Suite
         - Scan for Viruses at Lightning Speed
         - Submit Top Product Ideas
    
    9. HOT THREAD
         - Windows & .NET Magazine Online Forums
             - Featured Thread: Auditing Software for Win2K
    
    10. CONTACT US
       See this section for a list of ways to contact us.
    
    ~~~~~~~~~~~~~~~~~~~~
    
    1. ==== IN FOCUS ====
       (contributed by Mark Joseph Edwards, News Editor,
    markat_private)
    
    * EMAIL ONSLAUGHT: CANNING SPAM
    
    Is everybody tired of junk email yet? Everyone but the spammers, I
    think. Lately, people have dedicated much energy to ending unsolicited
    commercial email (UCE). Some, though not all, of the traffic deserves
    to be stopped. For example, you might want to receive unsolicited ads
    from your favorite vendors. However, you might not want another
    unsolicited ad for a cheap cable TV descrambler or another
    guaranteed-get-rich-quick scheme.
    
    At least one ISP has lashed back at a devious and corrupt spammer.
    EarthLink won a judgment against a spammer to the tune of $16.4
    million dollars. The perpetrator, Howard Carmack, of Buffalo, New York
    ("the Buffalo Spammer"), lied, cheated, and stole to get his spam out
    the door. EarthLink said Carmack has sent over 825 million junk emails
    since March 2002.
    
    To cover his tracks, he and his associates stole credit cards, used
    them to establish bogus Internet access accounts, performed bank
    fraud, and presumably raked in loads of money in the process.
    According to EarthLink, he favored sending out advertisements for
    computer virus scripts, "work at home" and get-rich-quick schemes,
    bulk email software and lists other spammers could use, and cable TV
    descramblers. EarthLink is getting adept at chasing down spammers. In
    1998, EarthLink won a $2-million-dollar judgment against Sanford
    Wallace of Cyber Promotions and last year, a $25-million-dollar
    judgment against KC Smith, whose operation purportedly generated more
    than a billion pieces of junk mail.
    
    But we need an easier way than litigation to stop spam. The Federal
    Trade Commission (FTC) recently held a 3-day forum (see the first URL
    below), April 30 through May 2, to discuss the proliferation of UCE.
    The forum explored the technical, legal, and financial concerns
    associated with such email. I don't have follow-up information about
    the forum, but the FTC Web site has a page that offers tips about
    preventing spam and reporting fraudulent advertisements (see the
    second URL below).
       http://www.ftc.gov/opa/2003/02/spamforum.htm
       http://www.ftc.gov/bcp/conline/pubs/online/inbox.htm
    
    One highlight of the forum was a proposal for a new standard, the
    Trusted Email Open Standard (TEOS), designed to augment current SMTP
    email technology to help prevent unwanted email from reaching users'
    Inboxes. Various organizations, including the ePrivacy Group,
    developed the TEOS draft proposal and published it in a white paper.
       http://2cobbs.com/spam/teos.html
    
    Stephen Cobb, who worked on the proposal, outlined 10 basic points
    that serve as a road map for understanding TEOS. Cobb said that the
    nature of STMP-based email makes spam possible because it lets senders
    lie about who they are to lure users into reading the email.
    
    The TEOS approach tries to address matters of technology and human
    behavior--while taking into consideration the legitimate ways people
    use email. Any solution to spam should try to avoid requiring that
    people replace the widely used SMTP-based mail servers and instead
    enhance existing technologies. TEOS proposes that such enhancements
    include a way for email senders to more reliably identify themselves.
    Enhancements can let senders make assertions about messages (included
    in SMTP message headers) so that mail servers know how to process
    email. For example, a magazine could assert that the message contains
    a user's copy of a newsletter.
    
    TEOS also proposes including a "trust stamp" in messages. Trust stamps
    would be encrypted and unique to an individual message. Mail servers
    and users could use the stamps to verify whether a message sender is a
    member in good standing of a "responsible email" organization. An
    international oversight board would certify organizations.
    
    Obviously, TEOS will work only if the proposal is widely accepted. If
    it were adopted, TEOS would stop dishonest people from sending spam
    because if senders lied about who they were and what their messages
    contained, those messages wouldn't be delivered. It's a good plan that
    makes sense.
    
    Other solutions to junk mail add on to existing mail platforms. For
    example, whitelist and blacklist solutions automate the process of
    building lists of verified and unacceptable email senders.
    Mail-filtering packages help trim the amount of received junk mail at
    the gateway, and add-ons for mail clients trim junk at the desktop by
    using virtual networks of people to identify and tag spam as it
    travels the Internet.
    
    One irony about this push to stamp out junk mail is that we still
    often overlook paper-based junk mail. People everywhere still receive
    reams of unsolicited paper mail. By now, each of us has probably
    received enough pizza coupons in the mail to wallpaper an entire
    college dormitory. Countless others and I toss those ads straight into
    the trash along with reams of other unwanted paper junk mail. Should
    the fact that we haven't solved the paper junk-mail problem serve as a
    warning about the difficulties to be encountered in ending spam? Naah.
    Cyberspace is different.
    
    ~~~~~~~~~~~~~~~~~~~~
    
    ~~~~ SPONSOR: RESEARCH IN MOTION ~~~~
       NEW BLACKBERRY SECURITY WHITE PAPER
       Prevent wireless handhelds from compromising your enterprise
    security! Download the BlackBerry Security White Paper for Microsoft
    Exchange and learn how the BlackBerry security architecture addresses
    data encryption, corporate firewalls, lost devices, and other critical
    security concerns.
       http://list.winnetmag.com/cgi-bin3/DM/y/eQty0CJgSH0CBw0BAIN0AI
    
    ~~~~~~~~~~~~~~~~~~~~
    
    2. ==== SECURITY RISKS ====
       (contributed by Ken Pfeil, kenat_private)
    
    * DoS IN MDG WEB SERVER 4D VERSION 3.6.0
       Tom Ferris discovered a Denial of Service (DoS) vulnerability in
    MDG Computer Services' MDG Web Server 4D 3.6.0 that can result in the
    execution of arbitrary code on the vulnerable system. This
    vulnerability stems from a buffer-overflow condition. By issuing a GET
    / request with 4096 caret brackets, a malicious user can cause the Web
    server to crash with a runtime error. MDG has not yet responded to
    this problem.
       http://www.secadministrator.com/articles/index.cfm?articleid=38978
    
    * MULTIPLE VULNERABILITIES IN MIRABILIS ICQ PRO 2003A CLIENT
       Core Security Technologies discovered six new vulnerabilities in
    Mirabilis' ICQ Pro 2003a and earlier clients, the most serious of
    which can result in the execution of arbitrary commands on the
    vulnerable computer. These vulnerabilities range in severity from
    Denial of Service (DoS) to remotely exploitable buffer overflows. For
    a detailed analysis of each of these vulnerabilities, go to the
    discoverer's Web site. The vendor has not yet responded to these
    vulnerabilities.
       http://www.secadministrator.com/articles/index.cfm?articleid=38976
    
    * BUFFER-OVERRUN VULNERABILITY IN FLOOSIETEK FTGATEPRO MAIL SERVER
    1.22
       Dennis Rand discovered a vulnerability in FTGatePro Mail Server
    1.22 (build 1328) that can result in the execution of arbitrary code
    on the vulnerable system. This vulnerability stems from a
    buffer-overflow condition. If an attacker sends a large amount of code
    into the MAIL FROM and the RCPT TO fields, the buffer will overflow.
    Using carefully crafted code, the attacker can use system privileges
    to execute arbitrary commands. Floosietek has released build 1330,
    which isn't vulnerable to this condition.
       http://www.secadministrator.com/articles/index.cfm?articleid=38977
    
    3. ==== ANNOUNCEMENTS ====
       (brought to you by Windows & .NET Magazine and its partners)
    
    * GET THE eBOOK THAT WILL HELP YOU GET CERTIFIED!
       The "Insider's Guide to IT Certification," from the Windows & .NET
    Magazine Network, has one goal: to help you save time and money on
    your quest for certification. Find out how to choose the best study
    guides, save hundreds of dollars, and be successful as an IT
    professional. The amount of time you spend reading this book will be
    more than made up by the time you save preparing for your
    certification exams. Order your copy today!
       http://list.winnetmag.com/cgi-bin3/DM/y/eQty0CJgSH0CBw06cX0Ab
    
    * CAST YOUR VOTE IN OUR ANNUAL READERS' CHOICE AWARDS!
       Which companies and products are the best on the market? Tell us by
    nominating your favorites in the annual Windows & .NET Magazine
    Readers' Choice Awards survey. Click here!
       http://list.winnetmag.com/cgi-bin3/DM/y/eQty0CJgSH0CBw0zMs0Ao
    
    4. ==== SECURITY ROUNDUP ====
    
    * NEWS: PROBLEMS WITH MICROSOFT SECURITY PATCH AND IIS TRANSACTIONS
       Windows XP, Windows 2000, and Windows NT newsgroup users have been
    discussing security patch problems. The discussions center around
    problems with the Microsoft patch that Security Bulletin MS03-010
    (Flaw in RPC Endpoint Mapper Could Allow Denial of Service Attacks)
    describes. Russ Cooper posted a message to the NTBugTraq mailing list
    summarizing the newsgroup discussion. Apparently, people who use
    Microsoft IIS with COM+ have experienced Active Server Pages (ASP)
    transaction processing problems after installing the patch. According
    to Cooper, the problems are varied and disappear when users remove the
    patch from affected systems or apply a private patch available from
    Microsoft Product Support Services (PSS).
       http://www.secadministrator.com/articles/index.cfm?articleid=38975
    
    * NEWS: MICROSOFT UPDATES SECURITY PATCH FOR WINDOWS TSE
       In December 2002, Microsoft released a patch for Windows NT Server
    4.0, Terminal Server Edition (WTS) to correct problems with certain
    message-handling functions. A problem in WTS let intruders elevate
    privileges on a system. However, the patch installation routine that
    installed the patch on Japanese versions of NT multiprocessor systems
    contained a bug. The installation routine didn't copy the correct
    binary files onto the system, and as a result, WTS would fail. The
    installation error didn't affect users who installed the patch on
    Windows XP and Windows 2000.
       http://www.secadministrator.com/articles/index.cfm?articleid=38901
    
    * FEATURE: WILL A FATAL BUG KILL NT?
       Not too long ago, Microsoft released Security Bulletin MS03-010
    (Flaw in RPC Endpoint Mapper Could Allow Denial of Service Attacks).
    Mark Minasi wonders whether this flaw might lead not just to Denial of
    Service (DoS) attacks but also to a "denial of existence" ultimatum
    for Windows NT 4.0. Be sure to read the article to find out why.
       http://www.secadministrator.com/articles/index.cfm?articleid=38823&pg=1&show=937
    
    5. ==== HOT RELEASE (ADVERTISEMENT) ====
    
    * HEWLETT-PACKARD
       HP OpenView for Windows Test Drive
       Monitor the availability and performance of your corporate website
    -- FREE for 30 days, using powerful HP OpenView management software
    for Windows. Simulate activity. Monitor complex transactions. Meet
    business demands. Manage web services. Click here.
       http://list.winnetmag.com/cgi-bin3/DM/y/eQty0CJgSH0CBw08fJ0AS
    
    6. ==== INSTANT POLL ====
     
    * RESULTS OF PREVIOUS POLL: CYBER-INSURANCE
       The voting has closed in Windows & .NET Magazine's Security
    Administrator Channel nonscientific Instant Poll for the question,
    "Does your company have cyber-insurance?" Here are the results from
    the 85 votes. (Deviations from 100 percent are due to rounding.)
       -  6% Yes--We have it
       -  4% No--But we plan to obtain it
       - 25% No--We won't get it until it's required by law
       - 66% No
     
    * NEW INSTANT POLL: MANAGING JUNK MAIL
       The next Instant Poll question is, "Does your company use junk-mail
    filtering technologies?" Go to the Security Administrator Channel home
    page and submit your vote for a) Yes--Whitelists, b) Yes--Blacklists,
    c) Yes--Mail filters, d) Yes--Two or more of the above, or e) No.
       http://www.secadministrator.com
    
    7. ==== SECURITY TOOLKIT ====
    
    * VIRUS CENTER
       Panda Software and the Windows & .NET Magazine Network have teamed
    to bring you the Center for Virus Control. Visit the site often to
    remain informed about the latest threats to your system security.
       http://www.secadministrator.com/panda
    
    * FAQ: How Can I Add or Remove the IE Enhanced Security Configuration
    in Windows 2003?
       ( contributed by John Savill, http://www.windows2000faq.com )
    
    A. Windows Server 2003 introduces the Microsoft Internet Explorer (IE)
    Enhanced Security Configuration and enables this configuration by
    default for all users and groups. This locked-down configuration
    protects your computer from exposure on the Web by initially blocking
    connections to most Web sites, although you can add any Web sites that
    you regularly visit as part of a trusted zone. By default, the IE
    Enhanced Security Configuration considers the Windows Update and Error
    Reporting Web sites, and not much else, to be trusted sites.
    
    To add or remove the Windows 2003 IE Enhanced Security Configuration
    feature, perform the following steps:
       1. Start the Control Panel Add/Remove Programs applet.
       2. Click Add/Remove Windows Components in the left pane of the
    dialog box.
       3. Scroll down to Internet Explorer Enhanced Security Configuration
    and select the check box to activate the locked-down configuration or
    clear the check box to deactivate the locked-down configuration.
       4. If you're enabling the locked-down configuration, click Details
    to select the users to whom (e.g., administrator groups, all other
    user groups) you want the policy to apply.
       5. Click Next, then follow the onscreen instructions to finish
    configuring the settings.
    
    8. ==== NEW AND IMPROVED ====
       (contributed by Sue Cooper, productsat_private)
    
    * INSTALL ALL-IN-ONE SECURITY SUITE
       NetWolves Technologies released the NetWolves Security Suite, a
    combination hardware/software solution to maintain your network's
    security. The WolfPac Security Platforms are hardware devices
    available in two configurations--both with 3 Ethernet 10/100 interface
    cards and housed in tamper-resistant, rack-mountable, 2U (3.5") steel
    cases. Software included in the suite provides an Internet Computer
    Security Association (ICSA)-certified firewall, an IP Security (IPSec)
    and Inter Key Exchange (IKE)-compliant VPN, connectivity failover,
    hardware failover, dynamic VPN routing, intrusion detection, content
    filtering, antivirus, Net Metrics to measure performance parameters, a
    split proxy, a mail server/gateway, an Apache Web server, and file
    sharing. Software also provides logging, reporting, and archiving
    features in a browser-based management interface. Managed security
    services include monitoring and notification, management and
    configuration, and security policy management. Contact NetWolves
    Technologies at 813-286-8644 or salesat_private
       http://www.netwolves.com
    
    * SCAN FOR VIRUSES AT LIGHTNING SPEED
       Eset Software announced NOD32 2.0, virus detection software that
    uses advanced heuristic technology and professes to scan at twice the
    speed of the next-best product on the market. Improvements include a
    fully integrated planner/scheduler, an improved email filter, a
    quarantine feature, better on-demand scanning, central log management,
    and an installation program written in XML. NOD32 2.0 supports Windows
    XP/2000/NT/Me/9.x, MS-DOS, UNIX, Novell, Lotus Domino Server,
    Microsoft Exchange Server, and Kerio MailServer. Prices start at $39
    for a 1-user license or $170 for a 5-user license. Contact Eset
    Software at 619-437-7037 or salesat_private
       http://www.nod32.com
    
    * SUBMIT TOP PRODUCT IDEAS
       Have you used a product that changed your IT experience by saving
    you time or easing your daily burden? Do you know of a terrific
    product that others should know about? Tell us! We want to write about
    the product in a future What's Hot column. Send your product
    suggestions to whatshotat_private
    
    9. ==== HOT THREAD ====
    
    * WINDOWS & .NET MAGAZINE ONLINE FORUMS
       http://www.winnetmag.com/forums
    
    Featured Thread: Auditing Software for Win2K
       (Two messages in this thread)
    
    A user writes that he wants to monitor his users' logon and logoff
    activity. He runs a small Windows 2000 domain and all of his users run
    Windows XP. He's familiar with the capabilities that let the domain
    controller (DC) generate audits in the Event Viewer under the Security
    log. He's looking for an interface that will let him see when users
    log on and log off and generate an easy-to-understand report for the
    company's owner. Currently, he must look at each event in Event Viewer
    to determine who's responsible for that event. He wonders whether
    Win2K has a feature that can accomplish the task, but he would also
    appreciate recommendations for any third-party software tool that
    would work well. Lend a hand or read the responses:
       http://www.winnetmag.com/forums/rd.cfm?cid=42&tid=58457
    
    10. ==== CONTACT US ====
       Here's how to reach us with your comments and questions:
    
    * ABOUT IN FOCUS -- markat_private
    
    * ABOUT THE NEWSLETTER IN GENERAL -- lettersat_private (please
    mention the newsletter name in the subject line)
    
    * TECHNICAL QUESTIONS -- http://www.winnetmag.com/forums
    
    * PRODUCT NEWS -- productsat_private
    
    * QUESTIONS ABOUT YOUR SECURITY UPDATE SUBSCRIPTION? Customer
    Support -- securityupdateat_private
    
    * WANT TO SPONSOR SECURITY UPDATE? emedia_oppsat_private
    
    ********************
       This email newsletter is brought to you by Security Administrator,
    the print newsletter with independent, impartial advice for IT
    administrators securing a Windows 2000/Windows NT enterprise.
    Subscribe today!
       http://www.secadministrator.com/sub.cfm?code=saei25xxup
    
       Receive the latest information about the Windows and .NET topics of
    your choice. Subscribe to our other FREE email newsletters.
       http://www.winnetmag.com/email
    
    |-+-|-+-|-+-|-+-|-+-|
    
    Thank you for reading Security UPDATE.
    
    MANAGE YOUR ACCOUNT
       You can manage your entire Windows & .NET Magazine Network email
    newsletter account on our Web site. Simply log on and you can change
    your email address, update your profile information, and subscribe or
    unsubscribe to any of our email newsletters all in one place.
       http://www.winnetmag.com/email
    
    Thank you!
    __________________________________________________________
    Copyright 2003, Penton Media, Inc.
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Thu May 15 2003 - 03:03:49 PDT