|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Marc Fossi (mfossi_at_securityfocus.com)
Date: Mon Oct 21 2002 - 16:04:12 CDT
SecurityFocus Microsoft Newsletter #109
---------------------------------------
This Issue Is Sponsored By: Wiley & Sons
SAVE 40% ON KEVIN MITNICK'S NEW BOOK
THE ART OF DECEPTION, the explosive new book from Kevin Mitnick, is
available now, and for a limited time, you can get it for 30% off the
cover price. Don't miss the book that made Bruce Schneier say, "The bad
guys don't need to read this book. But the good guys need to know what
the criminals are doing."
For more information, visit www.amazon.com/mitnick
-------------------------------------------------------------------------------
I. FRONT AND CENTER
1. Security Concerns in Licensing Agreements, Part Two...
2. Polymorphic Macro Viruses, Part One
3. Identifying and Tracking Emerging and Subversive Worms...
4. Stupid Bugbear Tricks
5. Ten Things to Do With IIS
6. SecurityFocus DPP Program
7. InfoSec World Conference and Expo/2003
II. MICROSOFT VULNERABILITY SUMMARY
1. Microsoft Internet Explorer Unauthorized Document Object Model...
2. PHPRank Add.PHP Cross-Site Scripting Vulnerability
3. PHPRank Banner Script Code Injection Vulnerability
4. PHPRank Administrator Password Plain Text Storage Vulnerability
5. PHPBBMod PHPInfo Information Disclosure Vulnerability
6. OpenOffice Installation Insecure Temporary File Symbolic Link...
7. Microsoft TSAC ActiveX Control Cross Site Scripting Vulnerability
8. PHPNuke Multiple Script Code Filtering Vulnerabilities
9. My Web Server Long Get Request Denial Of Service Vulnerability
10. TelCondex SimpleWebServer Denial Of Service Vulnerability
11. PHPRank MySQL Error Unauthorized Access Vulnerability
12. RadioBird Software WebServer 4 All Buffer Overflow Vulnerability
13. RadioBird Software WebServer 4 All Directory Traversal...
14. Ingenium Learning Management System Information Disclosure...
17. CoolForum Source Disclosure Vulnerability
18. PHPReactor Browse.PHP Cross-Site Scripting Vulnerability
19. Microsoft Outlook Express S/MIME Buffer Overflow Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
1. Win2K Security Training (Thread)
2. SecurityFocus Microsoft Newsletter #108 (Thread)
3. Can I delete Wscript.exe? (Thread)
4. Updated Patches with SUS. (Thread)
IV. MICROSOFT PRODUCTS
1. Adhaero Transit
2. EntrustCMS Toolkit
3. Orion Random Number Generator
V. MICROSOFT TOOLS
1. MAIL PASSWORD RECOVERY v1.0.0.0
2. myNetMon v1.0.3
3. BO2Klean
VI. SPONSORSHIP INFORMATION
I. FRONT AND CENTER
-------------------
1. Security Concerns in Licensing Agreements, Part Two: Negotiating
Security Provisions
by Steven Robinson
In the first article in this series, we looked at security concerns
related to clickwrap and shrinkwrap agreements, used by vendors for
mass-market licenses and service agreements. In these cases, no
negotiations are involved. If you want what the vendor is selling, you are
required to agree to "a one size fits all" agreement, including whatever
provisions it contains, if any, that pertain to information security. This
type of agreement is typical of the licensing agreements that individual
users and small organizations enter into.
http://wwwdev.securityfocus.com/infocus/1636
2. Polymorphic Macro Viruses, Part One
By Gabor Szappanos
Polymorphic viruses change their code in fundamental ways, such as
changing the encryption routine or the sequence of instructions, in order
to avoid detection by anti-virus scanners. This article is the first of a
two-part series that will offer a brief overview of the use of polymorphic
strategies in macro viruses.
http://online.securityfocus.com/infocus/1635
3. Identifying and Tracking Emerging and Subversive Worms Using
Distributed Intrusion Detection Systems
by Nathan Einwechter
Worms continually become more sophisticated, as new propagation methods
and stealth techniques are developed and implemented. As worms continue to
evolve, so must our ability to detect and track them. One solution is the
use of distributed intrusion detection systems (dIDS) to identify new and
emerging worms that utilize new subversive propagation techniques. This
paper will discuss how and why the dIDS design is able to identify,
detect, and track worms even as they implement more advanced propagation
methods.
http://online.securityfocus.com/infocus/1634
4. Stupid Bugbear Tricks
By George Smith
Despite the virus' success at slamming unwary netizens, there's evidence
that its author is no rocket scientist.
http://online.securityfocus.com/columnists/116
5. Ten Things to Do With IIS
by Matt J. Foley (iisdude
hotmail.com)
As an IIS administrator it sometimes gets downright annoying having to
fend off all the insults from Apache admins I meet claming innate server
superiority. Generally the discussion about Web administration starts
first with all the various security holes plaguing IIS and the negative
press the platform garnered over the last year.
http://online.securityfocus.com/guest/16819
6. SecurityFocus DPP Program
Attention Organizations and Universities!! Sign-up now for
preferred pricing on the only global early-warning system for cyber
attacks - SecurityFocus DeepSight Threat Management System.
Click here for more information:
http://www.securityfocus.com/corporate/products/dpsection.shtml
7. IIR's 3G Fraud & Security Forum (21-23 October, London)
A specialized conference designed specifically for Fraud and Security
Managers in the 3G and mobile commerce space. This year's agenda focuses
on technical strategies for detecting and minimizing the fraud risks in 3G
services: what will be the key vulnerabilities in 3G and how can you
manage the increased risks of content partner fraud, transaction-based
roaming and m-commerce fraud? We will also be devoting a whole day to 3G
network security - penetration testing, third party access risks, IDS,
with even a live hack demonstration of Internet fraud.
Key speakers include Radicchio, Orange, Optimus, Vodafone, Visa, BTexact,
CFCA, with a keynote from security guru Charles Brookson, Chair of the GSM
Association Security Group.
For more details please visit http://www.iir-conferences.com/3GFraud
II. BUGTRAQ SUMMARY
-------------------
1. Microsoft Internet Explorer Unauthorized Document Object Model Access Vulnerability
BugTraq ID: 5963
Remote: Yes
Date Published: Oct 15 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/5963
Summary:
Microsoft Internet Explorer is prone to a vulnerability that may enable a
frame or iframe to gain unauthorized access to the Document Object Model
(DOM) of other frames/iframes in a different domain.
This is possible because MSIE does not perform adequate access control
checks on all frame properties. While access to the 'document' property
across domains is properly restricted, access to 'Document' is not. This
issue is present in Microsoft Internet Explorer 5.5 and 6.0.
This may allow an attacker to violate the browser Same Origin Policy and
gain unauthorized access to the properties of frames and iframes that are
in a different domain. It has been demonstrated that an attacker may
exploit this issue to steal cookie-based authentications from other
domains. Local files may also be read via exploitation of this issue.
Other attacks are also possible.
The vulnerability may be exploited by a malicious webpage or potentially
through malicious HTML e-mail. The issue is also present in other
software that relies upon the Internet Explorer browser engine.
2. PHPRank Add.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 5945
Remote: Yes
Date Published: Oct 10 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/5945
Summary:
phpRank is a freely available web site link sharing script. It is
available for Unix, Linux, and Microsoft operating systems.
A problem with phpRank has been discovered that could lead to cross-site
scripting attacks.
It has been reported that phpRank is vulnerable to cross-site scripting
attacks. Under some circumstances, it is possible to force the rendering
of arbitrary HTML and script code through the add.php portion of the
phpRank package. This could allow the execution of potentially malicious
script and HTML in the security context of a vulnerable site.
It has additionally been reported that this vulnerability may exist in
other scripts included as part of the phpRank package. Further details
about vulnerable scripts have not been made available.
3. PHPRank Banner Script Code Injection Vulnerability
BugTraq ID: 5946
Remote: Yes
Date Published: Oct 10 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/5946
Summary:
phpRank is a freely available web site link sharing script. It is
available for Unix, Linux, and Microsoft operating systems.
A problem with phpRank has been discovered that could lead to the
execution of arbitrary script code.
It has been reported that phpRank does not properly filter some forms of
input. When a user submits a site to the banner list, it is possible for
the user to insert arbitrary HTML or script code in the banner URL. This
could allow a remote user to execute arbitrary code in the browser of
clients visiting the site.
This problem could lead to an attacker gaining access to sensitive
information, such as authentication cookies, and could potentially be used
to perform other attacks. Any code executed through this vulnerability
would be in the security context of the vulnerable site.
4. PHPRank Administrator Password Plain Text Storage Vulnerability
BugTraq ID: 5947
Remote: No
Date Published: Oct 10 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/5947
Summary:
phpRank is a freely available web site link sharing script. It is
available for Unix, Linux, and Microsoft operating systems.
A problem with phpRank has been discovered that could allow an attacker to
gain access to sensitive information.
It has been reported that phpRank does not safely store the administrator
password in some circumstances. phpRank stores the administrative
password in plain text on the server side when the password has been set.
Additionally, once the administrator has accessed the web administration
interface, and enabled the cookie storage of authentication credentials,
the password is stored in plain text in the authentication cookie.
This problem could allow an attacker to gain access to the administrative
password of vulnerable system by searching a web client's cookie directory
for a cookie named "ap". Additionally, if the attacker were to gain
access to the source code of the phpRank system, the attacker could
extract the plain text password from the source code.
5. PHPBBMod PHPInfo Information Disclosure Vulnerability
BugTraq ID: 5942
Remote: Yes
Date Published: Oct 10 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/5942
Summary:
phpBBmod is freely available web forum software. It is based on phpBB and
should run on most Linux and Unix variants, as well as Microsoft Windows
operating systems.
phpBBmod ships with a sample script (phpinfo.php) that may disclosure
sensitive information to remote attackers. When this script is accessed,
sensitive information about the underlying environment will be revealed.
Software versions and path information may be disclosed by the script.
This script is for debugging purposes and should be removed from publicly
accessible sites.
This may allow an attacker to gather sensitive information which may be
useful in further attacks against the host running the vulnerable.
This issue was reported in phpBBmod version 1.3.3. Other versions may
also be affected.
6. OpenOffice Installation Insecure Temporary File Symbolic Link Vulnerability
BugTraq ID: 5950
Remote: No
Date Published: Oct 11 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/5950
Summary:
OpenOffice is an open source office software package distributed and
maintained by the OpenOffice project. It is available for Unix, Linux,
and Microsoft Windows operating systems.
A problem with OpenOffice could make it possible for a local user to
destroy arbitrary files. This vulnerability only affects Unix and Linux
systems.
When OpenOffice is installed, it insecurely creates temporary files.
Temporary files created by the office suite are created with a predictable
file name. Additionally, a check is not performed prior to the attempted
writing to the file. This could result in the destruction of files with
the permissions of the user installation OpenOffice if attackers create
symbolic links with the correct filename.
The vulnerable file is typically created as
/tmp/$USERNAME_autoresponse.conf, where $USERNAME is the name of the user
installing the office suite. It should be noted that the office suite is
typically installed by the administrative user.
7. Microsoft TSAC ActiveX Control Cross Site Scripting Vulnerability
BugTraq ID: 5952
Remote: Yes
Date Published: Oct 11 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/5952
Summary:
Microsoft offers Terminal Services client functionality over the web
through the Terminal Services Advanced Client (TSAC) ActiveX control. It
is an optional component that is installed by end-users.
Microsoft TSAC is reported to be prone to cross-site scripting attacks.
An attacker could construct a malicious link to a vulnerable host that
contains arbitrary HTML and script code. If this link is visited by a web
user, the attacker-supplied code will be rendered in their browser, in the
security context of the vulnerable site.
This issue is reported to be present in the 'connect.asp' script.
This vulnerability can be exploited to steal cookie-based credentials from
authenticated users. Other attacks are also possible.
8. PHPNuke Multiple Script Code Filtering Vulnerabilities
BugTraq ID: 5953
Remote: Yes
Date Published: Oct 11 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/5953
Summary:
PHPNuke is a web based Portal system. Implemented in PHP, it is available
for a range of systems, including Unix, Linux, and Microsoft Windows.
Multiple script code vulnerabilities have been discovered in various
PHPNuke features. These problem could potentially result in the execution
of arbitrary code within the context of the vulnerable website.
Exploitation of this issue may allow remote attackers to steal user's
cookie-based authentication credentials, or launch other attacks.
The following vulnerabilities have been reported in PHPNuke:
The RDF/RSS parser fails to strip HTML tags. A user could inject script
code into an RSS file that would bypass filtering, and execute in another
user's browser.
Private Messages in PHPNuke are not sufficiently sanitized. A user may
input HTML into the body of a message that could result in the execution
of code in a user's browser.
The PHPNuke Journal fails to properly sanitize input. A malicious user
could take advantage of this issue to execute code in a user's browser.
The PHPNuke 'Your Info' section does not properly sanitize input. A user
could place arbitrary code in one of the following fields that would be
executed in the browser of a user: Real Name, Fake Email, Your Location,
Your Interests, Your Occupation Signature. This could allow the creation
of malicious fields.
The 'Downloads' and 'Web Links' sections do not sufficiently sanitize user
input. Both allow <a href> tags in the following fields: Program Name,
File Link, Author's Name, Author's Email, and Homepage.
9. My Web Server Long Get Request Denial Of Service Vulnerability
BugTraq ID: 5954
Remote: Yes
Date Published: Oct 12 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/5954
Summary:
My Web Server is a web server software package distributed and maintained
by MyWebServer LLC. It is designed for the Microsoft Windows operating
system.
A problem with My Web Server could make it possible for a user to deny
service to legitimate users of the server.
It has been reported that My Web Server does not properly handle long
requests. Because of this, a remote user placing a HTTP GET request of
excessive length could cause the server to become unstable. In most
cases, a long GET request causes the web server to crash, requiring a
manual restart of the service. The request capable of reliably
reproducing this result has been reported as being 994 or more bytes.
This vulnerability is likely a boundry condition error. In the case of
this vulnerability being an exploitable buffer overflow vulnerability, it
would be possible to execute arbitrary code through a vulnerable web
server. Any code executed through this vulnerability would be with the
privileges of the My Web Server process, typically run as the SYSTEM user.
10. TelCondex SimpleWebServer Denial Of Service Vulnerability
BugTraq ID: 5961
Remote: Yes
Date Published: Oct 15 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/5961
Summary:
TelCondex SimpleWebServer is a Web server designed for use with the
Microsoft Windows operating systems.
A problem with SimpleWebServer could make it possible for a user to deny
service to legitimate users of the server.
It has been reported that SimpleWebServer does not properly handle long
requests. Because of this, a remote user placing a HTTP request of
excessive length could cause the server to become unstable. In most cases,
a long request causes the web server to crash, requiring a manual restart
of the service. The request capable of reliably reproducing this result
has been reported as being 539 or more bytes.
An attacker can exploit this vulnerability by causing SimpleWebServer from
responding to legitimate requests for service.
This vulnerability has been reported to affect TelCondex SimpleWebServer
2.06.
11. PHPRank MySQL Error Unauthorized Access Vulnerability
BugTraq ID: 5948
Remote: Yes
Date Published: Oct 10 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/5948
Summary:
phpRank is a freely available web site link sharing script. It is
available for Unix, Linux, and Microsoft operating systems.
phpRank does not provide sufficient error checking with regards to
functions which access the underlying MySQL database. As a result, when
the database is inaccessible or temporarily unavailable it is possible for
remote attackers to authenticate as any user to phpRank using a null
password.
This problem occurs because the vulnerable script still attempts to
authenticate the user even though authentication data cannot be fetched
from the database. The password credential will be fetched from the
database and stored in a variable. The vulnerable script will then match
it against the password supplied by the user when prompted for
authentication. If the script cannot fetch the relevant information from
the database, the variable will be blank. Therefore, an attacker is able
to successfully authenticate using a blank password.
This will allow an attacker to gain unauthorized access as an arbitrary
user to phpRank.
12. RadioBird Software WebServer 4 All Buffer Overflow Vulnerability
BugTraq ID: 5967
Remote: Yes
Date Published: Oct 15 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/5967
Summary:
RadioBird Software WebServer 4 All is a Web server designed for use with
Microsoft Windows operating systems.
A buffer overflow vulnerability has been reported for WebServer 4 All.
An attacker can exploit this vulnerability by issuing excessively long
'GET' requests, consisting of at least 3000 characters, to a system
running a vulnerable version of WebServer 4 All. This will cause the Web
server to crash.
Although unconfirmed, it may be possible for a remote attacker to exploit
this issue to execute arbitrary system commands with the privileges of the
WebServer 4 All process.
This vulnerability was reported for WebServer 4 All versions 1.23 and
1.27.
13. RadioBird Software WebServer 4 All Directory Traversal Vulnerability
BugTraq ID: 5968
Remote: Yes
Date Published: Oct 15 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/5968
Summary:
RadioBird Software WebServer 4 All is a Web server designed for use with
Microsoft Windows operating systems.
It has been reported that WebServer 4 All does not properly sanitize web
requests. By sending a malicious web request to the vulnerable server,
using URL encoded characters, it is possible for a remote attacker to
access sensitive resources located outside of the web root.
An attacker is able to traverse outside of the established web root by
encoding the slash (/) character as '%2f'. An attacker may be able to
obtain any web server readable files from outside of the web root
directory.
Disclosure of sensitive system files may aid the attacker in launching
further attacks against the target system.
This vulnerability was reported for WebServer 4 All version 1.23 and 1.27.
14. Ingenium Learning Management System Information Disclosure Vulnerability
BugTraq ID: 5969
Remote: Yes
Date Published: Oct 15 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/5969
Summary:
Click2Learn Ingenium Learning Management System is a web-based learning
environment that runs on Microsoft Windows operating systems.
The default installation of Ingenium Learning Management System leaves
sensitive configuration information in a directory which is publicly
accessible via the web. This may lead to disclosure of the hash for the
administrative password, database authentication credentials and other
sensitive information.
Further attacks may result as a consequence of this type of sensitive
information being disclosed to a remote attacker.
15. BEA WebLogic Server/Express/Integration Application Migration Security Policy Weakness
BugTraq ID: 5971
Remote: Yes
Date Published: Oct 15 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/5971
Summary:
BEA Systems WebLogic Server is an enterprise level web and wireless
application server for Microsoft Windows and most Unix and Linux
distributions.
The affected products supported undocumented extensions for the Servlet
2.3 specification. These extensions included additional URL mapping
syntax for web applications. Since these extensions are no longer
supported in recent versions of the software, role mappings and security
policies may not carry over when web applications are migrated. The
extensions allowed for URL patterns in web.xml files that did not start
with a '*.' or a '/' to be treated as though they were prefixed a '/'
character.
This may cause security to be inadvertently lowered when applications are
migrated.
16. Microsoft Windows 2000/XP Full Event Log Administrative Alert Weakness
BugTraq ID: 5972
Remote: Yes
Date Published: Oct 15 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/5972
Summary:
Microsoft Windows 2000 and XP can be configured to send administrative
alerts when certain events are recorded in the Event Log. There are three
individual logs that are maintained: Application, Security, and System.
The Event Logs allow administrators to set the maximum allowed size for
each log, as well as the action to take when the log reaches the maximum
size.
If the option 'Do not overwrite events (clear log manually)' is selected
and the log reaches the maximum allowed size, the Event Log must be
manually cleared by an administrator before further event logging occurs.
If the log is full and events are no longer being recorded, any configured
administrative alerts will not be sent.
17. CoolForum Source Disclosure Vulnerability
BugTraq ID: 5973
Remote: Yes
Date Published: Oct 15 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/5973
Summary:
CoolForum is a bulletin board system written in PHP and is available for
the Microsoft Windows operating system.
A vulnerability has been discovered in CoolForum v0.5 beta.
'avatar.php' is used to display requested image files located in the
forums 'logo' directory.
It has been reported that CoolForum fails to sufficiently validate user
supplied input when processing requests via the 'avatar.php' script file.
By passing maliciously constructed image requests to 'avatar.php', it is
possible for an attacker to gain access to arbitrary PHP files located
outside the 'logo' root directory. It has also been reported that
requesting files with this method will allow an attacker bypass .htaccess
list restrictions and obtain any web server readable files from outside of
the web root directory.
By exploiting this issue to access sensitive files, it may be possible for
an attacker to obtain information required to launch further attacks
against the other resources.
18. PHPReactor Browse.PHP Cross-Site Scripting Vulnerability
BugTraq ID: 5939
Remote: Yes
Date Published: Oct 10 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/5939
Summary:
php(Reactor) is an integrated system of web applications designed for
website maintenance. It will run on most Linux and Unix variants, in
addition to Microsoft Windows operating systems.
An attacker may create a malicious link to a php(Reactor) site which
contains malicious HTML and script code. If this link is visited by a web
user, the attacker-supplied code will execute in their web client, in the
security context of the php(Reactor) site.
The problem exists in the 'browse.php' script. HTML and script code can
be injected into URI parameters of this script, and will be output in a
webpage. HTML tags are not sufficiently sanitized from the output.
This may allow for theft of cookie-based authentication credentials from
legitimate authenticated users. Other attacks are also possible.
This issue has been reported in php(Reactor) version 1.2.7pl1. Other
versions may also be affected.
19. Microsoft Outlook Express S/MIME Buffer Overflow Vulnerability
BugTraq ID: 5944
Remote: Yes
Date Published: Oct 10 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/5944
Summary:
Microsoft Outlook Express is capable of processing digital signatures
through S/MIME.
There is an unchecked buffer in the portion of code that generates warning
messages when errors are encountered with digital signatures. If the
'From:' field of the email message does not match the S/MIME name, an
error message will be displayed. This error message includes the sender's
email address as part of the message.
The unchecked buffer is in the portion of code that reads the sender's
email address. A malformed sender email address could sufficiently
overrun the buffer in question, resulting in one of two possible outcomes.
In most cases, a denial of service will occur, resulting in the failure of
the vulnerable Outlook Express client. However, it could be possible for
an attacker to supply arbitrary code which would be executed in the
security context of the current user.
Microsoft has verified that this vulnerability exists in Outlook Express
5.5 and 6.0. Earlier versions may be affected, however, they are no
longer supported by Microsoft.
III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. Win2K Security Training (Thread)
Relevant URL:
http://online.securityfocus.com/archive/88/295676
2. SecurityFocus Microsoft Newsletter #108 (Thread)
Relevant URL:
http://online.securityfocus.com/archive/88/295319
3. Can I delete Wscript.exe? (Thread)
Relevant URL:
http://online.securityfocus.com/archive/88/295218
4. Updated Patches with SUS. (Thread)
Relevant URL:
http://online.securityfocus.com/archive/88/295213
IV. MICROSOFT PRODUCTS
----------------------
1. Adhaero Transit
by Adhaero Utilities
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL:
http://www.adhaeroutilities.com/transit.htm
Summary:
Adhaero Transit uses file encryption and compression to produce an
executable package (a 'SEED') which may then be safely transferred to the
recipient by email, on disk, etc. Adhaero Transit uses the AES algorithm.
2. EntrustCMS Toolkit
by Entrust Technologies
Platforms: AIX, HP-UX, Solaris, Windows 95/98, Windows NT
Relevant URL:
http://www.entrust.com/entrust/toolkit.htm
Summary:
EntrustCMS Toolkit - provides access to the Entrust infrastructure for
server-based applications requiring certificate management services.
Applications that use EntrustCMS provide their own implementations of
cryptographic algorithms.
3. Orion Random Number Generator
by Orion
Platforms: DOS, MacOS, Windows 3.x, Windows 95/98
Relevant URL:
http://valley.interact.nl/AV/COM/ORION/RNG/home.html
Summary:
ORION's Random Number Generator consists of two independent analogue Zener
diode based noise sources. Both signals are converted into random
bitstreams, combined and subsequently transmitted in the form of bytes to
the RS-232 port of your computer. Special timing circuits ensure that
crucial logical operations occur at moments that the device has stable
signals.
V. MICROSOFT TOOLS
-------------------
1. MAIL PASSWORD RECOVERY v1.0.0.0
by Aleksandar Boros
Relevant URL:
http://members.ams.chello.nl/a.boros/mpr/
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Summary:
Mail Password Recovery allows you to recover your email password for any
POP3 account, as long as it is stored in an email program on your
computer. You just need to temporarily change the settings in your email
program , so that it connects to Mail Password Recovery instead, and your
password will be revealed. Mail Password Recovery works by emulating a
local POP server, your email program hands over the password when it
connects, and Mail Password Recovery will show it to you. Only works with
email accounts/passwords that have the login information stored in your
email program (Outlook Express, Eudora, The Bat! etc.) Program can only
recover the passwords that are stored on your computer
Program does NOT recover passwords from web based email accounts such as
Hotmail, Yahoo, MSN, AOL etc.
2. myNetMon v1.0.3
by Ekrem ORAL
Relevant URL:
http://www.trsecurity.net/mynetmon/
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Summary:
myNetMon is windows based network monitor and packet analyzing (sniffer)
tool. myNetMon uses WinPcap, a windows port of Libpcap which is a packet
capturing library.
3. BO2Klean
by AK Secure
Releavnt URL:
http://www.redsegura.com/bo2k/bo2k.html
Platforms: Windows 95/98, Windows NT
Summary:
AK Secure has just released BO2Klean, a freeware standalone application to
detect and clean the Back Orifice 2000 server. BO2Klean runs under Windows
95, 98, NT and 2000. Due to the high versatility of BO2k, BO2Klean has
built-in algorithms to detect variations of the original trojan. There may
be cases however in which the trojan goes undetected. A next version of
BOKlean will cover more "customizations" of BO2k. An English version and a
Spanish version are available.
VI. SPONSORSHIP INFORMATION
---------------------------
This Issue Is Sponsored By: Wiley & Sons
SAVE 40% ON KEVIN MITNICK'S NEW BOOK
THE ART OF DECEPTION, the explosive new book from Kevin Mitnick, is
available now, and for a limited time, you can get it for 30% off the
cover price. Don't miss the book that made Bruce Schneier say, "The bad
guys don't need to read this book. But the good guys need to know what
the criminals are doing."
For more information, visit www.amazon.com/mitnick
-------------------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]