Foundstone Labs to Release Absolutely FREE Tool
From: James Foster (James.Foster_at_FOUNDSTONE.COM)
Date: 10/17/03
- Previous message: Russ: "Problems with Hyperion and MS03-045"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 17 Oct 2003 07:45:24 -0700 To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
One liner: Our free tool, MessengerScan, is available for free download
at www.foundstone.com <http://www.foundstone.com/>
Some questions that may be running through your head...
Is there a witty name for this new fancy tool?
Yes, of course - the name follows our proprietary tool naming schema:
Foundstone MessengerScan v1.05. :-)
Do you take credit card payments for MessengerScan? $5000/IP right?
NO! This tool is actually completely free. That's right, you have the
ability to scan and potentially fix all of your vulnerable systems.
Want to scan your Class C, better yet how about your Class A address
space for absolutely nothing - sure, no problem. It's just too bad we
don't have any television airtime to emphasize how free this tool really
is. Additionally, this software is yours to keep. You have the ability
to download it, store it on your computer and execute it on your systems
in any fashion of your choosing. We'd hate for you to confuse this with
a free Web-based scan of your systems.
Will MessengerScan change my screensaver to reflect the title of the
latest Ben and J.Lo flick?
Unfortunately not. MessengerScan provides you with the ability to
remotely determine if your W2k, XP, or 2k3 boxes are vulnerable - en
masse and quickly. This does not require any crazy credentials nor
special access to the system. If the system is vulnerable and provided
you are indeed an administrator with the credentials to prove it, we
will provide you with the ability to shutdown and disable the Messenger
service. Initially, we only permitted the tool to shutdown the service
but soon figured that unknowing users would probably reboot their
systems at some point and end up in the same vulnerable state. As to
take some fun out of trying to figure out what we are doing behind the
scenes, we use Microsoft's Windows Management Instrumentation (WMI) on
the remote systems to implement these protective measures. WMI is one of
Microsoft's management systems for providing control over remote
systems. More information on WMI can be found at:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/scrip
tcenter/scrguide/sas_wmi_aemq.asp
It is uber important as an administrator to first ensure you do not use
or need the Messenger service within your organization before disabling
it.
How fast is it?
Fast is a relative term but we have implemented a 64 count thread pool
and as long as you scan over 64 IP addresses you will max out your
current number of allowed threads. In addition we use straight TCP
connects so give it a go and test it for yourself.
Is it perfect?
No - like us, the tool is not quite perfect. Currently it will identify
vulnerable services running on Windows 2000, Windows XP, and Windows
2003. Expect a new release of MessengerScan, probably named
MessengerScanv1.06 or MessengerScanv2.0 (if we get really excited) when
we have finished identifying and validating an accurate method for
remotely detecting vulnerable NT 4.0 systems running the Messenger
service without authentication creds.
How many colors does the tool come in?
Well the first version only comes in "Microsoft Windows gray" but it
does have a Windows GUI. Enough said.
Does it patch the system for me?
No.
Wow! How did Foundstone Labs find all of these vulnerabilities so
quickly?
Just so everyone is clear, we did not find any of these bugs nor are we
claiming to have done so. Re-iteration: Foundstone did not initially
find nor release any of the vulnerabilities Microsoft announced on
October 15, 2003; however, we have researched each of them in depth over
the past 48 hours. This research has enabled Foundstone Labs to write
vulnerability scripts for each of the seven MSFT vulnerabilities
released this week. While identifying new vulnerabilities is interesting
and somewhat challenging, a conscious decision was made in 2003 by
Foundstone and Foundstone Labs to focus the majority of our efforts and
resources on creating outstanding technology, protecting customers, and
researching innovative technologies. Awards received from Network
Computing and eWeek in combination with positive customer feedback have
substantiated our efforts, and we continue to stand behind our decision.
What is the Foundstone Challenge?
There are numerous common misconceptions about Foundstone's product
suite. We realize that most companies already have in-house or
outsourced vulnerability assessment and management solutions. In an
effort to show the world our technological advantage, we are continuing
to offer free 21 day trials of our Managed Service and Foundstone
Professional software. Foundstone encourages you to sign up for our
program and put us and our technology to the test in your environment.
Our website is www.foundstone.com <http://www.foundstone.com/>
"Greetz, Props, and L8r's" never really caught on for me so I'll stick
with the good old fashion and preppy... Regards and have a great day.
-Foster
...
James C. Foster
Director, Research and Development
Foundstone, Inc.
Strategic Security
949.297.5600 Tel
949.463.3373 Mobile
949.297.5575 Fax
http://www.foundstone.com <http://www.foundstone.com/>
software | services | education
This email may contain confidential and privileged information for the
sole use of the intended recipient. Any review or distribution by others
is strictly prohibited. If you are not the intended recipient, please
contact the sender and delete all copies of this message. Thank you.
---- NTBugtraq subscribers save $103.00 off the TICSA exam by using promo code "NT1003" when registering to take the TICSA exam at www.2test.com. Prove to your employer and peers that you have the knowledge and abilities to be an active stakeholder in today's enterprise security. Become TICSA certified www.trusecure.com/ticsa. Promotion expires 12/31/03 and cannot be used in combination with other offers. ----
- Previous message: Russ: "Problems with Hyperion and MS03-045"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
