|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Marc Fossi (mfossi
securityfocus.com)Date: Mon Oct 01 2001 - 11:43:11 CDT
SecurityFocus Microsoft Newsletter #54
--------------------------------------
This newsletter is sponsored by: SecurityFocus
(http://www.securityfocus.com)
SPECIAL OFFER: Upgrade now to a better class of security intelligence
for the same price you're paying your current provider.
SecurityFocus announces an opportunity for you to move from your current
security alert service provider to SecurityFocus SIA, the best Security
Intelligence Alert service available. From now to Sept. 30, 2001,
SecurityFocus is offering you the opportunity to have one year of our
unmatched Security Intelligence Alert service delivered to you at the
same price as your existing service.
SIA eliminates the need to dedicate your valuable staff resources to
sift through the mountain of potential threats to evaluate the latest
important security information.
Features and Benefits
*Largest Resource of Vendor and Product Vulnerabilities
*More than 700 vendor and 1,300 product vulnerabilities tracked
continuously
*Security experts on staff seven days a week monitoring
vulnerabilities worldwide.
*Detailed, Configurable Alerts
*Targeted to the IS managers responsible for maintaining specific
applications, systems, or networks
*Automatic dissemination of vulnerability information to the
responsible entity within the enterprise
*Detailed patch and release information is provided in the
vulnerability to eliminate fumbling through vendor sites looking for
downloads
This offer is limited to up to 10 seats. Proof of current Service Level
Agreement with 3rd party vendor is required. Voice/fax/SMS alert delivery
subject to additional fees.
In order to take advantage of this limited time offer, contact us at
+1.650.655.6300 or <siasalessecurityfocus.com> or visit us on the web at
<http://www.securityfocus.com/intelligence/>;;
-------------------------------------------------------------------------------
I. FRONT AND CENTER
1. False Positive and False Negative Reduction Strategies and
Techniques, Part Two
2. Introduction to Security Policies, Part Two: Creating a Supportive
Environment
II. MICROSOFT VULNERABILITY SUMMARY
1. Microsoft Outlook Express 6 Plain Text Message Scri...
2. Microsoft Index Server 2.0 File Information and Path Discl...
III. MICROSOFT FOCUS LIST SUMMARY
1. Source port 69 (Thread)
2. Open Guest Share question (Thread)
3. Exchange mailing list (Thread)
4. Pros and against using Multiple firewalls in a network ru nning...
5. Outlook / Outlook Express security - registry settings (Thread)
6. Windows Update (Thread)
7. SecureIIS (Thread)
8. Second Nimda Wave (Thread)
9. Removing Outlook Express & NetMeeting (Thread)
10. Blocking Extenstions (Thread)
11. JRun 3.0 SP2 Vulnerability?? (Thread)
12. Pros and against using Multiple firewalls in a network running...
13. Audit trail tools or ideas (Thread)
14. FW: Open Guest Share question (Thread)
15. How secure is Terminal Services (WAS: Re: SecureIIS) (Thread)
16. Terminal Services (Thread)
17. Server NOT Patched!! hmmm (Thread)
18. By the numbers: Comparing Windows security to Linux (Thread)
19. Blocking Extensions (Thread)
20. URLscan overhead (Thread)
21. Administrivia: FAQ etc. (Thread)
22. Ideas for a "IIS 5.2" (Thread)
24. Exhcange SMTP Authentication. (Thread)
25. Exchange Attachments (Thread)
26. Nimba (Thread)
27. URLSCAN (Thread)
28. Viewing UNIX wtmp/utmp logs on WIN NT (Thread)
29. Resolving Windows Insecurities (Thread)
30. FW: Removing Outlook Express & NetMeeting (Thread)
31. Returned post for bugtraqsecurityfocus.com (fwd) (Thread)
32. FW: URLscan problems (Thread)
33. TROJ_VOTE.A (Thread)
34. Fwd: FW: By the numbers: Comparing Windows security to Linux...
35. Proxy settings in win 98 (Thread)
36. Quick Norton AV question (Thread)
37. ISA Server and sessions (Thread)
38. EVENT ID 1000 and 1202 events in Application Log afterimpor...
39. SecurityFocus Microsoft Newsletter #53 (Thread)
40. Question about Internet Security Settings (Thread)
41. By the numbers: Comparing Windows security to Linux + article...
42. EVENT ID 1000 and 1202 events in Application Log after...
43. W2K Security Templates (Thread)
44. TITAN equivilent for NT? (Thread)
45. Quick Notoan AV question (Thread)
46. EVENT ID 1000 and 1202 events in Application Log after import...
47. Quick and nasty way to stop client infection (Thread)
IV.NEW PRODUCTS FOR MICROSOFT PLATFORMS
1. Hailstorm v1.2
2. movianCrypt
3. MultiSecure
4. EventAdmin
5. PowerBroker
6. CyberArmor Suite
V. NEW TOOLS FOR MICROSOFT PLATFORMS
1. EndoShield v1.2
2. Windows 9x PassWord List reader v0.07
3. HEXtreme Hex Editor for Windows v2.3
4. ngrep (Windows) v1.39.2
5. DDoSPing v2.0
VI. SPONSORSHIP INFORMATION
I. FRONT AND CENTER
-------------------
1. False Positive and False Negative Reduction Strategies and Techniques,
Part Two
by Kevin Timm
This is the second of a two-part series devoted to the discussion of false
alarms on network-based intrusion detection systems. The first article
offered an overview of false alarms, of false positives as they are
commonly known, and false negatives. This installment will look at a few
ways to reduce false alarms.
http://www.securityfocus.com/cgi-bin/infocus.pl?id=1477
2. Introduction to Security Policies, Part Two: Creating a Supportive
Environment
by Charl van der Walt
As we concluded the first article of this series, we pointed out that
policies in themselves are ineffective; their effectiveness is directly
proportional to the support they receive from the organization. Thus it is
crucial that the organization be aware of the importance of security
policies and create an environment in which security is given a high
priority. The bigger the organization, the more important this support
becomes. This article will go over a few of things that can be done to
ensure that security policies given the full support of the management of
the organization, which will thereby increase the efficacy of the
policies.
http://www.securityfocus.com/cgi-bin/infocus.pl?id=1473
II. BUGTRAQ SUMMARY
-------------------
1. Microsoft Outlook Express 6 Plain Text Message Script Execution Vulnerability
BugTraq ID: 3334
Remote: Yes
Date Published: 2001-09-12
Relevant URL:
http://www.securityfocus.com/bid/3334
Summary:
In order for scripting components in an email message to execute, the
email message must be have a content-type of text/html set in it's header.
The content-type field in the header is used by email clients and gateway
filtering software to determine how to handle the message. Many
administrators use gateway software to filter mail of content-type
text/html so that messages containing potentially malicious scripts are
not delivered.
A vulnerability exists in Outlook Express 6 which may lead to code
embedded in an email message of content-type 'text/plain' to be executed.
The script code must be contained within the first 57 characters on the
first line of the message. Any additional characters on either line will
cause the message to be parsed in plain text. It is not known why this
behaviour is present.
Only the <script> tag appears to function in this manner.
It is important to note that Outlook Express 6 does not allow any
scripting to be executed by default. This security feature must be turned
off in order to exploit this vulnerability.
2. Microsoft Index Server 2.0 File Information and Path Disclosure Vulnerability
BugTraq ID: 3339
Remote: Yes
Date Published: 2001-09-14
Relevant URL:
http://www.securityfocus.com/bid/3339
Summary:
The sqlqhit.asp sample file is used for performing web-based SQL queries.
Malicious users could send specifically crafted HTTP request to an
Internet Information Services server running Index Server to reveal path
information, file attributes, and possibly some lines of the file
contents.
The sqlqhit.asp file is located in the \inetpub\iissamples\ISSamples\
folder and is installed by default.
III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. Source port 69 (Thread)
Relevant URL:
2. Open Guest Share question (Thread)
Relevant URL:
3. Exchange mailing list (Thread)
Relevant URL:
4. Pros and against using Multiple firewalls in a network ru nning on Win2k Advanced server.(repost.. Previous post was missing the su bject line) (Thread)
Relevant URL:
5. Outlook / Outlook Express security - registry settings (Thread)
Relevant URL:
6. Windows Update (Thread)
Relevant URL:
7. SecureIIS (Thread)
Relevant URL:
8. Second Nimda Wave (Thread)
Relevant URL:
9. Removing Outlook Express & NetMeeting (Thread)
Relevant URL:
10. Blocking Extenstions (Thread)
Relevant URL:
11. JRun 3.0 SP2 Vulnerability?? (Thread)
Relevant URL:
12. Pros and against using Multiple firewalls in a network running on Win2k Advanced server.(repost.. Previous post was missing the subject line) (Thread)
Relevant URL:
13. Audit trail tools or ideas (Thread)
Relevant URL:
14. FW: Open Guest Share question (Thread)
Relevant URL:
15. How secure is Terminal Services (WAS: Re: SecureIIS) (Thread)
Relevant URL:
anchorsign.com">http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d88%26date%3d2001-09-28%26thread%3d02e801c14777$41dae770$af05a8c0anchorsign.com
16. Terminal Services (Thread)
Relevant URL:
ha.osd.mil">http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d88%26date%3d2001-09-28%26thread%3d003501c1476c$32febd40$7305859fha.osd.mil
17. Server NOT Patched!! hmmm (Thread)
Relevant URL:
18. By the numbers: Comparing Windows security to Linux (Thread)
Relevant URL:
19. Blocking Extensions (Thread)
Relevant URL:
20. URLscan overhead (Thread)
Relevant URL:
commtouch.com">http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d88%26date%3d2001-09-28%26thread%3d013e01c146c5$80057ef0$f701fe0acommtouch.com
21. Administrivia: FAQ etc. (Thread)
Relevant URL:
22. Ideas for a "IIS 5.2" (Thread)
Relevake%3flist%3d88%26date%3d2001-09-28%26thread%3dA7CE26891D15D41186AD0010E37Cok-mxs03.oppenheim.de
24. Exhcange SMTP Authentication. (Thread)
Relevant URL:
25. Exchange Attachments (Thread
Relevant URL:
26. Nimba (Thread)
Relevant URL:
27. URLSCAN (Thread)
Relevant URL:
28. Viewing UNIX wtmp/utmp logs on WIN NT (Thread)
Relevant URL:
29. Resolving Windows Insecurities (Thread)
Relevant URL:
30. FW: Removing Outlook Express & NetMeeting (Thread)
Relevant URL:
31. Returned post for bugtraqsecurityfocus.com (fwd) (Thread)
Relevant URL:
32. FW: URLscan problems (Thread)
Relevant URL:
33. TROJ_VOTE.A (Thread)
Relevant URL:
34. Fwd: FW: By the numbers: Comparing Windows security to Linux (Thread)
Relevant URL:
35. Proxy settings in win 98 (Thread)
Relevant URL:
36. Quick Norton AV question (Thread)
Relevant URL:
37. ISA Server and sessions (Thread)
Relevant URL:
38. EVENT ID 1000 and 1202 events in Application Log afterimporting a security template (Thread)
Relevant URL:
39. SecurityFocus Microsoft Newsletter #53 (Thread)
Relevant URL:
40. Question about Internet Security Settings (Thread)
Relevant URL:
41. By the numbers: Comparing Windows security to Linux + article Comment (Thread)
Relevant URL:
42. EVENT ID 1000 and 1202 events in Application Log after importing a security template (Thread)
Relevant URL:
43. W2K Security Templates (Thread)
Relevant URL:
lauradominion.com">http://www.securityfocus.com/frames/index.html?content=%2ftemplates%2farchive.pike%3flist%3d88%26date%3d2001-09-28%26thread%3d009601c1431f$d4b95f10$0a00010alauradominion.com
44. TITAN equivilent for NT? (Thread)
Relevant URL:
45. Quick Notoan AV question (Thread)
Relevant URL:
46. EVENT ID 1000 and 1202 events in Application Log after import ing a security template (Thread)
Relevant URL:
47. Quick and nasty way to stop client infection (Thread)
Relevant URL:
IV.NEW PRODUCTS FOR MICROSOFT PLATFORMS
---------------------------------------
1. Hailstorm v1.2
by ClicktoSecure.Com, INC
Relevant URL:
http://www.clicktosecure.com/products_cts.cfm
Platforms: Solaris, Windows NT, Windows 2000, MVS
Summary:
Proactive Security Scanning (PSS) is the next generation of security
scanner. PSS eliminates the pain of bug-tracking and vulnerability
databases. PSS allows the consumer to locate vulnerabilities that have
never been publicly reported or discovered. PSS puts the consumer ahead of
the curve by giving them the power to mitigate risks before potential
attackers know about it. By not relying on a vendor-supplied bug database,
customers can not only test public software, but also proprietary and
customized systems.
2. MovianCrypt
by Certicom
Relevant URL:
http://www.certicom.com/products/movian/moviancrypt.html
Platforms: PalmOS
Summary:
Certicom's movianCrypt integrates a password-based user log-in system with
strong encryption technology to achieve data security on your Palm OS
device. Transparent to end users, applications run unmodified on
movianCrypt-enabled devices, encrypting data as it is stored, and
decrypting data as it is accessed. Strong Data Encryption - Utilizes the
128-bit Advanced Encryption Standard (AES) to encrypt all data on your
PDA. Advanced Password Security - Protects against the theft of the
password from the desktop or from the device. The password is not stored
on the device, and it does not get transferred to the desktop during a
HotSync Optimizes Performance - Takes advantage of idle CPU time to
re-encrypt data on the fly; fine-tuned for performance on the 68K
processor Easy to Use - Features a simple GUI and installation process
Compatible Security Solution - Works with Certicom's movianVPN and other
third-party applications
3. MultiSecure
by Ubizen
Relevant URL:
http://www.ubizen.com/products_services/
Platforms: Solaris, Windows NT
Summary:
MultiSecure is security middleware, providing prime application-level
security for web transactions. It is highly scaleable: it can be used
across multiple applications and it is designed to keep up with changing
business needs. MultiSecure can be applied in e-business applications such
as Internet banking, insurance brokerage, e-trading, e-healthcare and
e-government. MultiSecure® offers you maximum protection to ensure
availability, confidentiality and data integrity of your e-business
transactions. Multiple security measures are enforced on the transactions
as defined in the central security policy. These measures include user
authentication, encryption, digital signatures, firewalls, intrusion
detection and auditing.
4. EventAdmin
by Aelita Software
Relevant URL:
http://www.aelita.com/products/EventAdmin.htm
Platforms: Solaris, Windows NT, Windows 2000, MVS
Summary:
EventAdmin is a comprehensive, robust, and flexible enterprise event
management, analysis and auditing system for Windows NT and Windows 2000
networks and infrastructure applications. EventAdmin gives you the power
to track and analyze user activity patterns, applications behavior and
systems health and performance.
5. PowerBroker
by Symark Software
Relevant URL:
http://www.symark.com/pbroker.htm
Platforms: Windows 3.x, PalmOS, NetBSD, MacOS, UNICOS
Summary:
Symark PowerBroker allows the full administrative powers of the root
account to be selectively delegated to trusted users without having to
disclose the root password, thereby maintaining system security. Second,
it provides an indelible audit trail of all actions occurring in important
accounts such as root, which allows sites to track exactly which actions
have been undertaken, by which people, when, and on which machine.
6. CyberArmor Suite
by InfoExpress
Relevant URL:
http://www.infoexpress.com/pr7fr.htm
Platforms: Windows 95/98
Summary:
CyberArmor works with InfoExpress' and other VPNs to detect and block
attacks against the PC using the appropriate level of security at all
times. CyberArmor detects where the system is located and what the user is
doing, then enforces a security policy appropriate to the current
situation.
V. NEW TOOLS FOR MICROSOFT PLATFORMS
------------------------------------
1. EndoShield v1.2
by Dave Cheeseman
Relevant URL:
http://endoshield.sourceforge.net/
Platforms: Linux
Summary:
EndoShield is a fully configurable firewall that will run under a 2.2 or
2.4 Linux kernel (ipchains or iptables). It requires no knowledge of
firewalls or how ipchains or iptables works. It is perfect for home users
wanting to secure their systems, but can also be configured for internet
connection gateways or server systems.
2. Windows 9x PassWord List reader v0.07
by xilun
Relevant URL:
http://xilun666.free.fr.
Platforms: UNIX, Windows 95/98
Summary:
Windows 9x Password List reader is a program that will allow you to see
the passwords contained in your Windows pwl database under Unix. You can
check the security of these files/try to recover the main password using
the bruteforce mode.
3. HEXtreme Hex Editor for Windows v2.3
by Mikersoft
Relevant URL:
http://www.mikersoft.com/hextreme/hextreme.zip
Platforms: Windows 2000, Windows 95/98, Windows NT
Summary:
Powerful Color Coded Hex Editor for Windows. Customize your own color
coding by setting byte or byte range colors to make files more readable to
you. Easy to use multiple document interface with modern look & feel.
Quickly and easily edit files up to 4 gigabytes in size with no worry of
running out of memory. Lightning fast searches on even the largest of
files. Search a file for a hex string, common ASCII string, or even for
Unicode strings.
4. ngrep (Windows) v1.39.2
by Jordan Ritter, jpr5darkridge.com
Relevant URL:
http://ngrep.sourceforge.net/
Platforms: Windows 2000, Windows 95/98, Windows NT
Summary:
ngrep strives to provide most of GNU grep's common features, applying them
to the network layer. ngrep is a pcap-aware tool that will allow you to
specify extended regular expressions to match against data payloads of
packets. It currently recognizes TCP, UDP and ICMP across Ethernet, PPP,
SLIP, FDDI and null interfaces, and understands bpf filter logic in the
same fashion as more common packet sniffing tools, such as tcpdump and
snoop.
5. DDoSPing v2.0
by Robin Keir robinkeirfoundstone.com
Relevant URL:
http://www.foundstone.com/rdlabs/tools.html
Platforms: Windows 2000, Windows 95/98, Windows NT
Summary:
DDoSPing is a remote scanner for the most common Distributed Denial of
Service programs (often called Zombies by the press). These were the
programs responsible for the recent rash of attacks on high profile web
sites. This tool will detect Trinoo, Stacheldraht and Tribe Flood Network
programs running with their default settings, although setup of each
program type is possible from the configuration screen. Scanning is
performed by sending the appropriate UDP and ICMP messages at a
controlable rate to a user defined range of addresses. Feedback
appreciated.
VI. SPONSORSHIP INFORMATION
---------------------------
This newsletter is sponsored by: SecurityFocus
(http://www.securityfocus.com)
SPECIAL OFFER: Upgrade now to a better class of security intelligence
for the same price you're paying your current provider.
SecurityFocus announces an opportunity for you to move from your current
security alert service provider to SecurityFocus SIA, the best Security
Intelligence Alert service available. From now to Sept. 30, 2001,
SecurityFocus is offering you the opportunity to have one year of our
unmatched Security Intelligence Alert service delivered to you at the
same price as your existing service.
SIA eliminates the need to dedicate your valuable staff resources to
sift through the mountain of potential threats to evaluate the latest
important security information.
Features and Benefits
*Largest Resource of Vendor and Product Vulnerabilities
*More than 700 vendor and 1,300 product vulnerabilities tracked
continuously
*Security experts on staff seven days a week monitoring
vulnerabilities worldwide.
*Detailed, Configurable Alerts
*Targeted to the IS managers responsible for maintaining specific
applications, systems, or networks
*Automatic dissemination of vulnerability information to the
responsible entity within the enterprise
*Detailed patch and release information is provided in the
vulnerability to eliminate fumbling through vendor sites looking for
downloads
This offer is limited to up to 10 seats. Proof of current Service Level
Agreement with 3rd party vendor is required. Voice/fax/SMS alert delivery
subject to additional fees.
In order to take advantage of this limited time offer, contact us at
+1.650.655.6300 or <siasalessecurityfocus.com> or visit us on the web at
<http://www.securityfocus.com/intelligence/>;;
-------------------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]