SecurityFocus Microsoft Newsletter #81
From: Marc Fossi (mfossi@securityfocus.com)Date: 04/08/02
- Previous message: Samuel Zechariah Harvey: "IE6 Problems Update"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 8 Apr 2002 15:50:03 -0600 (MDT) From: Marc Fossi <mfossi@securityfocus.com> To: Focus-MS <focus-ms@securityfocus.com>
SecurityFocus Microsoft Newsletter #81
--------------------------------------
This newsletter is sponsored by SecurityFocus (www.securityfocus.com)
Attention Non-profits and Universities: Sign-up now for preferred pricing
on the only global early-warning system for cyber attacks - SecurityFocus
ARIS Threat Management System.
Click here for more info
http://www.securityfocus.com/corporate/products/pdpsection.shtml
-------------------------------------------------------------------------------
I. FRONT AND CENTER
1. Managing Intrusion Detection Systems in Large Organizations: One
2. Past its Prime: Is Anti-Virus Scanning Obsolete?
3. Death to Old Software
4. A Mickey Mouse Bill
II. MICROSOFT VULNERABILITY SUMMARY
1. WWWIsis Remote Command Execution Vulnerability
2. WWWIsis File Disclosure Vulnerability
3. Microsoft Temporary Internet File Execution Vulnerability
4. Microsoft Internet Explorer Known Local File Script Execution...
5. Microsoft Office XP Spreadsheet Host().SaveAs() File Creation...
6. Lotus Domino MS-DOS Device Path Disclosure Vulnerability
7. ZoneLabs ZoneAlarm MailSafe Extension Dot Filtering Bypass...
8. Microsoft Internet Explorer Cascading Style Sheet File...
9. Icecast AVLLib Buffer Overflow Vulnerability
10. Analog Logfile Script Code Injection Vulnerability
11. Microsoft Outlook Web Access with RSA SecurID Authentication...
12. Oracle 9i TNS Denial of Service Vulnerability
13. Microsoft Outlook 2002 HTML Mail Script Execution Vulnerability
14. Sambar Server Authentication Buffer Overflow Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
1. Detailed Port Filtering (Thread)
2. Windows NT 4.0 Print Spooler Security (Thread)
3. Detailed Port Filtering (Thread)
4. Internet Services Manager (Thread)
5. ntsds.exe or ntsdc.exe (Thread)
6. A different NTFS ACL question (Thread)
7. A question regarding the way how IIS gets the CRL's (Thread)
8. ntsds.exe or ntsdc.exe (Thread)
9. MS 3/28/02 Security Patch for IE6 - warning! (Thread)
10. Looking for a tool that... (Thread)
11. A question regarding the way how IIS gets the CRL's (Thread)
12. Looking for a tool that... (Thread)
13. How to migrate my VeriSign SSL certificate from IIS 4 to IIS 5
14. fake sender and Exchange 5.5 (Thread)
15. How to migrate my VeriSign SSL certificate from IIS 4 to IIS 5
16. Domain Controller Messup (Thread)
17. SecurityFocus Microsoft Newsletter #80 (Thread)
18. fake sender and Exchange 5.5 (Thread)
19. Null session in Windows XP (Thread)
20. Domain Controller Messup (Thread)
21. Port Ranges in IPSec (Thread)
22. IIS Key pairs (Thread)
23. IIS Key pairs (how to export an IIS 4.0 self-issued Root CA...
24. AD account lockout problem (Thread)
25. Exchange 2K, and the M: drive. (Thread)
26. A different NTFS ACL question (Thread)
27. AD account lockout problem (Thread)
28. ntfs perms question (Thread)
29. IIS Key pairs (Thread)
IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
1. Command AntiVirus for Exchange
2. Intact Directory Services
3. AccountInspector
V. NEW TOOLS FOR MICROSOFT PLATFORMS
1. LoFiMo v1.0.1
2. Anubis v2.0.0b-2
3. libdvdcss v1.1.0
4. NetStat Live v2.11
VI. SPONSORSHIP INFORMATION
I. FRONT AND CENTER
-------------------
1. Managing Intrusion Detection Systems in Large Organizations: Part One
by Paul Innella
This article is the first of a two-part series that will discuss the need
for intrusion detection systems (IDS) in large organizations, including
challenges of deploying IDSs in such environments, managing agents in a
distributed environment, and using collected data. It will also discuss
some “real-world” IDS experiences of larger companies.
http://online.securityfocus.com/infocus/1564
2. Past its Prime: Is Anti-Virus Scanning Obsolete?
by Paul Schmehl
The title and topic of this article is clearly controversial. It is
guaranteed to get a strong reaction from the anti-virus industry, which is
firmly convinced it sees clear sailing ahead. So, is anti-virus scanning
obsolete? In a word, yes - but don’t throw out your scanner. Its
replacement hasn’t been created yet. In this article we will examine the
weaknesses of virus scanning that will cause its eventual downfall.
http://online.securityfocus.com/infocus/1562
3. Death to Old Software
by Jon Lasser
We all know that outdated network software is security hazard. The
solution: hard-wired expiration codes that self-destruct an old program
when it's past its prime.
http://online.securityfocus.com/columnists/72
4. A Mickey Mouse Bill
By David Banisar
In the name of protecting copyrights, a new bill introduced in the U.S.
Senate threatens to grind to a halt all advancements in electronics,
computing and networking, decimating the consumer's ability to choose how
they wish to listen, watch, and read. The motion picture industry is back
on the Hill.
http://online.securityfocus.com/columnists/71
II. BUGTRAQ SUMMARY
-------------------
1. WWWIsis Remote Command Execution Vulnerability
BugTraq ID: 4383
Remote: Yes
Date Published: Mar 28 2002 12:00A
Relevant URL:
http://www.securityfocus.com/bid/4383
Summary:
WWWIsis provides a web interface for accessing ISIS databases. It will run
on most Unix and Linux variants, as well as Microsoft Windows operating
systems.
WWWIsis does not adequately filter shell metacharacters from CGI
parameters. As a result, it is possible for a remote attacker to execute
commands on the underlying shell of the host running the vulnerable
software. Such commands will be executed with the privileges of the
webserver process.
Exploitation of this issue may enable a remote attacker to gain local,
interactive access to the host running the vulnerable software.
This issue has been reported for 3.x versions. Other versions are not
affected by this vulnerability. Additionally, JavaISIS and other tools
based on WWWIsis may also be affected.
2. WWWIsis File Disclosure Vulnerability
BugTraq ID: 4384
Remote: Yes
Date Published: Mar 28 2002 12:00A
Relevant URL:
http://www.securityfocus.com/bid/4384
Summary:
WWWIsis provides a web interface for accessing ISIS databases. It will run
on most Unix and Linux variants, as well as Microsoft Windows operating
systems.
A file disclosure vulnerability exists in WWWIsis. This may enable a
remote attacker to disclose the contents of arbitrary web-readable files
via a maliciously crafted web request. This is due to insufficient
validation of data passed via CGI parameters.
Successful exploitation of this vulnerability may enable a remote attacker
to gather sensitive information, which may aid in further attacks against
the host.
This issue has been reported for 3.x versions. Other versions are not
affected by this vulnerability. Additionally, JavaISIS and other tools
based on WWWIsis may also be affected.
3. Microsoft Temporary Internet File Execution Vulnerability
BugTraq ID: 4387
Remote: No
Date Published: Mar 28 2002 12:00A
Relevant URL:
http://www.securityfocus.com/bid/4387
Summary:
Temporary Internet Files (TIFs) are formatted files used to store content
cached from Internet communications. TIFs are created by a number of
Microsoft applications, such as Outlook, Outlook Express, and Internet
Explorer.
A problem with the handling of TIFs may make it possible to execute
arbitrary code on a system with the permissions of the system user. The
problem is in the ability to execute programs in TIFs.
Under some circumstances, it may be possible to execute files within a
TIF. When an application such as Internet Explorer 6.0 or Outlook 2002
receives files from outside, the files are transferred to a TIF using a
.TMP extension. Through the use of MIME base64, it is possible to place a
set of files on a system that, when decoded and stored in a directory, may
be sequentially and arbitrarily executed.
By creating a maliciously coded Windows Media file that contains an
iframe, it is possible to launch a browser window that loads a specified
HTML file from the TIF. The HTML file, containing script code, may then
be used to launch a CHM file contained in the TIF. The CHM, containing
further and more complex script code than that of the HTML file, is
executed and searches the TIF for the desired executable. Once the
executable is found, the CHM executes it with the permissions of the user
logged into the system.
This problem makes it possible for a remote user to execute arbitrary code
with the permissions of a local user, and potentially gain remote access
to the host.
4. Microsoft Internet Explorer Known Local File Script Execution Vulnerability
BugTraq ID: 4392
Remote: Yes
Date Published: Mar 29 2002 12:00A
Relevant URL:
http://www.securityfocus.com/bid/4392
Summary:
A flaw exists in the way that Microsoft Internet Explorer handles scripts
embedded within cookies. Since cookies are essentially an extension of
the website from which they were received, they should be treated as
though they are in the Internet zone.
Since cookies are stored on the local system, however, Internet Explorer
regards them as being in the Local Computer zone. Because of this, any
scripts embedded within a cookie will be executed by Internet Explorer in
the Local Computer zone and with the privileges of the currently logged in
user.
It has been reported that this issue is based on the ability to force
Internet Explorer to open arbitrary known files as HTML content. As a
result, any local file which contains valid HTML or JavaScript may be
rendered as such by the browser. Normally only files with the registered
extensions .html or .htm will be interpreted as HTML content.
Given this ability, an attacker able to inject content into any known file
may exploit this vulnerability to execute arbitrary script code in the
Local Computer context. While cookie files are a valid target, other
options may exist. It has been suggested that it is possible to include
script commands in the Internet Explorer favorites file and the current
WinAmp playlist file, both of which are stored in a known location.
These additional attack vectors may require additional user interaction.
For example, in order to inject content into the Winamp playlist, the
attacker must convince the user to load a mp3 file with malicious artist
or song data.
5. Microsoft Office XP Spreadsheet Host().SaveAs() File Creation Vulnerability
BugTraq ID: 4398
Remote: No
Date Published: Mar 31 2002 12:00A
Relevant URL:
http://www.securityfocus.com/bid/4398
Summary:
Microsoft Office XP provides a spreadsheet component that can be embedded
in web pages and office documents. This spreadsheet component contains a
bug in a function called HOST() that can be exploited to write arbitrary
files. This can be done from office documents, and possibly other vectors
such as HTML mail.
This is accomplished by embedding a spreadsheet object containing a
formula similar to the following: =Host().SaveAs("arbitraryfilename")
This saves the spreadsheet data to the file specified.
6. Lotus Domino MS-DOS Device Path Disclosure Vulnerability
BugTraq ID: 4406
Remote: Yes
Date Published: Apr 02 2002 12:00A
Relevant URL:
http://www.securityfocus.com/bid/4406
Summary:
Lotus Domino Server is an application framework for web based
collaborative software. It runs on multiple platforms including Microsoft
Windows and Unix.
A problem exists in the CGI parser for Lotus Domino that may enable a
remote attacker to gather sensitive information about a host running the
vulnerable software.
Vulnerable versions of Lotus Domino do not properly handle specially
crafted requests for MS-DOS devices. It is possible to specially craft a
web request for a MS-DOS device which will cause sensitive path
information to be disclosed in error messages generated by the malformed
request.
Sensitive information gathered in this manner may aid the attacker in
further attacks against the host running the vulnerable software.
This issue was reported for Lotus Domino v5.0.9a for Microsoft Windows
platforms. Earlier versions may also be affected.
7. ZoneLabs ZoneAlarm MailSafe Extension Dot Filtering Bypass Vulnerability
BugTraq ID: 4407
Remote: Yes
Date Published: Apr 02 2002 12:00A
Relevant URL:
http://www.securityfocus.com/bid/4407
Summary:
ZoneLabs ZoneAlarm is a firewall for Microsoft Windows based PCs. It
supports a wide range of functions, including a MailSafe feature designed
to block email containing malicious content or attachments.
A vulnerability has been reported in some versions of ZoneAlarm. MailSafe
may be configured to block file attachments with a certain extension, for
example all .exe files. If the same file is sent with an additional '.'
appended to the filename, it will not be blocked.
Unfortunately, many versions of Windows will treat both files identically.
An end user may trust filtered content which is in fact malicious. This
behavior has also been reported in Outlook and Outlook Express.
It has been reported that other methods to bypass filtering are available,
although details have not been released.
8. Microsoft Internet Explorer Cascading Style Sheet File Disclosure Vulnerability
BugTraq ID: 4411
Remote: Yes
Date Published: Apr 02 2002 12:00A
Relevant URL:
http://www.securityfocus.com/bid/4411
Summary:
One of the features of Cascading Style-Sheets (CSS) is that external files
containing CSS code may be linked to from within another document. A
vulnerability in Microsoft Internet Explorer has been discovered which
demonstrates that this functionality, under some circumstances, may be
abused by an attacker to disclose the contents of files that exist on an
arbitrary web user's system.
It is possible to use the cssText property of the styleSheet to read
portions of files that exist on an arbitrary web user's system. Successful
exploitation will cause the CSS interpreter used by Internet Explorer to
read portions of text if the targetted file contains a "{" character.
An attacker may exploit this via a malicious webpage to disclose sensitive
information contained in (almost) arbitrary files that exist on a web
user's system.
9. Icecast AVLLib Buffer Overflow Vulnerability
BugTraq ID: 4415
Remote: Yes
Date Published: Apr 03 2002 12:00A
Relevant URL:
http://www.securityfocus.com/bid/4415
Summary:
Icecast is a freely available, open source streaming audio server.
Icecast is available for the Unix, Linux, and Microsoft Windows platforms.
A problem with the software package could make it possible for a remote
user to execute arbitrary code. The problem is in the handling of
user-supplied input.
Icecast does not properly check bounds on some user-supplied. Because of
this, it is possible for a remote user to send an arbitrarily long string
of data to the server which could result in a stack overflow, and the
execution of user supplied code. The code would be executed with the
privileges of the Icecast server.
The recommended Icecast installation is without administrative privileges.
However, a number of Icecast servers are improperly configured and run
with administrative privileges. This could yield an attacker
administrative access to the affect system.
10. Analog Logfile Script Code Injection Vulnerability
BugTraq ID: 4389
Remote: Yes
Date Published: Mar 28 2002 12:00A
Relevant URL:
http://www.securityfocus.com/bid/4389
Summary:
Analog is logfile analysis software which is capable of printing formatted
logfiles in HTML. It will run on most Unix and Linux variants, as well as
a number of other operating systems including Microsoft Windows.
Analog does not filter HTML tags when analyzing logfiles. As a result, it
is possible for an attacker to cause arbitrary script code to be included
in web pages generated by Analog. When a legitimate user views a page
generated by Analog, the script code will be executed in their browser, in
the context of the site that is hosting the pages.
Theoretically, this issue might be exploited to steal cookie-based
authentication credentials from a legitimate user of the software.
11. Microsoft Outlook Web Access with RSA SecurID Authentication Bypass Vulnerability
BugTraq ID: 4390
Remote: Yes
Date Published: Mar 28 2002 12:00A
Relevant URL:
http://www.securityfocus.com/bid/4390
Summary:
RSA SecurID is a two factor Authentication system, designed to allow
remote authentication to a variety of resources through the usage of an
authenticator in conjunction with a user password. Microsoft Outlook Web
Access (OWA) is a component of Microsoft Exchange Server, used to provide
a web interface for email.
A vulnerability has been reported when these two products are used in
conjunction. It may be possible for an authenticated user to access a
second mailbox without proper SecurID access. OWA authentication is still
required.
Reportedly, if a user authenticates fully and then disconnects, they may
attempt to reauthenticate to the OWA server with a different account. If
they enter correct authentication credentials for the OWA account, but do
not upgrade their SecurID authentication, an error message will be
displayed.
If the user then re-attempts to authenticate multiple times, it is
reported that access to the OWA system is granted as the new user,
bypassing the requirement to authenticate with the SecurID system.
It is possible this vulnerability is the result of a configuration error,
or site specific details. Updates will be published as further details
become available.
12. Oracle 9i TNS Denial of Service Vulnerability
BugTraq ID: 4391
Remote: Yes
Date Published: Mar 28 2002 12:00A
Relevant URL:
http://www.securityfocus.com/bid/4391
Summary:
Oracle is a commercial relational database product. Oracle is available
for the Unix, Linux, and Microsoft Windows platforms.
Reportedly, it is possible for a remote user to initiate a denial of
service on an Oracle host.
Submitting a one byte packet to the TNS Listener on port 1521, could cause
the host's CPU usage to spike to 100%. As a result, legitimate users of
the service will be denied access to database resources. A restart may be
required in order to regain normal functionality.
It should be noted that the TNS Listener sits on the port waiting for
connection requests from clients, the ports involved in this procedure
range from 1521-1528. Any port within that range may be susceptible to
this issue.
This issue may stem from an originally discovered issue in Oracle Net8
(formerly Oracle SQL*Net). However this has not yet been confirmed.
13. Microsoft Outlook 2002 HTML Mail Script Execution Vulnerability
BugTraq ID: 4397
Remote: Yes
Date Published: Mar 31 2002 12:00A
Relevant URL:
http://www.securityfocus.com/bid/4397
Summary:
Microsoft Outlook 2002 can be made to execute script embedded in HTML mail
without warning the user. This is done by creating a web browser object
containing script in the "Location" parameter specified by a <PARAM ... >
tag and embedding this in the mail.
When a user chooses to "reply" or "forward" the message, the script is
executed. The consequences of this might be limited by Microsoft Outlook
security settings (as yet undetermined), but even if this is the case this
may be used to force users to view hostile web sites. This also could
pose a serious threat if combined with other vulnerabilities.
Script may also be embedded in .doc or .xls attachments.
It may be possible to exploit this vulnerability to cause arbitrary
commands to be executed on the system running the vulnerable software.
It has been reported that this is an issue only if the WordMail editor is
used. Those who use the default Outlook editor are allegedly not affected
by this vulnerability.
14. Sambar Server Authentication Buffer Overflow Vulnerability
BugTraq ID: 4404
Remote: Yes
Date Published: Apr 01 2002 12:00A
Relevant URL:
http://www.securityfocus.com/bid/4404
Summary:
Sambar Server is a multi-threaded web server which will run on Microsoft
Windows 9x/ME/NT/2000 operating systems.
A buffer overflow vulnerability has been reported in some versions of
Sambar Server. If extremely long strings are sent for the username and
password used for authentication, it is possible to overwrite stack
memory. It is possible to overwrite stack frame data, which can lead to
the execution of arbitrary code.
As the Sambar server runs with SYSTEM privileges, exploitation of this
vulnerability can lead to remote access to the system with administrative
privileges.
Less clever exploitation of this vulnerability may cause the Sambar
process to crash, resulting in a denial of service attack.
III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. Detailed Port Filtering (Thread)
Relevant URL:
D0190EDBB1DDD211BE2F0001FA7EB10207710806@ex1.ent.agt.ab.ca">http://online.securityfocus.com/archive/88/D0190EDBB1DDD211BE2F0001FA7EB10207710806@ex1.ent.agt.ab.ca
2. Windows NT 4.0 Print Spooler Security (Thread)
Relevant URL:
http://online.securityfocus.com/archive/88/AD1B7D8D1726D5118A0100508BC5C0AA709B70@EXCHANGE
3. Detailed Port Filtering (Thread)
Relevant URL:
20020404220116.28780.qmail@web9608.mail.yahoo.com">http://online.securityfocus.com/archive/88/20020404220116.28780.qmail@web9608.mail.yahoo.com
4. Internet Services Manager (Thread)
Relevant URL:
http://online.securityfocus.com/archive/88/1017957403.1229.24.camel@localhost
5. ntsds.exe or ntsdc.exe (Thread)
Relevant URL:
HKEFKHOAEPFCIDDKCMALAEGMCAAA.jcintron@mitre.org">http://online.securityfocus.com/archive/88/HKEFKHOAEPFCIDDKCMALAEGMCAAA.jcintron@mitre.org
6. A different NTFS ACL question (Thread)
Relevant URL:
5.1.0.14.2.20020404173307.00b40050@pop.legolas.com">http://online.securityfocus.com/archive/88/5.1.0.14.2.20020404173307.00b40050@pop.legolas.com
7. A question regarding the way how IIS gets the CRL's (Thread)
Relevant URL:
29F92B16A662464F908233F0549907262FA8F7@www.test1.com">http://online.securityfocus.com/archive/88/29F92B16A662464F908233F0549907262FA8F7@www.test1.com
8. ntsds.exe or ntsdc.exe (Thread)
Relevant URL:
87c62782@lsu.edu">http://online.securityfocus.com/archive/88/024401c1dbe6$e39b6ea0$87c62782@lsu.edu
9. MS 3/28/02 Security Patch for IE6 - warning! (Thread)
Relevant URL:
http://online.securityfocus.com/archive/88/001401c1db6f$f228af90$0201a8c0@neurotika
10. Looking for a tool that... (Thread)
Relevant URL:
scaafdfe.047@smtpgate.sannet.gov">http://online.securityfocus.com/archive/88/scaafdfe.047@smtpgate.sannet.gov
11. A question regarding the way how IIS gets the CRL's (Thread)
Relevant URL:
http://online.securityfocus.com/archive/88/011201c1db32$df5211f0$0600a8c0@home
12. Looking for a tool that... (Thread)
Relevant URL:
9AACD631D86FD51182C500306E02085801E0134F@asbutl16.asb.countrycompanies.com">http://online.securityfocus.com/archive/88/9AACD631D86FD51182C500306E02085801E0134F@asbutl16.asb.countrycompanies.com
13. How to migrate my VeriSign SSL certificate from IIS 4 to IIS 5 (Thread)
Relevant URL:
6564a8c0@verisign.com">http://online.securityfocus.com/archive/88/000d01c1da70$07c8ff90$6564a8c0@verisign.com
14. fake sender and Exchange 5.5 (Thread)
Relevant URL:
EEB0CD3F2687D411A446006008CF4FC5025858C0@ddsmttayz043.ha.osd.mil">http://online.securityfocus.com/archive/88/EEB0CD3F2687D411A446006008CF4FC5025858C0@ddsmttayz043.ha.osd.mil
15. How to migrate my VeriSign SSL certificate from IIS 4 to IIS 5 (Thread)
Relevant URL:
05000a0a@intangible.net">http://online.securityfocus.com/archive/88/003401c1da6d$7717bf60$05000a0a@intangible.net
16. Domain Controller Messup (Thread)
Relevant URL:
http://online.securityfocus.com/archive/88/7F988BD651CAFB48A25CF009AD4AD1D8B537@mail.tld
17. SecurityFocus Microsoft Newsletter #80 (Thread)
Relevant URL:
Pine.LNX.4.43.0204020913580.14906-100000@mail.securityfocus.com">http://online.securityfocus.com/archive/88/Pine.LNX.4.43.0204020913580.14906-100000@mail.securityfocus.com
18. fake sender and Exchange 5.5 (Thread)
Relevant URL:
http://online.securityfocus.com/archive/88/00ea01c1da56$07889a00$020310ac@slelaptop
19. Null session in Windows XP (Thread)
Relevant URL:
http://online.securityfocus.com/archive/88/000601c1da18$016570a0$3c00000a@Laptom
20. Domain Controller Messup (Thread)
Relevant URL:
20020402053612.13544.qmail@mail.securityfocus.com">http://online.securityfocus.com/archive/88/20020402053612.13544.qmail@mail.securityfocus.com
21. Port Ranges in IPSec (Thread)
Relevant URL:
Pine.GSO.4.44.0204011506100.17189-100000@xmission.xmission.com">http://online.securityfocus.com/archive/88/Pine.GSO.4.44.0204011506100.17189-100000@xmission.xmission.com
22. IIS Key pairs (Thread)
Relevant URL:
E846E1497BC9E747A88011167C797D0A09B245@pantera.corp.workscape.net">http://online.securityfocus.com/archive/88/E846E1497BC9E747A88011167C797D0A09B245@pantera.corp.workscape.net
23. IIS Key pairs (how to export an IIS 4.0 self-issued Root CA a nd import into new IIS 4.0 box) (Thread)
Relevant URL:
OFBDBD4FFB.63C7F1AE-ON05256B8E.006C58BE@com.co">http://online.securityfocus.com/archive/88/OFBDBD4FFB.63C7F1AE-ON05256B8E.006C58BE@com.co
24. AD account lockout problem (Thread)
Relevant URL:
85D6FD232F6C7F4C81D4A320C666485884121F@rgc2000.RGC.roseglen.com">http://online.securityfocus.com/archive/88/85D6FD232F6C7F4C81D4A320C666485884121F@rgc2000.RGC.roseglen.com
25. Exchange 2K, and the M: drive. (Thread)
Relevant URL:
http://online.securityfocus.com/archive/88/5.1.0.14.0.20020401081509.031e69a0@192.168.3.190
26. A different NTFS ACL question (Thread)
Relevant URL:
http://online.securityfocus.com/archive/88/001001c1d92b$0b4b9b50$fdfea8c0@dellydoo
27. AD account lockout problem (Thread)
Relevant URL:
20020331044534.FBMI2131.mta10.onebox.com@onebox.com">http://online.securityfocus.com/archive/88/20020331044534.FBMI2131.mta10.onebox.com@onebox.com
28. ntfs perms question (Thread)
Relevant URL:
5.1.0.14.0.20020329123747.0215b210@mail.tellurian.net">http://online.securityfocus.com/archive/88/5.1.0.14.0.20020329123747.0215b210@mail.tellurian.net
29. IIS Key pairs (Thread)
Relevant URL:
E846E1497BC9E747A88011167C797D0A09B219@pantera.corp.workscape.net">http://online.securityfocus.com/archive/88/E846E1497BC9E747A88011167C797D0A09B219@pantera.corp.workscape.net
IV.NEW PRODUCTS FOR MICROSOFT PLATFORMS
----------------------------------------
1. Command AntiVirus for Exchange
by Command Software Systems
Platforms: Windows NT
Relevant URL:
http://www.commandcom.com/enterprise/exchange.html
Summary:
Command AntiVirus for Microsoft® Exchange is specifically designed to
protect the Microsoft Exchange environment from today's virus threats.
E-mail and groupware provide ease of sharing information, which may also
facilitate the spread of virus infection. Virus entry points need
real-time protection. Command AntiVirus for Microsoft Exchange secures
virus entry points, employing HoloCheck scanning technology to stop both
known and unknown viruses before they can infiltrate your organization.
2. Intact Directory Services
by Pedestal Software
Platforms: Microsoft
Relevant URL:
http://www.pedestalsoftware.com/intact/dirsvc.htm
Summary:
Intact Directory Services utilizes the Lightweight Directory Access
Protocol (LDAP) to access a variety of directory servers including
Microsoft Active Directory, Novell NDS, Lotus Notes, and others. When
Intact detects any changes to the information being monitored, events are
generated and notifications sent so you can take action immediately.
Intact will also monitor the host's files, registry, users, groups and
settings.
3. AccountInspector
by Shavlik Technologies
Platforms: Windows NT
Relevant URL:
http://www.shavlik.com/security/accountinspector.asp
Summary:
Introducing AccountInspector, from Shavlik Technologies, bringing you
five critical automated functions to give your team a look at the
security of your Windows NT/2000/XP servers and workstations. -Function
1: Search out unauthorized Administration Accounts. Hidden accounts may
have been set up by employees or contractors, that serve to allow access.
- Function 2: Seek out passwords that are over 30 days old. Locate
failures to change passwords regularly, and especially when an employee
leaves the company or a contractor service technician changes jobs. -
Function 3: Find dormant accounts that are over 30 days old. Find and
report these accounts which indicate if someone has left the company and
their account remains active. - Function 4: Find accounts with weak
passwords. Find and report these accounts which are security
vulnerabilities and aren't under direct control of domain security
policies. - Function 5: Export detailed reports to Microsoft Excel and
analyze you overall security posture.
V. NEW TOOLS FOR MICROSOFT PLATFORMS
------------------------------------
1. LoFiMo v1.0.1
by anzac
Relevant URL:
http://lofimo.sourceforge.net/
Platforms: Os Independent
Summary:
LoFiMo monitors log files in realtime. Its architecture allows you to add
components that make it possible to monitor virtually any log-producing
facility and render them in many ways. Filters can be used to parse log
entries and, for example, only display important information or set the
font/color used for rendering log entries. Actions can be assigned to
certain log entries to, for example, play a sound when email arrives.
LoFiMo makes it possible to implement auditing and accounting for the
monitored logs. LoFiMo is written in Java and is platform independent.
2. Anubis v2.0.0b-2
by The Anubis Team ghostface@lodz.pdi.net
Relevant URL:
http://anubis.sourceforge.net/
Platforms: Linux, Windows 2000, Windows 95/98, Windows NT
Summary:
Anubis is an anonymous email sender for Unix, BeOS, Win32, and AmigaOS. It
supports WinGates, encrypted TLS/SSL connections, remailers, anonymous
news posting, and more.
3. libdvdcss v1.1.0
by The VideoLAN Team videolan@videolan.org
Relevant URL:
http://www.videolan.org/libdvdcss/
Platforms: BeOS, FreeBSD, Linux, OpenBSD, Windows 2000, Windows 95/98,
Windows NT
Summary:
libdvdcss is a cross-platform library for transparent DVD device access
with on the fly CSS decryption. It currently runs under Linux, FreeBSD,
NetBSD, OpenBSD, BSD/OS, Solaris, BeOS, Win98, Win2k and MacOS X. It is
used for the vlc DVD player because of its portability and because, unlike
similar libraries, it does not require your DVD drive to be region-locked.
4. NetStat Live v2.11
by AnalogX
Relevant URL:
http://www.analogx.com/contents/download/network/nsl.htm
Platforms: Windows 95/98, Windows NT
Summary:
NSL is a small, easy to use TCP/IP protocol monitor which can be used to
see your exact throughput on both incoming and outgoing data - whether
you're using a modem, cable modem, DSL, or even local network. It allows
you see how quickly your data goes from your computer to another computer
on the internet; it even will tell you how many other computers your data
must go through to get there. NSL also graphs your CPU usage of your
system. This can be especially useful in identifying if your computer is
what's slowing things down, or if it's your internet connection.
VI. SPONSORSHIP INFORMATION
---------------------------
This newsletter is sponsored by SecurityFocus (www.securityfocus.com)
Attention Non-profits and Universities: Sign-up now for preferred pricing
on the only global early-warning system for cyber attacks - SecurityFocus
ARIS Threat Management System.
Click here for more info
http://www.securityfocus.com/corporate/products/pdpsection.shtml
-------------------------------------------------------------------------------
- Previous message: Samuel Zechariah Harvey: "IE6 Problems Update"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
