[ISN] Windows & .NET Magazine Security UPDATE--Will Leaked Code Increase Security Risks?--February 18, 2004

From: InfoSec News (isn@private)
Date: Thu Feb 19 2004 - 02:16:08 PST

  • Next message: InfoSec News: "[ISN] Critical infrastructure data sought"

    ==== This Issue Sponsored By ====
    
    Be Proactive with Real-Time Monitoring
       http://list.winnetmag.com/cgi-bin3/DM/y/eefA0CJgSH0CBw0BFg40Ab
    
    Free Download: Shavlik Security Patch Management
       http://list.winnetmag.com/cgi-bin3/DM/y/eefA0CJgSH0CBw0BDoF0Az
    
    ====================
    
    * In Focus: Will Leaked Code Increase Security Risks?
    
    * Security News and Features
       - Recent Security Vulnerabilities
       - News: Windows 2000 and Windows NT Leaked to the Web
       - News: More Security Patches on the Way for Microsoft Platforms
       - News: Controversial Microsoft Security Fixes Have Company on
         Security Defensive
       - News: Security Webcasts for Microsoft Developers
    
    * New and Improved
       - Combine Software and Hardware for Integrated Security
       - Increase Security with Real-Time Reporting
    
    ==== Sponsor: TNT Software's ELM Enterprise Manager ====
       There are two ways to manage your critical systems: Reactive and
    Proactive. ELM Enterprise Manager supports the latter. ELM Enterprise
    Manager is the affordable solution that monitors the health and status
    of your systems and alerts you in time to take prompt corrective
    action. Imagine the time savings and productivity increases when event
    frequencies, performance trends, state changes, and quality of service
    breaches are clearly displayed and easily accessible. Equally
    important, be notified while the threat is small. Be proactive,
    download your FREE 30-Day license of ELM Enterprise Manager NOW and
    start experiencing the benefits for real-time monitoring.
       http://list.winnetmag.com/cgi-bin3/DM/y/eefA0CJgSH0CBw0BFg40Ab
    
    ====================
    
    ==== In Focus: Will Leaked Code Increase Security Risks? ====
       by Mark Joseph Edwards, News Editor, mark at ntsecurity dot net
    
    Last week was interesting in the Windows world for two reasons. The
    first reason, which I'm sure you're aware of by now, is that somehow,
    Windows source code was leaked to the Internet. The news story
    "Windows 2000 and Windows NT Leaked to the Web" below has a link to
    more information about this event.
       Many are concerned that having the source code out in the open will
    play into the hands of unscrupulous individuals looking for holes to
    exploit. The amount of leaked code is substantial, but the code
    appears to be an older version of Windows. Because Microsoft has
    released service packs and hotfixes since the code was written, some
    are hoping the leak won't result in many new security vulnerability
    discoveries.
       Another obvious problem with the code release is that Microsoft's
    intellectual property has been stolen and made public. If a programmer
    views the code and later either intentionally or inadvertently
    replicates it into some other body of code, any entity that relies on
    that body of code could be in for significant ramifications down the
    road.
       One can look at the open-source code community for an idea of how
    much security trouble and plagiarism might result from the leak.
    Open-source code is there for anybody to look at, and even so, the
    number of vulnerabilities found and exploited isn't that much
    different when compared with the number found in Windows. Open-source
    code also hasn't resulted in any significant level of plagiarism. Of
    course, the SCO Group is suing various entities for infringement, but
    so far the company's allegations haven't been proven. That could
    change; we'll have to wait and see.
       I think most security practitioners will agree that obscurity
    doesn't provide much security. Obscurity offers protection only from
    less sophisticated predators. As we've seen, plenty of people who've
    never seen Microsoft's source code have found vulnerabilities by
    probing the outside--the compiled runtime code.
       The second reason that last week was interesting was the reported
    security vulnerability in Microsoft's ASN.1 implementation, which was
    discovered by eEye Digital Security (see the two related news items
    below). The problem could let an intruder access a computer under the
    security context of the all-powerful System account.
       eEye worked with Microsoft to correct the problem while keeping
    quiet about the exact details. Microsoft released a patch for the
    problem only about a week ago, so surely many systems aren't yet
    patched. Those systems are vulnerable to an exploit released by
    someone who reverse-engineered the ASN.1 problem. So far, the exploit
    code tries to attack only ports 139 and 445 and typically causes a
    Denial of Service (DoS) on an affected machine by crashing the
    Lsass.exe process. However, somebody could tweak the code into
    something more sinister.
       I know of only one piece of advice that can help protect all of us.
    When Microsoft releases a security patch or workaround or offers
    advice on how to better protect a system, we all must listen and act.
    
    ====================
    
    ==== Sponsor: Free Download: Shavlik Security Patch Management ====
       Install the latest critical Microsoft security patch today with
    HFNetChkPro. A free, fully functional, no time-out version of
    HFNetChkPro is available to help you automate the delivery and testing
    of this critical patch. HFNetChkPro offers unlimited scanning, a
    complete GUI and Shavlik's exclusive PatchPush capabilities. Save time
    on patch deployment, ensure systems are fully protected and safeguard
    your systems from remote code execution, identity spoofing, arbitrary
    code execution and other attacks. Its free, and it simplifies patch
    management without agents. Learn more and download the free version of
    HFNetChkPro at
       http://list.winnetmag.com/cgi-bin3/DM/y/eefA0CJgSH0CBw0BDoF0Az
    
    ====================
    
    ==== Announcements ====
       (from Windows & .NET Magazine and its partners)
    
    Try a Sample Issue of Security Administrator!
       Security Administrator is the monthly newsletter from Windows &
    .NET Magazine that shows you how to protect your network from external
    intruders and control access for internal users. Sign up now to get a
    1-month trial issue--you'll feel more secure just knowing you did.
    Click here!
       http://list.winnetmag.com/cgi-bin3/DM/y/eefA0CJgSH0CBw0BFMs0AE
    
    Download the Latest eBook--"Best Practices for Managing Linux and UNIX
    Servers"
       This free eBook will educate systems managers about how to best
    approach the complex realm of Linux and UNIX management and
    performance monitoring. You'll learn core issues such as configuration
    management, accounting, and monitoring performance with an eye toward
    creating a long-term strategy for sustainable growth.
       http://list.winnetmag.com/cgi-bin3/DM/y/eefA0CJgSH0CBw0BFg50Ac
    
    ====================
    
    ==== Sponsor: Virus Update from Panda Software ====
       Are your traditional antivirus solutions really protecting your
    network? Panda Antivirus GateDefender is a dedicated hardware device
    installed at the Internet gateway to block viruses before they
    contaminate your network. It scans 7 different communication
    protocols, achieving optimum protection against external attacks.
    Panda Antivirus GateDefender 7100 (25-500 seats) & Panda Antivirus
    GateDefender 7200 (500 seats+) provide the highest scalability with
    native load balancing that transparently adapts to traffic volume.
       Visit "Panda's GateDefender Stands Guard!" at
    http://list.winnetmag.com/cgi-bin3/DM/y/eefA0CJgSH0CBw0BEGa0An for more information.
    
    ===============
    
    ==== Security News and Features ====
    
    Recent Security Vulnerabilities
       If you subscribe to this newsletter, you also receive Security
    Alerts, which inform you about recently discovered security
    vulnerabilities. You can also find information about these discoveries
    at
       http://www.winnetmag.com/departments/departmentid/752/752.html
    
    News: Windows 2000 and Windows NT Leaked to the Web
       The story first broke on the Neowin Web site, and late last
    Thursday, Microsoft confirmed that portions of Windows 2000 and
    Windows NT 4.0 source code were leaked to various Web sites.
       http://www.winnetmag.com/article/articleid/41767/41767.html
    
    News: More Security Patches on the Way for Microsoft Platforms
       Microsoft recently released a patch for problems with the ASN.1
    library, a Windows component that interacts with multiple Windows
    features, including file sharing and digital certificates. Researchers
    at eEye Digital Security discovered the ASN.1 problem, and it's not
    the only problem they've discovered that will be patched by Microsoft.
    At least seven more security patches are on the horizon for Windows
    platforms.
       http://www.winnetmag.com/article/articleid/41761/41761.html
    
    News: Controversial Microsoft Security Fixes Have Company on Security
    Defensive
       Last week, Microsoft issued its planned monthly set of security
    updates, but Paul Thurrott writes that this month, the updates are
    more serious and controversial than usual. One of the fixes, for the
    ASN.1 library as mentioned above, is rated as critical and applies to
    "an extremely deep and pervasive technology in Windows" that attackers
    can compromise to take over PCs. The flaw was discovered 7 months ago
    but was fixed only this week. Security experts describe the flaw as
    one of the most devastating ever, and Microsoft recommends that all
    users download and install the patch for this problem as soon as
    possible.
       http://www.winnetmag.com/article/articleid/41744/41744.html
    
    News: Security Webcasts for Microsoft Developers
       This week is "Developer Security Webcast Week" at Microsoft. The
    company is offering a series of security-related Webcasts aimed at
    developers. You can see a list of the topics at the URL below and
    register to attend at the Microsoft Developer Network (MSDN) Web site.
       http://www.winnetmag.com/article/articleid/41760/41760.html
    
    ==== Security Toolkit ====
    
    Virus Center
       Panda Software and the Windows & .NET Magazine Network have teamed
    to bring you the Center for Virus Control. Visit the site often to
    remain informed about the latest threats to your system security.
       http://www.winnetmag.com/windowssecurity/panda
    
    Virus Alert: Nachi.B; DoomHunter.A; Deadhat.B; and Mitglieder.A
       In the time span of only a few hours, PandaLabs detected the
    appearance of four new worms related to the epidemic caused by the
    MyDoom worms. The new worms are Nachi.B, DoomHunter.A, Deadhat.B, and
    Mitglieder.A. The first two worms try to remove MyDoom, and the latter
    two worms try to enter a system through backdoors created by MyDoom.
    For details about these new worms, go to
       http://www.pandasoftware.com/about/press/viewnews.aspx?noticia=4732
    
    FAQ: How Can I Move a Computer Account from One Domain to Another?
       by John Savill, http://www.winnetmag.com/windowsnt20002003faq
    
    A. The Netdom command-line tool lets you move a computer account from
    one domain to another. For example, in the command
    
    netdom move compmoveme /domain child1
      /ud:administrator@private /pd:xxxxx
    
    the /domain switch identifies the target domain to move the object to
    and the /ud and /pd switches identify the account and password,
    respectively, to use for the specified domain. To see other options
    for Netdom, type
    
    netdom move /?
    
    at the command line.
    
    Featured Thread: ACL Utility
       (Two messages in this thread)
       Jim is looking for an enterprisewide utility that will read the
    ACLs on his folders and let him export or print the list. Lend a hand
    or read the responses:
    http://www.winnetmag.com/forums/messageview.cfm?catid=42&threadid=67310
    
    ==== Events Central ====
       (A complete Web and live events directory brought to you by Windows
    & .NET Magazine: http://www.winnetmag.com/events )
    
    New Web Seminar--Realizing the Return on Active Directory
       Join Mark Minasi and Indy Chakrabarti for a free Web seminar and
    discover how to maximize the return on your Active Directory
    investments and cut the cost of security exposures with secure task
    delegation, centralized auditing, and Group Policy management.
    Register now and receive NetIQ's free "Securing Access to Active
    Directory-A Layered Security Approach" white paper.
       http://list.winnetmag.com/cgi-bin3/DM/y/eefA0CJgSH0CBw0BFE60A4
    
    ==== New and Improved ====
       by Jason Bovberg, products@private
    
    Combine Software and Hardware for Integrated Security
       CrypKey announced Casper BlackBox, a license-management solution
    that provides copy protection, automated transaction authorization,
    and prepaid serial number or credit card processing--as well as the
    hardware to run it. Essentially a small computer that's slightly
    smaller than a notebook, Casper BlackBox features CrypKey Automated
    Software Purchasing & Electronic Registration (Casper) software, which
    offers e-commerce capability by automating the authorization and
    purchase of CrypKey-protected products by either serial number or
    credit card processing. Vendors can customize security specifications
    (which CrypKey then preconfigures on the hardware) and simply plug
    Casper BlackBox into their network, permitting CrypKey software to
    manage product licensing and authorization activities 24 x 7. Casper
    BlackBox eRegister offers automatic authorization and verification of
    CrypKey-protected products using serial numbers. Casper BlackBox
    eCommerce provides automatic authorization and verifies credit card
    processing of CrypKey-protected products. For more information about
    Casper BlackBox, contact CrypKey on the Web.
       http://www.crypkey.com
    
    Increase Security with Real-Time Reporting
       Hypersoft Information Systems announced OmniAnalyser 8.0, the
    latest version of its real-time Windows NT monitoring software. Timely
    data about system errors and warnings, as well as
    application-generated information, is essential for system
    optimization. OmniAnalyser 8.0 provides real-time monitoring of valid
    and invalid system logons, access to files and folders, and changes to
    accounts and groups. You can audit attempts by a particular user to
    read a certain file, changes in security settings, and the creation
    and deletion of specific objects. Information about such events
    appears on a Web server; thus, you can check data at any time without
    searching through Event Viewer. For more information about
    OmniAnalyser 8.0, contact Hypersoft Information Systems on the Web.
       http://www.hypersoft.com
    
    Tell Us About a Hot Product and Get a T-Shirt!
       Have you used a product that changed your IT experience by saving
    you time or easing your daily burden? Tell us about the product, and
    we'll send you a Windows & .NET Magazine T-shirt if we write about the
    product in a future Windows & .NET Magazine What's Hot column. Send
    your product suggestions with information about how the product has
    helped you to whatshot@private
    
    ===================
    
    ==== Sponsored Links ====
    
    NetSupport
       Free Trial - Fast and Easy Network Management. - NetSupport DNA
       http://list.winnetmag.com/cgi-bin3/DM/y/eefA0CJgSH0CBw0BFW60AN
    
    ===================
    
    ==== Contact Us ====
    
    About the newsletter -- letters@private
    About technical questions -- http://www.winnetmag.com/forums
    About product news -- products@private
    About your subscription -- securityupdate@private
    About sponsoring Security UPDATE -- emedia_opps@private
    
    This email newsletter is brought to you by Windows & .NET Magazine,
    the leading publication for IT professionals deploying Windows and
    related technologies. Subscribe today.
       http://www.winnetmag.com/sub.cfm?code=wswi201x1z
    
    You received this email message because you asked to receive
    additional information about products and services from the Windows &
    .NET Magazine Network. To unsubscribe, send an email message to
    mailto:Security-UPDATE_Unsub@private Thank you!
    
    View the Windows & .NET Magazine privacy policy at
    http://www.winnetmag.com/AboutUs/Index.cfm?action=privacy
    
    Windows & .NET Magazine, a division of Penton Media, Inc.
    221 East 29th Street, Loveland, CO 80538
    Attention: Customer Service Department
    
    Copyright 2004, Penton Media, Inc. All rights reserved.
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomo@private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Thu Feb 19 2004 - 06:01:42 PST