SecurityFocus Microsoft Newsletter #65
From: Marc Fossi (mfossi@securityfocus.com)Date: 12/17/01
- Previous message: Matt.Carpenter@alticor.com: "Re: question regarding SAM file / l0phtcrack / pwdump2"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 17 Dec 2001 15:25:58 -0700 (MST) From: Marc Fossi <mfossi@securityfocus.com> To: Focus-MS <focus-ms@securityfocus.com>
SecurityFocus Microsoft Newsletter #65
--------------------------------------
This Issue is Sponsored by VeriSign - The Internet Trust Company
Get VeriSign's FREE Guide to learn how to digitally padlock your code.
Sign your ActiveX controls, .cab files, jar files, HTML content, Visual
Basic code and Microsoft 2000 .doc files with a VeriSign Software
Developer Digital ID. Go to:
Visit us at: http://www.verisign.com/cgi-bin/go.cgi?a=n094365670200000
-------------------------------------------------------------------------------
I. FRONT AND CENTER
1. Advertising Information
2. Incident Management with Law Enforcement
3. White House CyberSecurity - Jobs, Research, and Rhetoric, but...
II. MICROSOFT VULNERABILITY SUMMARY
1. Microsoft Windows 2000 Internet Key Exchange DoS Vulnerability
2. Microsoft IIS False Content-Length Field DoS Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
1. NT4/NTFS File permission program? (Thread)
2. Antwort: AW: RE: strange exploit in Win2K server (Thread)
3. vpn woes (Thread)
4. Microsoft .NET, ASP.NET, and IIS - any opinions? (Thread)
5. Outlook + X-Mailer header ? (Thread)
6. AW: RE: strange exploit in Win2K server (Thread)
7. strange exploit in Win2K server (Thread)
8. Lock Computer in Win2k (Thread)
9. NT4 Phantom user after rename (Thread)
10. [RE: Microsoft .NET, ASP.NET, and IIS - any opinions?] (Thread)
11. Event log managment (Thread)
12. Logging off users (Thread)
13. VisioConference !!! (Thread)
14. Shutting an open relay and POP3 users (Thread)
15. [RE: [RE: Microsoft .NET, ASP.NET, and IIS - any opinions?...
16. IIS delegation of administration (Thread)
17. Security Note: File extensions spoofable in MSIE download...
18. Fwd: RE: Event log managment (Thread)
19. load & stress tool (Thread)
20. Security Note: File extensions spoofable in MSIE download...
21. NT/IIS decoy (Thread)
22. Remote tool (Thread)
23. Restricting users logging on more than once. (Thread)
24. Windows hack for Web-surfing privacy (Thread)
25. SecurityFocus Microsoft Newsletter #64 (Thread)
26. Restrict the ability to rename the local administrator account...
27. Restricting user login times with Win2K (Thread)
28. Forensic Acquisition (win2K) - more (Thread)
29. Mail Client (Thread)
30. Restrict the ability to rename the local administrator...
31. Cookie Killer *.bat file that you all have requested :)...
32. NT Radius server, Cisco vpn 3005, SecurID (Thread)
33. GoToMyPC service (Thread)
IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
1. HackTracer
2. ConSeal PC Firewall
3. InterceptorTM VPN
4. eTRUST Intrusion Detection
V. NEW TOOLS FOR MICROSOFT PLATFORMS
1. pcAudit
2. CryptoHeaven v1.0
3. Securepoint Firewall Server SB v2.0
4. Anubis v1.0.9
5. Lucent Orinoco Registry Encryption/Decryption v0.2b
VI. SPONSORSHIP INFORMATION
I. FRONT AND CENTER
-------------------
1. Advertising Information
Reach the LARGEST audience of security professionals with SecurityFocus
direct e-marketing NOW!
SecurityFocus is the Web's most successful security intelligence site,
with more than 200,000 unique monthly visitors (September 2001), and
growing rapidly each week. Leverage the security portal of unrivaled
credibility and influence in your next direct marketing campaign.
To find out how SecurityFocus Web marketing and opt-in email newsletter
sponsorships can drive your company's success, contact us at
adsales@securityfocus.com, or download the Advertising Kit at
http://www.securityfocus.com/about/press/adverts.shtml. To speak directly
with a customer service representative, please call +1(650) 655-6350.
2. Incident Management with Law Enforcement
by Ronald L. Mendell
Working with law enforcement may be the most interesting and challenging
part of the computer security professional's job. This article will offer
an overview of dealing with law enforcement agencies in security incident
handling. It will offer some suggestions that will help to make private
sector involvement with the cyber-police satisfactory and effective for
both sides.
http://www.securityfocus.com/infocus/1523
3. White House CyberSecurity - Jobs, Research, and Rhetoric, but Few
Results
by Richard Forno
The Cyber Security Research and Development Act was introduced into
Congress last week. While the Act is a good first step in addressing
computer security issues, it is not nearly enough.
http://www.securityfocus.com/columnists/46
II. BUGTRAQ SUMMARY
-------------------
1. Microsoft Windows 2000 Internet Key Exchange DoS Vulnerability
BugTraq ID: 3652
Remote: Yes
Date Published: Dec 07 2001 12:00A
Relevant URL:
http://www.securityfocus.com/bid/3652
Summary:
Internet Protocol Security (IPSec) provides authentication and encryption
for IP network traffic. The Internet Key Exchange (IKE) protocol is a
management protocol standard which is used with the IPSec standard. IKE
contributes to the IPSec standard by providing additional features and by
default listens on UDP port 500.
An issue exists in IKE which could cause a Windows 2000 host to stop
responding.
If a user connects to port 500 on a Windows 2000 host running IKE, and
proceeds to submit a continuous stream of packets, the target will consume
all available system resources.
A restart of the system maybe required in order to regain normal
functionality.
It should be noted that this vulnerability may be due to an underlying
issue with the UDP protocol.
2. Microsoft IIS False Content-Length Field DoS Vulnerability
BugTraq ID: 3667
Remote: Yes
Date Published: Dec 11 2001 12:00A
Relevant URL:
http://www.securityfocus.com/bid/3667
Summary:
Microsoft IIS 5.0 may be prone to a denial of service condition when sent
a specially crafted malformed HTTP GET header.
If an IIS 5.0 web server is sent a crafted HTTP GET request which contains
a falsified and excessive "Content-Length" field, it behaves in an unusual
manner. The server keeps the connection open and does not time out, but
does not respond otherwise. It is possible that this may be used to cause
a denial of service to the web server.
If this unexpected behavior can somehow be exploited to cause a denial of
service, then the server will need to be restarted to regain normal
functionality.
III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. NT4/NTFS File permission program? (Thread)
Relevant URL:
2. Antwort: AW: RE: strange exploit in Win2K server (Thread)
Relevant URL:
OF8674FB1A.7B639B53-ONC1256B21.0077ABA5@gmx.net&threads=1">http://www.securityfocus.com/cgi-bin/archive.pl?id=88&mid=OF8674FB1A.7B639B53-ONC1256B21.0077ABA5@gmx.net&threads=1
3. vpn woes (Thread)
Relevant URL:
0b00010a@lauradominion.com&threads=1">http://www.securityfocus.com/cgi-bin/archive.pl?id=88&mid=004601c1843d$8a373570$0b00010a@lauradominion.com&threads=1
4. Microsoft .NET, ASP.NET, and IIS - any opinions? (Thread)
Relevant URL:
3A3270D7DF18D51195FA00508BCF46EA0287057E@MSGMRO570NTS.fmr.com&threads=1">http://www.securityfocus.com/cgi-bin/archive.pl?id=88&mid=3A3270D7DF18D51195FA00508BCF46EA0287057E@MSGMRO570NTS.fmr.com&threads=1
5. Outlook + X-Mailer header ? (Thread)
Relevant URL:
6. AW: RE: strange exploit in Win2K server (Thread)
Relevant URL:
NCBBKCBGJMHDGIIJPEBDKEKODHAA.florian.duerr@dimensionx.ch&threads=1">http://www.securityfocus.com/cgi-bin/archive.pl?id=88&mid=NCBBKCBGJMHDGIIJPEBDKEKODHAA.florian.duerr@dimensionx.ch&threads=1
7. strange exploit in Win2K server (Thread)
Relevant URL:
EKEIJMECHELIFJCAOFHGKEIBEEAA.Ken@infosec101.org&threads=1">http://www.securityfocus.com/cgi-bin/archive.pl?id=88&mid=EKEIJMECHELIFJCAOFHGKEIBEEAA.Ken@infosec101.org&threads=1
8. Lock Computer in Win2k (Thread)
Relevant URL:
OFA1839152.8A88F729-ON41256B21.0058567C@perscorp.com&threads=1">http://www.securityfocus.com/cgi-bin/archive.pl?id=88&mid=OFA1839152.8A88F729-ON41256B21.0058567C@perscorp.com&threads=1
9. NT4 Phantom user after rename (Thread)
Relevant URL:
10. [RE: Microsoft .NET, ASP.NET, and IIS - any opinions?] (Thread)
Relevant URL:
HAELKPKBDOEDHAFLOBLCKEILCEAA.tracy@arisiasoft.com&threads=1">http://www.securityfocus.com/cgi-bin/archive.pl?id=88&mid=HAELKPKBDOEDHAFLOBLCKEILCEAA.tracy@arisiasoft.com&threads=1
11. Event log managment (Thread)
Relevant URL:
DBC363EA37C5D311823A00508BCF2A6A096998FF@seamail.ssofa.com&threads=1">http://www.securityfocus.com/cgi-bin/archive.pl?id=88&mid=DBC363EA37C5D311823A00508BCF2A6A096998FF@seamail.ssofa.com&threads=1
12. Logging off users (Thread)
Relevant URL:
221e060a@lauradominion.com&threads=1">http://www.securityfocus.com/cgi-bin/archive.pl?id=88&mid=009d01c18400$831ae990$221e060a@lauradominion.com&threads=1
13. VisioConference !!! (Thread)
Relevant URL:
14. Shutting an open relay and POP3 users (Thread)
Relevant URL:
15. [RE: [RE: Microsoft .NET, ASP.NET, and IIS - any opinions?]] (Thread)
Relevant URL:
20011213190216.29765.qmail@cpdvg202.cms.usa.net&threads=1">http://www.securityfocus.com/cgi-bin/archive.pl?id=88&mid=20011213190216.29765.qmail@cpdvg202.cms.usa.net&threads=1
16. IIS delegation of administration (Thread)
Relevant URL:
B1ABB45947C9D3119DAF009027AF951E3CCB58@ntgroup.Stanford.EDU&threads=1">http://www.securityfocus.com/cgi-bin/archive.pl?id=88&mid=B1ABB45947C9D3119DAF009027AF951E3CCB58@ntgroup.Stanford.EDU&threads=1
17. Security Note: File extensions spoofable in MSIE download dialog (Thread)
Relevant URL:
18. Fwd: RE: Event log managment (Thread)
Relevant URL:
F227XeRgSrIyklxDqRQ0000147c@hotmail.com&threads=1">http://www.securityfocus.com/cgi-bin/archive.pl?id=88&mid=F227XeRgSrIyklxDqRQ0000147c@hotmail.com&threads=1
19. load & stress tool (Thread)
Relevant URL:
LAW2-F136HZAPZQPKv40000181a@hotmail.com&threads=1">http://www.securityfocus.com/cgi-bin/archive.pl?id=88&mid=LAW2-F136HZAPZQPKv40000181a@hotmail.com&threads=1
20. Security Note: File extensions spoofable in MSIE download dia log (Thread)
Relevant URL:
Pine.LNX.4.43.0112121316000.7769-100000@abalone.zerobelow.org&threads=1">http://www.securityfocus.com/cgi-bin/archive.pl?id=88&mid=Pine.LNX.4.43.0112121316000.7769-100000@abalone.zerobelow.org&threads=1
21. NT/IIS decoy (Thread)
Relevant URL:
22. Remote tool (Thread)
Relevant URL:
TFSFULQL@rezayat.com.sa&threads=1">http://www.securityfocus.com/cgi-bin/archive.pl?id=88&mid=TFSFULQL@rezayat.com.sa&threads=1
23. Restricting users logging on more than once. (Thread)
Relevant URL:
EADFBDB7ACFB85489BC59B94CC2504AA019C6C@campustoo.eaifhe.ac.uk&threads=1">http://www.securityfocus.com/cgi-bin/archive.pl?id=88&mid=EADFBDB7ACFB85489BC59B94CC2504AA019C6C@campustoo.eaifhe.ac.uk&threads=1
24. Windows hack for Web-surfing privacy (Thread)
Relevant URL:
6400030a@seifried.org&threads=1">http://www.securityfocus.com/cgi-bin/archive.pl?id=88&mid=003501c181c7$c11a8420$6400030a@seifried.org&threads=1
25. SecurityFocus Microsoft Newsletter #64 (Thread)
Relevant URL:
Pine.GSO.4.30.0112101144570.24242-100000@mail.securityfocus.com&threads=1">http://www.securityfocus.com/cgi-bin/archive.pl?id=88&mid=Pine.GSO.4.30.0112101144570.24242-100000@mail.securityfocus.com&threads=1
26. Restrict the ability to rename the local administrator account (Thread)
Relevant URL:
20011210092224.29127.qmail@mail.securityfocus.com&threads=1">http://www.securityfocus.com/cgi-bin/archive.pl?id=88&mid=20011210092224.29127.qmail@mail.securityfocus.com&threads=1
27. Restricting user login times with Win2K (Thread)
Relevant URL:
0b00010a@lauradominion.com&threads=1">http://www.securityfocus.com/cgi-bin/archive.pl?id=88&mid=023901c18106$8b2502d0$0b00010a@lauradominion.com&threads=1
28. Forensic Acquisition (win2K) - more (Thread)
Relevant URL:
KDECIJFLJNLKJDIAEKFFEEDNCDAA.vishal.pranjale@paladion.net&threads=1">http://www.securityfocus.com/cgi-bin/archive.pl?id=88&mid=KDECIJFLJNLKJDIAEKFFEEDNCDAA.vishal.pranjale@paladion.net&threads=1
29. Mail Client (Thread)
Relevant URL:
http://www.securityfocus.com/cgi-bin/archive.pl?id=88&mid=28661843.1007747738@[172.18.60.14]&threads=1
30. Restrict the ability to rename the local administrator accoun t (Thread)
Relevant URL:
499DC368E25AD411B3F100902740AD6505B2B0D6@xrose03.rose.hp.com&threads=1">http://www.securityfocus.com/cgi-bin/archive.pl?id=88&mid=499DC368E25AD411B3F100902740AD6505B2B0D6@xrose03.rose.hp.com&threads=1
31. Cookie Killer *.bat file that you all have requested :) (Thread)
Relevant URL:
OFE06B4070.B188E036-ON85256B1B.0059500F@southtec.com&threads=1">http://www.securityfocus.com/cgi-bin/archive.pl?id=88&mid=OFE06B4070.B188E036-ON85256B1B.0059500F@southtec.com&threads=1
32. NT Radius server, Cisco vpn 3005, SecurID (Thread)
Relevant URL:
OF82C5691A.36092251-ON85256B1B.0055BF73@soups.com&threads=1">http://www.securityfocus.com/cgi-bin/archive.pl?id=88&mid=OF82C5691A.36092251-ON85256B1B.0055BF73@soups.com&threads=1
33. GoToMyPC service (Thread)
Relevant URL:
20011207151435.32037.qmail@web20301.mail.yahoo.com&threads=1">http://www.securityfocus.com/cgi-bin/archive.pl?id=88&mid=20011207151435.32037.qmail@web20301.mail.yahoo.com&threads=1
IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
----------------------------------------
1. HackTracer
by Sharp Technology
Platforms: Windows 95/98, Windows NT, Windows 2000
Relevant URL:
http://www.sharptechnology.com/bh-cons.htm
Summary:
HackTracerTM by Sharp Technology, is the first-of-its-kind intrusion
detection application that "tracks the hacker"! Designed to reside on a
stand-alone home or office PC, HackTracer works in the background, keeping
a constant watch for attempts to "hack" into your system. After
HackTracerTM is installed your computer is effectively 'stealthed'. Any
attempts at pinging or portscanning will receive no response. Unsolicted
UDP packets will not get through; unsolicited TCP connections will receive
no response. The computer cannot be detected from outside. Email, web
browsing, streaming media, ICQ and so on will still work normally.
2. ConSeal PC Firewall
by Signal 9 Solutions
Platforms: Windows 95/98, Windows NT
Relevant URL:
http://www.signal9.com/products/pcfirewall/pcfwintro.html
Summary:
A personal firewall for Windows 95/98 and Windows NT 3.51 and 4.0 that
stops network attacks and provides complete peace of mind and control over
your desktop system.
3. InterceptorTM VPN
by Technologic
Platforms: Windows NT
Relevant URL:
http://www.tlogic.com/vpn/vpn.htm
Summary:
Technologic uses industry-standard SKIP (Simple Key-management for
Internet Protocols) technology for creating VPNs. This technology is based
on emerging IPSEC (Internet Protocol Security) standards developed by the
Internet Engineering Task Force (IETF). SKIP was developed by Sun
Microsystems and is also a proposed internet standard. VPN allows you to
implement remote-office or remote-user VPNs and supports dynamic IP
addresses. Because our VPN solution is based on industry standards, you
can build VPNs with other vendors who support SKIP, such as Sun
Microsystems, Elvis and Check Point. Interceptor VPN supports unsigned
Diffle-Helman (UDH) certificates, MD5 authentication, and these encryption
algorithms: DES-CBC, DES-EDE-K3, triple-DES, RC2 (40 bit), RC4 (40 bit),
Safer 128 SK-CBC. We support "trusted (or routed) VPN" and "untrusted (or
proxied) VPN." We use network-level encryption which can support any IP
protocol. Interceptor supports dynamic client IP addresses.
4. eTRUST Intrusion Detection
by Computer Associates International, Inc.
Platforms: Windows 95/98, Windows NT, Windows 2000
Relevant URL:
http://www.cai.com/solutions/enterprise/etrust/intrusion_detection/
Summary:
eTrust Intrusion Detection delivers network protection including
protection against the deployment and execution of Distributed Denial of
Service attacks — an essential capability at a time when networks are
susceptible to an increasingly sophisticated array of attacks. A truly
comprehensive solution, eTrust Intrusion Detection includes an integrated
anti-virus engine with automatic signature updates. This powerful solution
takes the "detect, alert, prevent" approach to safeguarding your network —
providing realtime, non-intrusive detection, policy-based alerts, and
automatic prevention.
V. NEW TOOLS FOR MICROSOFT PLATFORMS
------------------------------------
1. pcAudit
by Internet Security Alliance
Relevant URL:
http://www.isa-llc.com/downloads/audit.php
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Summary:
pcAudit is a security evaluation program, for personal computers,
developed by Internet Security Alliance, to allow any PC user to determine
whether their personal computer is vulnerable to outside intruders. This
might be the case even if you are behind a corporate or a personal
firewall.
2. CryptoHeaven v1.0
by CryptoHeaven Development Team
Relevant URL:
http://www.cryptoheaven.com/Download/Download.htm
Platforms: UNIX, Windows 2000, Windows 95/98, Windows NT, Windows XP
Summary:
Intended for individuals in need of high security working in groups. It is
a secure online system integrating multi-user based security into email,
instant messaging, file sharing and online file storage in one unique
package. Provides real time communication for text and data transfers in a
multi user secure environment.
3. Securepoint Firewall Server SB v2.0
by Lutz Hausmann, lutz.hausmann@linkx.de
Relevant URL:
http://www.securepoint.cc/download.htm
Platforms: Linux, Windows 2000, Windows 95/98, Windows NT
Summary:
The Securepoint Firewall Server is a high-performance, commercial-grade
application designed to offer full protection for network assets. The
Securepoint is a complete software system with an operation system, based
on a secure Linux. You can use the firewall on a standard PC with two or
three network cards, and is easy to install and administer.
4. Anubis v1.0.9
by The Anubis Team ghostface@lodz.pdi.net
Relevant URL:
http://www.geocities.com/jolpkow/
Platforms: Linux, Windows 2000, Windows 95/98, Windows NT
Summary:
Anubis is an anonymous email sender for Unix, BeOS, Win32, and AmigaOS. It
supports WinGates, encrypted TLS/SSL connections, remailers, anonymous
news posting, and more.
5. Lucent Orinoco Registry Encryption/Decryption v0.2b
by Anders Ingeborn, ingeborn@ixsecurity.com
Relevant URL:
http://www.cqure.net/tools03.html
Platforms: Windows 2000, Windows 95/98, Windows NT
Summary:
Lucent Orinoco Client Manager stores SSID and WEP secret for all known
profiles in the Windows registry. The WEP secret is encrypted and the
algorithm is not, as far as we know and up until today, publicly
documented.
VI. SPONSORSHIP INFORMATION
---------------------------
This Issue is Sponsored by VeriSign - The Internet Trust Company
Get VeriSign's FREE Guide to learn how to digitally padlock your code.
Sign your ActiveX controls, .cab files, jar files, HTML content, Visual
Basic code and Microsoft 2000 .doc files with a VeriSign Software
Developer Digital ID. Go to:
Visit us at: http://www.verisign.com/cgi-bin/go.cgi?a=n094365670200000
-------------------------------------------------------------------------------
- Previous message: Matt.Carpenter@alticor.com: "Re: question regarding SAM file / l0phtcrack / pwdump2"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
