|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Marc Fossi (mfossi
securityfocus.com)Date: Wed Oct 10 2001 - 11:55:49 CDT
SecurityFocus Microsoft Newsletter #55
--------------------------------------
This Issue Sponsored by: Foundstone
"Ultimate Hacking: Hands On - NT/2000 Security"
If you're running a Windows network, then this is the intensive
3-day course with everything a hacker knows...that you'll need
to know! As a Specialist in Microsoft's Security Services
Partner Program, Foundstone knows hacking, security and
Microsoft. Register now for the class in Irvine, CA December
11-13.
-------------------------------------------------------------------------------
I. FRONT AND CENTER
1. ARIS extractor 1.5 release
2. Introduction to Security Policies, Part Three: Structuring
Security Policies
3. An Introduction OpenSSL, Part Four: The SSL and TLS Protocols
4. How to Design a Useful Incident Response Policy
5. Does IIS Have a Future?
II. MICROSOFT VULNERABILITY SUMMARY
1. Microsoft Excel and PowerPoint Macro Security Bypass Vulnerability
2. Microsoft Index Server 2.0 File Information and Path...
3. Microsoft Exchange OWA Server Resource Starvation Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
1. SV: Ftp server a bit more secure ? (Thread)
2. Microsoft Can't Win. (Thread)
3. Ftp server a bit more secure ? (Thread)
4. Microsoft Announces Strategic Technology Protection Program...
5. Retrieving NT 4 Administrator password (Thread)
6. ICMP, NT and IIS: What is a safe cocktail? (Thread)
7. web server setup - sharing UNC paths (Thread)
8. Lost admin password (Thread)
9. Group policy W2k Pro / NT4 Pdc (Thread)
10. Fwd: NT Users SHOULD be CAREFULL when applying NT hotfixes...
11. AW: External Account Information (Thread)
12. Running IIS locally - advice? (Thread)
13. Subject: C is for Cookie... (Thread)
14. HFNetChk - customizing the xml file (Thread)
15. C is for Cookie... (Thread)
16. Black Hole (Thread)
17. FW: C is for Cookie... (Thread)
18. SecurityFocus Microsoft Newsletter #54 (REVISED) (Thread)
19. NTLM (Thread)
20. NTP Port Vunerabilities? (Thread)
21. External Account Information (Thread)
22. SecurityFocus Microsoft Newsletter #54 (Thread)
23. Windows Update (Thread)
IV.NEW PRODUCTS FOR MICROSOFT PLATFORMS
1. CyberSafe Log Analyst (CLA)
2. SARA PRO
3. ConSeal PC Firewall
4. SecureSession
V. NEW TOOLS FOR MICROSOFT PLATFORMS
1. aCrypt
2. Harden NT
3. Anubis v1.0.2
4. Windump v3.52
VI. SPONSORSHIP INFORMATION
I. FRONT AND CENTER
-------------------
1. ARIS extractor 1.5 release
We're pleased to announce that we've just released version 1.5 of ARIS
extractor. We recommend that all users who use a previous version of ARIS
extractor upgrade to this release. This version includes numerous bug
fixes in both the UNIX and Windows version. The Windows version has also
been reworked to provide an installation wizard, which greatly simplifies
scheduling!
ARIS extractor now supports the following IDS systems:
ISS RealSecure
Network ICE BlackICE
Snort
Cisco Secure IDS (NetRanger)
Dragon IDS
Axent Netprowler
You can download the new ARIS extractor release at:
http://aris.securityfocus.com/Download.asp
Don't currently have an IDS?
We've released the first version of our new ARIS Sensor RPM. ARIS Sensor
combines Snort 1.8.1 with ARIS extractor in an easy to install Linux
package. This greatly simplifies the installation of your IDS. You can
download the stable beta version of ARIS Sensor at:
http://aris.securityfocus.com/Download.asp
We recommend that you schedule your uploads hourly. In the future, we
will be adding new functionality to ARIS analyzer that will provide your
with more real-time information on the status of your network. As a
result, the timeliness of your data is very important.
If you have any comments or feedback on ARIS, feel free to mail us at
aris-feedbacksecurityfocus.com!
2. Introduction to Security Policies, Part Three: Structuring Security
Policies
by Charl van der Walt
This is the third in a four-part overview of security policies. In the
first article, we looked at what policies are and what they can achieve.
In the second article, we looked at the organizational support required to
implement security policies successfully. In this installment, we shall
discuss how to develop and structure a security policy.
http://www.securityfocus.com/cgi-bin/infocus.pl?id=1487
3. An Introduction OpenSSL, Part Four: The SSL and TLS Protocols
by Holt Sorenson
This article completes the four-part series on OpenSSL, a library, written
in the C programming language, that provides routines for cryptographic
primitives utilized in implementing the Secure Sockets Layer (SSL) and
Transport Layer Security (TLS) protocols. OpenSSL also includes routines
for implementing the SSL and TLS protocols. An application called openssl,
which provides a command line interface to the library's routines, is also
part of the distribution. This article will provide some background on the
SSL protocol and its relationship to TLS. It will also discuss TLS in
depth, and show how users can use OpenSSL to set up and test TLS/SSL
connections.
http://www.securityfocus.com/cgi-bin/infocus.pl?id=1486
4. How to Design a Useful Incident Response Policy
by Timothy E. Wright
Perhaps you're the Information Security Officer for your company. Or,
maybe you're a technology auditor. Maybe you're in charge of data security
for your university's computing department. Regardless of your title and
circumstances, you've been working on implementing an information security
program (you have been working on your program, right?!) Such an endeavor
has a tremendous scope, requiring great feats of perception and planning.
This article aims to help you with an important facet of any information
security program: the incident response policy.
http://www.securityfocus.com/cgi-bin/infocus.pl?id=1467
5. Does IIS Have a Future?
by Tim Mullen
The Gartner Group recommends dumping Microsoft's web server software for
'alternatives.' What are they smoking?
http://www.securityfocus.com/columnists/28
II. BUGTRAQ SUMMARY
-------------------
1. Microsoft Excel and PowerPoint Macro Security Bypass Vulnerability
BugTraq ID: 3402
Remote: No
Date Published: 2001-10-04 00:00:00
Relevant URL:
http://www.securityfocus.com/bid/3402
Summary:
Microsoft Excel and PowerPoint contain a macro security feature. This
feature scans a document when a user opens it to determine if there are
any embedded macros. Then, depending on the security setting, the user is
prompted whether or not to allow the macro to run, or the macro is
bypassed automatically.
A malformed Excel or PowerPoint document could potentially bypass this
macro security feature, allowing the macro code to be executed without the
user's knowledge. This could allow an attacker to embed malicious code
within the malformed macro and having it execute on the target host.
This code would run with the permissions of the user currently logged in.
The malformed document containing the macro must still be opened by the
user in order for the macro to execute.
2. Microsoft Index Server 2.0 File Information and Path Disclosure Vulnerability
BugTraq ID: 3339
Remote: Yes
Date Published: 2001-09-14 00:00:00
Relevant URL:
http://www.securityfocus.com/bid/3339
Summary:
The sqlqhit.asp sample file is used for performing web-based SQL queries.
Malicious users could send specifically crafted HTTP request to an
Internet Information Services server running Index Server to reveal path
information, file attributes, and possibly some lines of the file
contents.
The sqlqhit.asp file is located in the \inetpub\iissamples\ISSamples\
folder and is installed by default.
3. Microsoft Exchange OWA Server Resource Starvation Vulnerability
BugTraq ID: 3368
Remote: Yes
Date Published: 2001-09-26 00:00:00
Relevant URL:
http://www.securityfocus.com/bid/3368
Summary:
Outlook Web Access is an optional component of Microsoft Exchange Server
which runs in conjunction with Microsoft Internet Information Server. It
provides access to a user's Exchange mailbox through a web interface.
When processing client access requests, OWA Server does not place limits
on folder depth. Remote attackers can exploit this to cause a denial of
service by requesting access to complex folder structures (which need not
exist).
The CPU and memory consumed while processing these requests may result in
a denial of service on the server. Since this is a resource exhaustion
attack, all other processes on the system (other services) will be
affected.
The denial of service condition will cease once OWA server has finished
processing the request. Repeated attacks can cause a prolonged denial of
service.
To exploit this vulnerability, an attacker must authenticate as a
legitimate client.
III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. SV: Ftp server a bit more secure ? (Thread)
Relevant URL:
nt-as9.bbsas.no&threads=1">http://www.securityfocus.com/cgi-bin/archive.pl?id=88&mid=C7CE3745EA634A42AC64A22D8FE0D3F40710DFnt-as9.bbsas.no&threads=1
2. Microsoft Can't Win. (Thread)
Relevant URL:
3. Ftp server a bit more secure ? (Thread)
Relevant URL:
4. Microsoft Announces Strategic Technology Protection Program (Thread)
Relevant URL:
www.twigger.be&threads=1">http://www.securityfocus.com/cgi-bin/archive.pl?id=88&mid=3BC0D56Cwww.twigger.be&threads=1
5. Retrieving NT 4 Administrator password (Thread)
Relevant URL:
korpershoek.net&threads=1">http://www.securityfocus.com/cgi-bin/archive.pl?id=88&mid=NEBBJKNLMLHEFAEPHJCHIEKGCNAA.frankkorpershoek.net&threads=1
6. ICMP, NT and IIS: What is a safe cocktail? (Thread)
Relevant URL:
blueyonder.co.uk&threads=1">http://www.securityfocus.com/cgi-bin/archive.pl?id=88&mid=0995055121904a1PCOW034Mblueyonder.co.uk&threads=1
7. web server setup - sharing UNC paths (Thread)
Relevant URL:
8. Lost admin password (Thread)
Relevant URL:
ads-corp.com&threads=1">http://www.securityfocus.com/cgi-bin/archive.pl?id=88&mid=NEBBJCGCCLBGMLNOOEFKAEOHCLAA.mdruryads-corp.com&threads=1
9. Group policy W2k Pro / NT4 Pdc (Thread)
Relevant URL:
10. Fwd: NT Users SHOULD be CAREFULL when applying NT hotfixes "Multiple version problem inside NT Hotfixes" (Thread)
Relevant URL:
mail.avicatech.com&threads=1">http://www.securityfocus.com/cgi-bin/archive.pl?id=88&mid=5.0.0.25.2.20011004115501.020c6a80mail.avicatech.com&threads=1
11. AW: External Account Information (Thread)
Relevant URL:
dimensionx.ch&threads=1">http://www.securityfocus.com/cgi-bin/archive.pl?id=88&mid=NCBBKCBGJMHDGIIJPEBDIECDDGAA.florian.duerrdimensionx.ch&threads=1
12. Running IIS locally - advice? (Thread)
Relevant URL:
13. Subject: C is for Cookie... (Thread)
Relevant URL:
mailserver1.hushmail.com&threads=1">http://www.securityfocus.com/cgi-bin/archive.pl?id=88&mid=200110031909.f93J9eg33853mailserver1.hushmail.com&threads=1
14. HFNetChk - customizing the xml file (Thread)
Relevant URL:
15. C is for Cookie... (Thread)
Relevant URL:
16. Black Hole (Thread)
Relevant URL:
hotmail.com&threads=1">http://www.securityfocus.com/cgi-bin/archive.pl?id=88&mid=F308K8agF94hBatb7Yh00007413hotmail.com&threads=1
17. FW: C is for Cookie... (Thread)
Relevant URL:
nyosex1.corp.hipusa.com&threads=1">http://www.securityfocus.com/cgi-bin/archive.pl?id=88&mid=9DF63E863CD3D211BB1F0008C707709F01E55FC5nyosex1.corp.hipusa.com&threads=1
18. SecurityFocus Microsoft Newsletter #54 (REVISED) (Thread)
Relevant URL:
19. NTLM (Thread)
Relevant URL:
echelonsystems.com&threads=1">http://www.securityfocus.com/cgi-bin/archive.pl?id=88&mid=OFEPIIBCPHNHOMCPOOPDKEGHEBAA.rstefanoechelonsystems.com&threads=1
20. NTP Port Vunerabilities? (Thread)
Relevant URL:
hotmail.com&threads=1">http://www.securityfocus.com/cgi-bin/archive.pl?id=88&mid=F109H4PeGSBkHP4aXQR00001564hotmail.com&threads=1
21. External Account Information (Thread)
Relevant URL:
web20510.mail.yahoo.com&threads=1">http://www.securityfocus.com/cgi-bin/archive.pl?id=88&mid=20011001203233.82233.qmailweb20510.mail.yahoo.com&threads=1
22. SecurityFocus Microsoft Newsletter #54 (Thread)
Relevant URL:
23. Windows Update (Thread)
Relevant URL:
home.com&threads=1">http://www.securityfocus.com/cgi-bin/archive.pl?id=88&mid=NEBBIFJCILKEKMJKGMFIGEFACOAA.kbrownfoxhome.com&threads=1
IV.NEW PRODUCTS FOR MICROSOFT PLATFORMS
----------------------------------------
1. CyberSafe Log Analyst (CLA)
by CyberSafe
Platforms: Solaris, Windows NT
Relevant URL:
http://www.centraxcorp.com/cla.html
Summary:
CLA is a free, easy-to-use snap-in component for the Microsoft Management
Console (MMC). CLA analyzes the security logs of Windows NT servers,
searching for and alerting you to potential system misuses. These patterns
of misuse, called activity signatures, can be as subtle as suspicious file
browsing or as treacherous as three consecutive failed logins. Use CLA to
centrally analyze your computer network and reduce the headache of
manually scanning large security logs.
2. SARA PRO
by Advanced Research Corporation
Platforms: Windows 95/98,
Relevant URL:
http://www-arc.com/sara/sara.html
Summary:
Advanced Research recently released SARA Professional (SARA-PRO) which is
a commercially supported security scanner. Advanced Research is planning
to release SARA Pro to U.S. Government organizations (.gov and .mil) free
of charge beginning 16 April 2000. A major advantage is the Report Writer
which can be configured to generate a wide variety of output. SARA PRO's
features include a built-in report writer, gateways to other community
products, and monthly updates.
3. ConSeal PC Firewall
by Signal 9 Solutions
Platforms: UNIX, Solaris, Windows 95/98, Windows NT
Relevant URL:
http://www.signal9.com/products/pcfirewall/pcfwintro.html
Summary:
A personal firewall for Windows 95/98 and Windows NT 3.51 and 4.0 that
stops network attacks and provides complete peace of mind and control over
your desktop system.
4. SecureSession
by I/O Software
Platforms: UNIX, Windows 95/98
Relevant URL:
http://www.iosoftware.com/securesuite/s-session.htm
Summary:
SecureSession stores user names, passwords, or other information requested
by any Windows application dialog box, and releases it upon verification
of a biometric characteristic. This eliminates the need for users to
remember user name/password combinations by providing the correct input
based on the positive biometric match. For example, after registering an
application password with SecureSession, the next time the application
requests a password, the user can simply place his or her finger on the
scanner, and SecureSession will do the rest.
V. NEW TOOLS FOR MICROSOFT PLATFORMS
------------------------------------
1. aCrypt
by DataRescue SA
Relevant URL:
http://www.acrypt.com
Platforms: Windows 2000, Windows 95/98, Windows NT
Summary:
Creates compressed strongly encrypted (TwoFish 128 bits) self extracting
packages suitable for e-mailing. Extremely easy to use. Freeware. Source
available.
2. Harden NT
by Bart Timmermans and Filip Sneppe
Relevant URL:
http://www.securityfocus.com/tools/1789
Platforms: Windows 2000, Windows 95/98, Windows NT
Summary:
HardenNT is a tool created to automate the task of securing one or more
Microsoft Windows based computers. It is specifically aimed at securing
Windows NT 4.0 machines, although some of the functionality could also be
used on Windows 9x or even Windows 2000 networks.
HardenNT is aimed at:
Security minded system administrators who are willing to put some time and
effort into securing their Windows systems;
Security consultants who find themselves having to secure Windows NT
computers regularly, and who are looking at a way to automate this as much
as possible without losing the flexibility of easy customization.
HardenNT's strength lies in its ability to provide security baselines for
various systems. It can be used to perform the following tasks:
Install one or more security patches on a Windows computer depending on
its operating system, CPU architecture and service pack level; Restrict a
user group's default NT privileges;
Turn on NT auditing for security events a user considers important;
Set NTFS ACL permissions, delete and/or move security critical files;
Secure a computer's registry.
HardenNT is not a tool that is to be installed or even run on a computer
that one wants to secure. It merely creates a number of batch files that
run standard NT (and NT resource kit) tools. This means that the batch
files created by HardenNT are to be copied and run on the host you want to
secure. The batch files rely on Microsoft Windows NT resource kit
utilities (xcalcs.exe, auditpol.exe, ntrights.exe, regini.exe and
shutdown.exe) and Microsoft security hotfixes. These executables will have
to be purchased or downloaded from Microsoft and copied to the host you
are trying to secure.
3. Anubis v1.0.2
by The Anubis Team ghostfacelodz.pdi.net
Relevant URL:
http://www.geocities.com/jolpkow/
Platforms: Linux, Windows 2000, Windows 95/98, Windows NT
Summary:
Anubis is an anonymous email sender for Unix, BeOS, Win32, and AmigaOS. It
supports WinGates, encrypted TLS/SSL connections, remailers, anonymous
news posting, and more.
4. Windump v3.52
by NT Objectives Inc, infontobjectives.com
Relevant URL:
http://www.ntobjectives.com/
Platforms: Windows 2000, Windows 95/98, Windows NT
Summary:
Windump 2.03 is a dynamically loadable version of the excellent Windump
2.02 port. This modified app consist of only 2 parts, the .exe and the
.sys.
VI. SPONSORSHIP INFORMATION
---------------------------
This Issue Sponsored by: Foundstone
"Ultimate Hacking: Hands On - NT/2000 Security"
If you're running a Windows network, then this is the intensive
3-day course with everything a hacker knows...that you'll need
to know! As a Specialist in Microsoft's Security Services
Partner Program, Foundstone knows hacking, security and
Microsoft. Register now for the class in Irvine, CA December
11-13.
-------------------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]