SecurityFocus Microsoft Newsletter # 150
From: Marc Fossi (mfossi_at_securityfocus.com)
Date: 08/18/03
- Previous message: Jacob Loveless: "RE: DCOM patch + Exchange"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 18 Aug 2003 11:36:25 -0600 (MDT) To: Focus-MS <focus-ms@securityfocus.com>
SecurityFocus Microsoft Newsletter # 150
----------------------------------------
This Issue is Sponsored by: KaVaDo
Your network firewall and IDS products do not prevent Web application
attacks - the most common form of online exploitation- resulting in Web
defacement, data theft, sabotage and fraud.
KaVaDo is the first and only company that provides a complete and
integrated suite of Web application security products, allowing you to:
- assess your entire Web environment with a Web Application Scanner,
- automatically set positive security policies for real-time protection,
and
- maintain such policies at the Application Firewall without compromising
business performance.
For more information on KaVaDo and to download a FREE white paper on
Security Policy Automation for Web Applications, please visit
http://www.securityfocus.com/sponsor/KaVaDo_ms-secnews_030818
------------------------------------------------------------------------
I. FRONT AND CENTER
1. MRTG for Intrusion Detection with IIS 6
2. Honeypot Farms
3. Basic IIS Lockdown Using Scripts and Group Policy
4. The Sad Tale of a Security Whistleblower
II. MICROSOFT VULNERABILITY SUMMARY
1. Multiple Vendor OSF Distributed Computing Environment Denial...
2. Meteor FTP Server USER Memory Corruption Vulnerability
3. Invision Power Board Admin.PHP Cross-Site Scripting Vulnerab...
4. MDaemon SMTP Server Null Password Authentication Vulnerabili...
5. Web ChatServer HTML Injection Vulnerability
6. PHPOutSourcing Zorum Cross-Site Scripting Vulnerability
7. NetSurf Long URI Buffer Overflow Vulnerability
8. PHPOutsourcing Zorum Path Disclosure Vulnerability
9. Microsoft Windows 2000 Subnet Bandwidth Manager RSVP Server ...
10. PHP DLOpen Arbitrary Web Server Process Memory Vulnerability
11. SurgeLDAP Path Disclosure Vulnerability
12. SurgeLDAP User.CGI Cross-Site Scripting Vulnerability
13. SurgeLDAP HTTP GET Denial Of Service Vulnerability
14. SurgeLDAP Insecure Password Storage Vulnerability
15. Microsoft MCIWNDX.OCX ActiveX Control Buffer Overflow Vulner...
16. Clickcess ChitChat.NET Message HTML Injection Vulnerability
17. Microsoft URLScan / RSA Security SecurID Configuration Enume...
III. MICROSOFT FOCUS LIST SUMMARY
1. scan of domain logon reveals unknown port (Thread)
2. Account Lockout -- ARGH (Thread)
3. DNS (Thread)
4. Account Lockuout --ARGH (Thread)
5. Detecting Blaster (Thread)
6. New variant. Blast.b (Thread)
7. FW: Actions for the Blaster Worm - Special Edition, ... (Thread)
8. MS03-029 ?-Download link (Thread)
9. Why the shutdown if infected with blaster? (Thread)
10. FW: Blaster vs. Kaht2, detecting Windows root kits (Thread)
11. DCOM patch + Exchange (Thread)
12. Administrivia: Blaster (Thread)
13. attempt to launch a DCOM server? (Thread)
14. What the heck is this msblast.exe (Thread)
15. W32.Blaster.C.Worm (Thread)
16. 3 Comprehensive links in combat with MSBlaster Worm (Thread)
17. Error Message: User Interface Failu The Logon User I... (Thread)
18. Blaster vs. Kaht2 (Thread)
19. DCOM Worm (Thread)
20. DCOM Exploit / Worm Signatures (Thread)
21. FW: Blaster vs. Kaht2 (Thread)
22. msblast and IIS (Thread)
23. [msblast/LovSan] Detection (Thread)
24. Article Announcement: Basic IIS Lockdown Using Scrip... (Thread)
25. DCOM worm is out (Thread)
IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
1. Intellitactics Network Security Manager
2. Netsecure Log
3. F-Secure Internet Security 2003
4. Primedius Personal Firewall/Anti-Spy ware
5. AES PRO
6. Aluria's Spyware Eliminator
V. NEW TOOLS FOR MICROSOFT PLATFORMS
1. Anti-Spam SMTP Proxy v1.0.0
2. ngrep v1.41
3. Securepoint Firewall and VPN Server v3.1.3 P3
4. libdvdcss v1.2.8
5. Enigmail v0.81.0
6. aNTG v1.0
VI. SPONSOR INFORMATION
I. FRONT AND CENTER
-------------------
1. MRTG for Intrusion Detection with IIS 6
By Mark Burnett
This article explains how to use a Multi Router Traffic Grapher (MRTG) to
see the big picture of your network traffic and to help visually spot
attacks.
http://www.securityfocus.com/infocus/1721
2. Honeypot Farms
By Lance Spitzner
This article is about deploying and managing honeypots in large,
distributed environments through the use of Honeypot Farms.
http://www.securityfocus.com/infocus/1720
3. Basic IIS Lockdown Using Scripts and Group Policy
by Mark Squire
Microsoft Active Directory and Group Policy have a feature-rich set of
tools and processes to help save an administrator time and energy in
maintaining security within the domain.
http://www.securityfocus.com/infocus/1719
4. The Sad Tale of a Security Whistleblower
By Mark Rasch
Federal prosecutors in California went too far when they put a man in
prison for warning people about a website security hole.
http://www.securityfocus.com/columnists/179
II. MICROSOFT VULNERABILITY SUMMARY
-----------------------------------
1. Multiple Vendor OSF Distributed Computing Environment Denial...
BugTraq ID: 8371
Remote: Yes
Date Published: Aug 08 2003 12:00A
Relevant URL: http://www.securityfocus.com/bid/8371
Summary:
The DCE (Distributed Computer Environment) is a set of distributed
computing standards maintained by Open Software Foundation. Numerous
vendors provide DCE client and server implementations.
A vulnerability has been announced that may be exploited to cause a denial
of services in multiple vendor implementations based on the OSF DCE
standards. The consequences of this vulnerability are that a remote
attacker may cause a server implementation to hang or crash. Exploitation
of this issue can deny availability of DCE services to legitimate clients.
Exact technical details are not known at this time but the issue is
believed to be caused by a null pointer deference, which would not be
exploitable to execute arbitrary code. This BID will be updated
appropriately if further details become available.
This issue can be exposed via RPC services with some implementations.
It should be noted that some of the vendors reported side-effects of
exploitation attempts for BID 8205 "Microsoft Windows DCOM RPC Interface
Buffer Overrun Vulnerability" may potentially trigger this issue in
affected implementations. IBM also reported that this issue is an issue in
their RPC runtime implementation of DCE that can occur whenever a RPC
packet with invalid presentation context ID is received by a server.
Scanning utilities for BID 8205 have also been reported to trigger this
issue in some implementations. It is not known if this issue can also be
caused by attempts to exploit BID 8234 "Microsoft Windows 2000 RPC DCOM
Interface Denial of Service Vulnerability".
2. Meteor FTP Server USER Memory Corruption Vulnerability
BugTraq ID: 8376
Remote: Yes
Date Published: Aug 08 2003 12:00A
Relevant URL: http://www.securityfocus.com/bid/8376
Summary:
Meteor FTP Server is a personal file server for Microsoft Windows operating
systems.
Meteor FTP Server is prone to a memory corruption vulnerability that can be
triggered by a malicious client via an overly value for the FTP USER
command. The issue is exposed prior to the client authenticating with the
server, so may be exploited by remote attackers without valid FTP
credentials.
This could be exploited to cause a server crash. Due to the nature of
vulnerabilities that result in memory corruption, it is likely that this
could also be exploited to execute arbitrary code, however, this has not
been confirmed.
3. Invision Power Board Admin.PHP Cross-Site Scripting Vulnerab...
BugTraq ID: 8381
Remote: Yes
Date Published: Aug 09 2003 12:00A
Relevant URL: http://www.securityfocus.com/bid/8381
Summary:
Invision Board is web forum software. It is implemented in PHP and is
available for Unix and Linux variants and Microsoft Windows operating systems.
Invision Power Board admin.php script reported prone to a cross-site
scripting vulnerability.
The issue presents itself due to a lack of sufficient sanitization
performed by functions in the admin.php script on user-influenced 'adsess'
URI parameters. It has been reported that a remote attacker may construct a
malicious link to the admin.php script hosted on a remote site, and supply
arbitrary HTML code as a value for the 'adsess' URI parameter. If this link
is followed, the content of the 'adsess' parameter will be rendered in the
browser of the user who followed the link.
This could permit the theft of cookie authentication credentials; other
attacks may also be possible.
4. MDaemon SMTP Server Null Password Authentication Vulnerabili...
BugTraq ID: 8382
Remote: Yes
Date Published: Aug 09 2003 12:00A
Relevant URL: http://www.securityfocus.com/bid/8382
Summary:
MDaemon is a Microsoft Windows based mail server product.
A vulnerability has been reported to affect the MDaemon SMTP authentication
handler.
It has been reported that any valid username or account can be used in
conjunction with a null password, to access the MDaemon SMTP server. This
issue may be exaggerated, because a default MDaemon account 'MDaemon' is
well known.
A remote attacker may exploit this vulnerability, to use the affected SMTP
server as an open relay for e-mail Spam. Other attacks may also be possible.
It should be noted that although this vulnerability has been reported to
affect MDaemon version 5.0.5, other versions might also be affected.
5. Web ChatServer HTML Injection Vulnerability
BugTraq ID: 8383
Remote: Yes
Date Published: Aug 11 2003 12:00A
Relevant URL: http://www.securityfocus.com/bid/8383
Summary:
Web ChatServer is a web-based chat system. It is available for Microsoft
Windows operating systems.
Web ChatServer is prone to a HTML injection vulnerability. The source of
this issue is that HTML and script code are not filtered from chat messages
before being displayed to other users. An attacker may embed malicious
HTML and script code into a chat message and send that message to another
user of the chat system. The attacker's code may be rendered in the web
browser of the user viewing the malicious message. This would occur in the
context of the site hosting the chat system.
6. PHPOutSourcing Zorum Cross-Site Scripting Vulnerability
BugTraq ID: 8388
Remote: Yes
Date Published: Aug 11 2003 12:00A
Relevant URL: http://www.securityfocus.com/bid/8388
Summary:
Zorum is a commercially-available forum software package distributed and
maintained by PHPOutSourcing. It is available for the Unix, Linux, and
Microsoft Windows platforms.
A cross-site scriping vulnerability has been reported in the index.php
script of PHPOutSourcing Zorum. Because of this, an attacker may be able
to execute hostile HTML and script code in the browsers of target users who
follow a malicious link.
The problem is in the filtering of HTML and client-side script code by
index.php. When attacker-supplied HTML or script code is passed to the
method variable of index.php in a malicious link, the code may be rendered
in the context of the site. This could make it possible for an attacker to
steal cookie authentication credentials, or perform other malicious activities.
7. NetSurf Long URI Buffer Overflow Vulnerability
BugTraq ID: 8394
Remote: Yes
Date Published: Aug 11 2003 12:00A
Relevant URL: http://www.securityfocus.com/bid/8394
Summary:
NetSurf is a web browser for Microsoft Windows operating systems.
NetSurf is prone to a buffer overflow. This is due to insufficient bounds
checking of URIs. A URI of sufficient length to trigger the condition will
cause adjacent regions of memory to be corrupted with specific,
attacker-supplied values. This could potentially allow for execution of
malicious code in the security context of the web client. It is possible
to trigger this condition by following a malicious link that specifies a
URI of excessive length.
8. PHPOutsourcing Zorum Path Disclosure Vulnerability
BugTraq ID: 8396
Remote: Yes
Date Published: Aug 11 2003 12:00A
Relevant URL: http://www.securityfocus.com/bid/8396
Summary:
Zorum is a freely available, open source PHP forum. It is available for
UNIX, Linux, and Microsoft operating systems.
It has been reported that the software is prone to a path disclosure
vulnerability. This issue can be triggered by sending a malformed request
to the software, resulting in an error message that may disclose sensitive
information about the installation path to the attacker.
This information may aid an attacker in mapping out of the file system,
which can then be used to launch further attacks.
Though Zorum version 3.4 has been reported to be prone to this issue,
earlier versions may also be vulnerable.
9. Microsoft Windows 2000 Subnet Bandwidth Manager RSVP Server ...
BugTraq ID: 8397
Remote: Yes
Date Published: Aug 11 2003 12:00A
Relevant URL: http://www.securityfocus.com/bid/8397
Summary:
The Microsoft RSVP Server is an implementation of the RFC 2814 defined
protocol. It is available for Microsoft Windows.
A problem has been identified in the RSVP Server for Microsoft Windows 2000
that may allow an attacker to hijack management of the network. This could
allow an attacker control of network Quality of Service.
The problem is in the handling of priority by the RSVP Server. If the
server is executing with a lower RSVP service priority, it is overruled by
the new RSVP server. An attacker that has gained access to the network as
the RSVP Server could lower quality of service on specific hosts.
It should be noted that this vulnerability generally can only be exploited
on isolated segments of network. Because of the level of network
communication at which this vulnerability occurs, it is difficult to
exploit remotely.
10. PHP DLOpen Arbitrary Web Server Process Memory Vulnerability
BugTraq ID: 8405
Remote: No
Date Published: Aug 13 2003 12:00A
Relevant URL: http://www.securityfocus.com/bid/8405
Summary:
PHP is the Personal Home Page web application development suite. It is
available for the Unix, Linux, and Microsoft platforms.
A problem has been reported in the dlopen function of PHP when used with
the Apache web server. Because of this, an attacker may be able to gain
unauthorized access to potentially sensitive information.
The problem is in the ability to access the memory of the calling process.
When a PHP script is executed by an Apache process, it is possible to dump
the contents of the Apache process memory to a text file. This could be
used by an attacker to gain access to potentially sensitive information
which could include authentication credentials. The function may also
permit other attacks, such as allowing an attacker to deliver different
content other than what the server is configured to serve.
11. SurgeLDAP Path Disclosure Vulnerability
BugTraq ID: 8406
Remote: Yes
Date Published: Aug 13 2003 12:00A
Relevant URL: http://www.securityfocus.com/bid/8406
Summary:
SurgeLDAP is an LDAP server implementation. It is available for a number
of platforms including Microsoft Windows and Linux/Unix variants.
SurgeLDAP is prone to a path disclosure vulnerability. It is possible to
gain access to sensitive path information by issuing an HTTP GET request
for an invalid resource. This could help a remote attacker enumerate the
layout of the file system of the host running the vulnerable software,
which may be useful in further attacks against the host.
This issue exists in the web server component of SurgeLDAP.
12. SurgeLDAP User.CGI Cross-Site Scripting Vulnerability
BugTraq ID: 8407
Remote: Yes
Date Published: Aug 13 2003 12:00A
Relevant URL: http://www.securityfocus.com/bid/8407
Summary:
SurgeLDAP is an LDAP server implementation. It is available for a number
of platforms including Microsoft Windows and Linux/Unix variants.
SurgeLDAP is prone to cross-site scripting attacks. The issue exists in
the user.cgi script and is due to insufficient sanitization of data
supplied via URI parameters, which will be echoed back to users. Remote
attackers may exploit this issue by enticing a user to visit a malicious
link that specifies hostile HTML and script code as a value for the 'cmd'
parameter of the vulnerable script. This code may be rendered in the
user's browser when the link is visited. This would occur in the context
of the server.
Successful exploitation may allow theft of cookie-based authentication
credentials or other attacks.
This issue exists in the web server component of SurgeLDAP.
13. SurgeLDAP HTTP GET Denial Of Service Vulnerability
BugTraq ID: 8408
Remote: Yes
Date Published: Aug 13 2003 12:00A
Relevant URL: http://www.securityfocus.com/bid/8408
Summary:
SurgeLDAP is an LDAP server implementation. It is available for a number
of platforms including Microsoft Windows and Linux/Unix variants.
SurgeLDAP is prone to a denial of service vulnerability that may occur when
an overly long HTTP GET request is sent to the server. Though unconfirmed,
this may result in memory corruption, which may be further exploitable to
execute arbitrary code. It is reported that an HTTP GET request of 501 or
more characters will trigger this condition.
This issue exists in the web server component of SurgeLDAP.
14. SurgeLDAP Insecure Password Storage Vulnerability
BugTraq ID: 8409
Remote: No
Date Published: Aug 13 2003 12:00A
Relevant URL: http://www.securityfocus.com/bid/8409
Summary:
SurgeLDAP is an LDAP server implementation. It is available for a number
of platforms including Microsoft Windows and Linux/Unix variants.
SurgeLDAP does not adequately secure password credentials. These
credentials will be stored on the system hosting the server in plaintext
and could be exposed to users with local access to the system. On
Microsoft Windows, these credentials are reported to be stored in the
'user.dat' file in the program directory.
15. Microsoft MCIWNDX.OCX ActiveX Control Buffer Overflow Vulner...
BugTraq ID: 8413
Remote: Yes
Date Published: Aug 13 2003 12:00A
Relevant URL: http://www.securityfocus.com/bid/8413
Summary:
The 'mciwndx.ocx' ActiveX control is included in Microsoft Visual Studio 6
and supports multimedia programming.
'mciwndx.ocx' has been reported prone to a buffer overflow vulnerability.
The issue reportedly presents itself when excessive data (more than 640 kB)
is passed to the "filename" property.
It has been conjectured that this issue could potentially lead to the
execution of code with the privileges of the user executing the web
browser. This problem requires that a user with the vulnerable control
installed visit a web page that invokes the control in a manner sufficient
to trigger the issue. Upon doing so, it may be possible to create a
remotely exploitable stack overflow condition that results in the
overwriting of sensitive process memory. This, however, has not been confirmed.
It should be noted, that ActiveX controls by nature might contain latent
vulnerabilities. Caution should be employed if installing ActiveX controls.
16. Clickcess ChitChat.NET Message HTML Injection Vulnerability
BugTraq ID: 8417
Remote: Yes
Date Published: Aug 13 2003 12:00A
Relevant URL: http://www.securityfocus.com/bid/8417
Summary:
Clickcess ChitChat.NET is a discussion forum designed specifically for use
with SQL Server and implemented in ASP.NET. It is available for Microsoft
Windows.
A vulnerability has been reported in the software that may allow
unsanitized user input to be injected into the website. This problem is
related to the Name and Topic Title input fields, which fail to properly
filter HTML and script code. Injected HTML code may be rendered in the web
browser of a victim who views vulnerable areas of the site. This would
occur in the security context of the site hosting ChitChat.NET.
This vulnerability could be exploited to steal cookie-based credential from
a host. Other attacks may well be possible.
17. Microsoft URLScan / RSA Security SecurID Configuration Enume...
BugTraq ID: 8419
Remote: Yes
Date Published: Aug 14 2003 12:00A
Relevant URL: http://www.securityfocus.com/bid/8419
Summary:
Microsoft URLScan is an Internet Server API (ISAPI) filter that can be
configured to block a variety of HTTP methods, file extension access, and
other queries.
SecurID, a two-factor authentication mechanism developed by RSA Security,
can also be used to prevent unauthorized access to a website.
A weakness has been discovered in Microsoft URLScan and RSA Security
SecurID when used in conjunction on a web server. The problem is said to
occur due to the order in which the products are placed within the global
ISAPI filter list.
When the vulnerable configuration is in place, an attacker may be capable
of enumerating the Microsoft URLScan extension filtering list, by making
repeated requests to files with differing extensions. This is due to the
web server incorrectly returning a page, containing a hidden form field
that includes a 'referrer' NAME, and VALUE containing
'Rejected-By-UrlScan'. It should be noted that if the default configuration
has been changed, the rejection string may differ.
The enumeration of this type of information could potentially aid an
attacker when launching further attacks against the target web server.
III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. scan of domain logon reveals unknown port (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/333761
2. Account Lockout -- ARGH (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/333757
3. DNS (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/333755
4. Account Lockuout --ARGH (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/333753
5. Detecting Blaster (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/333545
6. New variant. Blast.b (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/333539
7. FW: Actions for the Blaster Worm - Special Edition, ... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/333529
8. MS03-029 ?-Download link (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/333516
9. Why the shutdown if infected with blaster? (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/333507
10. FW: Blaster vs. Kaht2, detecting Windows root kits (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/333498
11. DCOM patch + Exchange (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/333483
12. Administrivia: Blaster (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/333482
13. attempt to launch a DCOM server? (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/333311
14. What the heck is this msblast.exe (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/333259
15. W32.Blaster.C.Worm (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/333234
16. 3 Comprehensive links in combat with MSBlaster Worm (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/333232
17. Error Message: User Interface Failu The Logon User I... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/333229
18. Blaster vs. Kaht2 (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/333073
19. DCOM Worm (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/333071
20. DCOM Exploit / Worm Signatures (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/332977
21. FW: Blaster vs. Kaht2 (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/332975
22. msblast and IIS (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/332853
23. [msblast/LovSan] Detection (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/332834
24. Article Announcement: Basic IIS Lockdown Using Scrip... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/332832
25. DCOM worm is out (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/332755
IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
----------------------------------------
1. Intellitactics Network Security Manager
By: Intellitactics
Platforms: Solaris, Windows NT
Relevant URL: http://www.intellitactics.com/products/nsm_overview.html
Summary:
Intellitactics Network Security Manager is the holistic, integrated threat
management
platform that gives you a virtual window into your enterprise security
environment.
NSM lets you police, prioritize and prevail across the full range of
today's security threats.
You get a clear picture of your security situation in real time--and over
time--so you can
deliver the most effective information security possible.
With NSM, you leverage the infrastructure you've already built. NSM
correlates massive amounts of data for you--gathered from your full range
of security devices and other information sources throughout the enterprise.
Then, on a single pane of glass, NSM provides a graphical visualization of
threats, anomalies and trends. Your Security Operations Center can now
respond more effectively to real security threats than with any other
security product--in moments instead of days, with fewer resources.
2. Netsecure Log
By: CalyxNetSecure
Platforms: Solaris, Windows 2000, Windows NT
Relevant URL:
http://www.calyxnetsecure.com/produit.asp?nom_produit=NetsecureLog
Summary:
Netsecure Log is a security administration solution. It makes the
administrator's job easier by centralizing security events in a database
and then to analyze them with a powerful requesting tool.
3. F-Secure Internet Security 2003
By: F-Secure Corporation
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.f-secure.com/estore/fsis2003.shtml
Summary:
F-Secure Internet Security 2003 includes an award winning antivirus
software, as well as an easy-to-use personal firewall product that protects
your system against break-in attempts when you are connected to the Internet.
4. Primedius Personal Firewall/Anti-Spy ware
By: Primedius
Platforms: Windows 2000, Windows XP
Relevant URL: http://www.primedius.com/PersonalFirewall.htm
Summary:
Primedius Personal Firewall/Anti-Spy ware Prevents intrusions, stops
unwanted entries to and communications from your computer. Other features are:
- Detects, reviews and screens any entry through Winsock layer.
5. AES PRO
By: Workable Resources
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.aes.safeworld.info/pro.htm
Summary:
AES Pro is the utility program that creates active public keys. Active key
is an executable program that contains a public key and the software
necessary to encrypt messages and decrypt the answer-back messages. Users
can create active public keys that anyone can use to encrypt messages. No
other software is required. These active public keys are ideal to create
communication with the users who do not have the PGP or CHAOS Public Key
programs installed.
6. Aluria's Spyware Eliminator
By: Aluria Software
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.aluriasoftware.com/spywareeliminator/index.html
Summary:
Aluria's Spyware Eliminator protects you from the Spyware epidemic. While
anti-virus software guards you from viruses, it does not prevent Spyware
from attacking your computer. Aluria's Spyware Eliminator not only detects
and removes Spyware, Adware and Keyloggers from your computer, but now
actively blocks Spyware and Adware when your computer is under assault.
V. NEW TOOLS FOR MICROSOFT PLATFORMS
------------------------------------
1. Anti-Spam SMTP Proxy v1.0.0
By: John Hanna
Relevant URL: http://assp.sourceforge.net/
Platforms: BSDI, Linux, MacOS, Os Independent, OS/2, Perl (any system
supporting perl), POSIX, Windows 2000, Windows NT
Summary:
The Anti-Spam SMTP Proxy (ASSP) Server project aims to create an open
source platform independent SMTP Proxy server which implements whitelists
and Bayesian filtering to help stop unsolicited commercial email (UCE).
Anti-spam tools should be adaptive to new spam and customized for each
site?s email patterns. This easy to use tool works with any mail transport
and achieves these goals requiring no operator intervention after the
initial setup phase.
2. ngrep v1.41
By: Jordan Ritter <jpr5@darkridge.com>
Relevant URL: http://ngrep.sourceforge.net/
Platforms: AIX, Digital UNIX/Alpha, FreeBSD, IRIX, Linux, OpenBSD, Solaris,
Windows 2000, Windows 95/98, Windows NT
Summary:
ngrep strives to provide most of GNU grep's common features, applying them
to the network layer. ngrep a pcap-aware tool that will allow you to
specify extended regular expressions to match against data payloads of
packets. It currently recognizes TCP and UDP across ethernet, ppp and slip
interfaces, and understands bpf filter logic in the same fashion as more
common packet sniffing tools like tcpdump and snoop.
3. Securepoint Firewall and VPN Server v3.1.3 P3
By: Lutz Hausmann
Relevant URL: http://www.securepoint.cc/
Platforms: Linux, Windows 2000, Windows 95/98, Windows NT
Summary:
Securepoint Firewall and VPN Server is a high-performance application
designed to offer full protection for network assets. The Security Manager
offers a graphical user interface with many features, different
configurations, and advanced reporting functions. The Securepoint server is
a complete firewall and VPN software system with an operating system based
on a secure Linux. VPN operation supports PPTP and IPSec (X.509
certificates, preshared, RSA signature). You can use the firewall on a
standard PC with 2 to 16 network cards (including Ethernet, ADSL, ISDN). It
is very easy to install and administer. The Securepoint Security Manager is
available in English, German, and Spanish, and works in online and offline
mode.
4. libdvdcss v1.2.8
By: Samuel Hocevar <sam@zoy.org>
Relevant URL: http://www.videolan.org/libdvdcss/
Platforms: BeOS, FreeBSD, Linux, OpenBSD, Windows 2000, Windows 95/98,
Windows NT
Summary:
libdvdcss is a cross-platform library for transparent DVD device access
with on the fly CSS decryption. It currently runs under Linux, FreeBSD,
NetBSD, OpenBSD, BSD/OS, Solaris, BeOS, Win98, Win2k and MacOS X. It is
used for the vlc DVD player because of its portability and because, unlike
similar libraries, it does not require your DVD drive to be region-locked.
5. Enigmail v0.81.0
By: Patrick
Relevant URL: http://enigmail.mozdev.org/thunderbird.html
Platforms: Linux, MacOS, POSIX, UNIX, Windows 2000, Windows 3.x, Windows
95/98, Windows CE, Windows NT, Windows XP
Summary:
Enigmail is a "plugin" for the mail client of Mozilla and Netscape 7.x
which allows users to access the authentication and encryption features
provided by the popular GnuPG software. Enigmail can encrypt/sign mail when
sending, and can decrypt/authenticate received mail. It can also
import/export public keys. Enigmail supports both the inline PGP format and
the PGP/MIME format, which can be used to encrypt attachments. Enigmail is
cross-platform, although binaries are supplied only for a limited number of
platforms. Enigmail uses inter-process communication to execute GPG to
carry out encryption/authentication.
6. aNTG v1.0
By: Lucas
Relevant URL: http://www.thebobo.com/antg.php
Platforms: UNIX, Windows 2000, Windows 95/98, Windows NT, Windows XP
Summary:
aNTG (another Network Traffic Grapher) is a PHP program that collects and
graphs network traffic statistics on a Linux machine.
VI. SPONSOR INFORMATION
-----------------------
This Issue is Sponsored by: KaVaDo
Your network firewall and IDS products do not prevent Web application
attacks - the most common form of online exploitation- resulting in Web
defacement, data theft, sabotage and fraud.
KaVaDo is the first and only company that provides a complete and
integrated suite of Web application security products, allowing you to:
- assess your entire Web environment with a Web Application Scanner,
- automatically set positive security policies for real-time protection,
and
- maintain such policies at the Application Firewall without compromising
business performance.
For more information on KaVaDo and to download a FREE white paper on
Security Policy Automation for Web Applications, please visit
http://www.securityfocus.com/sponsor/KaVaDo_ms-secnews_030818
------------------------------------------------------------------------
---------------------------------------------------------------------------
KaVaDo provides the first and only integrated Web application scanner and
firewall security suite that prevent Web applications attacks, the most
common form of online exploitation. Download a FREE whitepaper on Security Policy Automation for Web Applications.
http://www.securityfocus.com/sponsor/KaVaDo_focus-ms_030818
---------------------------------------------------------------------------
- Previous message: Jacob Loveless: "RE: DCOM patch + Exchange"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
