[ISN] Security UPDATE--Checking Up on Products--June 9, 2004

From: InfoSec News (isn@private)
Date: Thu Jun 10 2004 - 02:46:17 PDT

  • Next message: InfoSec News: "[ISN] Secunia Weekly Summary - Issue: 2004-24"

    ==== This Issue Sponsored By ====
    Windows & .NET Magazine
    1. In Focus: Checking Up on Products
    2. Security News and Features
       - Recent Security Vulnerabilities
       - News: SP2 for Web Developers
       - Book Review: Hardening Windows
       - Feature: Performing Forensic Analyses, Part 1
    3. Security Toolkit
       - FAQ
       - Featured Thread
    4. New and Improved
       - Secure Your Property with Network Camera Surveillance
    ==== Sponsor: OpenNetwork ====
       Concerned about meeting auditing and compliance requirements for
    controlling access to sensitive information? Quickly enable and
    disable employee access to corporate applications and resources with
    an effective Identity Management strategy. Read OpenNetwork's free
    whitepaper, Understanding the Identity Management Roadmap, at
    ==== 1. In Focus: Checking Up on Products ====
       by Mark Joseph Edwards, News Editor, mark at ntsecurity dot net
    When you configure your software and hardware to operate in a specific
    manner, how do you know they really perform as configured? Do you
    trust that the vendors have developed their products to operate
    properly? Of course you don't. Right? We all know that vendors, like
    everybody else, make mistakes.
    A case in point appeared on the Bugtraq mailing list last week. A
    researcher discovered that some Linksys WRT54G wireless routers under
    some circumstances might expose the administration interface to the
    WAN interface (typically connected to the Internet), even if the
    routers are configured to disable remote administration.
    So if you turned off remote administration and put the router on an
    Internet link, assuming the administration interface was disabled, a
    hacker could use the admin interface to break in. However, if you took
    a few minutes to probe the router from the WAN side, you might
    discover that the admin interface still answers even though it's
    supposedly disabled.
    Linksys, a division of Cisco Systems, released a new beta version of
    the WRT54G firmware to correct the problem, so if you use the device,
    you might consider loading the beta firmware. You might also consider
    placing your wireless routers behind a firewall, even if your routers
    have a built-in firewall, to help minimize unwanted system exposure
    and unwanted access.
    A case in point for that suggestion pertains to another wireless
    router, the NETGEAR WG602, also mentioned on Bugtraq last week.
    Apparently, for some unknown reason, NETGEAR has integrated an
    undocumented administrator account into its router's firmware. The
    account can't be disabled, is accessible from the LAN and WAN sides of
    the router, and has a plaintext logon name and password that
    researchers have of course discovered. Anybody who uses the router is
    vulnerable to attack. If you have the router behind some other
    firewall that blocks access to its administration interface, then at
    least you're protected against attacks from the outside, but
    unauthorized users inside the local network could still log on to the
    The Linksys router vulnerability apparently stemmed from a programming
    error and has been fixed. But I have no idea why NETGEAR would
    implement an undocumented administrator account. Maybe it was
    inadvertently left in place. Clearly, you shouldn't blindly trust
    products--you need to consider checking them to make sure they perform
    as expected.
    ==== Sponsor: Windows & .NET Magazine ====
       Get 2 Sample Issues of Windows & .NET Magazine!
       Every issue of Windows & .NET Magazine includes intelligent,
    impartial, and independent coverage of security, Active Directory,
    Exchange, scripting, and much more. Our expert authors deliver how-to
    articles and product evaluations that will help you do your job
    better. Try two, no-risk sample issues today, and find out why 100,000
    IT professionals rely on Windows & .NET Magazine each month!
    ==== 2. Security News and Features ====
    Recent Security Vulnerabilities
       If you subscribe to this newsletter, you also receive Security
    Alerts, which inform you about recently discovered security
    vulnerabilities. You can also find information about these discoveries
    News: SP2 for Web Developers
       Microsoft has published a document on the Microsoft Developer
    Network (MSDN) titled "How to Make Your Web Site Work with Windows XP
    Service Pack 2." The article covers design changes you might need to
    consider regarding ActiveX controls, file download mechanisms, pop-up
    windows, Java, HTML dialog boxes, and window-positioning restrictions.
    Book Review: Hardening Windows
       For professionals who are heavily involved with Windows, a book
    titled "Hardening Windows" just cries out to be read. The author of
    "Hardening Windows" is Jonathan Hassell, a systems administrator and
    IT consultant who defines the term "hardening" as "the process of
    protecting a system against unknown threats." He points out that the
    four cornerstones of any such policy are privacy, trust, authenticity,
    and integrity. Privacy is the capability that a company or
    organization possesses to keep information confidential, and trust
    questions the validity of data and objects by not simply accepting
    things at face value. Authenticity involves ensuring that people
    really are who they say they are, and integrity ensures that systems
    aren't compromised in any way. You can read the entire book review on
    our Web site.
    Feature: Performing Forensic Analyses, Part 1
       In the "Security Administrator" articles "Building and Using an
    Incident Response Toolkit, Part 1" (April 2004, InstantDoc ID 41900)
    and "Building and Using an Incident Response Toolkit, Part 2" (May
    2004, InstantDoc ID 42173), Matt Lesko discusses how to quickly and
    appropriately respond to a computer security incident. In the
    follow-up article "Performing Forensic Analyses, Part 1," he prepares
    to analyze the compromised machine by creating a bootable CD-ROM and
    duplicating the compromised machine's hard disk.
    ==== Announcements ====
       (from Windows & .NET Magazine and its partners)
    Get 5 Years Worth of SQL Server Tools, Tips, & Content
       Introducing version 8 of the SQL Server Magazine Master CD.
    Subscribe today and get portable, high-speed access to all articles,
    code, tips, tricks, and expertise published in SQL Server Magazine and
    T-SQL Solutions. Let this helpful resource save you some time anywhere
    you are. Subscribe now and get 25% off!
    Does Your Company Currently Use Microsoft Windows NT Server?
       If your answer is "yes," Windows & .NET Magazine wants your
    opinion! Take a short survey and register to win an Xbox. Click the
    link below to help us understand why more than 3 million servers
    currently run Windows NT Server. Give your opinion about consolidating
    file print servers and upgrading to Windows 2003.
    The Conference on Securing and Auditing Windows Technologies, July
       New for 2004, The Conference on Securing and Auditing Windows
    Technologies will be held July 20-21, 2004, at the Fairmont Copley
    Plaza in Boston, MA. In vendor-neutral sessions on today's hottest
    topics, you'll get practical strategies for mitigating risk and
    safeguarding your systems. For more information, call 508-879-7999 or
    go to:
    ==== Hot Release ====
       Spammers are attacking the security and integrity of corporations.
       In this white paper, you'll learn to defend your organization
    against these threats. Topics include:
       * The security threat presented by spam
       * Spammer methods and techniques
       * The impact, including liability and damage to your reputation
    ==== 4. Security Toolkit ====
    FAQ: How can I recover Microsoft Office Outlook Messages that have
    been removed by a hard delete?
       by John Savill, http://www.winnetmag.com/windowsnt20002003faq
    A. Usually when you delete a message, Exchange Server moves it to the
    Deleted Items folder, which you can empty by right-clicking Deleted
    Items and selecting Empty "Deleted Items" Folder from the displayed
    context menu. Alternatively, you can configure Outlook to empty the
    Deleted Items folder each time you close Outlook. To do so, select
    Tools, Options and click the Other tab. In the General section, select
    the "Empty the Deleted Items folder upon exiting" check box.
    After Exchange removes items from the Deleted Items folder, it keeps
    them for 7 days. During this time, you can recover deleted messages
    from the Deleted Items folder by selecting Tools, Recover Deleted
    You can perform a hard delete of a message by highlighting the message
    and pressing Shift+Del. Performing a hard delete removes the message
    without moving it to the Deleted Items folder. When you attempt to
    recover hard-deleted items, you'll see that they aren't listed in the
    recovery dialog box. If you select the folder from which you performed
    the hard delete (e.g., Inbox), you'll see that the option to recover
    deleted items is unavailable from the Tools menu.
    If you want to be able to recover items that have been deleted from an
    Outlook folder--including hard-deleted items--you need to perform the
    following steps or add the dumpster.reg entry to the registry. You can
    download the dumpster.reg entry at the URL below.
       1. Start the registry editor (regedit.exe).
       2. Navigate to the
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Exchange\Client\Options subkey.
       3. From the Edit menu, select New and click DWORD Value.
       4. Enter the name DumpsterAlwaysOn and press Enter.
       5. Double-click the new value and set it to 1. Click OK.
       6. Close the registry editor.
    When you restart Outlook, the option to recover messages should be
    available for all folders.
    Featured Thread: Directory ACL Report Generator
       (Two messages in this thread)
       Chris writes that he's looking for a tool that will generate a
    report of the directory structure and the assigned ACLs on his file
    servers. He has tried some of the tools from the Windows 2000 Resource
    Kit, such as showacls and showmbrs, but they don't seem to work on
    large directory structures like his. Lend a hand or read the
    ==== Events Central ====
       (A complete Web and live events directory brought to you by Windows
    & .NET Magazine: http://www.winnetmag.com/events )
    The Exchange Server Seminar Series Coming to Your City in June
       Join industry experts Kieran McCorry, Donald Livengood, and Kevin
    Laahs for this free event! Learn the benefits of migrating to an
    integrated communications environment, consolidating and simplifying
    implementation of technology, and accelerating worker productivity.
    Register now and enter to win an HP iPAQ and $500 cash!
    ==== 5. New and Improved ====
       by Jason Bovberg, products@private
    Secure Your Property with Network Camera Surveillance
       RFC Services released Visual Hindsight Professional Edition 1.01,
    software that supports network cameras and video servers capable of
    working with industry-standard JPEG still images or motion-JPEG image
    streams. Version 1.01 permits real-time viewing of as many as 100
    cameras and video servers, while simultaneously recording as many as
    50 live video streams to disk as compressed AVI files. Visual
    Hindsight, which costs $149, works with Windows XP, Windows 2000, and
    Windows NT. You can download a trial version from the Visual Hindsight
    Web site.
    Tell Us About a Hot Product and Get a T-Shirt!
       Have you used a product that changed your IT experience by saving
    you time or easing your daily burden? Tell us about the product, and
    we'll send you a Windows & .NET Magazine T-shirt if we write about the
    product in a future Windows & .NET Magazine What's Hot column. Send
    your product suggestions with information about how the product has
    helped you to whatshot@private
    ==== Sponsored Links ====
       Comparison Paper: The Argent Guardian Easily Beats Out MOM
    Microsoft(R) TechNet
       Microsoft(R) TechNet Webcasts: essential guidance, industry experts
    Editor's note: Share Your Security Discoveries and Get $100
       Share your security-related discoveries, comments, or problems and
    solutions in the Security Administrator print newsletter's Reader to
    Reader column. Email your contributions (500 words or less) to
    r2rsecadmin@private If we print your submission, you'll get
    $100. We edit submissions for style, grammar, and length.
    ==== Contact Us ====
    About the newsletter -- letters@private
    About technical questions -- http://www.winnetmag.com/forums
    About product news -- products@private
    About your subscription -- securityupdate@private
    About sponsoring Security UPDATE -- emedia_opps@private
    ==== Contact Our Sponsors ====
    Primary Sponsor:
       OpenNetwork -- http://www.opennetwork.com -- 1-877-561-9500
    Hot Release Sponsor:
       CipherTrust -- http://www.ciphertrust.com -- 1-877-448-8625
    This email newsletter is brought to you by Windows & .NET Magazine,
    the leading publication for IT professionals deploying Windows and
    related technologies. Subscribe today.
    You received this email message because you asked to receive
    additional information about products and services from the Windows &
    .NET Magazine Network. To unsubscribe, send an email message to
    mailto:Security-UPDATE_Unsub@private Thank you!
    View the Windows & .NET Magazine privacy policy at
    Windows & .NET Magazine, a division of Penton Media, Inc.
    221 East 29th Street, Loveland, CO 80538
    Attention: Customer Service Department
    Copyright 2004, Penton Media, Inc. All rights reserved.
    ISN mailing list
    Sponsored by: OSVDB.org - For 15 cents a day, you could help feed an InfoSec junkie!
    (Broke? Spend 15 minutes a day on the project!)

    This archive was generated by hypermail 2b30 : Thu Jun 10 2004 - 05:38:44 PDT