SecurityFocus Microsoft Newsletter #128

From: Marc Fossi (mfossi@securityfocus.com)
Date: 03/10/03

Next message: Campbell, Ian C: "RE: Exchange/MAPI/RPC"

Previous message: Brian W. Spolarich: "RE: Exchange/MAPI/RPC"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Mon, 10 Mar 2003 13:15:29 -0700 (MST)
From: Marc Fossi <mfossi@securityfocus.com>
To: Focus-MS <focus-ms@securityfocus.com>

SecurityFocus Microsoft Newsletter #128
---------------------------------------

I. FRONT AND CENTER
     1. Cryptographic Filesystems: Design and Implementation
     2. Windows Forensics - A Case Study: Part Two
     3. An Analysis of Simile
     4. Spam Wars Make Strange Bedfellows
     5. SecurityFocus DPP Program
     6. InfoSec World Conference and Expo/2003(March10-12,2003,Orlando,FL)
II. MICROSOFT VULNERABILITY SUMMARY
     1. CoffeeCup Software Password Wizard Remote Password Retrieval...
     2. GTCatalog Remote File Include Vulnerability
     3. PY-Livredor index.php HTML Injection Vulnerability
     4. Pastel Accounting ACCUSER.DAT Obfuscation Weakness
     5. TCPDump Malformed ISAKMP Packet Denial Of Service...
     6. Logan Pro HTTP Header Code Injection Vulnerability
     7. iPlanet 6.0 Log Viewing Utility Concealed Log Entry Vulnerability
     8. SurfStats Log Analyzer Logfile HTML Injection Vulnerability
     9. WebLog Expert Logfile HTML Injection Vulnerability
     10. InstantServer ISMail Remote User Fields Buffer Overflow...
     11. Typo3 Showpic.PHP File Enumeration Vulnerability
     12. Apple QuickTime/Darwin Streaming Server parse_xml.cgi File...
     13. Sendmail Header Processing Buffer Overflow Vulnerability
     14. WebLog Expert HTTP Header Code Injection Vulnerability
     15. iPlanet Log Analyzer Logfile HTML Injection Vulnerability
     16. Typo3 Log HTML Injection Vulnerability
     17. Typo3 Translations.PHP Remote File Include Vulnerability
     18. Typo3 Translations.PHP File Disclosure Vulnerability
     19. Typo3 Webroot Folders Information Disclosure Weakness
     20. Typo3 HTML Hidden Form Field Information Disclosure Weakness
     21. Netscape Communicator Password Disclosure Weakness
     22. Typo3 Runtime Error Page Information Disclosure Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
     1. User rights on Terminal Services (Thread)
     2. Article Announcement: Windows Forensics - A Case Study: Part...
     3. Logging mechanism in IIS (was RE: code red---- on system that...
     4. Logging mechanism in IIS (was code red---- on system that is...
     5. code red---- on system that is already (and has been) patched...
     6. experiment supports concept of using host header names as...
     7. 5 security questions (Thread)
     8. SecurityFocus Microsoft Newsletter #127 (Thread)
     9. host header names as security devices (Thread)
     10. One Time Passwords (Thread)
IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
     1. Steganos Security Suite 4
     2. SSH Secure Shell for Windows Servers
     3. N2H2 Sentian
V. NEW TOOLS FOR MICROSOFT PLATFORMS
     1. DiskZapper v1.0
     2. pkeytool v1.0.0
     3. NodeBrain v0.5.0

I. FRONT AND CENTER
-------------------
1. Cryptographic Filesystems: Design and Implementation
By Ido Dubrawsky

Cryptographic filesystems have recently come to the forefront of security.
This article will discuss some of the background and technology of
cryptographic filesystems and will then cover some example implementations
of these filesystems including Microsoft's Encrypting File System for
Windows 2000, the Linux CryptoAPI, and the Secure File System.

http://www.securityfocus.com/infocus/1673

2. Windows Forensics - A Case Study: Part Two
By Stephen Barish

This article is the second in a two-part series that will offer a case
study of forensics in a Windows environment. This article deals with
determining the scope of the compromise, and understanding what the
attacker is trying to accomplish at the network level. Along the way,
we'll be discussing some tools and techniques that are useful in this type
of detective work.

http://www.securityfocus.com/infocus/1672

3. An Analysis of Simile
by Adrian Marinescu

Virus writers have always tried to develop new methods to make malware
detection more difficult. For instance, encryption was a natural step in
virus evolution when scanners started to use databases with scan strings
for detection. When scanners started to handle encryption patterns
generically, first oligomorphism (a limited form of polymorphism - the
polymorphic decryptor can have a strictly limited, relatively small number
of shapes) and then polymorphism were introduced.

http://www.securityfocus.com/infocus/1671

4. Spam Wars Make Strange Bedfellows
By Jon Lasser

The open-source community is closer than ever to curing the spam problem,
but they'll have to hold their noses and help out Windows users to get
there.

http://www.securityfocus.com/columnists/146

5. SecurityFocus DPP Program

Attention Universities!! Sign-up now for preferred pricing on the only
global early-warning system for cyber attacks - SecurityFocus DeepSight
Threat Management System.

Click here for more information:
http://www.securityfocus.com/corporate/products/dpsection.shtml

6. InfoSec World Conference and Expo/2003 (March 10-12, 2003, Orlando, FL)

Optional Workshops March 8, 9, 12, 13, & 14 Vendor Expo March 10 & 11

Solutions to today’s security concerns; hands-on experts; blockbuster
vendor expo; the CISO Executive Summit; invaluable networking
opportunities. InfoSec World has it all!

Go to: http://www.misti.com/10/os03nl37inf.html

II. BUGTRAQ SUMMARY
-------------------
1. CoffeeCup Software Password Wizard Remote Password Retrieval Vulnerability
BugTraq ID: 6995
Remote: Yes
Date Published: Mar 01 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6995
Summary:

Password Wizard is a software package designed to offer password
protection to web sites. It is available for the Microsoft Windows
operating system.

A problem with the software may make it possible for remote users to gain
unauthorized access to restricted resources.

It has been reported that Password Wizard does not sufficiently protect
usernames and passwords. In a default configuration, an attacker may be
able to gain access to this information, and thus access to restricted
resources.

The problem is in the permissions of the file the credentials are stored
in, in addition to the ability of an attacker to access this file
remotely. An attacker could ascertain the name of the credentials file by
viewing the HTML source of the login page, and download the file.

The credentials file is typically the same name as the shockwave flash
login page, with the extension of .apw vice .swf.

2. GTCatalog Remote File Include Vulnerability
BugTraq ID: 6998
Remote: Yes
Date Published: Mar 03 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6998
Summary:

GTCatalog is software designed to maintain a catalog of products. It is
implemented in PHP and is available for a variety of platforms including
Microsoft Windows and Linux variant operating systems.

GTCatalog is prone to an issue that may allow remote attackers to include
files located on attacker-controlled servers.

This vulnerability is as a result of insufficient sanitization performed
on remote user supplied data. Specifically the PHP script file 'index.php'
is vulnerable to this issue.

Under some circumstances, it is possible for remote attackers to influence
the include path for files ending with '.custom.inc' to point to an
external file on a remote server by manipulating the '$function' and
'$custom' URI parameters.

If the remote file is a malicious file, this may be exploited to execute
arbitrary system commands in the context of the web server.

This vulnerability was reported for GTCatalog 0.9.1 and earlier.

3. PY-Livredor index.php HTML Injection Vulnerability
BugTraq ID: 6997
Remote: Yes
Date Published: Mar 03 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6997
Summary:

PY-Livredor is freely available guestbook software. It will run on most
Unix and Linux variants, as well as Microsoft Windows operating systems.

PY-Livredor does not adequately filter HTML tags from various fields on
the 'index.php' page. Specifically, an attacker may be able to insert
malicious HTML code into the "titre", "Votre pseudo", "Votre e-mail",
"Votre message" fields.

The attacker's code may be executed in the web client of users who view
the pages generated by the guestbook, in the security context of the
website hosting the software.

Attackers may potentially exploit this issue to hijack web content or to
steal cookie-based authentication credentials.

This vulnerability has been reported for PY-Livredor version 1.0.

4. Pastel Accounting ACCUSER.DAT Obfuscation Weakness
BugTraq ID: 7003
Remote: No
Date Published: Mar 03 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7003
Summary:

Pastel Accounting is financial software for Microsoft Windows operating
systems.

Pastel Accounting is reported to store sensitive user and security
information on the local system using a trivially reversible obfuscation
method. This information is stored in the 'ACCUSER.DAT' file in each
particular client folder. 'ACCUSER.DAT' stores username/password
information for individual client accounts.

The information in this file is obfuscated by rotating the characters in
the original string. For example, the string "ABCDEFGH" will be stored as
"stuvwxyz" in 'ACCUSER.DAT'.

Malicious users with read access to this file may easily gain access to
sensitive information. This will also permit malicious users with write
access to the file to modify data, since the software does not verify the
contents of this file any further.

This issue was reported in Pastel Account version 6.0-6.12. Other
versions may also be affected.

5. TCPDump Malformed ISAKMP Packet Denial Of Service Vulnerability
BugTraq ID: 6974
Remote: Yes
Date Published: Feb 27 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6974
Summary:

tcpdump is a freely available, open source network monitoring tool. It is
available for the Unix, Linux, and Microsoft Windows operating systems.

A vulnerability in the processing of some packet types may result in an
inability to further use the tcpdump application.

It has been reported that tcpdump is vulnerable to a denial of service
when some packet types are received. By sending a maliciously formatted
packet to a system using a vulnerable version of tcpdump, it is possible
for a remote user to cause tcpdump to ignore network traffic from the time
the packet is received until the application is terminated and restarted.

The problem is in the handling of ISAKMP packets. When tcpdump receives a
maliciously crafted ISAKMP packet, the application enters an infinite loop
and ceases to further monitor network traffic. This could allow the
passing of undetected network traffic that would typically be seen by
tcpdump.

6. Logan Pro HTTP Header Code Injection Vulnerability
BugTraq ID: 7010
Remote: Yes
Date Published: Mar 04 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7010
Summary:

Logan Pro is a Web Log Analysis Tool for Microsoft Windows platforms that
reads the log file created by a web server and generates a comprehensive
report.

A vulnerability has been discovered in Logan Pro. Under certain
circumstances an attacker may embed HTML code into the HTTP header section
of a web log entry. Due to insufficient sanitization of HTTP header
information, Logan Pro reports that are derived from malicious web logs
may incorporate the arbitrary attacker supplied HTML code.

Specifically, embedding HTML code into a HTTP header, such as 'UserAgent',
may result in attacker-supplied code being executed in Logan Pro log
reports.

Successful exploitation of this issue would result in the execution of
HTML commands when viewing reports generated by Logan Pro. All commands
executed in this manner would be run within context of the browser used to
view the report.

This vulnerability was reported for Logan Pro version 1.2 previous
versions may also be affected.

7. iPlanet 6.0 Log Viewing Utility Concealed Log Entry Vulnerability
BugTraq ID: 7012
Remote: Yes
Date Published: Mar 04 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7012
Summary:

iPlanet is an HTTP server product. It is available for a number of
platforms, including Unix and Linux variants and Microsoft Windows
operating systems.

A vulnerability has been reported for iPlanet that may conceal malicious
log entries from the 'View Access Log' and 'View Error Log' utilities. The
problem occurs due to the utilities' parsing of the 'Format=' string,
which is typically used to specify log entry formatting.

An attacker can exploit this vulnerability by generating a log entry using
a hostname which is prepended with the 'Format=' string. Because the data
supplied as the 'Format' will not be recognized by the said utilities, the
log entry will be not be shown.

It should be noted that viewing the log data with other utilities, such as
a text-based editor, will disclose the malicious entries.

8. SurfStats Log Analyzer Logfile HTML Injection Vulnerability
BugTraq ID: 7014
Remote: Yes
Date Published: Mar 04 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7014
Summary:

SurfStats Log Analyzer is software for viewing webserver logs. It is
available for Microsoft Windows operating systems.

SurfStats Log Analyzer does not sufficiently sanitize HTML when logging
requests. If malicious data containing HTML and script code is logged and
then viewed using the software, exploitation will occur. Through
exploitation of this issue, it will be possible to falsify log information
and execute arbitrary script code in the web client of the user viewing
the logs.

This issue has been demonstrated when the log analysis software renders a
malicious hostname which contains hostile HTML or script code, which was
logged when the server did an inverse lookup of hostname data. This is
only one possible scenario, and it is likely that data other than the
hostname is not sufficiently filtered.

9. WebLog Expert Logfile HTML Injection Vulnerability
BugTraq ID: 7016
Remote: Yes
Date Published: Mar 04 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7016
Summary:

WebLog Expert is software for viewing webserver logs. It is available for
Microsoft Windows operating systems.

WebLog Expert does not sufficiently sanitize HTML when logging requests.
If malicious data containing HTML and script code is logged and then
viewed using the software, exploitation will occur. Through exploitation
of this issue, it will be possible to falsify log information and execute
arbitrary script code in the web client of the user viewing the logs.

10. InstantServer ISMail Remote User Fields Buffer Overflow Vulnerability
BugTraq ID: 6972
Remote: Yes
Date Published: Feb 27 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6972
Summary:

ISMail is a commercially available mail server implementation by
InstantServers. It is available for the Microsoft Windows operating
system.

A problem with ISMail could make it possible for a remote attacker to
execute arbitrary code on systems using vulnerable software.

It has been reported that ISMail does not properly handle long strings
under some circumstances. When an email containing specifically crafted
strings in various fields of the email header is passed through the
server, a buffer overflow occurs. This could be exploited to execute code
on vulnerable server.

The problem is in the RCPT TO and FROM fields. When domain names of
excessive length are supplied in these fields, a stack overflow occurs.
This problem could be exploited to execute code with the privileges of the
ISMail process, which is typically run as SYSTEM.

11. Typo3 Showpic.PHP File Enumeration Vulnerability
BugTraq ID: 6982
Remote: Yes
Date Published: Feb 28 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6982
Summary:

TYPO3 is a web-based content management system. It is available for
Microsoft Windows operating systems and Unix and Linux variants.

TYPO3 is prone to a vulnerability that will allow remote attackers to
enumerate whether or not files exist on the system hosting the software.
This issue exists in the 'showpic.php' and 'thumbs.php' scripts and may be
exploited by submitting a malicious request for a file (including the
relative path). These scripts will return information about whether or
not a file exists.

This type of information may be useful in mounting further attacks against
the host system, since the scripts will reveal information about the
layout of the host's filesystem.

12. Apple QuickTime/Darwin Streaming Server parse_xml.cgi File Disclosure Vulnerability
BugTraq ID: 6990
Remote: Yes
Date Published: Feb 28 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6990
Summary:

QuickTime/Darwin Streaming Administration Server is server technology
which allows you to send streaming QuickTime data to clients across the
Internet.

A file retrieval vulnerability has been reported for QuickTime/Darwin
Streaming Server (SS). The vulnerability exists due to insufficient
sanitization of some parameters given to the parse_xml.cgi script.
Specifically, directory traversal sequences are not sanitized from the
value supplied to the 'filename' URI parameter. Information obtained in
this manner may be used by an attacker to launch more organinzed attacks
against a vulnerable system.

An attacker may exploit this vulnerability by making a request to the
parse_xml.cgi script containing dot-dot-slash ('../') sequences followed
by a filename. When the malicious request is processed, the Streaming
Server will disclose the contents of the file to an attacker.

This vulnerability was tested on SS for Microsoft Windows systems. Linux
versions of Darwin SS are reportedly not vulnerable to this issue.

13. Sendmail Header Processing Buffer Overflow Vulnerability
BugTraq ID: 6991
Remote: Yes
Date Published: Mar 02 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6991
Summary:

Sendmail is a widely used MTA for Unix and Microsoft Windows systems.

A remotely exploitable vulnerability has been discovered in Sendmail.
The vulnerability is due to a buffer overflow condition in the SMTP header
parsing component. Remote attackers may exploit this vulnerability by
connecting to target SMTP servers and transmitting to them malformed SMTP
data.

The overflow condition occurs when Sendmail processes addresses or lists
of addresses in fields such as "From:" or "CC:". One of the checks to
ensure that the addresses are valid is flawed, resulting in a buffer
overflow condition. Successful attackers may exploit this vulnerability
to gain root privileges on affected servers remotely.

It has been reported that this vulnerability may possibly be locally
exploitable if the sendmail binary is setuid/setgid.

Versions 5.2 to 8.12.7 are affected. Administrators are advised to
upgrade to 8.12.8 or apply available patches to prior versions of the 8.x
tree.

14. WebLog Expert HTTP Header Code Injection Vulnerability
BugTraq ID: 7015
Remote: Yes
Date Published: Mar 04 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7015
Summary:

WebLog Expert is a Web Log Analysis Tool for Microsoft Windows platforms
that reads the log file created by a web server and generates a
comprehensive report.

A vulnerability has been discovered in WebLog Expert. Under certain
circumstances an attacker may embed HTML code into the HTTP header section
of a web log entry. Due to insufficient sanitization of HTTP header
information, WebLog Expert reports that are derived from malicious web
logs may incorporate the arbitrary attacker supplied HTML code.

Specifically, embedding HTML code into a HTTP header, such as 'UserAgent',
may result in attacker-supplied code being executed in WebLog Expert log
reports.

Successful exploitation of this issue would result in the execution of
HTML commands when viewing reports generated by WebLog Expert. All
commands executed in this manner would be run within context of the
browser used to view the report.

This vulnerability was reported for WebLog Expert version 1.6.1 other
versions may also be affected.

15. iPlanet Log Analyzer Logfile HTML Injection Vulnerability
BugTraq ID: 7017
Remote: Yes
Date Published: Mar 04 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7017
Summary:

iPlanet is an enterprise web server software package with a built-in tool
for viewing webserver logs. It is available for Microsoft Windows, Unix,
and Linux operating systems.

iPlanet does not sufficiently sanitize HTML when logging requests. If
malicious data containing HTML and script code is logged and then viewed
using the log viewing software, exploitation will occur. Through
exploitation of this issue, it will be possible to falsify log information
and execute arbitrary script code in the web client of the user viewing
the logs.

This issue occurs when viewing logs in both HTML and text mode.

16. Typo3 Log HTML Injection Vulnerability
BugTraq ID: 6983
Remote: Yes
Date Published: Feb 28 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6983
Summary:

TYPO3 is a web-based content management system. It is available for
Microsoft Windows operating systems and Unix and Linux variants.

TYP03 logs all system and access related errors in the TYPO3 database and
provides a facility for administrators to view this information from the
web. However, data is not sanitized of HTML before being logged. As a
result, remote attackers may inject malicious HTML and script code into
log files. When these logs are viewed, the hostile code will be
interpreted in the web client of the user viewing the logs.

This may allow for theft of administrative cookie-based authentication
credentials and other attacks.

17. Typo3 Translations.PHP Remote File Include Vulnerability
BugTraq ID: 6984
Remote: Yes
Date Published: Feb 28 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6984
Summary:

TYPO3 is a web-based content management system. It is available for
Microsoft Windows operating systems and Unix and Linux variants.

TYPO3 is prone to an issue that may allow remote attackers to include
files located on attacker-controlled servers.

This vulnerability is as a result of insufficient sanitization performed
on remote user supplied data used by a URI parameter of the
'translations.php' PHP page.

Under some circumstances, it is possible for remote attackers to influence
the path for an include file to point to an external file by manipulating
the '$ONLY' URI parameter.

If the remote file is a malicious file, this may be exploited to execute
arbitrary system commands in the context of the web server.

18. Typo3 Translations.PHP File Disclosure Vulnerability
BugTraq ID: 6985
Remote: Yes
Date Published: Feb 28 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6985
Summary:

TYPO3 is a web-based content management system. It is available for
Microsoft Windows operating systems and Unix and Linux variants.

TYPO3 does not sufficiently sanitize input submitted via URI parameters of
potentially malicious data. This issue exists in the 'translations.php'
script. Specifically, variations of directory traversal sequences and
null characters (%00) may be specified as a value for the 'ONLY' URI
parameter. By submitting a malicious web request to this script that
contains a relative path to a resource and a null character (%00), it is
possible to retrieve arbitrary files that are readable by the web server
process.

Successful exploitation will permit the attacker to gain access to
sensitive information that may aid in mounting further attacks against the
system hosting the software.

19. Typo3 Webroot Folders Information Disclosure Weakness
BugTraq ID: 6988
Remote: Yes
Date Published: Feb 28 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6988
Summary:

TYPO3 is a web-based content management system. It is available for
Microsoft Windows operating systems and Unix and Linux variants.

It has been reported that TYPO3 installs, by default, several directories
into the TYPO3 webroot. These directories are reportedly readable or
lacking sufficient authentication mechanisms and contain log,
configuration and script files. This weakness may result in the disclosure
of sensitive system based information to malicious web users.

The following directories and files have been reported to be prone to this
issue: /install /fileadmin/ /typo3conf/

The information gathered as a result of this weakness may be used in
further attacks against the system.

20. Typo3 HTML Hidden Form Field Information Disclosure Weakness
BugTraq ID: 6993
Remote: Yes
Date Published: Feb 28 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6993
Summary:

TYPO3 is a web-based content management system. It is available for
Microsoft Windows operating systems and Unix and Linux variants.

Clients of TYPO3 systems may access potentially sensitive data that have
been obfuscated through hidden form fields. Such fields may contain
potentially sensitive information which may provide determined attackers
with valuable information which may be useful in exploiting other known
issues in the software.

This vulnerability was reported for TYPO3 3.5b5.

21. Netscape Communicator Password Disclosure Weakness
BugTraq ID: 6981
Remote: No
Date Published: Feb 28 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6981
Summary:

Netscape Communicator is a combined web browser and e-Mail Client
developed for a variety of platforms including Microsoft Windows, Linux
and Unix variant operating environments.

It has been reported that the Netscape Communicator roaming profile
function may store sensitive user credentials in the 'prefs.js'
configuration file using plaintext or easily disclosed format.

This weakness may result in an attacker accessing sensitive user
credentials that may be used in further attacks launched against the
system.

Conflicting details have been reported suggesting that perhaps this issue
may be due to a user initiated configuration change and that password data
may be encrypted using a trivial XOR based encryption algorithm by
default.

This report is closely related to the issue described in BID 6215.

22. Typo3 Runtime Error Page Information Disclosure Vulnerability
BugTraq ID: 6986
Remote: Yes
Date Published: Feb 28 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6986
Summary:

TYPO3 is a web-based content management system. It is available for
Microsoft Windows operating systems and Unix and Linux variants.

An information disclosure vulnerability has been reported for TYPO3. The
vulnerability exists in several 'test', 'class' and 'library' scripts that
are included with TYPO3.

These scripts may be forced to execute and generate runtime errors. When
these errors occur, the scripts will output path information.

Information obtained in this manner may be used by an attacker to launch
further attacks against a vulnerable system.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. User rights on Terminal Services (Thread)
Relevant URL:

http://online.securityfocus.com/archive/88/314283

2. Article Announcement: Windows Forensics - A Case Study: Part Two (Thread)
Relevant URL:

http://online.securityfocus.com/archive/88/314229

3. Logging mechanism in IIS (was RE: code red---- on system that is already (and has been) patched) (Thread)
Relevant URL:

http://online.securityfocus.com/archive/88/314217

4. Logging mechanism in IIS (was code red---- on system that is already (and has been) patched) (Thread)
Relevant URL:

http://online.securityfocus.com/archive/88/314106

5. code red---- on system that is already (and has been) patched (Thread)
Relevant URL:

http://online.securityfocus.com/archive/88/313851

6. experiment supports concept of using host header names as security layer (Thread)
Relevant URL:

http://online.securityfocus.com/archive/88/313859

7. 5 security questions (Thread)
Relevant URL:

http://online.securityfocus.com/archive/88/313780

8. SecurityFocus Microsoft Newsletter #127 (Thread)
Relevant URL:

http://online.securityfocus.com/archive/88/313685

9. host header names as security devices (Thread)
Relevant URL:

http://online.securityfocus.com/archive/88/313617

10. One Time Passwords (Thread)
Relevant URL:

http://online.securityfocus.com/archive/88/313616

IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
----------------------------------------
1. Steganos Security Suite 4
by Steganos
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL:
http://www.steganos.com/en/sss/index.htm
Summary:

A complete, easy-to-use security package that encrypts and conceals your
data. The Steganos Safe is a secure hard drive, which disappears at the
click of a button. Thanks to on-the-fly-encryption, 1 GB of data can be
encrypted in less than a second. Create encrypted e-mail attachments.
Includes Internet Trace Destructor, file shredder, e-mail encryption,
password manager and computer locking.

2. SSH Secure Shell for Windows Servers
by SSH Communications Security
Platforms: N/A
Relevant URL:
http://www.ssh.com/products/security/secureshellwinserver/
Summary:

SSH Secure Shell for Windows Servers is an award-winning SSH server
implementation for servers running a Microsoft Windows operating systems.
The Microsoft Windows NT, 2000 and XP operating systems are increasingly
being used as server platforms in organizations around the world, and SSH
Secure Shell for Windows Servers solves the problem of providing secure
management access to the business-critical services on these servers.

3. N2H2 Sentian
by N2H2
Platforms: Linux, Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL:
http://www.n2h2.com/products/sentian_home.php
Summary:

Sentian filtering software works with a wide variety of implementations to
meet the needs of organizations both large and small. Whichever device you
prefer, every Sentian product uses the categorized filtering database
recognized as the most effective available.

V. NEW TOOLS FOR MICROSOFT PLATFORMS
-------------------------------------
1. DiskZapper v1.0
by Phil Howard
Relevant URL:
http://diskzapper.com/
Platforms: N/A
Summary:

DiskZapper is a Linux-based bootable (floppy or CD-ROM) tool intended to
wipe all hard drives on the machine it runs on to binary zero. This is
intended for uses such as making sure old computers or hard drives being
sold or trashed are clear of any confidential data, and to be sure certain
computers are clear of any unlicensed software in the event the software
piracy police visit. It comes in the form of a floppy image (ready to dd
or rawrite) or a CD ISO image (ready to burn to CDR). No other software or
OS required. This is a dangerous tool. Please store out of reach of
children.

2. pkeytool v1.0.0
by David Green
Relevant URL:
http://pkeytool.couchpotato.net
Platforms: Os Independent
Summary:

pkeytool takes over where the JDK's keytool leaves off by allowing users
to work with private keys.

3. NodeBrain v0.5.0
by Ed Trettevik
Relevant URL:
http://www.nodebrain.org
Platforms: Os Independent
Summary:

NodeBrain is a rule-based state and event monitoring agent. It is an
interpreter of the NodeBrain command language that includes commands for
rule definition, state assertion and event alerting. It can be used for
system health monitoring or other applications requiring automated
response to state changes and patterns of events from application logs and
other sources. It supports a peer-to-peer application protocol called NBP
to enable event streams between agents within a network. Peers are
authenticated and communication is encrypted. Store-and-forward queues are
used to tolerate network, system, and peer outages. Integration with other
applications is accomplished through a command line interface (CLI). This
tool is intended for developers, as construction of a monitoring
application using NodeBrain is a programming activity. A programmer must
develop NodeBrain event correlation rules, input commands for state and
event collection, and output commands for responses as required by a
specific application.

Next message: Campbell, Ian C: "RE: Exchange/MAPI/RPC"

Previous message: Brian W. Spolarich: "RE: Exchange/MAPI/RPC"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]