Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Security UPDATE, March 5, 2003

From: InfoSec News <isn () c4i org>
Date: Thu, 6 Mar 2003 05:06:04 -0600 (CST)
********************
Windows & .NET Magazine Security UPDATE--brought to you by Security
Administrator, a print newsletter bringing you practical, how-to
articles about securing your Windows Server 2003, Windows 2000, and
Windows NT systems.
   http://www.secadministrator.com
********************

~~~~ THIS ISSUE SPONSORED BY ~~~~

NEW Shavlik HFNetChkPro 4.0
   http://list.winnetmag.com/cgi-bin3/flo/y/ePuR0CJgSH0CBw076e0AR

RippleTech PatchWorks: Improve Security Today!
   http://list.winnetmag.com/cgi-bin3/flo/y/ePuR0CJgSH0CBw076f0AS
   (below IN FOCUS)
~~~~~~~~~~~~~~~~~~~~

~~~~ SPONSOR: NEW SHAVLIK HFNetChkPro 4.0 ~~~~
   Introducing Shavlik HFNetChkPro 4.0 - the next generation in
security patch management. HFNetChkPro 4.0 is an automated scanning
and remediation solution from Shavlik, the developers of HFNetChk and
MBSA for Microsoft. It includes loads of new features that save time
for busy security professionals while offering greater enterprise
security. HFNetChkPro 4.0 automates patch remediation for Microsoft
Office, Windows Server 2003, Exchange, SQL, Outlook, Java Virtual
Machine and more. Its intuitive Drag-n-Drop Patch Management(tm)
interface allows you to precisely control which groups will be
scanned, by what criteria and when and how patches are deployed. Visit
www.shavlik.com for details!
   http://list.winnetmag.com/cgi-bin3/flo/y/ePuR0CJgSH0CBw076e0AR
~~~~~~~~~~~~~~~~~~~~

March 5, 2003--In this issue:

1. IN FOCUS
     - Targeting Spam

2. SECURITY RISKS
     - Unchecked Buffer in Microsoft Windows Me's Help and Support
       Center

3. ANNOUNCEMENTS
     - Join The HP & Microsoft Network Storage Solutions Road Show!
     - Start Your Spring Training with Windows & .NET Magazine Web
       Seminars!

4. SECURITY ROUNDUP
     - News: Securing Windows 2000 Server Guide Now Available
     - News: Microsoft Trustworthy Computing Academic Advisory Board
     - News: Windows Rights Management Services for Windows 2003
     - Feature: Snort Made Easy

5. HOT RELEASES (ADVERTISEMENTS)
     - eToken USB-based 2-factor Authentication
     - Get a free "Rio Riot" MP3 Player!

6. INSTANT POLL
     - Results of Previous Poll: Early Warning Network
     - New Instant Poll: Spam Filtering

7. SECURITY TOOLKIT
     - Virus Center
     - FAQ: Why Does the "The Password Is Not Valid" Error Message
       Appear When I Log On to Windows XP's Recovery Console (RC), 
       Even Though I Enter the Correct Password?

8. NEW AND IMPROVED
     - Prevent Viral Reinfections
     - Submit Top Product Ideas

9. HOT THREAD
     - Windows & .NET Magazine Online Forums
         - Featured Thread: Policy Propagation Errors with Active
           Directory

10. CONTACT US
   See this section for a list of ways to contact us.

~~~~~~~~~~~~~~~~~~~~

1. ==== IN FOCUS ====
   (contributed by Mark Joseph Edwards, News Editor, mark () ntsecurity net)

* TARGETING SPAM

In December, I wrote about the nuisance of unsolicited email and one
simple way to help filter it out before it reaches your Inbox. To read
"Tired of Unwanted Email? Try This Simple Solution," visit the URL
below.
   http://www.secadministrator.com/articles/index.cfm?articleid=27495

Last week, I learned that the Internet Engineering Task Force (IETF)
has created a new Anti-Spam Research Group that's now working to
create standards that will help determine how to detect spam. Probably
the biggest hurdle in detecting spam is determining exactly what
constitutes junk mail. Does the term refer only to unsolicited email
advertisements, or does it also refer to email sent to a wide array of
people who didn't formally ask to receive mass mailings? Personally, I
think of junk mail mainly as unwanted advertisements--the electronic
version of paper-based advertisements that most of us receive and
immediately throw in the nearest trash can.

The Anti-Spam Research Group will hold its first meeting March 20 at
the 56th IETF Meeting, to be held in San Francisco. The group expects
hundreds of participants from all areas of the online industry. And I
think we can expect a handful of spammers to slip into the meetings
too, if for no other reason than to learn how their money-making
schemes might become squashed.
   http://www.ietf.org/meetings/IETF-56.html

In August of last year, Paul Graham released a paper that describes a
plan to help stop unsolicited email. According to Graham, the paper
"describes the spam-filtering techniques used in the new spamproof
web-based mail reader we're building to exercise Arc" (Arc is an
improved version of the Lisp programming language). At the
Massachusetts Institute of Technology (MIT), Graham organized a
conference, which about 500 programmers attended, to discuss ideas for
creating a spam filter that would totally eliminate unwanted email.
You can read more about the IETF group as well as Graham's conference
at the first and second URLs below. You can read Graham's paper and
more about Arc at the third and fourth URLs.
   http://www.pcworld.com/news/article/0,aid,109614,00.asp
   http://www.pcworld.com/news/article/0,aid,108859,00.asp
   http://www.paulgraham.com/spam.html
   http://www.paulgraham.com/arc.html

If you're a Microsoft Outlook user interested in another way to help
stop unsolicited email right now, I've discovered another helpful tool
you can use. Cloudmark SpamNet is an Outlook plugin that sends
information about spam back to a central network. The plugin is a
filtering and reporting tool that includes a toolbar button in your
Outlook client. When you receive new mail, the tool creates and sends
a message digest (fingerprint signature) to Cloudmark. Cloudmark
checks the message digest against the SpamNet database to see whether
the message is known to be spam. If it's known junk mail, SpamNet tags
the mail so that you can filter it into a spam folder. If previously
unknown junk mail slips through, you can select that message and click
the SpamNet button to report the message to the SpamNet network.
SpamNet can then filter it from other users' Inboxes. I'm not sure
whether SpamNet performs checks against submitted information to
determine whether a given message truly is spam. However, the SpamNet
tool checks messages individually, so even if someone were to report
something you consider a legitimate message as spam, that wouldn't
prevent you from sending a SpamNet user another message with different
content. You can read more about how it works at the following URL.
   http://www.cloudmark.com/products/spamnet/learnmore/security.php

SpamNet is a slick idea and easy to use. But it's not the only
solution. Many similar networked solutions are available, such as
SpamAssassin and SpamCop. Plugins and scripts are available to help
you participate in those networks too. In addition, the Spam
Prevention Early Warning System (SPEWS) provides a database that
tracks known spammers and spam-friendly networks, so you can use the
database to help filter your email. The site also maintains lists of
other helpful email-filtering technologies that you might want to
consider, including spam-filtering gateways.
   http://www.spamassassin.org
   http://www.spamcop.com
   http://www.spews.org

If junk mail is a problem on your network--and I bet that it is--be
sure to check out the resources I've mentioned. They definitely help
you reduce the clutter in your Inbox and help you reduce wasted
bandwidth and disk space.

~~~~~~~~~~~~~~~~~~~~

~~~~ SPONSOR: RIPPLETECH PATCHWORKS: IMPROVE SECURITY TODAY! ~~~~
  Code Red and the Slammer virus weren't a problem for many
businesses. Why? They use PatchWorks! Many IT departments struggle
to find time for patch management, so PatchWorks makes it easy to
remotely manage and deploy security updates, hotfixes and service
packs. Plus, our proprietary database contains information from
analysts who research and test each patch. For research, software
inventory, policy enforcement and more, try PatchWorks FREE today and
increase security in your environment!
   http://list.winnetmag.com/cgi-bin3/flo/y/ePuR0CJgSH0CBw076f0AS
~~~~~~~~~~~~~~~~~~~~

2. ==== SECURITY RISKS ====
   (contributed by Ken Pfeil, ken () winnetmag com)

* UNCHECKED BUFFER IN MICROSOFT WINDOWS ME'S HELP AND SUPPORT CENTER
   A new vulnerability exists in the Windows Me Help and Support
Center that could result in the execution of arbitrary code on the
vulnerable system. This vulnerability stems from an unchecked buffer
in the URL Handler used for the "hcp://" prefix. A potential attacker
could exploit this vulnerability by constructing a URL that, when the
user clicks on it, executes code of the attacker's choice in the
context of Local Computer on the vulnerable system.
   http://www.secadministrator.com/articles/index.cfm?articleid=38197

3. ==== ANNOUNCEMENTS ====
   (brought to you by Windows & .NET Magazine and its partners)

* JOIN THE HP & MICROSOFT NETWORK STORAGE SOLUTIONS ROAD SHOW!
    Now is the time to start thinking of storage as a strategic weapon
in your IT arsenal. Come to our 10-city Network Storage Solutions Road
Show, and learn how existing and future storage solutions can save
your company money--and make your job easier! There is no fee for this
event, but space is limited. Register today!
   http://list.winnetmag.com/cgi-bin3/flo/y/ePuR0CJgSH0CBw07cD0Ad

* START YOUR SPRING TRAINING WITH WINDOWS & .NET MAGAZINE WEB
SEMINARS!
   March is a great time to strengthen your knowledge of security and
Active Directory. Register today for one of our Web seminars, and find
out what our experts know that could be saving you hours of time and
your company bundles of money. Sign up now!
   http://list.winnetmag.com/cgi-bin3/flo/y/ePuR0CJgSH0CBw02lB0Af

4. ==== SECURITY ROUNDUP ====

* NEWS: SECURING WINDOWS 2000 SERVER GUIDE NOW AVAILABLE
   Microsoft's Solutions for Security team has released a new guide,
"Securing Windows 2000 Server." The guide, published February 17,
consists of 11 chapters of information and includes three supplemental
guides for testing, delivery, and support readiness.
   http://www.secadministrator.com/articles/index.cfm?articleid=38162

* NEWS: MICROSOFT TRUSTWORTHY COMPUTING ACADEMIC ADVISORY BOARD
   Microsoft has formed an academic advisory board to assist the
company with its Trustworthy Computing initiative. The board consists
of 14 people from various US and European universities. The board's
purpose is to create a think tank of academic opinion regarding
Microsoft's ideas for better Windows security.
   http://www.secadministrator.com/articles/index.cfm?articleid=38143

* NEWS: WINDOWS RIGHTS MANAGEMENT SERVICES FOR WINDOWS 2003
   Microsoft announced that new Rights Management Service (RMS) will
be included in Windows Server 2003. RMS will help companies secure
internal business information such as reports and other documents.
Microsoft said that RMS will let applications such as email clients,
word processors, and information portals be built so that
administrators can assign digital rights that control who has access
to information and the type of access a user has.
   http://www.secadministrator.com/articles/index.cfm?articleid=38142

* FEATURE: SNORT MADE EASY
   Snort is a free tool that's often described as a virus scanner for
network packets. Snort has three modes: network sniffer, network
packet logger, and network intrusion detector. Snort is perfect for
detecting Denial of Service (DoS) attacks, fragmentation attacks, Code
Red infiltration, and Microsoft SQL Server injection attacks.
Originally written by Martin Roesch in 1998 for his personal use,
Snort enjoys a large open-source-community support system. To learn
how to implement Snort, see Roger A. Grimes' article on our Web site.
   http://www.secadministrator.com/articles/index.cfm?articleid=37789

5. ==== HOT RELEASES (ADVERTISEMENTS) ====

* eTOKEN USB-BASED 2-FACTOR AUTHENTICATION
   eToken from Aladdin offers simple, reliable and affordable 2-factor
authentication for secure network logon, VPN access, web access,
e-mail, and PC security. No reader or server required to securely
store users' passwords, keys, and certificates.
   http://list.winnetmag.com/cgi-bin3/flo/y/ePuR0CJgSH0CBw076g0AT

* GET A FREE "RIO RIOT" MP3 PLAYER!
   Close the gap on email predators with Sybari's Antigen! Go to
http://list.winnetmag.com/cgi-bin3/flo/y/ePuR0CJgSH0CBw076h0AU to 
register for an Antigen web demo and automatically get entered to win 
an MP3 player! Attend the demo by March 25th, and get a free t-shirt!

6. ==== INSTANT POLL ====
 
* RESULTS OF PREVIOUS POLL: EARLY WARNING NETWORK
   The voting has closed in Windows & .NET Magazine's Security
Administrator Channel nonscientific Instant Poll for the question, "Do
you participate in an 'early warning' network that gathers forensic
information from firewall and Intrusion Detection System (IDS) logs?"
Here are the results from the 122 votes.
   - 11% Yes--DShield.org
   -  5% Yes--Symantec DeepSight Analyzer
   -  0% Both of the above
   - 15% Other
   - 69% No
 
* NEW INSTANT POLL: SPAM FILTERING
   The next Instant Poll question is, "Do you participate in a
spam-filtering network?" Go to the Security Administrator Channel home
page and submit your vote for a) Yes--SpamAssassin, b) Yes--SpamNet,
c) Yes--SpamCop, d) Yes--Other, or e) No.
   http://www.secadministrator.com

7. ==== SECURITY TOOLKIT ====

* VIRUS CENTER
   Panda Software and the Windows & .NET Magazine Network have teamed
to bring you the Center for Virus Control. Visit the site often to
remain informed about the latest threats to your system security.
   http://www.secadministrator.com/panda

* FAQ: WHY DOES THE "THE PASSWORD IS NOT VALID" ERROR MESSAGE APPEAR 
WHEN I LOG ON TO WINDOWS XP'S RECOVERY CONSOLE (RC), EVEN THOUGH I 
ENTER THE CORRECT PASSWORD?
   ( contributed by John Savill, http://www.windows2000faq.com )

A. This error message might appear if you originally installed XP from
a Sysprep image or if you ran Sysprep 2.0 on the computer at one time.
Sysprep.exe changes the way the registry stores password keys. As a
result, these changes aren't compatible with the XP RC logon routine.
To resolve this problem, follow the instructions in the Microsoft
article "'The Password Is Not Valid' Error Message Appears When You
Log On to Recovery Console in Windows XP."
   http://support.microsoft.com/?kbid=308402

8. ==== NEW AND IMPROVED ====
   (contributed by Sue Cooper, products () winnetmag com)

* PREVENT VIRAL REINFECTIONS
   Global Hauri announced ViRobot Management Server (VMS) 2.7, a
client/server antivirus management application that goes beyond
quarantining by destroying most viruses and preventing reinfection.
When a virus is detected in your network, VMS tracks the infection
route to locate the source of the infection. It monitors the clients'
status 24 hours a day, gathering data and providing the latest virus
definition files through its server-based daemon. VMS 2.7 supports all
Windows platforms and carries the Designed for Windows XP
certification. Contact Global Hauri at 408-232-5463 or
sales () globalhauri com.
   http://www.globalhauri.com

* SUBMIT TOP PRODUCT IDEAS
   Have you used a product that changed your IT experience by saving
you time or easing your daily burden? Do you know of a terrific
product that others should know about? Tell us! We want to write about
the product in a future What's Hot column. Send your product
suggestions to whatshot () winnetmag com.

9. ==== HOT THREAD ====

* WINDOWS & .NET MAGAZINE ONLINE FORUMS
   http://www.winnetmag.com/forums

Featured Thread: Policy Propagation Errors with AD
   (Three messages in this thread)

A user writes that he's constantly receiving an event log item with
event ID 1000 and event ID 1202, with an error code "-536870656," and
he can't find any way to fix the problem. He writes that all clients
on his network receive the same error message and that his domain
policy isn't propagating down to any workstations or servers in any of
his organizational units (OUs) in Active Directory (AD). He wants to
know whether anyone understands what the error code means and how to
fix the problem. Lend a hand or read the responses:
   http://www.winnetmag.com/forums/rd.cfm?cid=42&tid=54943

10. ==== CONTACT US ====
   Here's how to reach us with your comments and questions:

* ABOUT IN FOCUS -- mark () ntsecurity net

* ABOUT THE NEWSLETTER IN GENERAL -- letters () winnetmag com (please
mention the newsletter name in the subject line)

* TECHNICAL QUESTIONS -- http://www.winnetmag.com/forums

* PRODUCT NEWS -- products () winnetmag com

* QUESTIONS ABOUT YOUR SECURITY UPDATE SUBSCRIPTION? Customer
Support -- securityupdate () winnetmag com

* WANT TO SPONSOR SECURITY UPDATE? emedia_opps () winnetmag com

********************

   This email newsletter is brought to you by Security Administrator,
the print newsletter with independent, impartial advice for IT
administrators securing a Windows 2000/Windows NT enterprise.
Subscribe today!
   http://www.secadministrator.com/sub.cfm?code=saei25xxup

   Receive the latest information about the Windows and .NET topics of
your choice. Subscribe to our other FREE email newsletters.
   http://www.winnetmag.com/email

|-+-|-+-|-+-|-+-|-+-|

Thank you for reading Security UPDATE.

MANAGE YOUR ACCOUNT
   You can manage your entire Windows & .NET Magazine Network email
newsletter account on our Web site. Simply log on and you can change
your email address, update your profile information, and subscribe or
unsubscribe to any of our email newsletters all in one place.
   http://www.winnetmag.com/email

Thank you!
__________________________________________________________
Copyright 2003, Penton Media, Inc.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.
Previous By Date Next
Previous By Thread Next

Current thread: