Home page logo
/

isn logo Information Security News mailing list archives

Security UPDATE, October 3, 2001
From: InfoSec News <isn () c4i org>
Date: Thu, 4 Oct 2001 03:04:21 -0500 (CDT)

********************
Windows 2000 Magazine Security UPDATE--brought to you by Security
Administrator, a print newsletter bringing you practical, how-to
articles about securing your Windows 2000 and NT systems.
   http://www.secadministrator.com
********************

~~~~ THIS ISSUE SPONSORED BY ~~~~

Windows 2000 Magazine 70-270 Question of the Day
   http://lists.win2000mag.net/cgi-bin3/flo?y=eHvs0CJgSH0BVg0KrD0Ah 

~~~~~~~~~~~~~~~~~~~~

~~~~ SPONSOR: WINDOWS 2000 MAGAZINE 70-270 QUESTION OF THE DAY ~~~~
   Test Your Windows XP Knowledge - Free!
   Our MCSE Exam 70-270 Question-of-the-Day email dives into the new 
Windows XP topics such as installing and configuring handheld devices 
and managing mobile users, while also measuring your skills in 
networking basics, TCP/IP fundamentals, user accounts, protocol 
features, and much more. Sign up (for FREE) today!
   http://lists.win2000mag.net/cgi-bin3/flo?y=eHvs0CJgSH0BVg0KrD0Ah 

********************

October 3, 2001--In this issue:

1. IN FOCUS
     - The Patriot Act and Great Security Tools

2. SECURITY RISKS
     - Cisco PIX Firewalls Vulnerable to SMTP Filtering Bypass
     - Exchange 2000 OWA Vulnerable to DoS Attack

3. ANNOUNCEMENT
     - What Does the Home of the Not-Too-Distant Future Look Like?

4. SECURITY ROUNDUP
     - News: Attorney General Ashcroft Tells Hackers: You're an Enemy 
       of the State
     - News: Gartner: Enterprises Should Consider IIS Alternatives
     - Feature: Lock Down Your PDA
     - Expediting the Arduous Security Update Process

5. SECURITY TOOLKIT
     - Book Highlight: Hack Attacks Encyclopedia: A Complete History of 
       Hacks, Phreaks, and Spies Over Time
     - Virus Center
     - FAQ: How Can I View the Contents of the Netlogon.chg File?

6. NEW AND IMPROVED
     - Protect Your System from Viruses
     - Detect and Respond to Flood Attacks

7. HOT THREADS
     - Windows 2000 Magazine Online Forums
         - Featured Thread: Clients Can't View SSL Web Sites
     - HowTo Mailing List:
         - Featured Thread: Blue Screen of Death

8. CONTACT US
   See this section for a list of ways to contact us.

~~~~~~~~~~~~~~~~~~~~

1. ==== COMMENTARY ====

Hello everyone,

Have you heard about the Anti-Terrorism Act (ATA) of 2001, which is 
before the US House Judiciary Committee? If the present form of the 
proposed bill becomes law, hacking a computer system becomes a 
terrorist act punishable by up to life in prison. You can read about 
the ATA in our related news story in the SECURITY ROUNDUP section of 
this newsletter. 

As a result of seeing the ATA in conjunction with public reaction, two 
committee members presented an alternative bill--another set of 
proposed changes to existing US Code. That subsequent proposal, dubbed 
the Patriot Act, addresses concerns about classifying hacking as a 
terrorism act. As you'll learn by reading the proposed Patriot Act (see 
the URL below next paragraph), Section 309 makes it clear that 
computer-related crimes would only become an act of terrorism if those 
crimes "[are] calculated to influence or affect the conduct of 
government by intimidation or coercion; or to retaliate against 
government conduct."

The House Judiciary Committee staff has prepared an interpretation of 
the Patriot Act that further clarifies the lawmakers' intent to 
reclassify computer crimes (see URL below). In the document, the staff 
interprets Section 309 of the Patriot Act to mean, "a crime is only 
considered to be [a] Federal terrorism offense if it can be proven to 
be calculated to influence or affect the conduct of government by 
intimidation or coercion; or to retaliate against government conduct."
   http://www.epic.org/privacy/terrorism/patriot_sec.pdf

Even with such clarifications, however, many privacy groups are raising 
concerns about what they interpret to be considerable privacy and civil 
liberties issues that the Patriot Act presents. For viewpoints about 
these concerns, visit the Electronic Privacy Information Center (EPIC) 
at the following URL: 
   http://www.epic.org

On another note, I want to tell you about two security tools that you 
might find useful in your daily routines. The first tool is a freeware 
package called Eraser. The tool helps remove disk data when you delete 
files from your system. Eraser deletes the files by overwriting the 
disk data numerous times. Such a process helps ensure that any residual 
magnetic flux on the disk won't be sufficient for any nonauthorized 
data-recovery operation attempts.

Eraser runs on all Windows platforms from Windows 95 through Windows 
2000. Eraser installs as a Windows Explorer shell extension, which adds 
a new menu item to Explorer-related popup menus. For example, if you 
right-click the Recycle Bin, in addition to the standard menu selection 
"Empty Recycle Bin," you'll find a new menu selection called "Erase 
Recycle Bin." The same holds true for the Explorer shell itself: When 
you right-click any file or folder within Explorer, you'll find a new 
menu item entitled "Erase" in addition to the standard "Delete" menu 
selection. 

Sami Tolvanen, a computer science major in Finland, developed Eraser. 
You can download a copy at the URL below. You can also obtain the 
source code for Eraser at the site--it's freely available under the 
GNU's Not UNIX (GNU) General Public License (GPL).
   http://www.tolvanen.com/eraser/download.shtml

The other tool I want to remind you about is our online Web-based 
security forum. On our Security Administrator Web site, you'll find 
four Web forums that cover security problems with Win2K, Windows NT, 
Microsoft IIS, and Microsoft Proxy Server. These forums are a great 
resource--a way to get help from or offer help to people who prefer not 
to use mailing list-based discussion forums. Several of our forum pros 
moderate the forums and also help answer questions. Be sure to stop by 
the forums at the following URL:
   http://www.secadministrator.com/forums/Index.cfm

And if you haven't heard the news, Gartner Group recommends that 
Windows users not run IIS--that they immediately switch to another Web 
server platform. Read Gartner's comments and what prompted such advice 
in Paul Thurrott's related news story in the SECURITY ROUNDUP section 
of this newsletter. Until next time, have a great week.

Sincerely,

Mark Joseph Edwards, News Editor, mark () ntsecurity net

2. ==== SECURITY RISKS ====
   (contributed by Ken Pfeil, ken () win2000mag com)

* CISCO PIX FIREWALLS VULNERABLE TO SMTP FILTERING BYPASS
   Cisco Systems Secure PIX Firewalls that provide access to SMTP mail 
servers might let users bypass the firewall's SMTP command filtering. 
In such events, intruders can gather information about email accounts 
or perform exploits against the mail server if that server has any 
vulnerabilities. To remedy the problem, Cisco is offering free software 
upgrades to all affected customers.
   http://www.secadministrator.com/articles/index.cfm?articleid=22698

* EXCHANGE 2000 OWA VULNERABLE TO DOS ATTACK
   Joao Gouveia reported a vulnerability in Microsoft Exchange 2000 
Outlook Web Access (OWA) due to unchecked directory paths. Because 
Exchange attempts to process requests without checking for the 
existence of a directory, a user can instigate a Denial of Service 
(DoS) attack against the server by repeatedly making requests that 
include a deeply nested, nonexistent folder. Only users who can 
authenticate to the server can launch attacks. Microsoft has released 
Bulletin MS01-049 and a patch to fix this vulnerability. 
   http://www.secadministrator.com/articles/index.cfm?articleid=22697

3. ==== ANNOUNCEMENT ====

* WHAT DOES THE HOME OF THE NOT-TOO-DISTANT FUTURE LOOK LIKE? 
   You've never seen anything like the Connected Home Magazine Virtual 
Tour. Experience (room by room) the latest home entertainment, home 
networking, and home automation options that will change the way you 
work and play. While you're there, enter to win a free copy of Windows 
XP!
   http://lists.win2000mag.net/cgi-bin3/flo?y=eHvs0CJgSH0BVg0LTe0Al 

4. ==== SECURITY ROUNDUP ====

* NEWS: ATTORNEY GENERAL ASHCROFT TELLS HACKERS: YOU'RE AN ENEMY OF THE 
STATE
   A new bill before the US House of Representatives--the Anti-
Terrorism Act of 2001 (ATA)--would make any computer intrusion an act 
of terrorism punishable by as much as life in prison. The authors 
designed the bill to help America defend itself against terrorism, but 
the bill includes several proposed changes to existing US Code that 
have caused an outcry in the computer security community. Learn more 
about the changes by reading the article on our Web site.
   http://www.secadministrator.com/articles/index.cfm?articleid=22704

* NEWS: GARTNER: ENTERPRISES SHOULD CONSIDER IIS ALTERNATIVES
   Market Analysis firm Gartner has issued a stunning recommendation 
regarding Microsoft IIS Web server: If you're currently deploying the 
software, Gartner recommends that you look for an alternative, and if 
you're not already running IIS, don't. Gartner blames the number of 
recent hacker attacks on IIS, and the company says that Microsoft 
doesn't respond quickly enough to keep its customers secure. See the 
following URL for more details:
   http://www.secadministrator.com/articles/index.cfm?articleid=22587

* FEATURE: LOCK DOWN YOUR PDA
   Randy Franklin Smith meets people everywhere who believe that 
password protection is sufficient to protect their personal information 
on computers and PDAs. This belief is dangerously naive. Microsoft Word 
and Palm OS password protection is trivial: A thief who steals your 
computer or PDA can easily figure out your passwords. Learn what Smith 
has to say about locking down your PDA in this article in Connected 
Home Magazine.
http://www.connectedhomemag.com/mobile/articles/index.cfm?articleid=22456

* FEATURE: EXPEDITING THE ARDUOUS SECURITY UPDATE PROCESS
   Along with many of you, Paula Sharick has been cleaning up her 
computer systems in the wake of the Code Red worm and the W32.Nimda 
virus. Paula has endured almost 2 months of nonstop troubleshooting and 
updating system software. She can't believe the hoops that Microsoft 
users must jump through to cross-reference a Microsoft security 
bulletin number with a Microsoft article number, locate and download 
individual hotfix updates, install the updates (either manually or with 
a script), and perform a final audit to verify that all updates 
installed properly. Paula has some suggestions for Microsoft regarding 
ways to improve how users perform security updates. Be sure to read her 
article on our Web site.
   http://www.secadministrator.com/articles/index.cfm?articleid=22667

5. ==== SECURITY TOOLKIT ====

* BOOK HIGHLIGHT: HACK ATTACKS ENCYCLOPEDIA: A COMPLETE HISTORY OF 
HACKS, PHREAKS, AND SPIES OVER TIME
   By John Chirillo
   List Price: $64.99
   Fatbrain Online Price: $51.99
   Softcover; 960 pages
   Published by John Wiley & Sons, September 2001
   ISBN 0471055891

For more information or to purchase this book, go to 
http://www1.fatbrain.com/asp/bookinfo/bookinfo.asp?theisbn=0471055891 
and enter WIN2000MAG as the discount code when you order the book.

* VIRUS CENTER
   Panda Software and the Windows 2000 Magazine Network have teamed to 
bring to you the Center for Virus Control. Visit the site often to 
remain informed about the latest threats to your system security.
   http://www.secadministrator.com/panda

* FAQ: HOW CAN I VIEW THE CONTENTS OF THE NETLOGON.CHG FILE?
   ( contributed by John Savill, http://www.windows2000faq.com )

A. You can't use a standard text editor to read netlogon.chg, but 
Windows 2000 Support Tools supplies the nltest.exe utility that you can 
use to view the contents of netlogon.chg. Execute the following command:

   C:\> nltest /list_deltas:netlogon.chg

The system displays a lot of information, listing all changes made to 
the domain. The trust entry that appears in the Local Security 
Authority (LSA) Database section consists of entries similar to the 
following:

Order: 1 DeltaType AddOrChangeLsaSecret (18) SerialNumber: 100 77bb 
Immediately Name: 'G$$SAVTECHLON'
Order: 2 DeltaType AddOrChangeLsaSecret (18) SerialNumber: 100 77bc

6. ==== NEW AND IMPROVED ====
   (contributed by Scott Firestone, IV, products () win2000mag com)

* PROTECT YOUR SYSTEM FROM VIRUSES
   Central Command Software released AntiVirus eXpert Professional 6.0, 
an antivirus defense and Internet application firewall. The system 
features behavior-blocking to stop suspicious access to the Internet, 
system registry, or file system; Internet filtering to block specific 
Web sites, IP addresses, and TCP/IP port numbers; Internet application 
control to intercept and block all unauthorized outbound Internet 
connections; and privacy control to monitor incoming and outgoing 
cookies. Prices start at $49.95. Contact Central Command Software at 
330-723-2062 or 877-943-8287.
   http://www.centralcommand.com 

* DETECT AND RESPOND TO FLOOD ATTACKS
   Reactive Network Solutions released FloodGuard, software that 
manages other network infrastructure devices deployed within the 
corporate or service-provider network to detect and mitigate flood 
attacks launched over the Internet. The system confirms the presence of 
the attack and manages filters in upstream routers and switches to 
mitigate the attack's effects. For pricing, contact Reactive Network 
Solutions at 650-365-4000.
   http://www.reactivenetworks.com

7. ==== HOT THREADS ====

* WINDOWS 2000 MAGAZINE ONLINE FORUMS
   http://www.win2000mag.net/forums 

Featured Thread: Clients Can't View SSL Web Sites
   (Two messages in this thread)

Fran used Secure Sockets Layer (SSL) to put the Microsoft Nimda patches 
on her server. Now her users can't access the secured Web sites, and 
she can't access sites with accounts that have domain administrative 
permissions. Another user set up an SSL Web site for Microsoft Exchange 
2000 Outlook Web Access (OWA) and received and installed the server 
certificates, but now can't access the Web site. Read more about the 
questions and responses, or lend a hand at the following URL: 
   http://www.win2000mag.net/forums/rd.cfm?app=64&id=79866

* HOWTO MAILING LIST
   http://www.secadministrator.com/listserv/page_listserv.asp?s=howto

Featured Thread: Blue Screen of Death
   (Five messages in this thread)

This user is experiencing system crashes under Windows 2000 while 
running NetMeeting 3.01. When the system crashes and presents the 
standard blue screen, the error message is  
MULTIPLE_IRP_COMPLETE_REQUESTS. The user wonders what the message means 
and whether NetMeeting is causing the crashes. Can you help? Read the 
responses or lend a hand at the following URL:
http://63.88.172.96/listserv/page_listserv.asp?a2=ind0109d&l=howto&p=459

8. ==== CONTACT US ====
   Here's how to reach us with your comments and questions:

* ABOUT THE COMMENTARY -- mark () ntsecurity net

* ABOUT THE NEWSLETTER IN GENERAL -- mlibbey () win2000mag com; please
mention the newsletter name in the subject line.

* TECHNICAL QUESTIONS -- http://www.win2000mag.net/forums

* PRODUCT NEWS -- products () win2000mag com

* QUESTIONS ABOUT YOUR SECURITY UPDATE SUBSCRIPTION? -- Email Customer
Support at securityupdate () win2000mag com 

* WANT TO SPONSOR SECURITY UPDATE? -- emedia_opps () win2000mag com

********************

   Receive the latest information about the Windows 2000 and Windows NT
topics of your choice. Subscribe to our other FREE email newsletters.
   http://lists.win2000mag.net/cgi-bin3/flo?y=eHvs0CJgSH0BVg0KrD0Ah

|-+-+-+-+-+-+-+-+-+-| 

Thank you for reading Storage UPDATE.

SUBSCRIBE
To subscribe, send a blank email to mailto:Security_UPDATE_Sub () lists win2000mag net 


-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.


  By Date           By Thread  

Current thread:
  • Security UPDATE, October 3, 2001 InfoSec News (Oct 04)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault