[ISN] Windows & .NET Magazine Security UPDATE--September 17, 2003

From: InfoSec News (isnat_private)
Date: Wed Sep 17 2003 - 22:37:54 PDT

  • Next message: InfoSec News: "[ISN] IT managers brace for Isabel"

    ==== This Issue Sponsored By ====
    Shavlik HFNetChkPro Patch Management
    TNT Software
    1. In Focus: Digital Rights Management
    2. Security Risks
         - Arbitrary Code Execution and Denial of Service in Microsoft
         - Weak Authentication in SNMPc
    3. Announcements
         - Active Directory eBook Chapter 4 Published!
         - New Web Seminars on Exchange, Active Directory, and More!
    4. Security Roundup
         - News: Here We Go Again: Microsoft Issues New Security Fix
         - Feature: IIS Application Authentication Security
         - Feature: Readers' Choice Awards
    5. Instant Poll
         - Results of Previous Poll: Rolling Out Service Packs
         - New Instant Poll: DRM Use
    6. Security Toolkit
         - Virus Center
         - FAQ: How Do I Detect and Remove Remote Access Trojans?
    7. Event
         - New--Mobile & Wireless Road Show!
    8. New and Improved
         - Protect Small Offices from Online Risks
         - Secure Confidential Data
         - Tell Us About a Hot Product and Get a T-Shirt
    9. Hot Threads
         - Windows & .NET Magazine Online Forums
             - Featured Thread: DoS Attack Defense
          - HowTo Mailing List:
             - Featured Thread: Is It Possible to Restrict Logon Times?
    10. Contact Us
       See this section for a list of ways to contact us.
    ==== Sponsor: Shavlik HFNetChkPro Patch Management ====
       Get Patched Now with Shavlik HFNetChkPro
       Immediately deploy critical patches, including MS03-039, with
    Shavlik HFNetChkPro patch management software and make a powerful
    impact on your enterprise security. HFNetChkPro is a must-have for any
    busy network administrator in charge of security updates. Its
    easy-to-use interface makes patch management a breeze. Create machine
    groups or patch groups for quick scanning and deployment and produce
    management reports in minutes. Download the free version of
    HFNetChkPro with no time-outs at 
    ==== 1. In Focus: Digital Rights Management ====
       by Mark Joseph Edwards, News Editor, markat_private
    Last week, I mentioned the OpenOffice.org suite of productivity tools.
    A reader raised the question of whether any Digital Rights Management
    (DRM) features are in progress for that platform. It's a good
    question. I don't know of any current DRM projects directly related to
    OpenOffice.org, but that doesn't mean they don't exist or won't exist
    in the future.
    Several DRM efforts not directly related to OpenOffice.org are
    underway. As you probably know, Microsoft is developing its own
    implementations of DRM technology, and they promise to be a powerful
    way of placing restrictions on many kinds of content. The new
    Microsoft Office 2003 suite ( http://www.microsoft.com/office )
    contains DRM features.
    For example, Office Word 2003 contains information rights management
    functionality that lets a document owner define how recipients can
    handle documents in terms of forwarding, copying, and printing them
    and determine expiration dates for those permissions. A document owner
    can also designate sections of a document that only certain people can
    change, force the use of revision marks for changes, and force the use
    of certain formatting and styles. Microsoft has integrated the same
    type of functionality into Office Excel 2003 and Office Outlook 2003.
    If you want to use Office 2003's rights management features, your
    network must implement Windows Rights Management Services (RMS) for
    Windows Server 2003. RMS is based on the Extensible Rights Markup
    Language (XrML), which is a method for defining rights and policies.
    You can learn more about RMS at the first URL below. You'll find RMS
    add-ons for Windows clients and Microsoft Internet Explorer (IE) at
    the second URL below, along with links to other Microsoft Web pages
    related to RMS technologies. Keep in mind that RMS currently is
    available only in limited beta; however, Microsoft says that it
    expects to release the technology sometime this year. I suppose that
    unless the company pushes the date back, that means within the next 3
    While I was looking for projects supporting DRM, I came across an
    interesting Web site, Cover Pages, that has a section dedicated to DRM
    technology and associated topics. The Organization for the Advancement
    of Structured Information Standards (OASIS) hosts the site.
    At the site, you'll find links to two dozen DRM-related projects,
    including OASIS Rights Language, Open Digital Rights Language (ODRL),
    Extensible Rights Markup Language (XrML), Digital Property Rights
    Language (DPRL), MPEG Rights Expression Language and Data Dictionary,
    Open Ebook Initiative Rights and Rules Working Group, Electronic Book
    Exchange (EBX) Working Group, and many others.
    Also at the site, you'll find links to DRM-related events and a list
    of news stories, papers, and other articles. The site is kept current
    with timely and relevant information, so consider bookmarking it, or
    use Cover Pages' Remote Storage Service (RSS) feed, which is available
    in XML format and uses the RSS 0.91 format. The feed is available at
    the first URL below. Alternatively, if you use RSS feed reading
    software that has Web page scraping functionality (such as
    Syndirella), you might want to scrape the news headlines page at the
    second URL below.
    For loads of information regarding DRM in general, check a major
    search engine, such as AlltheWeb.com, where you'll find plenty of
    links to facts, opinions, news stories, resource sites, editorials,
    and more. I think DRM can be useful at times, but keep in mind that
    although many major vendors support the DRM concept, DRM also provokes
    a lot of industry criticism. To obtain a more balanced viewpoint, be
    sure to read some critical opinions too. In addition to using the
    basic search URL below, also use the search engines at some of the
    major computing news outlets that focus on cross-platform coverage of
    the computing industry.
    ==== Sponsor: TNT Software ====
       FREE Download: Automate Event Log Monitoring
       Automate event log monitoring, provide real-time intrusion
    detection, and satisfy mandated auditing requirements all with TNT
    Software's ELM Log Manager. Preferred by small businesses because of
    its ease of use and Fortune 500 companies because of its reliability,
    ELM 3.1 is the affordable solution with the scalability to consolidate
    MILLIONs of events and Syslog messages a day, display them in custom
    views, launch critical alerts, and schedule reports. Download your
    FREE 30 day fully functional evaluation software NOW and start
    experiencing the benefits of automated log monitoring.
    ==== 2. Security Risks ====
       contributed by Ken Pfeil, kenat_private
    Arbitrary Code Execution and Denial of Service in Microsoft RPCSS
       eEye Digital Security, the NSFOCUS Security Team, and Xue Yong Zhi
    and Renaud Deraison from Tenable Network Security have discovered that
    three new vulnerabilities exist in the part of Remote Procedure Call
    Subsystem (RPCSS) Service that deals with RPC messages for Distributed
    COM (DCOM) activation. Two of these vulnerabilities could allow
    arbitrary code execution on the vulnerable system. The third
    vulnerability could result in a Denial of Service (DoS) condition.
    Microsoft has released Security Bulletin MS03-039 (Buffer Overrun In
    RPCSS Service Could Allow Code Execution), which addresses these
    vulnerabilities and recommends that affected users immediately apply
    the appropriate patch listed in the bulletin. This patch supersedes
    the patch listed in Microsoft Security Bulletin MS03-026 (Buffer
    Overrun In RPC Interface Could Allow Code Execution).
    Weak Authentication in SNMPc
       Alexander V. Nickolenko discovered that a vulnerability in Castle
    Rock Computing's SNMPc 6.0.8 and earlier can let any remote user gain
    Supervisor access to the vulnerable system. This vulnerability is a
    result of a weak authentication protocol. Castle Rock has released
    fixes for versions 6.0.8 and 6.0.5 and a full version fix for release
    ==== Sponsor: Virus Update from Panda Software ====
       Check for the latest anti-virus information and tools, including
    weekly virus reports, virus forecasts, and virus prevention tips, at
    Panda Software's Center for Virus Control.
       Viruses routinely infect "fully protected" networks. Is total
    protection possible? Find answers in the free guide HOW TO KEEP YOUR
    COMPANY 100% VIRUS FREE from Panda Software. Learn how viruses enter
    networks, what they do, and the most effective weapons to combat them.
    Protect your network effectively and permanently - download today!
    ==== 3. Announcements ====
       (from Windows & .NET Magazine and its partners)
    Active Directory eBook Chapter 4 Published!
       The fourth chapter of Windows & .NET Magazine's popular eBook
    "Windows 2003: Active Directory Administration Essentials" is now
    available at no charge! Chapter 4 looks at what's inside Windows
    Server 2003 forests and DNS. Download it now!
    New Web Seminars on Exchange, Active Directory, and More!
       Check out the latest lineup of Web seminars from Windows & .NET
    Magazine. Prepare your enterprise for Exchange Server 2003, discover
    the legal ramifications of deterring email abuse, and find out how
    Active Directory can help you create and maintain a rock-solid
    infrastructure. There is no charge for these events, but space is
    limited, so register today!
    ==== 4. Security Roundup ====
    News: Here We Go Again: Microsoft Issues New Security Fix
       In July, Microsoft released a critical security fix, warning users
    that attackers could use the specified vulnerability to take over
    users' systems and wreak havoc on the Internet. A month later, the
    infamous MSBlaster worm exploited that vulnerability. Yesterday,
    Microsoft released another critical security patch that fixes a
    vulnerability that's painfully similar to the one that led to
    MSBlaster. If you didn't feel sufficiently warned the first time
    around, says Paul Thurrott, you should feel that way now and install
    this fix immediately.
    Feature: IIS Application Authentication Security
       In today's atmosphere of security hysteria, security is such a
    broad topic that we can't hope to find a one-stop shopping center for
    learning how to protect our systems. Even the security experts
    concentrate on only one or two major security areas or levels because
    they can't possibly be experts on every security-related thing. In
    this article, Tim Huckaby discusses the narrow topic of the various
    levels of Microsoft IIS application authentication security.
    Feature: Readers' Choice Awards
       Reader response to our second annual Readers' Choice Awards was
    gratifying. We asked you to let us know which products and services
    merit your confidence and support. In response, nearly 7800 of
    you--almost quadruple the number who responded to last year's Readers'
    Choice Awards survey--voted on products in 16 general categories:
    storage, training and certification, utilities, Web-based services,
    security, systems management, messaging, network infrastructure,
    network management, remote computing, telephony, business
    applications, client hardware, development tools, disaster-recovery
    tools, and Internet and intranet solutions. Within these 16
    categories, you chose 84 of the best products among hundreds of
    products and services. In addition, you voted for five special awards:
    Best Hardware, Best Software, Most Innovative Product, Best
    Service/Support, and Rookie of the Year. To view the winners of the
    security category, visit the first URL below. To view winners in other
    categories, visit the second URL below, where you'll find individual
    articles for each category covered.
    ==== 5. Instant Poll ====
    Results of Previous Poll: Rolling Out Service Packs
       The voting has closed in Windows & .NET Magazine's Security
    Administrator Channel nonscientific Instant Poll for the question,
    "What is your primary method of rolling out service packs?" Here are
    the results from the 175 votes.
       - 21% Software Update Services (SUS) by itself
       - 11% Systems Management Server (SMS), or SMS with SUS
       - 15% Scripts and/or Group Policy
       - 38% Windows automatic updates
       - 14% Third-party tools
    (Deviations from 100 percent are due to rounding.)
    New Instant Poll: DRM Use
       The next Instant Poll question is, "Is your company using or
    planning to use Digital Rights Management (DRM)?" Go to the Security
    Administrator Channel home page and submit your vote for a) We have a
    DRM application in production, b) We're experimenting with DRM, c) We
    see some possible applications for DRM but aren't working with it yet,
    or d) We aren't interested in DRM.
    ==== 6. Security Toolkit ====
    Virus Center
       Panda Software and the Windows & .NET Magazine Network have teamed
    to bring you the Center for Virus Control. Visit the site often to
    remain informed about the latest threats to your system security.
    FAQ: How Do I Detect and Remove Remote Access Trojans?
       Remote access Trojans are dangerous because they can gather
    confidential financial information from computers and a network. To
    learn about some of the more common Trojans, how to detect them, and
    how to clean up after them, read Roger Grimes's article, "Danger:
    Remote Access Trojans."
    ==== 7. Event ====
    New--Mobile & Wireless Road Show!
       Learn more about the wireless and mobility solutions that are
    available today! Register now for this free event!
    ==== 8. New and Improved ====
       by Sue Cooper, productsat_private
    Protect Small Offices from Online Risks
       Symantec announced Norton Internet Security 2004 Professional, an
    online security and privacy suite for your small office/home office
    (SOHO). This tightly integrated suite includes Symantec's antivirus,
    firewall, intrusion detection, privacy protection, spam filtering, and
    content filtering solutions. Data recovery capability protects and
    restores your applications and files from accidental deletion and
    virus damage. Data cleaning features remove traces of deleted
    confidential files. One license of Norton Internet Security 2004
    Professional costs $99.95, and 5- and 10-user packs have estimated
    prices of $449.95 and $799.95, respectively. The software is expected
    to be available in mid-September at http://www.symantecstore.com and
    from other retailers.
    Secure Confidential Data
       NEC Solutions released the NEC MobilePro Tricryption System, a
    three-layered data security solution for health care or enterprise
    applications. You can add it on top of a preexisting database to
    encrypt database entries so that they're protected if a network
    security system or firewall is breached. You can encrypt individual
    fields within a record separately, so a search application need not
    unencrypt an entire record or database to locate a field. Features
    include dynamic data security, secure content delivery, a unique key
    per transaction, complete access control with real-time audit trails,
    and rights ownership that's enforced onto the key itself. For more
    information, go to http://www.necsolutions-am.com/mobilesolutions or
    call 888-632-8701.
    Tell Us About a Hot Product and Get a T-Shirt
       Have you used a product that changed your IT experience by saving
    you time or easing your daily burden? Tell us about the product, and
    we'll send you a Windows & .NET Magazine T-shirt if we write about the
    product in a future Windows & .NET Magazine What's Hot column. Send
    your product suggestions with information about how the product has
    helped you to whatshotat_private
    ==== 9. Hot Threads ====
    Windows & .NET Magazine Online Forums
    Featured Thread: DoS Attack Defense
       (Four messages in this thread)
    Mikes wants to know how to mount a defense against a Denial of Service
    (DoS) attack on his server and network. Lend a hand or read the
    HowTo Mailing List
    Featured Thread: Is It Possible to Restrict Logon Times?
       (Five messages in this thread)
    Chris wants to know whether you can limit an account on a Windows 2000
    Professional system so that a user can log on locally only at certain
    times of the day. He doesn't want to set a BIOS password but is
    looking for a Windows-based solution, perhaps some type of script,
    configuration, or freeware or shareware program. Lend a hand or read
    the responses:
    ==== Sponsored Links ====
    Aelita Software
       Free message-level Exchange recovery web seminar October 9th
       Free Download - NEW NetOp 7.6 - faster, more secure, remote support
       Eliminate spam once and for all. MailFrontier Anti-Spam Gateway.
    ==== 10. Contact Us ====
    About the newsletter -- lettersat_private
    About technical questions -- http://www.winnetmag.com/forums
    About product news -- productsat_private
    About your subscription -- securityupdateat_private
    About sponsoring Security UPDATE -- emedia_oppsat_private
       This email newsletter is brought to you by Security Administrator,
    the print newsletter with independent, impartial advice for IT
    administrators securing Windows and related technologies. Subscribe
    Thank you!
    Copyright 2003, Penton Media, Inc.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Thu Sep 18 2003 - 01:18:45 PDT