SecurityFocus Microsoft Newsletter #79

From: Marc Fossi (mfossi@securityfocus.com)
Date: 03/25/02


Date: Mon, 25 Mar 2002 15:51:04 -0700 (MST)
From: Marc Fossi <mfossi@securityfocus.com>
To: Focus-MS <focus-ms@securityfocus.com>

SecurityFocus Microsoft Newsletter #79
--------------------------------------
This newsletter is sponsored by SecurityFocus (www.securityfocus.com)

Attention Non-profits and Universities: Sign-up now for preferred pricing
on the only global early-warning system for cyber attacks - SecurityFocus
ARIS Threat Management System.

Click here for more info
http://www.securityfocus.com/corporate/products/pdpsection.shtml
-------------------------------------------------------------------------------

I. FRONT AND CENTER
     1. Securing Windows 2000 Communications with IP Security Filters 1
     2. Preventing and Detecting Insider Attacks Using IDS
     3. Behavior Blocking: The Next Step in Anti-Virus Protection
     4. From Joke to Alkahest
     5. Centralized Monitoring Software for Your Multi-vendor Security...
II. MICROSOFT VULNERABILITY SUMMARY
     1. BitVise WinSSHD Numerous Connections DoS Vulnerability
     2. IncrediMail Ltd. IncrediMail Known Attachment Location...
     3. Qualcomm Eudora Known File Attachment Location Vulnerability
     4. BG Guestbook Cross-Site Scripting Vulnerability
     5. Hosting Controller Weak Permissions Checking Vulnerability
     6. Microsoft MSN Messenger Message Spoofing Vulnerability
     7. Multiple Vendor JavaScript Interpreter Denial Of Service...
     8. VBulletin Cross-Site Scripting Vulnerability
     9. Multiple Vendor Java Virtual Machine Bytecode Verifier...
III. MICROSOFT FOCUS LIST SUMMARY
     1. Sub7 (SubSeven), Win2k, and IE 5.5 (Thread)
     2. Outlook/Exchange (Thread)
     3. Group Policies on OUs not Propagated (Thread)
     4. account lockout problems (Thread)
     5. Between Forest IPSec Implementation? (Thread)
     6. HFNetChk Pro vs. other means to push out updates (Thread)
     7. ISA-Server Problem (Thread)
     8. Sub7 (SubSeven), Win2k, and IE 5.5 (Thread)
     9. ISA-Server Problem (Thread)
     10. Outlook/Exchange (Thread)
     11. HFNetChk Pro vs. other means to push out updates (Thread)
     12. Between Forest IPSec Implementation? (Thread)
     13. HP Jet Direct for the Web (Thread)
     14. Free HFNetChkPro Enterprise Demo Download (Thread)
     15. AW: account lockout problems (Thread)
     16. SQL2000 and hisecweb (Thread)
     17. SQL2000 and hisecweb (Thread)
     18. Firewall or IDS (Thread)
     19. Firewall or IDS (Thread)
     20. FW: HFNetChk Pro vs. other means to push out updates (Thread)
     21. account lockout problems (Thread)
     22. SecurityFocus Microsoft Newsletter #78 (Thread)
     23. ISA server 2k AUDIO/VIDEO blocking rules problems... (Thread)
     24. limited remote access to a W2K Server (Thread)
     25. limited remote access to a W2K Server (Thread)
     26. IPC$ share issue (Thread)
     27. ISA server 2k AUDIO/VIDEO blocking rules problems... (Thread)
     28. New HFNetChk Beta available (Thread)
     29. Windows 2000 login hack: Followup (Thread)
     30. Need help with W2K/IIS 5 opening POP3 connections (Thread)
     31. Need help with W2K/IIS 5 opening POP3 connections (Thread)
     32. Windows 2000 login hack (Thread)
     33. Windows 2000 login hack (Thread)
IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
     1. CyberPatrol Web Filter
     2. SuperScout Email Filter
     3. NetSign CAC
     4. SSP XBoard-1680
V. NEW TOOLS FOR MICROSOFT PLATFORMS
     1. CryptoHeaven v1.1
     2. mod_protection v0.0.2
     3. Bouncer v1.0.RC4
     4. lcrzoex v4.06
VI. SPONSORSHIP INFORMATION

I. FRONT AND CENTER
-------------------
1. Securing Windows 2000 Communications with IP Security Filters, Part One
by Joe Klemencic

This article is the first of a two-part series that will describe the
various methods of implementing Windows 2000 IP Security filters that are
integrated with IPSEC communications. This installment will offer an
overview of IP security policies, including defining, testing, and
expanding IP security policies.

http://online.securityfocus.com/infocus/1559

2. Preventing and Detecting Insider Attacks Using IDS
by Nathan Einwechter

Shortly after lunch break, an employee angrily strides out of his
supervisor’s office, down two rows of desks, and into a single cubicle. He
slumps down into his chair and releases an exasperated sigh, as he runs
his hands through his hair in disappointment.

http://online.securityfocus.com/infocus/1558

3. Behavior Blocking: The Next Step in Anti-Virus Protection
by Carey Nachenberg

Before the arrival of the fast-spreading worm/blended threat, the staple
technology of anti-virus software – fingerprinting - arguably provided
both preventative and proactive protection against the average computer
virus. That is, in the past, vendors were able to ship new fingerprints
for most viruses before they could achieve widespread distribution. This
is because traditional viruses spread slowly - only when humans exchange
infected files - on the order of days or weeks. Consequently, in the
majority of cases, anti-virus software blocked initial infection,
preventing corporate machines from being compromised and precluding the
need for costly manual cleanup and downtime.

http://online.securityfocus.com/infocus/1557

4. From Joke to Alkahest
by George Smith

Remember when we'd call someone who believes in magic computer viruses
with supernatural powers a fool? Today, we call him Senator.

http://online.securityfocus.com/columnists/68

5. Centralized Monitoring Software for Your Multi-vendor Security
Environment

GuardedNet's neuSECURE™ is advanced enterprise security management
software that provides centralized, correlated security event monitoring,
threat analysis and incident response for your existing multi-vendor
security environment. neuSECURE correlates log data from multiple,
disparate devices, reduces false positives and facilitates investigation
so that you can dramatically reduce your response time and exposure to
attacks.

For more information about this proactive, real time security monitoring
solution, sign-up to receive our product brief at

http://www.guarded.net/securityfocus/brief.html

II. BUGTRAQ SUMMARY
-------------------
1. BitVise WinSSHD Numerous Connections DoS Vulnerability
BugTraq ID: 4300
Remote: Yes
Date Published: Mar 18 2002 12:00A
Relevant URL:
http://www.securityfocus.com/bid/4300
Summary:

SSH Secure Shell 2 is a protocol which provides a secure connection
between computers. WinSSHD is a SSH Secure Shell 2 server for Microsoft
Windows systems, and is maintained by BitVise.

An issue has been reported in WinSSHD which could allow a user to cause a
denial of service condition on a SSH Secure Shell 2 server.

Reportedly, if a user establishes an unusual number of incomplete
connections, it is possible that the SSH Secure Shell server will not
properly free up sessions which have been unexpectedly terminated, thus,
leaking nonpaged kernel memory.

This issue exists in builds of WinSSHD prior to 2002-03-16 and has
currently been successfully exploited on a Windows 2000 Server.

Successful exploitation of this issue will deny legitimate users of the
service access to desired resources. A restart of the service is required
in order to regain normal functionality.

2. IncrediMail Ltd. IncrediMail Known Attachment Location Vulnerability
BugTraq ID: 4297
Remote: Yes
Date Published: Mar 15 2002 12:00A
Relevant URL:
http://www.securityfocus.com/bid/4297
Summary:

Incredimail is an email client for Microsoft Windows based systems. It
includes support for a wide range of rich, multimedia features such as
sound, animations and backgrounds in email.

A weakness has been discovered in some versions of Incredimail. When email
is received including a file attachment, the file is automatically stored
in a predictable location on the local system. An attacker may be able to
use this knowledge to launch further attacks against the vulnerable
system.

In particular, this vulnerability may allow the execution of arbitrary
code when used in conjunction with BID 3867, Microsoft Internet Explorer
Arbitrary Program Execution Vulnerability.

3. Qualcomm Eudora Known File Attachment Location Vulnerability
BugTraq ID: 4306
Remote: Yes
Date Published: Mar 16 2002 12:00A
Relevant URL:
http://www.securityfocus.com/bid/4306
Summary:

Eudora an email client for Microsoft Windows based systems. Eudora uses
Internet Explorer to assist in the viewing of html messages if the 'Use
Microsoft Viewer' option is enabled.

A weakness has been discovered in some versions of Eudora. When email is
received including a file attachment, the file is automatically stored in
a predictable location on the local system (typically the 'Attachment'
directory). An attacker may be able to use this knowledge to launch
further attacks against the vulnerable system.

In particular, this vulnerability may allow the execution of arbitrary
code when used in conjunction with BID 3867, Microsoft Internet Explorer
Arbitrary Program Execution Vulnerability.

4. BG Guestbook Cross-Site Scripting Vulnerability
BugTraq ID: 4308
Remote: Yes
Date Published: Mar 16 2002 12:00A
Relevant URL:
http://www.securityfocus.com/bid/4308
Summary:

BG Guestbook is a freely available web application written in PHP, which
is back-ended by a MySQL database. It can display content using either
HTML or Flash. It will run on most Unix and Linux variants as well as
Microsoft Windows operating systems.

BG Guestbook does not perform sufficient validation of user-supplied
input, especially with regards to HTML tags. As a result, BG Guestbook is
prone to cross-site scripting attacks.

An attacker may inject encoded variants of HTML tags/script code into
various fields. This may enable a remote attacker to cause arbitrary
script code to be executed in the browser of a legitimate web user, in the
context of the site running the vulnerable software.

This issue is present in both the HTML and Flash versions of the
vulnerable guestbook software.

Successful exploitation may enable an attacker to steal cookie-based
authentication credentials or cause malicious content to be displayed in
the browser of a web user who views the website running the vulnerable
software.

5. Hosting Controller Weak Permissions Checking Vulnerability
BugTraq ID: 4311
Remote: Yes
Date Published: Mar 18 2002 12:00A
Relevant URL:
http://www.securityfocus.com/bid/4311
Summary:

Hosting Controller is an application which centralizes all hosting tasks
to one interface. Hosting Controller gives every user the required control
they need to manage the appropriate web site relevant to them. Hosting
Controller runs on Microsoft Windows systems.

An issue has been discovered in Hosting Controller which could allow for
the unauthorized modification of directory contents.

The 'folderactions.asp' page enables a user to create or delete files and
directories on the server. The 'file_editor.asp' page allows a user to
modify the contents of web pages.

Due to a flaw in the validation of user privileges, a request composed of
'../' sequences along with either 'folderactions.asp' or
'file_editor.asp', will allow an unauthorized user to modify, delete or
create files and directories outside of the web root.

6. Microsoft MSN Messenger Message Spoofing Vulnerability
BugTraq ID: 4316
Remote: Yes
Date Published: Mar 19 2002 12:00A
Relevant URL:
http://www.securityfocus.com/bid/4316
Summary:

Microsoft's MSN Messenger is an instant messenging client for Windows
based machines, based on the Passport system.

A vulnerability has been reported in some versions of MSN Messenger.
Reportedly, it is possible to send messages through the server such that
they appear to have originated from an arbitrary user. An attacker may be
able to use this to initate a social engineering attack, or create a
denial of service situation.

It has been reported that client to client communications occur through a
central server, and are tracked by a Session ID. This Session ID is
granted by the server to any authenticated user, without the need for
further authentication. An attacker may forge the client side of the
communication, and misuse the Session ID to transmit messages with an
arbitrary sender.

It is possible that other versions of Messenger share this vulnerability.
This has not, however, been confirmed.

7. Multiple Vendor JavaScript Interpreter Denial Of Service Vulnerability
BugTraq ID: 4322
Remote: Yes
Date Published: Mar 19 2002 12:00A
Relevant URL:
http://www.securityfocus.com/bid/4322
Summary:

A problem has been discovered in the JavaScript interpreter in numerous
web browsers which may enable a malicious webpage to cause a denial of
service to the web client. Browsers that have been tested include
Microsoft Internet Explorer, Mozilla and Opera.

It is possible to create a loop in JavaScript which is capable of crashing
the web browser. This is due to a flaw in the JavaScript interpreter for
affected web browsers.

It has been reported that on some environments (such as IE with Windows
2000) the error message generated by exploitation of this issue indicates
that a stack overflow has occurred. It is not known whether this issue may
be exploited to execute arbitrary code.

8. VBulletin Cross-Site Scripting Vulnerability
BugTraq ID: 4315
Remote: Yes
Date Published: Mar 19 2002 12:00A
Relevant URL:
http://www.securityfocus.com/bid/4315
Summary:

vBulletin is commercial web forum software written in PHP and back-ended
by a MySQL database. It will run on most Linux and Unix variants, as well
as Microsoft operating systems.

vBulletin includes functionality to allow forum users to post images in
messages. To post an image, a user simply includes a link to the image
inside of [img] tags. However, vBulletin does not adequately filter
encoded script code in image tags. As a result, it is possible for an
attacker to post a maliciously constructed forum message which contains
arbitrary script code. When the message is viewed by legitimate users of
the website, the script code will be executed in their web browser, in the
context of the website running the vulnerable software.

This may enable an attacker to steal cookie-based authentication
credentials from a legitimate user of the website running the vulnerable
software.

It is not known whether vBulletin Lite is also affected by this
vulnerability.

9. Multiple Vendor Java Virtual Machine Bytecode Verifier Vulnerability
BugTraq ID: 4313
Remote: Yes
Date Published: Mar 19 2002 12:00A
Relevant URL:
http://www.securityfocus.com/bid/4313
Summary:

Java virtual machine implementations contain a vulnerability that may
allow for malicious Java applets to escape the security sandbox.

The vulnerability is due to a data casting error. It is possible for an
applet constructed at the bytecode-level to perform an illegal casting
operation. By doing so, the security sandbox intended to limit the
operations that can be performed by an applet may be escaped. This can
result in the unrestricted execution of system-level code with the
privileges of the user running the virtual machine (possibly through a
browser).

It should be noted that this is a variant of a previously discovered
vulnerability BID 740.

IV. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. Sub7 (SubSeven), Win2k, and IE 5.5 (Thread)
Relevant URL:

http://online.securityfocus.com/archive/88/04c901c1d12a$4b256ca0$93a606d0@micheal

2. Outlook/Exchange (Thread)
Relevant URL:

Pine.LNX.4.43.0203211341360.9611-100000@abalone.zerobelow.org">http://online.securityfocus.com/archive/88/Pine.LNX.4.43.0203211341360.9611-100000@abalone.zerobelow.org

3. Group Policies on OUs not Propagated (Thread)
Relevant URL:

20020321214002.16696.qmail@mail.securityfocus.com">http://online.securityfocus.com/archive/88/20020321214002.16696.qmail@mail.securityfocus.com

4. account lockout problems (Thread)
Relevant URL:

4D52392DA347B547927BF606F53221769806BC@DENEXCH00.sarkdenver.com">http://online.securityfocus.com/archive/88/4D52392DA347B547927BF606F53221769806BC@DENEXCH00.sarkdenver.com

5. Between Forest IPSec Implementation? (Thread)
Relevant URL:

9DC8A3D37E31E043BD516142594BDDFA1781AD@MISSION.foundstone.com">http://online.securityfocus.com/archive/88/9DC8A3D37E31E043BD516142594BDDFA1781AD@MISSION.foundstone.com

6. HFNetChk Pro vs. other means to push out updates (Thread)
Relevant URL:

http://online.securityfocus.com/archive/88/8628ADFB314FD5119C390008C7E9638EE7C890@MESSENGER

7. ISA-Server Problem (Thread)
Relevant URL:

http://online.securityfocus.com/archive/88/001d01c1d100$3d3911c0$9e7ba8c0@morrow.mec

8. Sub7 (SubSeven), Win2k, and IE 5.5 (Thread)
Relevant URL:

2D91E1663BD330459B5D32C08AC4668243541A@huskirk.FATHOMTECHNOLOGY.COM">http://online.securityfocus.com/archive/88/2D91E1663BD330459B5D32C08AC4668243541A@huskirk.FATHOMTECHNOLOGY.COM

9. ISA-Server Problem (Thread)
Relevant URL:

20020321030747.3990.qmail@mail.securityfocus.com">http://online.securityfocus.com/archive/88/20020321030747.3990.qmail@mail.securityfocus.com

10. Outlook/Exchange (Thread)
Relevant URL:

Pine.LNX.4.43.0203201408390.8712-100000@abalone.zerobelow.org">http://online.securityfocus.com/archive/88/Pine.LNX.4.43.0203201408390.8712-100000@abalone.zerobelow.org

11. HFNetChk Pro vs. other means to push out updates (Thread)
Relevant URL:

http://online.securityfocus.com/archive/88/005901c1d047$8e52a1c0$8500000a@BossMan

12. Between Forest IPSec Implementation? (Thread)
Relevant URL:

6400020a@seifried.org">http://online.securityfocus.com/archive/88/002e01c1d03e$b7f63400$6400020a@seifried.org

13. HP Jet Direct for the Web (Thread)
Relevant URL:

87c62782@lsu.edu">http://online.securityfocus.com/archive/88/03aa01c1d020$7b68a130$87c62782@lsu.edu

14. Free HFNetChkPro Enterprise Demo Download (Thread)
Relevant URL:

3C9865A1.B525009@MyPhrozen.com">http://online.securityfocus.com/archive/88/3C9865A1.B525009@MyPhrozen.com

15. AW: account lockout problems (Thread)
Relevant URL:

0C093F926D5FC74AA46CC1924FE8B1C3062B4F@mail1.md.ltg.de">http://online.securityfocus.com/archive/88/0C093F926D5FC74AA46CC1924FE8B1C3062B4F@mail1.md.ltg.de

16. SQL2000 and hisecweb (Thread)
Relevant URL:

NNEBJFHDANCHAOPILDFICEKCCGAA.DeanSub@ev1.net">http://online.securityfocus.com/archive/88/NNEBJFHDANCHAOPILDFICEKCCGAA.DeanSub@ev1.net

17. SQL2000 and hisecweb (Thread)
Relevant URL:

http://online.securityfocus.com/archive/88/00c501c1cf87$b4173940$c8b3dec7@baserem2

18. Firewall or IDS (Thread)
Relevant URL:

OFEPIIBCPHNHOMCPOOPDMEEGGMAA.rstefano@echelonsystems.com">http://online.securityfocus.com/archive/88/OFEPIIBCPHNHOMCPOOPDMEEGGMAA.rstefano@echelonsystems.com

19. Firewall or IDS (Thread)
Relevant URL:

1600010a@lauradominion.com">http://online.securityfocus.com/archive/88/037b01c1cf73$a46d26d0$1600010a@lauradominion.com

20. FW: HFNetChk Pro vs. other means to push out updates (Thread)
Relevant URL:

5D725C356724D111BED400A0C96FA83D054DB543@admin1.umaryland.edu">http://online.securityfocus.com/archive/88/5D725C356724D111BED400A0C96FA83D054DB543@admin1.umaryland.edu

21. account lockout problems (Thread)
Relevant URL:

OGEMJNDMJGBPEFPJENIOIENOCAAA.ntbug2000@yahoo.com">http://online.securityfocus.com/archive/88/OGEMJNDMJGBPEFPJENIOIENOCAAA.ntbug2000@yahoo.com

22. SecurityFocus Microsoft Newsletter #78 (Thread)
Relevant URL:

Pine.LNX.4.43.0203181730370.6614-100000@mail.securityfocus.com">http://online.securityfocus.com/archive/88/Pine.LNX.4.43.0203181730370.6614-100000@mail.securityfocus.com

23. ISA server 2k AUDIO/VIDEO blocking rules problems... (Thread)
Relevant URL:

9D884881F5E1F24FB845967851720FC302C8DD8C@red-msg-12.redmond.corp.microsoft.com">http://online.securityfocus.com/archive/88/9D884881F5E1F24FB845967851720FC302C8DD8C@red-msg-12.redmond.corp.microsoft.com

24. limited remote access to a W2K Server (Thread)
Relevant URL:

99DA073EAC4CD4118039001083F91D4BBEE00B@orlexchange01.curascript.com">http://online.securityfocus.com/archive/88/99DA073EAC4CD4118039001083F91D4BBEE00B@orlexchange01.curascript.com

25. limited remote access to a W2K Server (Thread)
Relevant URL:

E7EAF01D6CD3D411938F00508BAF919B0504678B@simail17.server.bosch.com">http://online.securityfocus.com/archive/88/E7EAF01D6CD3D411938F00508BAF919B0504678B@simail17.server.bosch.com

26. IPC$ share issue (Thread)
Relevant URL:

http://online.securityfocus.com/archive/88/000c01c1cd38$a6776630$0100a8c0@jackass

27. ISA server 2k AUDIO/VIDEO blocking rules problems... (Thread)
Relevant URL:

http://online.securityfocus.com/archive/88/02031621513601.01578@localhost.localdomain

28. New HFNetChk Beta available (Thread)
Relevant URL:

C3729BBB6099B344834634EC67DE4AE104D234B6@red-msg-01.redmond.corp.microsoft.com">http://online.securityfocus.com/archive/88/C3729BBB6099B344834634EC67DE4AE104D234B6@red-msg-01.redmond.corp.microsoft.com

29. Windows 2000 login hack: Followup (Thread)
Relevant URL:

1016228688.559a1ff9prrthd@myrealbox.com">http://online.securityfocus.com/archive/88/1016228688.559a1ff9prrthd@myrealbox.com

30. Need help with W2K/IIS 5 opening POP3 connections (Thread)
Relevant URL:

821701123E340F4CA3BC2436AE50FAAE078AAB@reoexc01.emea.cpqcorp.net">http://online.securityfocus.com/archive/88/821701123E340F4CA3BC2436AE50FAAE078AAB@reoexc01.emea.cpqcorp.net

31. Need help with W2K/IIS 5 opening POP3 connections (Thread)
Relevant URL:

F1553fk6UesrKv05jeI00017f9a@hotmail.com">http://online.securityfocus.com/archive/88/F1553fk6UesrKv05jeI00017f9a@hotmail.com

32. Windows 2000 login hack (Thread)
Relevant URL:

D503BBD92FE9D2118A010008C75F644812F3AFFE@usnssexc20.us.kworld.kpmg.com">http://online.securityfocus.com/archive/88/D503BBD92FE9D2118A010008C75F644812F3AFFE@usnssexc20.us.kworld.kpmg.com

33. Windows 2000 login hack (Thread)
Relevant URL:

F68xxqeyWzoNjC0k8KA0001ee79@hotmail.com">http://online.securityfocus.com/archive/88/F68xxqeyWzoNjC0k8KA0001ee79@hotmail.com

IV.NEW PRODUCTS FOR MICROSOFT PLATFORMS
----------------------------------------
1. CyberPatrol Web Filter
by SurfControl
Platforms: Windows 95/98, Windows NT, Windows 2000, MacOS
Relevant URL:
http://www.surfcontrol.com/home/products/cyber_patrol_web.asp
Summary:

CyberPatrol is filtering software that lets you control access to the
Internet (Web sites, newsgroups, and IRC chat) and to applications on your
computer. You set up filtering options as desired to control when, where,
how, and to whom access is blocked or allowed.

2. SuperScout Email Filter
by SurfControl
Platforms: Windows 95/98, Windows NT, Windows 2000
Relevant URL:
http://www.surfcontrol.com/business/products/superscout_email/
Summary:

SuperScout Email Filter is comprehensive software that protects against
such dangers by giving you the information and tools to implement as well
as enforce an email Acceptable Use Policy that can help to: Increase
Security, Limit Legal Liability, and Improve Productivity

3. NetSign CAC
by SSP Solutions
Platforms: Windows 95/98, Windows NT, Windows 2000
Relevant URL:
http://www.sspsolutions.com/products/netsigncac/
Summary:

NetSign® CAC is a complete smart card client package that provides network
security and desktop protection for users of the GSA Common Access Card
(CAC). With a NetSign CAC-enabled system, users can be assured of strong
authentication, confidentiality and non-repudiation. NetSign CAC allows
users to digitally sign and encrypt email, access secure restricted web
sites, enter physically secure areas and login systems using PKI digital
certiciates. CAC also acts as identification to provide authentication for
benefits and entitlement management. Supported by Windows NT smart card
logon, Windows 2000 certificate-based logon and workstation locking using
CAC smart cards issued by Department of Defense (DoD), NetSign CAC offers
unparalleled desktop security. In addition to PKI and desktop security,
NetSign CAC also provides multi-application support for non-PKI secure
data storage applications through support of the GSA defined Basic
Services Interface (BSI) and DoD CAC Extended Service Interface (XSI).
NetSign CAC is also available as an SDK, providing a complete client
application library support for PKCS #11, Microsoft CAPI or BSI-based
applications.

4. SSP XBoard-1680
by SSP Solutions
Platforms: Linux, Windows NT, Windows 2000, Windows XP
Relevant URL:
http://www.sspsolutions.com/products/sspxboard1680/
Summary:

Adding new servers to expand processing capacity is a costly solution -
placing a burden on administrator resources and IT budgets. With the SSP
XBoard-1680 organizations increase the efficiency of a server, allowing up
to 1680 SSL authentications to be processed per second, at a fraction of
the cost of adding new servers. By adding a SSP XBoard-1680 to a server,
significantly less CPU capacity is utilized for processing SSL connections
- freeing the CPU to respond to more customer requests and interact with
other Web site resources, such as customer databases, directories and
content servers. This next generation SSP XBoard provides increased
performance, load-balancing to multiple servers across a network, and
clustering support allowing multiple Web servers to share a single
CipherServer. Administrators can direct network traffic to a single or
multiple boards, in multiple systems - optimizing server usage.
Installation and configuration of the SSP XBoard-1680 can be completed in
minutes, providing one of the fastest SSL transaction performance
available in a single unit.

V. NEW TOOLS FOR MICROSOFT PLATFORMS
------------------------------------
1. CryptoHeaven v1.1
by CryptoHeaven Development Team
Relevant URL:
http://www.cryptoheaven.com/Download/Download.htm
Platforms: UNIX, Windows 2000, Windows 95/98, Windows NT, Windows XP
Summary:

Intended for individuals in need of high security working in groups. It is
a secure online system integrating multi-user based security into email,
instant messaging, file sharing and online file storage in one unique
package. Provides real time communication for text and data transfers in a
multi user secure environment.

2. mod_protection v0.0.2
by Pierpaolo Giacomin
Relevant URL:
http://www.twlc.net/download.php?op=viewsdownload&sid=20
Platforms: UNIX, Windows 2000, Windows 95/98, Windows NT, Windows XP
Summary:

mod_protection is an Apache module that integrates the basic function of
an IDS (Intrusion Detection System) and a firewall. When a malicious
client sends a request that matches a rule, the administrator will be
warned and the client gets an error message.

3. Bouncer v1.0.RC4
by Chris Mason chris@r00t3d.org.uk
Relevant URL:
http://www.r00t3d.org.uk/bin/
Platforms: FreeBSD, Linux, OpenBSD, Solaris, Windows 2000, Windows NT
Summary:

Bouncer is a network tool which allows you to bypass proxy restrictions
and obtain outside connections from an internal LAN. It uses SSL
tunneling, which allows you to obtain a constant streaming connection out
of a proxy. If you are restricted behind a proxy and can access secure
online ordering sites, then you can get out to whatever host on whatever
port you want. It also supports a lot of other features including socks 5,
basic authentication, access control lists, and Web-based administration,
and will run on Windows, Linux, and FreeBSD.

4. lcrzoex v4.06
by Laurent Constantin
Relevant URL:
http://www.laurentconstantin.com/en/lcrzoex/
Platforms: FreeBSD, Linux, OpenBSD, Solaris, Windows 2000, Windows 95/98,
Windows NT, Windows XP
Summary:

Lcrzoex is a toolbox for network administrators and network hackers.
Lcrzoex contains over 300 functionnalities using network library lcrzo.
Each one can be compiled alone and modified to match your needs.

Lcrzoex can be used in the following contexts :
- discover the Ethernet address of a computer (number 2, 3, 134, etc.)
- sniff your LAN to detect what's going on (number 7, 8, 9, etc.)
- check the checksums created by a network program which isn't working
(number 16, 17, 18, etc.) - intercept a session and replay it as many
times you want to strictly test your application (number 10, 11, 12, 22,
etc.)
- verify if a router is well configured even if the needed computers are
down (number 48, ..., 53, etc.)
- check if your router/firewall/computer blocks - IP protocols (number 29,
..., 34, etc.)
- IP options (number 29, ..., 34, 73, ..., 79, etc.), source routing
(number 45, 56, 59, 62, etc.)
- IP fragments (number 44, 55, 58, 61, 72, etc.)
- TCP options (number 48, ..., 53, etc.) - ICMP types (number 65, ..., 70,
etc.)
- ARP poisoning (number 80, 81, 82, 83, etc.)
- create a tcp/udp client with a special local port (number 85, 89, 86,
93, 97, etc.)
- convert between numbers (number 139, ..., 148, etc.) - etc.

VI. SPONSORSHIP INFORMATION
---------------------------
This newsletter is sponsored by SecurityFocus (www.securityfocus.com)

Attention Non-profits and Universities: Sign-up now for preferred pricing
on the only global early-warning system for cyber attacks - SecurityFocus
ARIS Threat Management System.

Click here for more info
http://www.securityfocus.com/corporate/products/pdpsection.shtml
-------------------------------------------------------------------------------



Relevant Pages

  • SecurityFocus Microsoft Newsletter # 87
    ... Meeting IT Security Benchmarks Through IT Audits ... MICROSOFT VULNERABILITY SUMMARY ... Bypassing Windows 2000 Domain Password settings ...
    (Focus-Microsoft)
  • SecurityFocus Microsoft Newsletter #114
    ... Strengthening Network Security: FREE Guide Network security is a ... MICROSOFT VULNERABILITY SUMMARY ... IISPop Remote Buffer Overflow Denial of Service Vulnerability ... platforms, including Microsoft Windows, Linux and Unix variants and Apple ...
    (Focus-Microsoft)
  • SecurityFocus Microsoft Newsletter #180
    ... MICROSOFT VULNERABILITY SUMMARY ... Microsoft Windows Media Services Remote Denial of Service Vu... ... Microsoft MSN Messenger Information Disclosure Vulnerability ... IBM WebSphere Unspecified Security Vulnerability ...
    (Focus-Microsoft)
  • SecurityFocus Microsoft Newsletter # 149
    ... MICROSOFT VULNERABILITY SUMMARY ... EveryBuddy Long Message Denial Of Service Vulnerability ... Intellitactics Network Security Manager ... Windows operating systems. ...
    (Focus-Microsoft)
  • SecurityFocus Microsoft Newsletter #67
    ... WHAT'S THE BIGGEST SECURITY PROBLEM FOR IT MANAGERS? ... MICROSOFT VULNERABILITY SUMMARY ... Microsoft UPnP NOTIFY Buffer Overflow Vulnerability ... Microsoft Windows C Runtime Library Format String Vulnerability ...
    (Focus-Microsoft)