[ISN] Windows & .NET Magazine Security UPDATE--July 16, 2003

From: InfoSec News (isnat_private)
Date: Thu Jul 17 2003 - 00:44:58 PDT

  • Next message: InfoSec News: "Re: [ISN] DHS selects Dell for software"

    ====================
    
    ==== This Issue Sponsored By ====
    
    HP & Microsoft Network Storage Solutions Road Show
    http://list.winnetmag.com/cgi-bin3/DM/y/eRm20CJgSH0CBw07cD0Az
    
    ====================
    
    1. In Focus: Antispam Movement: Readers Respond
    
    2. Security Risks
         - Buffer Overflow in XP SP1's Rundll32.exe
         - Buffer Overrun in Windows SMB
         - Buffer Overrun in Windows HTML Converter
         - Privilege-Elevation Vulnerability in Win2K
    
    3. Announcements
         - Exchange 2003: Do You Plan to Migrate or Wait?
         - Find Your Next Job at Our IT Career Center
    
    4. Security Roundup
         - News: One Last Follow-Up: The Future of Patch Management
         - News: Watch Out for the Scammers
         - Feature: Win2K SP4 Tightens Security for Programs and Services
     
    5. Security Toolkit
         - Virus Center
         - FAQ: What's the Easiest Way to View the Contents of the Windows
           NT 4.0 SAM Database on a Remote Machine?
    
    6. Event
         - New Active Directory Web Seminar!
     
    7. New and Improved
         - Install a Not-So-Tiny Firewall
         - Replace Passwords with Biometrics
         - Submit Top Product Ideas
    
    8. Hot Thread
         - Windows & .NET Magazine Online Forums
             - Featured Thread: Possible Attempt to Compromise Security
    
    9. Contact Us
       See this section for a list of ways to contact us.
    
    ====================
    
    ==== Sponsor: HP & Microsoft Network Storage Solutions Road Show
    ====
    
       Missed the Network Storage Solutions Road Show?
       If you couldn't make the HP & Microsoft Network Storage Solutions
    Road Show, you missed Mark Smith talking about Windows-Powered NAS,
    file server consolidation, and more.  The good news is that you can
    now view the Webcast event in its entirety at:
       http://list.winnetmag.com/cgi-bin3/DM/y/eRm20CJgSH0CBw07cD0Az
    
    ====================
    
    ==== 1. In Focus: Antispam Movement: Readers Respond ====
       by Mark Joseph Edwards, News Editor, markat_private
    
    In last week's Security UPDATE commentary (see the URL below), I
    discussed spam and presented some news stories that reveal the
    tug-of-war taking place between lawmakers and companies whose
    interests might be jeopardized in one way or another by various
    proposals for legal solutions. Several readers wrote to share their
    opinions about unsolicited email. I thank everyone who responded and
    offer you some of those responses.
       http://www.secadministrator.com/articles/index.cfm?articleid=39554
    
    Jay C. described his concerns about do-not-spam lists. Using such
    lists might become cost-prohibitive for companies that rely on
    unsolicited commercial email (UCE) to gain new business leads.
    Legitimate small businesses rely on email advertising to help them
    compete against large corporations. He believes that the opt-in
    approach offers a better direction because it lets advertisers target
    people who've indicated that they don't mind receiving the advertising
    from a reputable source.
    
    For example, when you sign up for newsletters from Windows & .NET
    Magazine, you can choose whether you want to receive email from third
    parties connected with the company. That's a responsible opt-in
    policy, I think. However, some companies sell their email lists to
    anyone who pays for them. You can help avoid such UCE messages by
    looking for a privacy policy when vendors ask for your contact
    information. Try to learn how they might use your information before
    you provide it.
    
    Steve W. wrote that he's concerned about the ever-increasing
    sophistication of spammers, who continue to discover ways to get their
    messages past spam filtering systems. Steve is also concerned about
    the increasing amount of malicious software (malware) that email
    messages help propagate, which affects many e-commerce companies,
    including banks and supply chains. He thinks the best solution will be
    authenticated email, the use of IP Security (IPSec), and encryption.
    Steve points out that standards and applications to handle junk email
    and address other privacy concerns will emerge because they're in
    demand.
    
    Pat M. wrote that identity management could help curb UCE. If email
    were authenticated, taking action against abusers would be easier. Pat
    also thinks that "truth in advertising" laws should apply to
    advertising message subjects, which would make the email messages far
    easier to filter.
    
    George S. wrote, "You mentioned some possibilities for controlling
    spam but left out the most important and effective one: Make spamming
    a capital crime." I laughed because junk mail obviously aggravates
    George. I also sympathize--but hope he was joking about the "capital
    crime" designation.
    
    Greg F. points out that a big problem with stopping spammers is that
    many of them aren't located in the United States or in countries that
    might take action against them. Furthermore, he points out that even
    when an entity is found to have an open SMTP relay (or proxy for that
    matter), you can't necessarily find someone to contact to close
    it--because it's often difficult to determine exactly who was using a
    given IP address. In addition, few people want to do the work to trace
    a spammer who uses open relays and proxies--the work is tedious.
    
    Bill P. points out that open proxies, open relays, and open Wi-Fi (the
    802.11b wireless standard) networks contribute hugely to spam.
    Tracking spammers who use such gateways is difficult but not
    impossible. However, Bill acknowledges that sometimes even when you
    successfully track a spammer to a given domain, you encounter another
    problem in trying to identify the culprit: false domain registration
    information.
    
    Bill also notes that antispam legislation probably won't do much good
    unless technological provisions back it up. For example, you'd have to
    disable registrars who don't enforce accurate contact information;
    disable domain names that contain inaccurate contact information;
    disconnect any site that operates (knowingly or not) an open proxy,
    mail relay, Wi-Fi network, or another device that spammers can use;
    and cancel peering agreements between ISPs when an ISP is lax about
    preventing spam. You would also need legal exceptions that would let
    someone probe a mail-sending service to determine whether it's
    spammer-friendly because it operates an open relay or proxy.
    (Currently, people can be charged with a crime in some areas of the
    country for simply probing a system without first getting permission
    to do so.)
    
    David Norris Carden sent me a copy of "Federal SPAM Legislation," a
    paper that he wrote while working on his master's degree in
    Information Security at Capella University. In the paper, he examined
    various proposals for legislation. Of the eight proposals he analyzed,
    he found that several would do little to mitigate the overall problem
    of junk email. However, one stood out as having more preventive
    measures than the rest: H.R. 2515, dubbed "The Anti-Spam Act of 2003."
    
    If passed into law, the act would require email advertising to contain
    a subject ID, adult-content ID, opt-out mechanism, valid return
    address, and physical address. In addition, it would make false email
    headers and subject lines illegal, restrict the harvesting of email
    addresses, and let victims bring civil action against violators.
    
    Norris's "Federal SPAM Legislation" paper is online (see the first URL
    below); read it to learn more about antispam legislation. To read more
    about H.R. 2515, visit the Spamlaws.com Web site (see the second URL
    below).
       http://rasquel.com/security.htm
       http://www.spamlaws.com/federal/108hr2515.html
    
    Spamlaws.com is a great place to review existing and proposed laws
    from all over the world. You can drill down (e.g., to a given state)
    to see the local issues. You can also look at case law, such as the
    recent Intel versus Hamidi case in California. Check out the Web site
    periodically; it's a great resource.
       http://www.spamlaws.com
    
    ==== 2. Security Risks ====
       contributed by Ken Pfeil, kenat_private
    
    Buffer Overflow in XP SP1's Rundll32.exe
       Rick Patel has reported a buffer-overflow vulnerability in Windows
    XP Service Pack 1's (SP1's) rundll32.exe file. Microsoft hasn't yet
    responded to this problem.
       http://www.secadministrator.com/articles/index.cfm?articleid=39547
    
    Buffer Overrun in Windows SMB
       Jeremy Allison and Andrew Tridgell discovered a new vulnerability
    in Windows XP, Windows 2000, and Windows NT 4.0  that can result in
    the execution of arbitrary code on the vulnerable computer. Microsoft
    has released Security Bulletin MS03-024 (Buffer Overrun in Windows
    Could Lead to Data Corruption) to address this vulnerability and
    recommends that affected users immediately apply the patch mentioned
    in the bulletin.
       http://www.secadministrator.com/articles/index.cfm?articleid=39558
    
    Buffer Overrun in Windows HTML Converter
       Microsoft reported a new vulnerability in its HTML converter that
    can result in the execution of arbitrary code on the vulnerable
    computer. Microsoft has released Security Bulletin MS03-023 (Buffer
    Overrun In HTML Converter Could Allow Code Execution) to address this
    vulnerability and recommends that affected users immediately apply the
    patch mentioned in the bulletin.
       http://www.secadministrator.com/articles/index.cfm?articleid=39557
    
    Privilege-Elevation Vulnerability in Win2K
       Chris Paget of Next Generation Security Software (NGSSoftware)
    discovered a new vulnerability in Windows 2000 that could result in
    system compromise through privilege escalation. This vulnerability
    stems from a flaw in the way Utility Manager handles Windows messages.
    Microsoft has released Security Bulletin MS03-025 (Flaw in Windows
    Message Handling through Utility Manager Could Enable Privilege
    Elevation) to address this vulnerability and recommends that affected
    users immediately apply the patch mentioned in the bulletin.
       http://www.secadministrator.com/articles/index.cfm?articleid=39559
    
    ==== 3. Announcements ====
       (from Windows & .NET Magazine and its partners)
    
    Exchange 2003: Do You Plan to Migrate or Wait?
       Windows & .NET Magazine and Aelita Software would like to know
    about your organization's plans to migrate to Exchange Server 2003.
    Take our brief survey, "Windows & .NET Magazine: The State of Exchange
    Migration," and sign up to receive a free white paper titled, "Upgrade
    or Migrate? Deployment Options for Exchange 2000/2003." Give us your
    feedback today!
       http://list.winnetmag.com/cgi-bin3/DM/y/eRm20CJgSH0CBw0BBLs0Ag
    
    Find Your Next Job at Our IT Career Center
       Check out our new online career center, in which you can browse
    current job openings, post your resume, and create automated
    notifications to notify you when a job is posted that meets your
    specifications. It's effective, it's private, and there's no charge. 
    Visit today!
       http://list.winnetmag.com/cgi-bin3/DM/y/eRm20CJgSH0CBw0BBGS0A4
    
    ==== 4. Security Roundup ====
    
    One Last Follow-Up: The Future of Patch Management
       Paul Thurrott discusses a few additional issues about patch
    management. Included in the discussion are Windows Update, Automatic
    Update, Software Update Services (SUS), Systems Management Server
    (SMS), and future changes to the Windows OS that will affect patch
    management in the Longhorn long run. Be sure to read the article to
    learn what Microsoft is up to.
       http://www.winnetmag.com/windowsserver2003/index.cfm?articleid=39545
     
    News: Watch Out for the Scammers
       SurfControl is warning users to use extra security precautions
    against "brand spoofing," which is a tactic used to defraud people.
    The technique involves scammers who send out mass email messages
    hoping to lure people to fake Web sites that appear to be the Web
    sites of legitimate companies.
       http://www.secadministrator.com/articles/index.cfm?articleid=39556
     
    Feature: Win2K SP4 Tightens Security for Programs and Services
       Windows 2000 Service Pack 4 (SP4) introduces two new rights that
    tighten Win2K's security model and make it compatible with Windows
    Server 2003. To avoid problems with installed programs, you need to
    understand how these new rights restrict previously allowed activity.
    Learn about the new rights in Paula Sharick's article on our Web site.
       http://www.secadministrator.com/articles/index.cfm?articleid=39534
    
    ==== 5. Security Toolkit ====
    
    Virus Center
       Panda Software and the Windows & .NET Magazine Network have teamed
    to bring you the Center for Virus Control. Visit the site often to
    remain informed about the latest threats to your system security.
       http://www.secadministrator.com/panda
    
    FAQ: What's the Easiest Way to View the Contents of the Windows NT 4.0
    SAM Database on a Remote Machine?
       contributed by Jan De Clercq, jan.declercqat_private
    
    A. You don't need remote control software; NT 4.0 User Manager
    includes a feature that lets you connect to the NT 4.0 security
    database of another domain or another machine. To connect to another
    SAM, choose Select Domain from the User menu to open the Select Domain
    dialog box. In this dialog box, you can select a domain or type the
    name of a machine that isn't a domain controller (DC). If you type a
    name, make sure that you precede it with two backslashes.
    
    Select the Low Speed Connection check box if you want to connect to a
    remote SAM over a connection with relatively low bandwidth (e.g., a
    RAS connection). If you select this option, User Manager won't display
    the list of users and groups stored in the remote SAM. You'll need to
    use the options under User Manager's User menu to manage remote users
    and groups. In addition, you won't be able to manage remote global
    groups.
    
    ==== 6. Event ====
    
    New Active Directory Web Seminar!
       Discover how to securely manage Active Directory in a multiforest
    environment, establish attribute-level auditing without affecting AD
    performance, and more! Space is limited--register today!
       http://list.winnetmag.com/cgi-bin3/DM/y/eRm20CJgSH0CBw0BAyl0AJ
    
    ==== 7. New and Improved ====
       by Sue Cooper, productsat_private
    
    Install a Not-So-Tiny Firewall
       Tiny Software released Tiny Firewall 5.0 Enterprise Edition,
    software that now offers integrated security for the desktop and
    server with a network firewall, intrusion prevention and detection,
    files and registry access, and Windows resources control. As an
    administrator, you can define the granularity of populating security
    policies based on your organizational structure. You can create rules
    for specific applications running under specific accounts and apply
    them simultaneously on Windows Server 2003 and Windows XP/2000
    computers. The intrusion detection and prevention modules are
    signature-based and fully configurable down to the user level. Contact
    Tiny Software at 408-919-7360 or on the company's Web site.
       http://www.tinysoftware.com
    
    Replace Passwords with Biometrics
       SAFLINK announced that its new version of SAFsolution supports
    Microsoft's new identity management product, Active Directory
    Application Mode (ADAM) for the Windows Server 2003 environment.
    Expected to ship this fall, the biometric security software lets you
    tighten network security by replacing text passwords with an
    authentication system that uses unique physical characteristics, such
    as fingerprints, irises, voice patterns, and facial contours. It's
    compatible with nearly 30 hardware devices and offers COM+ private
    components, network load balancing, and COM+ application recycling.
    Contact SAFLINK at 800-762-9595 or 425-278-1100.
       http://www.saflink.com
    
    Submit Top Product Ideas
       Have you used a product that changed your IT experience by saving
    you time or easing your daily burden? Do you know of a terrific
    product that others should know about? Tell us! We want to write about
    the product in a future What's Hot column. Send your product
    suggestions to whatshotat_private
    
    ==== 8. Hot Thread ====
    
    Windows & .NET Magazine Online Forums
       http://www.winnetmag.com/forums
    
    Featured Thread: Possible Attempt to Compromise Security
       (Ten messages in this thread)
    
    A user on a network who runs Windows XP Professional with Service Pack
    1 (SP1) and Microsoft Office XP with SP1 receives the following error
    message in Microsoft Word when he attempts to browse a mapped network
    drive on a Windows 2000 Server system:
    
    "The system detected a possible attempt to compromise security. Please
    ensure that you can contact the server that authenticated you"
    
    The user can't access the server and is locked out. After the account
    is unlocked, he manages to log on successfully. However, if he tries
    to browse the file again, he's locked out again. Why does this happen,
    and how can the problem be corrected? Lend a hand or read the
    responses:
       http://www.winnetmag.com/forums/rd.cfm?cid=42&tid=55214
    
    ==== Sponsored Link ====
    
    AutoProf
        Jerry Honeycutt Desktop Deployment Whitepaper
       http://list.winnetmag.com/cgi-bin3/DM/y/eRm20CJgSH0CBw0BBDo0AU
    
    Sybari
        Learn about the new security features of Exchange 2003 -- FREE!
       http://list.winnetmag.com/cgi-bin3/DM/y/eRm20CJgSH0CBw0BBOG0Az
    
    ===================
    
    ==== 9. Contact Us ====
    
    About the newsletter -- lettersat_private
    About technical questions -- http://www.winnetmag.com/forums
    About product news -- productsat_private
    About your subscription -- securityupdateat_private
    About sponsoring Security UPDATE -- emedia_oppsat_private
    
    ====================
       This email newsletter is brought to you by Security Administrator,
    the print newsletter with independent, impartial advice for IT
    administrators securing Windows and related technologies. Subscribe
     today.
       http://www.secadministrator.com/sub.cfm?code=saei25xxup
    
    Thank you!
    __________________________________________________________
    Copyright 2003, Penton Media, Inc.
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Thu Jul 17 2003 - 04:15:15 PDT