[ISN] Windows & .NET Magazine Security UPDATE - November 12, 2003

From: InfoSec News (isn@private)
Date: Thu Nov 13 2003 - 05:50:49 PST

  • Next message: InfoSec News: "[ISN] Contest - The mysteriously persistently exploitable program."

    ====================
    
    ==== This Issue Sponsored By ====
    
    Protocom Development Systems
       http://list.winnetmag.com/cgi-bin3/DM/y/edZN0CJgSH0CBw0BC8w0As 
    
    VeriSign - The Value of Trust
       http://list.winnetmag.com/cgi-bin3/DM/y/edZN0CJgSH0CBw0BDeV0A6 
    
    ====================
    
    1. In Focus: Is It Time for Security Bug Bounties?
    
    2. Announcements
         - Order Windows & .NET Magazine and the Article Archive CD at One Low
           Rate!
         - We Need Your Feedback
    
    3. Security News and Features
         - Recent Security Vulnerabilities
         - News: Microsoft Funds Bounty Hunters to Track Down Malicious Coders
         - Buyer's Guide: Single Sign-On Products 
         - News: NetScreen Announces Deep Inspection Firewall
    
    4. Instant Poll
         - Results of Previous Poll: Work Responsibilities
         - New Instant Poll: Security Bug Bounty
    
    5. Security Toolkit
         - Virus Center
         - FAQ: When does Windows Installer use elevated privileges?
         - Featured Thread: Encrypting AD
    
    6. Event
         - Check Out 4 New Upcoming Web Seminars
    
    7. New and Improved
         - Firewall Appliances Offer Integrated Security
         - Cobion Adds Sophos Virus Detection
         - Tell Us About a Hot Product and Get a T-Shirt
    
    8. Contact Us 
       See this section for a list of ways to contact us. 
    
    ==================== 
    
    ==== Sponsor: Protocom Development Systems ====
    
       Single sign-on does exist, even for heterogeneous environments, with 
    SecureLogin Single Sign-On or SecureLogin Password Management Suite. 
    Increase security while enhancing the end-user experience. It is 
    possible. SecureLogin was named TechEd Best of Show in the security 
    category. Request your evaluation copy of SecureLogin Single Sign-On. 
       http://list.winnetmag.com/cgi-bin3/DM/y/edZN0CJgSH0CBw0BC8w0As 
    
    ====================
    
    ==== 1. In Focus: Is It Time for Security Bug Bounties? ====
       by Mark Joseph Edwards, News Editor, mailto:mark@private
    
    A few weeks ago, I wrote about the Microsoft Most Valuable Professional 
    (MVP) program in which some MVPs will be allowed restricted access to parts 
    of Microsoft's code. I expressed doubts that such code access would have 
    any significant effect on the security of Windows platforms. 
    
    One reader pointed out that many MVPs are talented people who do 
    occasionally find security problems in Microsoft code. I have no idea who 
    participates in the MVP program. I do know that a vast pool of proven 
    programmers who understand security regularly discover bugs in code even 
    without being able to examine source code. So I, along with others, wonder 
    what could such people achieve if they could view source code. 
    
    You might have heard the news by now that Microsoft has put a $250,000 
    bounty on the heads of the person or people who unleashed the MSBlaster and 
    Sobig worms onto the public. The bounty money is part of a $5 million fund 
    Microsoft has launched to aid the capture of future malicious code writers. 
    You can link to the story from the Security News and Features section 
    below.
    
    I expect most of you think it sounds reasonable to offer a reward, and I 
    agree. However, I wonder why the company doesn't create a similar or larger 
    fund to reward those who capture and correct bugs in its software? A bug 
    bounty would benefit the public as much, or perhaps even more than the 
    capture of a few contemptuous criminals. What better way to convert 
    potential perpetrators (and keep honest people honest) than by putting them 
    indirectly on the payroll by offering them bounty money to seek out 
    security bugs in the world's most widely used code base? Microsoft's 
    reputation and public image, its products, and public safety around the 
    world would benefit. Many people have expressed similar sentiments in 
    various online forums, but will such an idea ever become a reality through 
    Microsoft--or any other software company? We'll have to wait and see. 
    
    We're conducting a new poll this week that asks the question, "Regarding 
    Microsoft's $5 million bounty to capture and convict malicious coders, 
    could the money be better spent?" Stop by the Windows & .NET Magazine 
    Security Hot Topic home page and offer your answer. 
        http://www.winnetmag.com/windowssecurity
    
    ====================
    
    ==== Sponsor: VeriSign - The Value of Trust ====
    
       Secure all your Web servers now - with a proven 5-part strategy. The 
    FREE Server Security Guide shows you how:
       * DEPLOY THE LATEST ENCRYPTION and authentication techniques
       * DELIVER TRANSPARENT PROTECTION with the strongest security without 
    disrupting users. And more. Get your FREE Guide now:
       http://list.winnetmag.com/cgi-bin3/DM/y/edZN0CJgSH0CBw0BDeV0A6 
    
    ====================
    
    ==== 2. Announcements ====
       (from Windows & .NET Magazine and its partners)
    
    Order Windows & .NET Magazine and the Article Archive CD at One Low Rate!
       What's better than Windows & .NET Magazine? Try Windows & .NET Magazine 
    and the Windows & .NET Magazine Article Archive CD at one super low 
    rate. Read Windows & .NET Magazine in the office. Take the Article 
    Archive CD with you on the road. Subscribe now!
       http://list.winnetmag.com/cgi-bin3/DM/y/edZN0CJgSH0CBw0BDQB0AR
    
    We Need Your Feedback
       In order to improve our security-related content in our Microsoft 
    Security Watch newsletter, we need your opinion about what issues are of 
    greatest importance to you and your organization. It only takes a few 
    minutes to respond and complete the survey at
       http://list.winnetmag.com/cgi-bin3/DM/y/edZN0CJgSH0CBw0BDXG0Ad
    
    ====================
    
    ==== Sponsor: Virus Update from Panda Software ====
    
       Check for the latest anti-virus information and tools, including weekly 
    virus reports, virus forecasts, and virus prevention tips, at Panda 
    Software's Center for Virus Control.
       http://list.winnetmag.com/cgi-bin3/DM/y/edZN0CJgSH0CBw0BDeW0A7 
       Viruses routinely infect "fully protected" networks. Is total protection 
    possible? Find answers in the free guide HOW TO KEEP YOUR COMPANY 100% 
    VIRUS FREE from Panda Software. Learn how viruses enter networks, what 
    they do, and the most effective weapons to combat them. Protect your 
    network effectively and permanently - download today! 
       http://list.winnetmag.com/cgi-bin3/DM/y/edZN0CJgSH0CBw0BBDp0Aw 
    
    ====================
    
    ==== 3. Security News and Features ====
    
    Recent Security Vulnerabilities
       If you subscribe to this newsletter, you also receive Security Alerts, 
    which inform you about recently discovered security vulnerabilities. You 
    can also find information about these discoveries at
       http://www.winnetmag.com/departments/departmentid/752/752.html
    
    News: Microsoft Funds Bounty Hunters to Track Down Malicious Coders
       Microsoft announced that it has created a new program, the Anti-Virus 
    Reward Program, and funded it with $5 million to pay for information 
    leading to the arrest and conviction of virus spreaders. The company 
    said the new program is "an old fashioned criminal justice tactic to 
    help solve a modern day problem."
       http://winnetmag.com/articles/index.cfm?articleid=40768
    
    Buyer's Guide: Single Sign-On Products 
       In many organizations, users struggle with having to sign on multiple 
    times to access different applications, Web portals, and servers. As the 
    number of mandatory unique sign-ons grows, the burden on users to 
    remember numerous usernames and passwords increases. Unfortunately, 
    reducing the need for multiple sign-ons isn't a simple task. Here are 
    some products that help ease authentication.  
       http://winnetmag.com/articles/index.cfm?articleid=40453
    
    News: NetScreen Announces Deep Inspection Firewall
       NetScreen Technologies announced a new type of firewall, which the 
    company has named the Deep Inspection firewall. The firewall provides 
    application-level intrusion protection along with stateful inspection 
    capabilities.
       http://winnetmag.com/articles/index.cfm?articleid=40658
    
    ====================
    
    ==== 4. Instant Poll ====
    
    Results of Previous Poll: Work Responsibilities
       The voting has closed in the Windows & .NET Magazine Network Security 
    Hot Topic nonscientific Instant Poll for the question, "Which of the 
    following options best describes your work-related responsibilities?" 
    Here are the results from the 52 votes.
       - 17% Administration only
       - 4% Administration and auditing
       - 52% Administration, auditing, and network monitoring
       - 10% Networking monitoring and auditing
       - 17% Development
    
    New Instant Poll: Security Bug Bounty
       The next Instant Poll question is, "Regarding Microsoft's $5 million 
    bounty to capture and convict malicious coders, could the money be 
    better spent?" Go to the Security Hot Topic home page and submit your 
    vote for 
       - Yes, by paying non-Microsoft security researchers to find bugs
       - Yes, by paying Microsoft programmers to find bugs
       - Yes, by paying both non-Microsoft researchers and Microsoft 
    programmers
       - No, it's exactly the thing to do
       http://www.winnetmag.com/windowssecurity
    
    ==== 5. Security Toolkit ==== 
    
    Virus Center
       Panda Software and the Windows & .NET Magazine Network have teamed to 
    bring you the Center for Virus Control. Visit the site often to remain 
    informed about the latest threats to your system security.
       http://www.winnetmag.com/windowssecurity/panda
    
    FAQ: When does Windows Installer use elevated privileges?
       by John Savill, http://www.winnetmag.com/windowsnt20002003faq 
    
    A. You can use a tool such as Group Policy to perform a managed 
    installation of a Windows Installer file, or you can manually install a 
    Windows Installer file. Some applications that you install with a Windows 
    Installer file require elevated privileges to access file system areas or 
    registry keys. When you use a tool such as Group Policy to install a 
    Windows Installer file that deploys an application to a user's system, the 
    application runs with elevated privileges (e.g., system permissions) that 
    replace the user's limited permissions. However, when a user uses a Windows 
    Installer file to install an application manually, the installation is 
    limited by the user's current privilege level, which might cause some 
    installations to fail.
    
    You can configure a system to run all Windows Installer installations, 
    including manual installations, with elevated privileges. However, keep in 
    mind that doing so carries the risk that a skilled user could use the 
    elevated privileges to access areas of the system that would otherwise be 
    protected. For information about how to configure all Windows Installer 
    installations to use elevated privileges, see the FAQ "How can I configure 
    all Windows Installer installations to run with elevated privileges?" 
       http://www.winnetmag.com/article/articleid/40694/40694.html 
    
    If you enable a Group Policy Object (GPO) to let all installations run with 
    elevated privileges, be aware that if you install an application on a 
    per-machine basis (i.e., all users on that machine can use it), any repair 
    operations performed for that application will run with elevated 
    privileges, even if you remove the GPO. If, however, you install an 
    application on a per-user basis, then remove the GPO, any attempts to 
    repair that application might fail because the elevated privileges no 
    longer apply.
    
    Featured Thread: Encrypting AD
       (Four messages in this thread)
       Chris wants to know whether he can encrypt the Windows 2000 Active 
    Directory (AD) components, namely the C:\winnt\ntds folder and its 
    contents (ntds.dit and log files), and the C:\winnt\sysvol folder and 
    its contents. He has just implemented the Encrypting File System (EFS) 
    to encrypt Microsoft SQL Server, and he'd like to do the same for the AD 
    folders. If applying EFS isn't possible, can he secure the contents of 
    AD some other way? Lend a hand or read the responses:
    http://www.winnetmag.com/Forums/messageview.cfm?catid=42&threadid=64863
    
    ==== 6. Event ====
    
    Check Out 4 New Upcoming Web Seminars
       Sign up today for these upcoming Web seminars: Access Control for the 
    Web (NEW!), Assess IM Risks on Your Network, Five Keys to Choosing the 
    Right Patch Management Solution, and The Secret Costs of Spam ... What 
    You Don't Know Can Hurt You. Don't miss these free events!
       http://www.winnetmag.com/seminars
    
    ==== 7. New and Improved ====
       by Jason Bovberg, products@private
    
    Firewall Appliances Offer Integrated Security
       Symantec announced the Symantec Gateway Security 5400 Series, the 
    company's new line of firewall appliances. The appliances offer 
    customers a ready-to-deploy network security solution designed to 
    protect against various types of malicious threats, including blended 
    Internet threats such as Blaster, Slammer, and Sobig. The solutions 
    provide comprehensive gateway-level protection by integrating 
    intrusion-prevention, intrusion-detection, antivirus, content-filtering, 
    VPN, and antispam technologies in one device. The Symantec Gateway 
    Security 5400 Series comes in three models--the 5420, 5440, and 
    5460--starting at an estimated retail price of $3995. For more 
    information about the firewall appliances, contact Symantec on the Web.
       http://www.symantec.com 
    
    Cobion Adds Sophos Virus Detection 
       Cobion announced that it will add the Sophos virus-detection engine as a 
    plugin to its email-security product, OrangeBox Mail 2.0. OrangeBox Mail 
    2.0 checks all incoming and outgoing email messages and filters spam. 
    Sophos's virus-detection technology checks all incoming, outgoing, and 
    internal mail messages for viruses before the messages arrive at the 
    user's mailbox or are sent out to the Internet. The software refuses and 
    quarantines any attachments that contain viruses. For more information 
    about OrangeBox Mail 2.0 and Sophos, contact Cobion and Sophos on the 
    Web.
       http://www.cobion.com
       http://www.sophos.com
    
    Tell Us About a Hot Product and Get a T-Shirt!
       Have you used a product that changed your IT experience by saving you 
    time or easing your daily burden? Tell us about the product, and we'll 
    send you a Windows & .NET Magazine T-shirt if we write about the product 
    in a future Windows & .NET Magazine What's Hot column. Send your product 
    suggestions with information about how the product has helped you to 
    whatshot@private
    
    ===================
    
    ==== Sponsored Links ====
    
    Argent
       Comparison Paper: The Argent Guardian Easily Beats Out MOM
    http://list.winnetmag.com/cgi-bin3/DM/y/edZN0CJgSH0CBw0BDWV0Ar
    
    NetIQ
       Check out our free web seminar on The Costs of Spam - Nov. 18!
    http://list.winnetmag.com/cgi-bin3/DM/y/edZN0CJgSH0CBw0BDeX0A8
    
    ===================
    
    ==== 8. Contact Us ==== 
    
    About the newsletter -- letters@private
    About technical questions -- http://www.winnetmag.com/forums
    About product news -- products@private
    About your subscription -- securityupdate@private
    About sponsoring Security UPDATE -- emedia_opps@private
    
    This email newsletter is brought to you by Security Administrator, the 
    print newsletter with independent, impartial advice for IT administrators 
    securing Windows and related technologies. Subscribe today.
    https://secure.pentontech.com/nt/security/index.cfm?promocode=00&Code=ei25xxup
    
    Copyright 2003, Penton Media, Inc.
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomo@private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Thu Nov 13 2003 - 09:36:57 PST