|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Marc Fossi (mfossi
securityfocus.com)Date: Mon Dec 03 2001 - 13:44:16 CST
SecurityFocus Microsoft Newsletter #63
------------------------------------------
This Issue Sponsored by: John Wiley & Sons
SPECIAL SAVINGS ON SECURITY BOOKS Amazon.com is now offering discounts of
up to 40% on select books from authors like Bruce Schneier, John Chirillo
and Ross Anderson. Whether you are looking to become a CISSP, planning
for PKI, or needing to stop hackers in their tracks, they've got the book
for you.
Visit them at:
http://www.amazon.com/exec/obidos/tg/feature/-/217991/107-7187047-6127744
-------------------------------------------------------------------------------
I. FRONT AND CENTER
1. Advertising Information
2. A Brief History of The Worm
3. Appropriate Response: More Questions Than Answers
II. MICROSOFT VULNERABILITY SUMMARY
[No New Microsoft Vulnerabilities This Week]
III. MICROSOFT FOCUS LIST SUMMARY
1. IIS suExec? (Thread)
2. IIS5.0 Directory Browsing (Thread)
3. Deploying Hotfixes, SPs and other Software (Thread)
4. Password Expiration Tools (Thread)
5. ip filters and blackice (Thread)
6. Change password in OWA (Thread)
7. FW: Deploying Hotfixes, SPs and other Software (Thread)
8. NTLMv2 Mac UAM client available (Thread)
9. SV: Change password in OWA (Thread)
10. Changing password from web (Thread)
11. Free Web Seminar (Thread)
12. IIS4/5 Directory Security and OWA (Thread)
13. Malicious use of grc.com (Thread)
14. System Account Password (Thread)
15. Antwort: System Account Password (Thread)
16. ISA Server oddity or feature (Thread)
17. ISA Server oddity or feature : SOLVED (Thread)
18. SecurityFocus Microsoft Newsletter #62 (Thread)
19. how to save event log data and perfmon data in a database?...
20. RE :RE: disable task manager (Thread)
21. disable task manager (Thread)
IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
1. Specter
2. SecureLogon
3. LANguard Network and Port Scanner
V. NEW TOOLS FOR MICROSOFT PLATFORMS
1. SMB Auditing Tool v1.0.4
2. SMBProxy v1.0.0
3. audit[d] v1.0b
4. userinfo v1.8
VI. SPONSORSHIP INFORMATION
I. FRONT AND CENTER
-------------------
1. Advertising Information
Reach the LARGEST audience of security professionals with SecurityFocus
direct e-marketing NOW!
SecurityFocus is the Web's most successful security intelligence site,
with more than 200,000 unique monthly visitors (September 2001), and
growing rapidly each week. Leverage the security portal of unrivaled
credibility and influence in your next direct marketing campaign.
To find out how SecurityFocus Web marketing and opt-in email newsletter
sponsorships can drive your company's success, contact us at
adsalessecurityfocus.com, or download the Advertising Kit at
http://www.securityfocus.com/about/press/adverts.shtml. To speak directly
with a customer service representative, please call +1(650) 655-6350.
2. A Brief History of The Worm
by Nicholas Weaver
Self-replicating malware has been an issue in computer security for many
years, dating back at least to Ken Thompson's self replicating code. But
in the past few years, with the widespread adoption of the Internet, worms
and viruses have become serious pests: spreading around the world in a
matter of hours with the capacity to carry highly damaging payloads. Such
malware is growing more sophisticated, as the authors of new worms learn
from the successes and mistakes of the past. This article will take a
brief look at the evolution of worms and other malware, in an attempt to
better understand how we got to where we are today.
http://www.securityfocus.com/infocus/1515
3. Appropriate Response: More Questions Than Answers
by Chris Loomis
So, just how far should security administrators go to protect their
systems? What is an appropriate response to a detected security incident?
Ask ten security professionals that question and you will most likely get
ten different answers. Ask them more specific questions ^V such as, how do
you handle active intrusions? Denial of service attacks? Probes? - and
eventually you will be able to piece together their response set, a
collection of reactions tailored to particular attacks or threats.
http://www.securityfocus.com/infocus/1516
II. BUGTRAQ SUMMARY
-------------------
[No New Microsoft Vulnerabilities This Week]
IV. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. IIS suExec? (Thread)
Relevant URL:
chaka.orthodon.com&threads=1">http://www.securityfocus.com/cgi-bin/archive.pl?id=88&mid=4D5D8A4276CCD411BEB400A0C9E105C402D367chaka.orthodon.com&threads=1
2. IIS5.0 Directory Browsing (Thread)
Relevant URL:
hitsexchange01.advance-med.com&threads=1">http://www.securityfocus.com/cgi-bin/archive.pl?id=88&mid=BB7FD4FF9E440648A731452E5D341FB0C661B5hitsexchange01.advance-med.com&threads=1
3. Deploying Hotfixes, SPs and other Software (Thread)
Relevant URL:
mail.emarket2.com&threads=1">http://www.securityfocus.com/cgi-bin/archive.pl?id=88&mid=5.1.0.14.2.20011129162414.02312c28mail.emarket2.com&threads=1
4. Password Expiration Tools (Thread)
Relevant URL:
delta.com&threads=1">http://www.securityfocus.com/cgi-bin/archive.pl?id=88&mid=OF96B8A983.6501AD85-ON85256B13.006A4E79delta.com&threads=1
5. ip filters and blackice (Thread)
Relevant URL:
pretendceo.com&threads=1">http://www.securityfocus.com/cgi-bin/archive.pl?id=88&mid=MBEIIKNLHFLGGEPKCINOEELPDIAA.tlovepretendceo.com&threads=1
6. Change password in OWA (Thread)
Relevant URL:
mhmail.imh-chic.com&threads=1">http://www.securityfocus.com/cgi-bin/archive.pl?id=88&mid=4F1145FF95A3D511A84200E01802DFA01287mhmail.imh-chic.com&threads=1
7. FW: Deploying Hotfixes, SPs and other Software (Thread)
Relevant URL:
trendserver.blox.ag&threads=1">http://www.securityfocus.com/cgi-bin/archive.pl?id=88&mid=B6180D64590F3F4B9171F4371F66AA2F018D3Ctrendserver.blox.ag&threads=1
8. NTLMv2 Mac UAM client available (Thread)
Relevant URL:
colorado.edu&threads=1">http://www.securityfocus.com/cgi-bin/archive.pl?id=88&mid=DJEGKFFMGLMAKALIEECAEEEDCJAA.judycolorado.edu&threads=1
9. SV: Change password in OWA (Thread)
Relevant URL:
butter.forumsql.se&threads=1">http://www.securityfocus.com/cgi-bin/archive.pl?id=88&mid=7B31FCC425671D409AF29CDE7B5D58F304E7F3butter.forumsql.se&threads=1
10. Changing password from web (Thread)
Relevant URL:
gateway1.carlbro.dk&threads=1">http://www.securityfocus.com/cgi-bin/archive.pl?id=88&mid=01Nov28.112145cet.119055gateway1.carlbro.dk&threads=1
11. Free Web Seminar (Thread)
Relevant URL:
fibertel.com.ar&threads=1">http://www.securityfocus.com/cgi-bin/archive.pl?id=88&mid=01c201c17814$1e744560$e601a8c0fibertel.com.ar&threads=1
12. IIS4/5 Directory Security and OWA (Thread)
Relevant URL:
web20901.mail.yahoo.com&threads=1">http://www.securityfocus.com/cgi-bin/archive.pl?id=88&mid=20011128155744.8303.qmailweb20901.mail.yahoo.com&threads=1
13. Malicious use of grc.com (Thread)
Relevant URL:
excnz-akl01.nzm.cpqcorp.net&threads=1">http://www.securityfocus.com/cgi-bin/archive.pl?id=88&mid=E73E65172E2DD4118F300008C75D76AA04B2AB67excnz-akl01.nzm.cpqcorp.net&threads=1
14. System Account Password (Thread)
Relevant URL:
usermail.com&threads=1">http://www.securityfocus.com/cgi-bin/archive.pl?id=88&mid=5.0.2.1.0.20011127111419.03b16a60usermail.com&threads=1
15. Antwort: System Account Password (Thread)
Relevant URL:
gmx.net&threads=1">http://www.securityfocus.com/cgi-bin/archive.pl?id=88&mid=OF039337E9.6019E0F5-ONC1256B10.006D978Bgmx.net&threads=1
16. ISA Server oddity or feature (Thread)
Relevant URL:
17. ISA Server oddity or feature : SOLVED (Thread)
Relevant URL:
lglcorp.com&threads=1">http://www.securityfocus.com/cgi-bin/archive.pl?id=88&mid=003f01c176ac$b6ad0790$6400000alglcorp.com&threads=1
18. SecurityFocus Microsoft Newsletter #62 (Thread)
Relevant URL:
mail.securityfocus.com&threads=1">http://www.securityfocus.com/cgi-bin/archive.pl?id=88&mid=Pine.GSO.4.30.0111261511060.9163-100000mail.securityfocus.com&threads=1
19. how to save event log data and perfmon data in a database? (Thread)
Relevant URL:
20. RE :RE: disable task manager (Thread)
Relevant URL:
mail.securityfocus.com&threads=1">http://www.securityfocus.com/cgi-bin/archive.pl?id=88&mid=20011124041432.28314.qmailmail.securityfocus.com&threads=1
21. disable task manager (Thread)
Relevant URL:
IV.NEW PRODUCTS FOR MICROSOFT PLATFORMS
----------------------------------------
1. Specter
by Netsec
Platforms: Windows NT
Relevant URL:
http://www.specter.com/default50.htm
Summary:
SPECTER is a smart honeypot or deception system. It simulates a complete
machine for attackers to work on. SPECTER offers common Internet services
such as SMTP and FTP which appear perfectly normal to the attackers but in
fact are traps for them to tap into, mess around and leave traces without
even knowing that they are connected to a fake system which does none of
the things it appears to do but instead logs everything and notifies the
appropriate people. SPECTER can even investigate the originators while
they are still trying to break in.
2. SecureLogon
by iSecureX Technologies
Platforms: Windows 95/98, Windows NT, Windows 2000
Relevant URL:
http://www.isecurex.com/e/securelogon/index.htm
Summary:
SecureLogon for Windows provide secure logon for Windows network which
meets high security requirements without passwords. User's profile such as
username and password was encrypted and stored in Logon Key(which can be
smart card or UKey). Insertion of Logon Key will trigger and complete the
user logon process automatically. It releases the computer users of
getting involved with remember and input work of username and password,
which are in many cases tedious and bothering. User can also check to
create random passwords and lock the machine if the Logon Key removed.
3. LANguard Network and Port Scanner
by GFI Software
Platforms: Windows 95/98, Windows NT, Windows 2000
Relevant URL:
http://www.gfi.com/languard/lanscan.htm
Summary:
LANguard Network Scanner is a freeware security & port scanner to audit
your network security. It scans entire networks and provides NETBIOS
information for each computer such as hostname, shares, logged on user
name. It does OS detection, password strength testing, detects registry
issues and more. Reports are outputted in HTML.
V. NEW TOOLS FOR MICROSOFT PLATFORMS
------------------------------------
1. SMB Auditing Tool v1.0.4
by Patrik Karlsson patrik.karlssonixsecurity.com
Relevant URL:
http://www.cqure.net/tools01.html
Platforms: Windows 2000, Windows XP
Summary:
The SMB Auditing Tool is a password auditing tool for the Windows-and the
SMB-platform. It makes it possible to exploit the timeout architecture bug
in Windows 2000/XP, making it extremly fast to guess passwords on these
platforms. Running a large password file against Windows 2000/XP, shows
statistics up to 1200 logins/sec. This means that you could run a commonly
used English dictionary with 53 000 words against a server under a minute.
2. SMBProxy v1.0.0
by Patrik Karlsson patrik.karlssonixsecurity.com
Relevant URL:
http://www.cqure.net/smbproxy/index.html
Platforms: Windows 2000, Windows NT
Summary:
SMBProxy is a "Passing The Hash" tool that works as a proxy. It makes it
possible to authenticate to a Windows NT4/2000 server by only knowing the
md4 hash. It also makes it possible to mount shares, access the registry
and anything else you could do with that particular users privileges.
3. audit[d] v1.0b
by Core Security Technologies auditcorest.com
Relevant URL:
http://www.corest.com/solutions/products.html
Platforms: Linux, NetBSD, OpenBSD, Windows 2000, Windows NT
Summary:
Audit is a client/server system that allows remote system logs auditing
and centralizing. It supports standard and modular syslog output formats
(non-standard logs can be easily supported due to its modular design). The
server (auditd) runs on audited machines and the client (audit) runs on
the auditors workstations. Multiple auditors are supported and managed by
one or more 'chief' auditors. Auditors can be configured in a way that
each of them can examine specific sets of logs.
4. userinfo v1.8
by thorhammerofgod.com
Relevant URL:
http://www.clicknet.ch/chscene/chscene.php
Platforms: Windows 2000, Windows NT
Summary:
The purpose of this app is to illustrate inconsistencies in the MS
implementation of the RestrictAnonymous registry setting.
VI. SPONSORSHIP INFORMATION
---------------------------
This Issue Sponsored by: John Wiley & Sons
SPECIAL SAVINGS ON SECURITY BOOKS Amazon.com is now offering discounts of
up to 40% on select books from authors like Bruce Schneier, John Chirillo
and Ross Anderson. Whether you are looking to become a CISSP, planning
for PKI, or needing to stop hackers in their tracks, they've got the book
for you.
Visit them at:
http://www.amazon.com/exec/obidos/tg/feature/-/217991/107-7187047-6127744
-------------------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]