SecurityFocus Microsoft Newsletter #95
From: Marc Fossi (mfossi@securityfocus.com)Date: 07/16/02
- Previous message: cmoon@fas.harvard.edu: "Re: Win32 Apache service not run as System..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 16 Jul 2002 14:59:30 -0600 From: "Marc Fossi" <mfossi@securityfocus.com> To: <focus-ms@securityfocus.com>
SecurityFocus Microsoft Newsletter #95
--------------------------------------
This newsletter is sponsored by: SecurityFocus DeepSight Threat Management
System
From June 24th - August 31st, 2002, SecurityFocus announces a FREE
two-week trial of the DeepSight Threat Management System: the only early
warning system providing customizable and comprehensive early warning of
cyber attacks and bulletproof countermeasures to prevent attacks before
they hit your network.
With the DeepSight Threat Management System, you can focus on proactively
deploying prioritized and specific patches to protect your systems from
attacks, rather than reactively searching dozens of Web sites or hundreds
of emails frantically trying to gather information on the attack and how
to recover from it.
Sign up today!
http://www.securityfocus.com/corporate/products/promo/tmstrial-ms.shtml
-------------------------------------------------------------------------------
I. FRONT AND CENTER
1. Detecting and Containing IRC-Controlled Trojans: When Firewall...
2. Life After AV: If Anti-Virus is Obsolete, What Comes Next?
3. National Information Security: Is Clarke the Right Man For...
4. Palladium holds Promise, and Peril
5. Black Hat Briefings & Training
6. SecurityFocus Data Partner Program
II. MICROSOFT VULNERABILITY SUMMARY
1. Nullsoft Winamp Automatic Update Check Buffer Overflow...
2. BEA Systems WebLogic Server and Express Race Condition Denial...
3. Key Focus KF Web Server Directory Contents Disclosure...
4. Working Resources BadBlue Get Request Denial Of Service...
5. KMMail Code Injection Vulnerability
6. MyWebServer GET Request Buffer Overflow Vulnerability
7. Mark Hanson XiRCON Denial of Service Vulnerability
8. WorldSpan Res Manager Malformed TCP Packet Denial Of Service...
10. Icecast Server Directory Traversal Information Disclosure...
11. iPlanet Web Server Search Component File Disclosure Vulnerability
12. Apache Tomcat Servlet Mapping Cross Site Scripting Vulnerability
13. GoAhead WebServer URL Encoded Slash Directory Traversal...
14. GoAhead WebServer Error Page Cross Site Scripting Vulnerability
15. Working Resources BadBlue cleanSearchString() Cross Site...
16. Apache Tomcat DOS Device Name Cross Site Scripting...
17. HP Advanced Server/9000 RFC-NetBIOS Denial Of Service...
18. Microsoft Internet Explorer OBJECT Tag Same Origin Policy...
III. MICROSOFT FOCUS LIST SUMMARY
1. Exchange2K/DMZ (Thread)
2. Exchange2K/DMZ (Thread)
3. New XP-AutoUpdate (Thread)
4. Replication on Sql Server 2k - Sql Server Agent Account (Thread)
5. Automatically updating File Permission through GP's on a stan d
6. Automatically updating File Permission through GP's on a stand
7. Can I shut down individual TCP connections? (Thread)
8. SecurityFocus Microsoft Newsletter #94 (Thread)
9. Strange event showing up... (Thread)
10. local security policy (Thread)
IV. MICROSOFT PRODUCTS
1. Advanced Outlook Express Password Recovery
2. Biometric Enrollment Software
3. Norton Ghost
V. MICROSOFT TOOLS
1. Gnuzza v0.4.1
2. Hashish v1.0
3. SaveMyModem v0.06
4. FPort v2.0
VI. SPONSORSHIP INFORMATION
I. FRONT AND CENTER
-------------------
1. Detecting and Containing IRC-Controlled Trojans: When Firewalls, AV,
and IDS Are Not Enough
by Corey Merchant and Joe Stewart, LURHQ Corporation Secure Operations
Center
This paper discusses IRC-based trojans as a distinctly underestimated
class of malicious activity, and how real time security event monitoring
is the key to identifying and containing similar compromises. It discusses
the general methodology used to discover, track, and stop such malicious
activity by presenting a real-world case study.
http://online.securityfocus.com/infocus/1605
2. Life After AV: If Anti-Virus is Obsolete, What Comes Next?
by Paul Schmehl
In a previous article, Past Its Prime: Is Anti-Virus Scanning Obsolete?, I
discussed the reasons why I believe that anti-virus scanning as we now
know it is obsolete and must be replaced. In this article, I will address
what I believe will be its replacement - behavioral blocking - including
what is currently available, and how behavioral blocking needs to function
for it to successfully defeat malicious code.
http://online.securityfocus.com/infocus/1604
3. National Information Security: Is Clarke the Right Man For the Job?
By Richard Forno
Richard Clarke's use of apocalyptic language to describe daily security
events calls into question his qualifications to act as the President's
Special Advisor on Cyberspace security.
http://online.securityfocus.com/columnists/94
4. Palladium holds Promise, and Peril
By Tim Mullen
The responses to the recent publication of Microsoft's "Palladium" project
are as varied as the putative sources of the initiative's namesake in
Greek Mythology. Some say the "Palladium" is a statue of Athena; others
say it was a figurine made by Athena in the image of her lost friend
Pallas, whom she killed in a childhood battle. Most contend that after the
Palladium was stolen from Troy, the city then became vulnerable to attack
and fell victim to the original Trojan Horse.
http://online.securityfocus.com/columnists/93
II. BUGTRAQ SUMMARY
-------------------
1. Nullsoft Winamp Automatic Update Check Buffer Overflow Vulnerability
BugTraq ID: 5170
Remote: Yes
Date Published: Jul 05 2002 12:00A
Relevant URL:
http://www.securityfocus.com/bid/5170
Summary:
Nullsoft Winamp is a media player for Microsoft Windows supporting MP3 and
other filetypes.
A feature in Winamp will check for updated versions when the program first
executes. This feature is enabled by default, and is accomplished through
a connection to the server located at www.winamp.com. A buffer overflow
vulnerability has been reported in this feature.
A malicious server may respond to the update check and exploit this
vulnerability. It is possible to corrupt sensitive memory, including stack
frame information. This in turn may lead to the execution of arbitrary
code as the Winamp process, and local access to the vulnerable system.
In order to exploit this vulnerability, the attacker must control the
machine located at www.winamp.com, from the perspective of the vulnerable
client. It may be possible to create this condition through some known
techniques, including DNS cache poisoning.
2. BEA Systems WebLogic Server and Express Race Condition Denial of Service Vulnerability
BugTraq ID: 5159
Remote: Yes
Date Published: Jul 04 2002 12:00A
Relevant URL:
http://www.securityfocus.com/bid/5159
Summary:
BEA Systems WebLogic Server is an enterprise level web and wireless
application server for Microsoft Windows and most Unix and Linux
distributions.
BEA WebLogic Express provides a platform for serving dynamic data to web
and wireless applications.
BEA has confirmed that a denial of service condition exists in WebLogic
Server and Express. This condition exists due to a race condition error
in the server code.
3. Key Focus KF Web Server Directory Contents Disclosure Vulnerability
BugTraq ID: 5177
Remote: Yes
Date Published: Jul 08 2002 12:00A
Relevant URL:
http://www.securityfocus.com/bid/5177
Summary:
Key Focus KF Web Server is a free, personal web server designed for use
with Microsoft Windows operating systems.
It has been reported that version 1.0.2 of KF Web Server discloses the
contents of directories when a certain character is present in the URL.
If a remote attacker appends the "%00" character, it will cause the web
server to display the contents of the current directory.
The information obtained may be used by an attacker for further attacks
against a vulnerable system.
4. Working Resources BadBlue Get Request Denial Of Service Vulnerability
BugTraq ID: 5187
Remote: Yes
Date Published: Jul 08 2002 12:00A
Relevant URL:
http://www.securityfocus.com/bid/5187
Summary:
BadBlue is a P2P file sharing application distributed by Working
Resources. It is available for Microsoft Windows operating systems.
Working Resources BadBlue is reportedly prone to a denial of service
condition when handling malformed GET requests.
If this issue is successfully exploited, a restart of the server is
required to regain normal functionality.
Additional technical details will be added as they become available.
5. KMMail Code Injection Vulnerability
BugTraq ID: 5173
Remote: Yes
Date Published: Jul 06 2002 12:00A
Relevant URL:
http://www.securityfocus.com/bid/5173
Summary:
kmMail is a freely available, open source web-based mail software package
written with PHP. It is available for the Unix, Linux, and Microsoft
Operating Environments.
Problems with kmMail could make it possible to execute arbitrary script
code in a vulnerable client.
kmMail does not sufficiently filter javascript from mails. As a result,
when a user opens a mail in kmMail that contains javascript, the code
contained in the mail would be executed in the browser of the mail user.
Additionally, HTML included in the Subject: field is not filtered, and
could be rendered in the browser.
This could allow an attacker to send malicious javascript or HTML to an
unsuspecting user of kmMail, which would be executed in the security
context of the site hosting kmMail.
6. MyWebServer GET Request Buffer Overflow Vulnerability
BugTraq ID: 5184
Remote: Yes
Date Published: Jul 08 2002 12:00A
Relevant URL:
http://www.securityfocus.com/bid/5184
Summary:
MyWebServer is an application and web server for Microsoft Windows
operating systems.
MyWebServer is prone to a remotely exploitable buffer overflow condition.
This is due to insufficient bounds checking of headers in incoming GET
requests. GET requests of 1000+ bytes may trigger the condition.
Successful exploitation of this condition may allow remote attackers to
execute arbitrary instructions with the privileges of the webserver.
Exploitation may lead to a full compromise of the underlying host as the
webserver will typically run in the SYSTEM context.
7. Mark Hanson XiRCON Denial of Service Vulnerability
BugTraq ID: 5185
Remote: Yes
Date Published: Jul 07 2002 12:00A
Relevant URL:
http://www.securityfocus.com/bid/5185
Summary:
Mark Hanson XiRCON is an IRC client for Microsoft Windows environments.
XiRCON is no longer being maintained.
A denial of service issue has been reported which could enable a user to
cause a target user's XiRCON client to stop responding.
Reportedly, sending a ctcp, privmsg, msg or notice command containing an
unusually large amount of data (approx 473 bytes or more of data) to a
XiRCON client, will cause the client to disconnect from the IRC server. If
this is repeatedly exploited, it may be difficult for the user to
reconnect to the host, potentially resulting in a denial of service
condition.
8. WorldSpan Res Manager Malformed TCP Packet Denial Of Service Vulnerability
BugTraq ID: 5169
Remote: Yes
Date Published: Jul 04 2002 12:00A
Relevant URL:
http://www.securityfocus.com/bid/5169
Summary:
Worldspan develops software for use by travel agencies. Res Manager 4.1 is
developed for use with Microsoft Windows operating systems.
It has been reported that WorldSpan Res Manager 4.1 for Microsoft Windows
is vulnerable to a denial of service condition.
Res Manager systems are connected to Worldspan via private lines or
through the Internet. Before accessing Worldspan, clients must first go
through a local gateway.
Worldspan gateway systems are usually systems running Microsoft Windows 95
or 98. The software accepts connections from Res Manager clients via TCP
port 17990. If a malformed packet is sent to this port, the gateway
software attempts to process the packet and eventually crashes.
An attacker may take advantage of this vulnerability by causing gateway
systems to crash and denying service to legitimate users.
9. NcFTP Client PORT Allowed With Proxy Server Weakness
BugTraq ID: 5183
Remote: Yes
Date Published: Jul 06 2002 12:00A
Relevant URL:
http://www.securityfocus.com/bid/5183
Summary:
NcFTP is an FTP client. NcFTP is available for Linux, a wide range of Unix
based systems, Mac OS X and Microsoft Windows.
The NcFTP client may be vulnerable to an issue involving the usage of an
FTP proxy. By default, usage of the FTP PORT command is permitted when the
client is using an FTP proxy server.
This may allow an external, malicious server to hijack the connection by
connecting to the client system before the legitimate FTP server does. At
this point, it may be possible to access sensitive data by accepting a
file transfer, or inject malicious data into the client system.
In order to exploit this vulnerability, the remote attacker would require
information on the port specified by the server. This may be possible if
the attacker can sniff network connections, or if the attacker can make
guesses based on previously detected information.
10. Icecast Server Directory Traversal Information Disclosure Vulnerability
BugTraq ID: 5189
Remote: Yes
Date Published: Jul 09 2002 12:00A
Relevant URL:
http://www.securityfocus.com/bid/5189
Summary:
Icecast is a freely available, open source streaming audio server. Icecast
is available for the Unix, Linux, and Microsoft Windows platforms.
A directory traversal issue has been reported in some versions of Icecast
server. It may be possible for a remote attacker to escape the web root
and determine if a specific directory exists on the vulnerable server.
Reportedly, issuing an HTTP GET request for
"/file/../../../../../../../../directory/" will return different results
if the specified directory exists on the server filesystem. A '404 Not
Found' response is received for a nonexistant directory, and an empty '200
OK' reponse indicates the specified directory exists.
An attacker may exploit this vulnerability to gather intelligence about
the vulnerable system.
This issue may be related to a more severe directory traversal issue in
earlier versions of Icecast, documented as BID 2932.
11. iPlanet Web Server Search Component File Disclosure Vulnerability
BugTraq ID: 5191
Remote: Yes
Date Published: Jul 09 2002 12:00A
Relevant URL:
http://www.securityfocus.com/bid/5191
Summary:
iPlanet Webserver is a HTTP server product offered by Sun Microsystems.
iPlanet Web Server ships with a search engine component. The iPlanet Web
Server search engine is prone to a file disclosure vulnerability.
The search engine component allows for a search query pattern file to be
defined. However, the search engine has a command which will allow remote
users to supply a user-defined search query pattern file. This
functionality is provided by the 'NS-query-pat' command. It is possible
for remote attackers to exploit this functionality to request another file
in place of the search query pattern file. A remote attacker can exploit
this condition by providing a relative path, using directory traversal
sequences, to an arbitrary file via the command. If the server has
sufficient permissions to read the arbitrary file, then it will be
disclosed to the attacker.
This issue was reported for iPlanet Web Server on Microsoft Windows
operating systems. Since the server typically runs in the SYSTEM context
on these operating systems, it may be possible for an attacker to disclose
the contents of arbitrary files. It has not been confirmed whether this
vulnerability exists on other platforms that the software is compatible
with. The search engine functionality does not appear to be available for
versions of the software on Linux platforms.
Netscape Enterprise Server 3.6 is also affected by this issue.
12. Apache Tomcat Servlet Mapping Cross Site Scripting Vulnerability
BugTraq ID: 5193
Remote: Yes
Date Published: Jul 10 2002 12:00A
Relevant URL:
http://www.securityfocus.com/bid/5193
Summary:
Apache Tomcat is a freely available, open source web server maintained by
the Apache Foundation. It is available for use on Unix and Linux variants
as well as Microsoft Windows operating environments.
A vulnerability has been reported for Apache Tomcat 4.0.3 on Microsoft
Windows and Linux platforms. Reportedly, it is possible for an attacker to
launch a cross site scripting attack.
When servlet mapping is enabled, it is possible to invoke various servlets
and cause Apache Tomcat to throw an exception. This will make cross site
scripting attacks possible.
The 'invoker' servlet is mapped to '/servlet/'. This mapping allows for
the execution of anonymous servlet classes that have not been defined in
the file, /tomcat-install-dir/conf/web.xml.
This may enable a remote attacker to steal cookie-based authentication
credentials from legitimate users of a host running Tomcat.
13. GoAhead WebServer URL Encoded Slash Directory Traversal Vulnerability
BugTraq ID: 5197
Remote: Yes
Date Published: Jul 10 2002 12:00A
Relevant URL:
http://www.securityfocus.com/bid/5197
Summary:
GoAhead WebServer is an Open Source embedded web server which supports
Active Server Pages, embedded javascript, and SSL authentication and
encryption. It is available for a variety of platforms including Microsoft
Windows and Linux variant operating systems.
A vulnerability has been reported for GoAhead WebServer 2.1. Reportedly,
it is possible to launch directory traversal attacks against GoAhead
WebServer. It is possible for remote attackers to access arbitrary files
residing on a vulnerable host.
It has been reported that it is possible to exploit this vulnerability to
access arbitrary files on the server through a directory traversal attack.
GoAhead WebServer correctly prevents attackers from using '../' sequences
for directory traversal attacks. However, it does not prevent attackers
from using URL encoded substitutions for the '/' character. Thus, an
attacker can make a request containing the URL encoded version of the '/'
character as follows:
http://target/..%5C..%5C..%5C..%5C..%5C..%5C/winnt/win.ini, where '%5C' is
the URL version of the '/' character.
Successful exploitation of this vulnerability could reveal sensitive data
which may be used to assist in further attacks against the host.
This vulnerabilty was reported for version 2.1 of GoAhead WebServer. It is
not known whether other versions are affected.
14. GoAhead WebServer Error Page Cross Site Scripting Vulnerability
BugTraq ID: 5198
Remote: Yes
Date Published: Jul 10 2002 12:00A
Relevant URL:
http://www.securityfocus.com/bid/5198
Summary:
GoAhead WebServer is an Open Source embedded web server which supports
Active Server Pages, embedded javascript, and SSL authentication and
encryption. It is available for a variety of platforms including Microsoft
Windows and Linux variant operating systems.
A vulnerability has been reported for GoAhead WebServer 2.1. Reportedly,
it is possible for attackers to launch cross site scripting attacks
against vulnerable systems.
GoAhead WebServer includes unsanitized requested URLs when displaying a
404 error page. An attacker may be able to trick a user into following a
link which includes malicious script code, and executing the attack.
Included script code will execute within the context of the hosted site.
This may enable a remote attacker to steal cookie-based authentication
credentials from legitimate users of a host running GoAhead WebServer.
This vulnerabilty was reported for version 2.1 of GoAhead WebServer. It is
not known whether other versions are affected.
15. Working Resources BadBlue cleanSearchString() Cross Site Scripting Vulnerability
BugTraq ID: 5179
Remote: Yes
Date Published: Jul 08 2002 12:00A
Relevant URL:
http://www.securityfocus.com/bid/5179
Summary:
BadBlue is a P2P file sharing application distributed by Working
Resources. It is designed for use on Microsoft Windows operating systems.
BadBlue is operated through a web interface, generated by an included web
server running on the local system.
This issue is a variant of BID 5086 "Working Resources BadBlue EXT.DLL
Cross Site Scripting Vulnerability". It has been reported that EXT.DLL has
been re-designed to pass user supplied input to the cleanSearchString
function. This protective measure may, however, be bypassed.
User supplied input is included in a generated HTML form as the hidden
variable "a0". As this input is not sanitized, it is possible to include
special characters and arbitrary javascript code, which will then execute
within the context of the website hosting the vulnerable server.
Additionally, the cleanSearchString function is implemented in JavaScript,
and performed on the client machine. As a result, unsanitized input passed
to the script must first be rendered to the client machine. Carefully
crafted input may modify the function call, and again result in malicious
input being rendered to the client system.
An attacker may construct a malicious link to the EXT.DLL page on the
local system. When the malicious link is visited, the attacker's script
code will be executed in the web client of the user browsing the link, in
the security context of the website hosting the vulnerable software. Under
normal usage, the code may gain local system access.
This has been reported in BadBlue 1.73, earlier versions may also be
affected.
16. Apache Tomcat DOS Device Name Cross Site Scripting Vulnerability
BugTraq ID: 5194
Remote: Yes
Date Published: Jul 10 2002 12:00A
Relevant URL:
http://www.securityfocus.com/bid/5194
Summary:
Apache Tomcat is a freely available, open source web server maintained by
the Apache Foundation. It is available for use on Unix and Linux variants
as well as Microsoft Windows operating environments.
A vulnerability has been reported for Apache Tomcat 4.0.3 on a Microsoft
Windows platform. Reportedly, it is possible for an attacker to launch a
cross site scripting attack.
When making a request for a DOS device file name, Tomcat will throw an
exception and respond with an error message. It is also possible for
information to be appended to the DOS device when making a request. An
example of this is as follows: tomcat-server/COM2.IMG%20src=
"Javascript:alert(document.domain)"
This may enable a remote attacker to steal cookie-based authentication
credentials from legitimate users of a host running Tomcat.
This vulnerability is related to BugTraq ID 5054, Apache Tomcat Web Root
Path Disclosure Vulnerability.
17. HP Advanced Server/9000 RFC-NetBIOS Denial Of Service Vulnerability
BugTraq ID: 5195
Remote: Yes
Date Published: Jul 10 2002 12:00A
Relevant URL:
http://www.securityfocus.com/bid/5195
Summary:
Advanced Server/9000 is an HP-UX-based network operating system fully
compatible with Microsoft networking technology.
A denial of service vulnerability has been reported for Advanced
Server/9000, versions B.04.05 to B.04.09. It is possible for the
RFC-NetBIOS (also known as NetBIOS-over-TCP/IP) service to panic and fail
to respond to further queries when a malformed UDP packet is received on
port 139.
When the service panics, it can lead to a denial of service condition. The
RFC-NetBIOS service must be restarted for normal operations to resume.
18. Microsoft Internet Explorer OBJECT Tag Same Origin Policy Violation Vulnerability
BugTraq ID: 5196
Remote: Yes
Date Published: Jul 10 2002 12:00A
Relevant URL:
http://www.securityfocus.com/bid/5196
Summary:
In modern browsers, script code executing in the context of one website
should not be able to access the properties of another. This is a security
feature known as the 'same origin policy', and it is put in place to
prevent malicious websites from interacting with and possibly stealing
sensitive information from others in different windows.
Microsoft Internet Explorer contains a vulnerability related to this
protection. This issue lies in its implementation of the HTML OBJECT tag.
The OBJECT element can be used to embed items into an HTML page, such as
images, applets and ActiveX controls. It is also possible to embed an
instance of the WebBrowser ActiveX control, used to render HTML pages.
When an embedded document is from the same site, it is possible to obtain
a reference to the object without violating the same origin policy. This
reference may then be used to access the document object model (DOM) of
the embedded page. If the location of the embedded object is changed, this
reference may still be freely used.
A malicious page may obtain a legitimate reference to an embedded object,
and then modify the location of the object to a sensitive page. Through
the reference, malicious script code may then access the DOM of the
sensitive content. It is possible for an attacker to access sensitive
data, including cookie information. It may also be possible to execute
arbitrary script code in the context of the sensitive site.
Executing code within a local security context may provide access to the
local file system.
III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. Exchange2K/DMZ (Thread)
Relevant URL:
6AA3020BB6C49E4EBDB05588474253321B63D2@dieppe.calgary.securityfocus.com">http://online.securityfocus.com/archive/88/6AA3020BB6C49E4EBDB05588474253321B63D2@dieppe.calgary.securityfocus.com
2. Exchange2K/DMZ (Thread)
Relevant URL:
BED5E48DA30E9045B3EC09FEB10C6120EEED77@SM-FLOR-XM11.wdw.disney.com">http://online.securityfocus.com/archive/88/BED5E48DA30E9045B3EC09FEB10C6120EEED77@SM-FLOR-XM11.wdw.disney.com
3. New XP-AutoUpdate (Thread)
Relevant URL:
E00ECDED326C0B4288A0B4F7F02DE2DD39E9B9@mickey.quest.fl.com">http://online.securityfocus.com/archive/88/E00ECDED326C0B4288A0B4F7F02DE2DD39E9B9@mickey.quest.fl.com
4. Replication on Sql Server 2k - Sql Server Agent Account (Thread)
Relevant URL:
http://online.securityfocus.com/archive/88/01a801c228fc$38a767c0$6901010a@frolic
5. Automatically updating File Permission through GP's on a stan d alone (Thread)
Relevant URL:
B1ABB45947C9D3119DAF009027AF951E3CD15C@ntgroup.Stanford.EDU">http://online.securityfocus.com/archive/88/B1ABB45947C9D3119DAF009027AF951E3CD15C@ntgroup.Stanford.EDU
6. Automatically updating File Permission through GP's on a stand alone (Thread)
Relevant URL:
761DBCC144B6334A81251171C684A6FB7CEB9C@mailserver-2k.fireapple.com">http://online.securityfocus.com/archive/88/761DBCC144B6334A81251171C684A6FB7CEB9C@mailserver-2k.fireapple.com
7. Can I shut down individual TCP connections? (Thread)
Relevant URL:
9DC8A3D37E31E043BD516142594BDDFAE410DF@MISSION.foundstone.com">http://online.securityfocus.com/archive/88/9DC8A3D37E31E043BD516142594BDDFAE410DF@MISSION.foundstone.com
8. SecurityFocus Microsoft Newsletter #94 (Thread)
Relevant URL:
6AA3020BB6C49E4EBDB05588474253321B63A8@dieppe.calgary.securityfocus.com">http://online.securityfocus.com/archive/88/6AA3020BB6C49E4EBDB05588474253321B63A8@dieppe.calgary.securityfocus.com
9. Strange event showing up... (Thread)
Relevant URL:
3D292B2E.6DFE580@umdnj.edu">http://online.securityfocus.com/archive/88/3D292B2E.6DFE580@umdnj.edu
10. local security policy (Thread)
Relevant URL:
JMEPJPLDDAMLHBKNGNNEAENMCLAA.ssgill@gilltechnologies.com">http://online.securityfocus.com/archive/88/JMEPJPLDDAMLHBKNGNNEAENMCLAA.ssgill@gilltechnologies.com
IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
----------------------------------------
1. Advanced Outlook Express Password Recovery
by Elcom Ltd.
Platforms: Windows 2000, Windows 95/98, Windows NT
Relevant URL:
http://www.elcomsoft.com/aoepr.html
Summary:
A program to recover server name, login and password for all mail and news
accounts in Microsoft Outlook Express, as well as passwords to
"identities". Passwords are recovered instanly, multilingual ones are
supported. Works with all versions of Outlook Express.
2. Biometric Enrollment Software
by Identicator Technologies
Platforms: Windows 3.x, Windows 95/98
Relevant URL:
http://www.identicator.com/products/bes.html
Summary:
Identicator's Biometric Enrollment Software simplifies critical enrollment
administration and logistics using its developed biometric technologies. A
flexible design environment, screen instructions and convenient
peripherals provide a simple enrollment system right at your PC. Using
Identicator's advanced biometric technology at the enrollment phase
insures data integrity in your personal identification application.
3. Norton Ghost
by Symantec
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL:
http://www.symantec.com/sabu/ghost/ghost_personal/
Summary:
Norton Ghost provides high-performance utilities for fast and safe system
upgrading, backup, and recovery. It writes disk images directly to many
popular CD-R/CD-RW drives, making it easy to back up your valuable data.
Now it works faster than ever and supports Windows® XP.
V. MICROSOFT TOOLS
-------------------
1. Gnuzza v0.4.1
by Timo Schulz ts@winpt.org
Relevant URL:
http://www.winpt.org/cryptchat
Platforms: Linux, Windows 2000, Windows 95/98, Windows NT, Windows XP
Summary:
Gnuzza is a peer to peer (p2p) encrypted chat client for both Windows and
Linux. It features Diffie Hellman key exchange (selectable from 1024 to
4096 bit), user authentication, and offers the choice of 3DES, Blowfish,
Twofish, CAST5, and Rijndael as symmetric ciphers.
2. Hashish v1.0
by mentat
Relevant URL:
http://www.sf.net/projects/hashish/
Platforms: Os Independent, POSIX, Windows 2000, Windows 95/98
Summary:
Hashish is a file or string hashing utility with a GUI frontend. It is
cross-platform and supports many types of cryptographic hashes (including
SHA, MD5, and RIPEMD-160).
3. SaveMyModem v0.06
by gareuselesinge
Relevant URL:
http://web.genie.it/utenti/g/gareuselesinge/smm/
Platforms: POSIX, UNIX, Windows 2000, Windows 95/98, Windows NT, Windows
XP
Summary:
SaveMyModem is an anti-spam, mail-shaping, and delete-on-server mail tool.
It is designed for users with slow dialup connections, who are tired of
downloading large amounts of spam and worm and virus attachments.
4. FPort v2.0
by Foundstone, Inc.
Relevant URL:
http://www.foundstone.com/knowledge/proddesc/fport.html
Platforms: Windows 2000, Windows NT, Windows XP
Summary:
fport reports all open TCP/IP and UDP ports and maps them to the owning
application. This is the same information you would see using the 'netstat
-an' command, but it also maps those ports to running processes with the
PID, process name and path. Fport can be used to quickly identify unknown
open ports and their associated applications.
VI. SPONSORSHIP INFORMATION
---------------------------
This newsletter is sponsored by: SecurityFocus DeepSight Threat Management
System
From June 24th - August 31st, 2002, SecurityFocus announces a FREE
two-week trial of the DeepSight Threat Management System: the only early
warning system providing customizable and comprehensive early warning of
cyber attacks and bulletproof countermeasures to prevent attacks before
they hit your network.
With the DeepSight Threat Management System, you can focus on proactively
deploying prioritized and specific patches to protect your systems from
attacks, rather than reactively searching dozens of Web sites or hundreds
of emails frantically trying to gather information on the attack and how
to recover from it.
Sign up today!
http://www.securityfocus.com/corporate/products/promo/tmstrial-ms.shtml
-------------------------------------------------------------------------------
- Previous message: cmoon@fas.harvard.edu: "Re: Win32 Apache service not run as System..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
