From: InfoSec News (isnc4i.org)
Date: Thu Oct 04 2001 - 03:04:21 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

********************
Windows 2000 Magazine Security UPDATE--brought to you by Security
Administrator, a print newsletter bringing you practical, how-to
articles about securing your Windows 2000 and NT systems.
   http://www.secadministrator.com
********************

~~~~ THIS ISSUE SPONSORED BY ~~~~

Windows 2000 Magazine 70-270 Question of the Day
   http://lists.win2000mag.net/cgi-bin3/flo?y=eHvs0CJgSH0BVg0KrD0Ah

~~~~~~~~~~~~~~~~~~~~

~~~~ SPONSOR: WINDOWS 2000 MAGAZINE 70-270 QUESTION OF THE DAY ~~~~
   Test Your Windows XP Knowledge - Free!
   Our MCSE Exam 70-270 Question-of-the-Day email dives into the new
Windows XP topics such as installing and configuring handheld devices
and managing mobile users, while also measuring your skills in
networking basics, TCP/IP fundamentals, user accounts, protocol
features, and much more. Sign up (for FREE) today!
   http://lists.win2000mag.net/cgi-bin3/flo?y=eHvs0CJgSH0BVg0KrD0Ah

********************

October 3, 2001--In this issue:

1. IN FOCUS
     - The Patriot Act and Great Security Tools

2. SECURITY RISKS
     - Cisco PIX Firewalls Vulnerable to SMTP Filtering Bypass
     - Exchange 2000 OWA Vulnerable to DoS Attack

3. ANNOUNCEMENT
     - What Does the Home of the Not-Too-Distant Future Look Like?

4. SECURITY ROUNDUP
     - News: Attorney General Ashcroft Tells Hackers: You're an Enemy
       of the State
     - News: Gartner: Enterprises Should Consider IIS Alternatives
     - Feature: Lock Down Your PDA
     - Expediting the Arduous Security Update Process

5. SECURITY TOOLKIT
     - Book Highlight: Hack Attacks Encyclopedia: A Complete History of
       Hacks, Phreaks, and Spies Over Time
     - Virus Center
     - FAQ: How Can I View the Contents of the Netlogon.chg File?

6. NEW AND IMPROVED
     - Protect Your System from Viruses
     - Detect and Respond to Flood Attacks

7. HOT THREADS
     - Windows 2000 Magazine Online Forums
         - Featured Thread: Clients Can't View SSL Web Sites
     - HowTo Mailing List:
         - Featured Thread: Blue Screen of Death

8. CONTACT US
   See this section for a list of ways to contact us.

~~~~~~~~~~~~~~~~~~~~

1. ==== COMMENTARY ====

Hello everyone,

Have you heard about the Anti-Terrorism Act (ATA) of 2001, which is
before the US House Judiciary Committee? If the present form of the
proposed bill becomes law, hacking a computer system becomes a
terrorist act punishable by up to life in prison. You can read about
the ATA in our related news story in the SECURITY ROUNDUP section of
this newsletter.

As a result of seeing the ATA in conjunction with public reaction, two
committee members presented an alternative bill--another set of
proposed changes to existing US Code. That subsequent proposal, dubbed
the Patriot Act, addresses concerns about classifying hacking as a
terrorism act. As you'll learn by reading the proposed Patriot Act (see
the URL below next paragraph), Section 309 makes it clear that
computer-related crimes would only become an act of terrorism if those
crimes "[are] calculated to influence or affect the conduct of
government by intimidation or coercion; or to retaliate against
government conduct."

The House Judiciary Committee staff has prepared an interpretation of
the Patriot Act that further clarifies the lawmakers' intent to
reclassify computer crimes (see URL below). In the document, the staff
interprets Section 309 of the Patriot Act to mean, "a crime is only
considered to be [a] Federal terrorism offense if it can be proven to
be calculated to influence or affect the conduct of government by
intimidation or coercion; or to retaliate against government conduct."
   http://www.epic.org/privacy/terrorism/patriot_sec.pdf

Even with such clarifications, however, many privacy groups are raising
concerns about what they interpret to be considerable privacy and civil
liberties issues that the Patriot Act presents. For viewpoints about
these concerns, visit the Electronic Privacy Information Center (EPIC)
at the following URL:
   http://www.epic.org

On another note, I want to tell you about two security tools that you
might find useful in your daily routines. The first tool is a freeware
package called Eraser. The tool helps remove disk data when you delete
files from your system. Eraser deletes the files by overwriting the
disk data numerous times. Such a process helps ensure that any residual
magnetic flux on the disk won't be sufficient for any nonauthorized
data-recovery operation attempts.

Eraser runs on all Windows platforms from Windows 95 through Windows
2000. Eraser installs as a Windows Explorer shell extension, which adds
a new menu item to Explorer-related popup menus. For example, if you
right-click the Recycle Bin, in addition to the standard menu selection
"Empty Recycle Bin," you'll find a new menu selection called "Erase
Recycle Bin." The same holds true for the Explorer shell itself: When
you right-click any file or folder within Explorer, you'll find a new
menu item entitled "Erase" in addition to the standard "Delete" menu
selection.

Sami Tolvanen, a computer science major in Finland, developed Eraser.
You can download a copy at the URL below. You can also obtain the
source code for Eraser at the site--it's freely available under the
GNU's Not UNIX (GNU) General Public License (GPL).
   http://www.tolvanen.com/eraser/download.shtml

The other tool I want to remind you about is our online Web-based
security forum. On our Security Administrator Web site, you'll find
four Web forums that cover security problems with Win2K, Windows NT,
Microsoft IIS, and Microsoft Proxy Server. These forums are a great
resource--a way to get help from or offer help to people who prefer not
to use mailing list-based discussion forums. Several of our forum pros
moderate the forums and also help answer questions. Be sure to stop by
the forums at the following URL:
   http://www.secadministrator.com/forums/Index.cfm

And if you haven't heard the news, Gartner Group recommends that
Windows users not run IIS--that they immediately switch to another Web
server platform. Read Gartner's comments and what prompted such advice
in Paul Thurrott's related news story in the SECURITY ROUNDUP section
of this newsletter. Until next time, have a great week.

Sincerely,

Mark Joseph Edwards, News Editor, markntsecurity.net

2. ==== SECURITY RISKS ====
   (contributed by Ken Pfeil, kenwin2000mag.com)

* CISCO PIX FIREWALLS VULNERABLE TO SMTP FILTERING BYPASS
   Cisco Systems Secure PIX Firewalls that provide access to SMTP mail
servers might let users bypass the firewall's SMTP command filtering.
In such events, intruders can gather information about email accounts
or perform exploits against the mail server if that server has any
vulnerabilities. To remedy the problem, Cisco is offering free software
upgrades to all affected customers.
   http://www.secadministrator.com/articles/index.cfm?articleid=22698

* EXCHANGE 2000 OWA VULNERABLE TO DOS ATTACK
   Joao Gouveia reported a vulnerability in Microsoft Exchange 2000
Outlook Web Access (OWA) due to unchecked directory paths. Because
Exchange attempts to process requests without checking for the
existence of a directory, a user can instigate a Denial of Service
(DoS) attack against the server by repeatedly making requests that
include a deeply nested, nonexistent folder. Only users who can
authenticate to the server can launch attacks. Microsoft has released
Bulletin MS01-049 and a patch to fix this vulnerability.
   http://www.secadministrator.com/articles/index.cfm?articleid=22697

3. ==== ANNOUNCEMENT ====

* WHAT DOES THE HOME OF THE NOT-TOO-DISTANT FUTURE LOOK LIKE?
   You've never seen anything like the Connected Home Magazine Virtual
Tour. Experience (room by room) the latest home entertainment, home
networking, and home automation options that will change the way you
work and play. While you're there, enter to win a free copy of Windows
XP!
   http://lists.win2000mag.net/cgi-bin3/flo?y=eHvs0CJgSH0BVg0LTe0Al

4. ==== SECURITY ROUNDUP ====

* NEWS: ATTORNEY GENERAL ASHCROFT TELLS HACKERS: YOU'RE AN ENEMY OF THE
STATE
   A new bill before the US House of Representatives--the Anti-
Terrorism Act of 2001 (ATA)--would make any computer intrusion an act
of terrorism punishable by as much as life in prison. The authors
designed the bill to help America defend itself against terrorism, but
the bill includes several proposed changes to existing US Code that
have caused an outcry in the computer security community. Learn more
about the changes by reading the article on our Web site.
   http://www.secadministrator.com/articles/index.cfm?articleid=22704

* NEWS: GARTNER: ENTERPRISES SHOULD CONSIDER IIS ALTERNATIVES
   Market Analysis firm Gartner has issued a stunning recommendation
regarding Microsoft IIS Web server: If you're currently deploying the
software, Gartner recommends that you look for an alternative, and if
you're not already running IIS, don't. Gartner blames the number of
recent hacker attacks on IIS, and the company says that Microsoft
doesn't respond quickly enough to keep its customers secure. See the
following URL for more details:
   http://www.secadministrator.com/articles/index.cfm?articleid=22587

* FEATURE: LOCK DOWN YOUR PDA
   Randy Franklin Smith meets people everywhere who believe that
password protection is sufficient to protect their personal information
on computers and PDAs. This belief is dangerously naive. Microsoft Word
and Palm OS password protection is trivial: A thief who steals your
computer or PDA can easily figure out your passwords. Learn what Smith
has to say about locking down your PDA in this article in Connected
Home Magazine.
http://www.connectedhomemag.com/mobile/articles/index.cfm?articleid=22456

* FEATURE: EXPEDITING THE ARDUOUS SECURITY UPDATE PROCESS
   Along with many of you, Paula Sharick has been cleaning up her
computer systems in the wake of the Code Red worm and the W32.Nimda
virus. Paula has endured almost 2 months of nonstop troubleshooting and
updating system software. She can't believe the hoops that Microsoft
users must jump through to cross-reference a Microsoft security
bulletin number with a Microsoft article number, locate and download
individual hotfix updates, install the updates (either manually or with
a script), and perform a final audit to verify that all updates
installed properly. Paula has some suggestions for Microsoft regarding
ways to improve how users perform security updates. Be sure to read her
article on our Web site.
   http://www.secadministrator.com/articles/index.cfm?articleid=22667

5. ==== SECURITY TOOLKIT ====

* BOOK HIGHLIGHT: HACK ATTACKS ENCYCLOPEDIA: A COMPLETE HISTORY OF
HACKS, PHREAKS, AND SPIES OVER TIME
   By John Chirillo
   List Price: $64.99
   Fatbrain Online Price: $51.99
   Softcover; 960 pages
   Published by John Wiley & Sons, September 2001
   ISBN 0471055891

For more information or to purchase this book, go to
http://www1.fatbrain.com/asp/bookinfo/bookinfo.asp?theisbn=0471055891
and enter WIN2000MAG as the discount code when you order the book.

* VIRUS CENTER
   Panda Software and the Windows 2000 Magazine Network have teamed to
bring to you the Center for Virus Control. Visit the site often to
remain informed about the latest threats to your system security.
   http://www.secadministrator.com/panda

* FAQ: HOW CAN I VIEW THE CONTENTS OF THE NETLOGON.CHG FILE?
   ( contributed by John Savill, http://www.windows2000faq.com )

A. You can't use a standard text editor to read netlogon.chg, but
Windows 2000 Support Tools supplies the nltest.exe utility that you can
use to view the contents of netlogon.chg. Execute the following command:

   C:\> nltest /list_deltas:netlogon.chg

The system displays a lot of information, listing all changes made to
the domain. The trust entry that appears in the Local Security
Authority (LSA) Database section consists of entries similar to the
following:

Order: 1 DeltaType AddOrChangeLsaSecret (18) SerialNumber: 100 77bb
Immediately Name: 'G$$SAVTECHLON'
Order: 2 DeltaType AddOrChangeLsaSecret (18) SerialNumber: 100 77bc

6. ==== NEW AND IMPROVED ====
   (contributed by Scott Firestone, IV, productswin2000mag.com)

* PROTECT YOUR SYSTEM FROM VIRUSES
   Central Command Software released AntiVirus eXpert Professional 6.0,
an antivirus defense and Internet application firewall. The system
features behavior-blocking to stop suspicious access to the Internet,
system registry, or file system; Internet filtering to block specific
Web sites, IP addresses, and TCP/IP port numbers; Internet application
control to intercept and block all unauthorized outbound Internet
connections; and privacy control to monitor incoming and outgoing
cookies. Prices start at $49.95. Contact Central Command Software at
330-723-2062 or 877-943-8287.
   http://www.centralcommand.com

* DETECT AND RESPOND TO FLOOD ATTACKS
   Reactive Network Solutions released FloodGuard, software that
manages other network infrastructure devices deployed within the
corporate or service-provider network to detect and mitigate flood
attacks launched over the Internet. The system confirms the presence of
the attack and manages filters in upstream routers and switches to
mitigate the attack's effects. For pricing, contact Reactive Network
Solutions at 650-365-4000.
   http://www.reactivenetworks.com

7. ==== HOT THREADS ====

* WINDOWS 2000 MAGAZINE ONLINE FORUMS
   http://www.win2000mag.net/forums

Featured Thread: Clients Can't View SSL Web Sites
   (Two messages in this thread)

Fran used Secure Sockets Layer (SSL) to put the Microsoft Nimda patches
on her server. Now her users can't access the secured Web sites, and
she can't access sites with accounts that have domain administrative
permissions. Another user set up an SSL Web site for Microsoft Exchange
2000 Outlook Web Access (OWA) and received and installed the server
certificates, but now can't access the Web site. Read more about the
questions and responses, or lend a hand at the following URL:
   http://www.win2000mag.net/forums/rd.cfm?app=64&id=79866

* HOWTO MAILING LIST
   http://www.secadministrator.com/listserv/page_listserv.asp?s=howto

Featured Thread: Blue Screen of Death
   (Five messages in this thread)

This user is experiencing system crashes under Windows 2000 while
running NetMeeting 3.01. When the system crashes and presents the
standard blue screen, the error message is
MULTIPLE_IRP_COMPLETE_REQUESTS. The user wonders what the message means
and whether NetMeeting is causing the crashes. Can you help? Read the
responses or lend a hand at the following URL:
http://63.88.172.96/listserv/page_listserv.asp?a2=ind0109d&l=howto&p=459

8. ==== CONTACT US ====
   Here's how to reach us with your comments and questions:

* ABOUT THE COMMENTARY -- markntsecurity.net

* ABOUT THE NEWSLETTER IN GENERAL -- mlibbeywin2000mag.com; please
mention the newsletter name in the subject line.

* TECHNICAL QUESTIONS -- http://www.win2000mag.net/forums

* PRODUCT NEWS -- productswin2000mag.com

* QUESTIONS ABOUT YOUR SECURITY UPDATE SUBSCRIPTION? -- Email Customer
Support at securityupdatewin2000mag.com.

* WANT TO SPONSOR SECURITY UPDATE? -- emedia_oppswin2000mag.com

********************

   Receive the latest information about the Windows 2000 and Windows NT
topics of your choice. Subscribe to our other FREE email newsletters.
   http://lists.win2000mag.net/cgi-bin3/flo?y=eHvs0CJgSH0BVg0KrD0Ah

|-+-+-+-+-+-+-+-+-+-|

Thank you for reading Storage UPDATE.

SUBSCRIBE
To subscribe, send a blank email to mailto:Security_UPDATE_Sublists.win2000mag.net.

-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomoattrition.org with 'unsubscribe isn' in the BODY
of the mail.

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]