SecurityFocus Microsoft Newsletter #165

From: Marc Fossi (mfossi_at_securityfocus.com)
Date: 12/01/03

  • Next message: Erik Birkholz: "RE: Hiding MS SQL databases in Enterprise Manager"
    Date: Mon, 1 Dec 2003 15:54:24 -0700 (MST)
    To: Focus-MS <focus-ms@securityfocus.com>
    
    

    SecurityFocus Microsoft Newsletter #165
    ----------------------------------------
    This Issue is Sponsored by: Tenable Security

    Tenable provides security software which enables enterprises to
    distribute, manage, and communicate vulnerability and intrusion detection
    information across the entire organization.  Tenable's breakthrough
    Lightning(tm) technology elegantly simplifies the complex nature of
    network security by offering detailed useable reports for network and
    security administrators and high-level organizational reports for CxOs.
    In addition, Tenable offers both active (NeWT) and passive (NeVO)
    vulnerability detection solutions to further enhance your network
    vulnerability identification. For more information, Tenable can be
    reached at 410-872-0555 or on the Internet at
    http://www.securityfocus.com/sponsor/TenableSecurity_ms-secnews_031201
    ------------------------------------------------------------------------
    I. FRONT AND CENTER
         1. Fighting Spammers With Honeypots: Part 1
         2. Fighting Spammers With Honeypots: Part 2
         3. The Wells Fargo Example
         4. Exploiting Cisco Routers: Part 2
    II. MICROSOFT VULNERABILITY SUMMARY
         1. Microsoft MSN Messenger Information Leakage Weakness
         2. Imatix Xitami Post Request Header Remote Denial Of Service V...
         3. PrimeBase SQL Database Server Administrative Server Password...
         4. Opera Skin Zip File Buffer Overflow Vulnerability
         5. Qualcomm Eudora Attachment LaunchProtect Warning Bypass Weak...
         6. HP ProCurve Switch Denial of Service Vulnerability
         7. Microsoft Internet Explorer MHTML Forced File Execution Vuln...
         8. Microsoft Internet Explorer Invalid ContentType Cache Direct...
         9. Microsoft Internet Explorer Browser MHTML Redirection Local ...
         10. Microsoft Internet Explorer Window.MoveBy/Method Caching Mou...
         11. Microsoft Internet Explorer BackToFramedJPU Cross-Domain Pol...
         12. Macromedia JRun Administrative Interface Multiple Cross-Site...
         13. Microsoft Exchange Server 2003 Outlook Web Access Lowered Se...
         14. phpBB search.php SQL Injection Vulnerability
    III. MICROSOFT FOCUS LIST SUMMARY
         1. are my binaries being exposed on my ASP.NET website? (Thread)
         2. local admin account password (Thread)
         3. how do I force secure ASP.NET session cookies? (Thread)
         4. Strange behaviour of MS SQL 2000 (Thread)
         5. IIS traffic (Thread)
         6. SecurityFocus Microsoft Newsletter #164 (Thread)
         7. Administrivia: Article Announcements (Thread)
         8. TS group policy / hide notification area (Thread)
         9. Article Announcement: Busting the Worm Writers (Thread)
         10. Betr.: Strange behaviour of MS SQL 2000 (Thread)
    IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
         1. AccessMaster
         2. KeyGhost SX
         3. SafeKit
         4. SecurDataStor
         5. Proactive Windows Security Explorer
         6. Outpost Personal Firewall Pro 2.0
    V. NEW TOOLS FOR MICROSOFT PLATFORMS
         1. Generic Security Service v0.0.7
         2. Enigmail v0.82.3
         3. Stealth HTTP Security Scanner v2.0b36
         4. aNTG v2.0
         5. Logrep v1.4.2
         6. OSIRIS v2.1.0
    VI. SPONSOR INFORMATION

    I. FRONT AND CENTER
    -------------------
    1. Fighting Spammers With Honeypots: Part 1
    By Laurent Oudot

    This paper will evaluate the usefulness of using honeypots to fight
    spammers on several fronts. Part one discusses the methods spammers use to
    harvest addresses, maintain stealth and manipulate open mail relays on the
    Internet. Then honeypots will be considered that create fake email
    addresses to be harvested, identify and track spammers, and simulate open
    proxies for spammers to use.

    http://www.securityfocus.com/infocus/1747

    2. Fighting Spammers With Honeypots: Part 2
    By Laurent Oudot

    Part two continues the discussion of open proxies, describes creating fake
    open mail relays with various honeypots, discusses architecture decisions,
    and then provides some recent test results that proved very successful. A
    honeypot can clearly be used to detect, slow and stop spam-related
    activities while promoting a clean Internet -- but more people must pitch
    in for them to truly make a difference.

    http://www.securityfocus.com/infocus/1748

    3. The Wells Fargo Example
    By Mark Rasch

    Companies should protect consumer data better than Wells Fargo did, but in
    cleaning up its laptop data spill the bank blazed a trail worth following.

    http://www.securityfocus.com/columnists/201

    4. Exploiting Cisco Routers: Part 2
    By Mark Wolfgang

    This is the second of a two-part series that focuses on identifying and
    then exploiting vulnerabilities and poor configurations in Cisco routers.
    This article will look at what we can do once we've gotten in.

    http://www.securityfocus.com/infocus/1749

    II. MICROSOFT VULNERABILITY SUMMARY
    -----------------------------------
    1. Microsoft MSN Messenger Information Leakage Weakness
    BugTraq ID: 9082
    Remote: Yes
    Date Published: Nov 20 2003
    Relevant URL: http://www.securityfocus.com/bid/9082
    Summary:
    MSN Messenger is an instant messenging client for Microsoft Windows
    systems, based on the Passport system.

    MSN Messenger is prone to an information leakage weakness.
    It has been reported that the problem exist in the MSN client during a
    file transfer invitation requests. The client improperly processes
    incoming requests and may send sensitive data such as the IP address of
    the client to the remote host without first identifying that host. The
    expected behavior is that the client must accept the file transfer prior
    to revealing its IP address. However, by exploiting this weakness, it is
    possible to obtain the client IP address prior to the client user
    accepting the file transfer request. This presents a security threat
    because it will allow an attacker to enumerate IP addresses of client
    users.

    This information could be used to launch direct attacks against the client
    system and network.

    MSN Messenger versions 6.0.0602 and prior and all versions of Windows
    Messenger have been reported to be prone to this issue. Other versions of
    MSN Messenger could be affected as well.

    2. Imatix Xitami Post Request Header Remote Denial Of Service V...
    BugTraq ID: 9083
    Remote: Yes
    Date Published: Nov 21 2003
    Relevant URL: http://www.securityfocus.com/bid/9083
    Summary:
    Xitami is a freely available web server package distributed by Imatix. It
    is available for the Unix, Linux, and Microsoft platforms.

    A problem has been identified in the handling of certain types of requests
    by Imatix Xitami. Because of this, it is possible for a remote attacker
    to deny service to legitimate users of a vulnerable server.

    When an attacker crafts POST request with a header containing certain
    malformed fields, it is possible to force the Xitami server into an
    endless loop in execution. This typically results in the Xitami server
    crashing, resulting in a denial of service, and requiring a manual restart
    of the server to resume normal service.

    3. PrimeBase SQL Database Server Administrative Server Password...
    BugTraq ID: 9087
    Remote: No
    Date Published: Nov 22 2003
    Relevant URL: http://www.securityfocus.com/bid/9087
    Summary:
    PrimeBase SQL Database Server is a database implementation that is
    available for Unix, Linux, and Microsoft Windows platforms.

    A problem has been reported in the storage of credentials in PrimeBase SQL
    Database Server. Because of this, it may be possible for an attacker to
    gain unauthorized access to resources.

    The problem is in the storage of authentication credentials. The
    administrative server included with PrimeBase SQL Database Server does not
    store authentication credentials in a secure format, keeping them in a
    plain text file. This problem is compounded by the fact that file is
    created with a default umask that permits world read access to the file.

    This issue may permit an attacker with shell-level access to a system
    hosting the server to gain access to the database server administrative
    interface.

    4. Opera Skin Zip File Buffer Overflow Vulnerability
    BugTraq ID: 9089
    Remote: Yes
    Date Published: Nov 22 2003
    Relevant URL: http://www.securityfocus.com/bid/9089
    Summary:
    Opera is a web browser available for a number of operating systems,
    including the Microsoft Windows, Linux, Unix, and Apple MacOS platforms.

    A problem has been identified in the handling of zipped skin files by
    Opera. Because of this, it may be possible for an attacker to gain
    unauthorized access to a system using the vulnerable browser.

    The problem is in the handling of specially crafted zip files. When a
    skin zip file with data appended after the zipped data is downloaded by
    Opera, the data contained after the zip data results in a boundary
    condition error. This could be exploited to overwrite sensitive process
    memory, potentially resulting in the modifying of program flow and
    execution of attacker-supplied instructions.

    It should be noted that exploitation of this vulnerability may result in
    the execution of code with the privileges of the Opera browser user.

    5. Qualcomm Eudora Attachment LaunchProtect Warning Bypass Weak...
    BugTraq ID: 9101
    Remote: Yes
    Date Published: Nov 25 2003
    Relevant URL: http://www.securityfocus.com/bid/9101
    Summary:
    Eudora is the freely available mail user agent (MUA) maintained and
    distributed by Qualcomm. It is available for the Microsoft Windows
    platform.

    A problem has been identified in the implementation of LaunchProtect
    within Eudora. Because of this, it may be possible to trick users into
    performing dangerous actions.

    The problem is in the handling of files outside of the LaunchProtect
    directory. When an attachment is saved inside the LaunchProtect
    directory, Eudora displays a warning message prior to opening any
    executable attachments. However, this is limited to the attach directory.
    An attachment placed outside of the attach directory would not prompt the
    warning from Eudora. This may lull the user into a false sense of
    security as they will not be cautioned about the attachment when opening
    it. The user would still need to interactively open the attachment.

    The threat of this problem could be further increased by the issue
    described in Bugtraq ID 5432.

    6. HP ProCurve Switch Denial of Service Vulnerability
    BugTraq ID: 9103
    Remote: Yes
    Date Published: Nov 26 2003
    Relevant URL: http://www.securityfocus.com/bid/9103
    Summary:
    A denial of service vulnerability has been reported to exist in the HP
    ProCurve Switches. The problem is reported to occur in the presence of
    RPC worms such as W32.Welchia.Worm (MCID 1811) and W32.Blaster.Worm (MCID
    1761).

    Reports have indicated that the vulnerable switches react in an unstable
    manner in the presence of certain RPC worms. This issue results in
    deteriorated network traffic leading to a denial of service condition for
    network users. This problem is reported to affect systems running
    Microsoft Windows operating systems.

    This vulnerability may cause the software to crash therefore denying
    service to legitimate users.

    7. Microsoft Internet Explorer MHTML Forced File Execution Vuln...
    BugTraq ID: 9105
    Remote: Yes
    Date Published: Nov 25 2003
    Relevant URL: http://www.securityfocus.com/bid/9105
    Summary:
    A vulnerability has been discovered in Microsoft Internet Explorer when
    handling MHTML file URIs that may be exploited to download a malicious
    file to the client system and execute it if active content can be run in
    the Local Zone.

    This issue involves using MHTML file and res URIs to redirect the browser
    into downloading an attacker-specified file. MHTML file URIs are used to
    specify the location of content embedded in an MHT file. MHTML URIs have
    the following format:

    mhtml:[Mhtml_File_Uri]![Original_Resource_Uri]

    It has been reported that if the resource specified in the Mhtml_File_Uri
    cannot be found, the browser will attempt to retrieve the resource
    specified in the Original_Resource_Uri.

    The vulnerability can be exploited by setting the CODEBASE property of an
    OBJECT tag, using a previously unused CLSID, to a non-existent
    Mhtml_File_Uri and attacker-supplied Original_Resource_Uri. When the
    browser fails to retrieve the non-existent resource initially specified in
    the first part of the MHTML URI, it downloads content specified by the
    attacker instead in the second part of the URI. The content downloaded
    will subsequently be executed. This could be exploited in combination with
    other vulnerabilities such as those described in BID 9107 and 9109 to
    ultimately execute code within the Local Zone.

    Due to the ease of exploitation and the existence of other vulnerabilities
    which may be exploited in tandem with this BID, it is probable that this
    issue will be widely exploited in the wild.

    This issue was originally covered in BID 9100 "Multiple Internet Explorer
    Browser Security Model Compromise Vulnerabilities" and is now being
    assigned
    its own BID.

    8. Microsoft Internet Explorer Invalid ContentType Cache Direct...
    BugTraq ID: 9106
    Remote: Yes
    Date Published: Nov 25 2003
    Relevant URL: http://www.securityfocus.com/bid/9106
    Summary:
    Microsoft Internet Explorer is prone to a weakness that may allow
    attackers to enumerate where cached Internet content is stored on the
    client filesystem. The attacker can exploit this by specifying an invalid
    ContentType in an HTTP response to the browser.

    If the attacker can determine the location of cached content, it may be
    possible to reference this content using other known issues. This
    presents an attacker with the possibility of causing malicious active
    content to be stored in the cache and then referenced through exploitation
    of a number of other known issues in the browser. There are also existing
    issues in the browser that will allow this content to be interpreted in
    the context of the Local Zone (My Computer). This could be exploited in
    tandem with these other vulnerabilities from a malicious web page to cause
    code to be executed on a system running the vulnerable client.

    Symantec has confirmed that this issue is exploitable on IE 5.0 as well as
    the version tested by the researcher. However, other external reports
    indicate difficulties reliably reproducing this issue on various versions
    of Microsoft Internet Explorer 6.0. This may have to do with particular
    browser and operation system settings. This BID will be updated if
    further information is made available to clarify which versions, patch
    levels and configurations are affected.

    Due to the ease of exploitation and the existence of other vulnerabilities
    which may be exploited in tandem with this BID, it is probable that this
    issue will be widely exploited in the wild.

    This issue was originally covered in BID 9100 "Multiple Internet Explorer
    Browser Security Model Compromise Vulnerabilities" and is now being
    assigned its own BID.

    9. Microsoft Internet Explorer Browser MHTML Redirection Local ...
    BugTraq ID: 9107
    Remote: Yes
    Date Published: Nov 25 2003
    Relevant URL: http://www.securityfocus.com/bid/9107
    Summary:
    A vulnerability has been reported in Internet Explorer that may allow an
    attacker to parse local files on a system.

    A vulnerability (MhtRedirParsesLocalFile) has been reported that may be
    exploited to cause Internet Explorer to parse a local file inside of an
    IFRAME. This vulnerability relies on use of MHTML file URIs to redirect
    the browser to a local resource. MHTML file URIs are used to specify the
    location of content embedded in an MHT file. MHTML URIs have the following
    format:

    mhtml:[Mhtml_File_Uri]![Original_Resource_Uri]

    It has been reported that if the resource specified in the Mhtml_File_Uri
    cannot be found, the browser will attempt to retrieve the resource
    specified in the Original_Resource_Uri. This works much like an HTTP
    redirect. Due to insufficient security checks when accessing the
    Original_Resource_Uri, it is possible to use this to redirect the browser
    to a local resource. This issue may be combined with BID 9105 in order to
    execute arbitrary code on a vulnerable system.

    Symantec has confirmed that this issue is exploitable on IE 5.0 as well as
    the version tested by the researcher.

    This issue was originally covered in BID 9100 "Multiple Internet Explorer
    Browser Security Model Compromise Vulnerabilities" and is now being
    assigned
    its own BID.

    10. Microsoft Internet Explorer Window.MoveBy/Method Caching Mou...
    BugTraq ID: 9108
    Remote: Yes
    Date Published: Nov 25 2003
    Relevant URL: http://www.securityfocus.com/bid/9108
    Summary:
    Microsoft Internet Explorer is an Internet browser application that is
    shipped with Microsoft Windows. Internet Explorer provides support for
    JavaScript by default. window.moveBy(), is a JavaScript function that
    moves the current window on an x and y axis specified by arguments passed
    to the function. In BID 8755, it was reported that by using the
    window.moveBy() function an attacker could potentially hijack mouse click
    events and influence an Internet Explorer user into invoking unintended
    procedures. This vulnerability was addressed by the MS03-048 cumulative
    security update for Internet Explorer.

    It has been reported that a variation on the attack described in BID 8755
    has been discovered that will bypass security measures implemented in the
    MS03-048 cumulative security update. MS03-048 enforced measures to make
    the window.moveBy() function inaccessible, however it has been reported
    that by using JavaScript method caching functions(SaveRef) an attacker may
    again make the window.moveBy() function available and so may potentially
    hijack mouse click events.

    An attacker may exploit this issue to hijack mouse click events and
    ultimately influence an unsuspecting user into invoking unintended
    procedures.

    This issue was originally covered in BID 9100 "Multiple Internet Explorer
    Browser Security Model Compromise Vulnerabilities" and is now being
    assigned its own BID.

    11. Microsoft Internet Explorer BackToFramedJPU Cross-Domain Pol...
    BugTraq ID: 9109
    Remote: Yes
    Date Published: Nov 25 2003
    Relevant URL: http://www.securityfocus.com/bid/9109
    Summary:
    A vulnerability has been reported in sub-frames in Microsoft Internet
    Explorer. Because of this, an attacker may be able to violate
    cross-domain policy.

    The problem is a variation of vulnerabilities previously reported by Liu
    Die Yu (which are covered in BID 8577). The issue involves navigating
    sub-frames to a JavaScript protocol URI and the use of history.back().
    The problem components could allow for script code to access properties of
    a page from a foreign domain, stored in the browser history. This issue,
    by itself, could permit a malicious web page to interact with a foreign
    domain, potentially allowing for theft of sensitive information or other
    attacks. By exploiting this issue in combination with other
    vulnerabilities (such as BIDs 9105 and 9107), it will be possible to
    execute malicious code on the client system in the context of the Local
    Zone.

    Symantec has confirmed that this issue is exploitable on IE 5.0 as well as
    the version tested by the researcher.

    Due to the ease of exploitation and the existence of other vulnerabilities
    which may be exploited in tandem with this BID, it is probable that this
    issue will be widely exploited in the wild.

    This issue was originally covered in BID 9100 "Multiple Internet Explorer
    Browser Security Model Compromise Vulnerabilities" and is now being
    assigned its own BID.

    12. Macromedia JRun Administrative Interface Multiple Cross-Site...
    BugTraq ID: 9112
    Remote: Yes
    Date Published: Nov 26 2003
    Relevant URL: http://www.securityfocus.com/bid/9112
    Summary:
    Macromedia JRun is a J2EE application server for use with IIS 4/5 on the
    Microsoft Windows operating systems.

    Macromedia JRun includes a web-based administrative console which listens
    on TCP port 8000. When this page is accessed, the user is prompted for an
    administrative login.

    It is said that an unauthenticated user may be capable of passing
    malicious script code embedded within URI parameters to the various
    scripts used by the interface, that will be interpreted by an
    authenticated user when the page is loaded.

    This problem is said to occur due to the application failing to sanitize
    specific parameters passed to the webserverlist.jsp, clusterframe.jsp,
    jrunwebserverconfig.jsp, and serverframe.jsp script files.

    An attacker could exploit this condition by constructing malicious links
    containing embedded script code and coaxing an administrative user to
    follow them. If followed, this could potentially allow an attacker to
    expose the administrators authentication credentials, ultimately allowing
    them to gain access to the interface. Access such as this could lead to
    further more serious attacks against specific hosts.

    These issues are said to be present in Macromedia JRun 4 (build 61650)
    however, it is possible that other versions are also affected.

    13. Microsoft Exchange Server 2003 Outlook Web Access Lowered Se...
    BugTraq ID: 9118
    Remote: No
    Date Published: Nov 27 2003
    Relevant URL: http://www.securityfocus.com/bid/9118
    Summary:
    Microsoft Exchange Server 2003 is an e-mail and directory server offered
    by Microsoft. Outlook Web Access (OWA) is a service provided by Exchange
    server that allows users to access their Exchange mailbox via the web.

    A weakness is reported to exist in the software that may allow an attacker
    to gain unauthorized access to a user's mail through Outlook Web Access
    therefore gaining access to sensitive information.

    The issue is reported to present itself when Microsoft Windows SharePoint
    Services 2.0 is installed on a machine running both Exchange Server 2003
    and Microsoft Windows Server 2003. This installation may cause the
    Kerberos authentication employed by the server to be disabled in IIS
    (Internet Information Services) and OWA would fall back to the weaker NTLM
    authentication protocol. This may cause Exchange Server to incorrectly
    handle OWA requests as well. It has been reported that this issue may
    allow an attacker to gain unauthorized access to a user's mailbox that
    could result in a disclosure to sensitive information.

    Due to a lack to details, exact attack information and exploitation cannot
    be specified at the moment. This BID will be updated as more information
    becomes available.

    14. phpBB search.php SQL Injection Vulnerability
    BugTraq ID: 9122
    Remote: Yes
    Date Published: Nov 27 2003
    Relevant URL: http://www.securityfocus.com/bid/9122
    Summary:
    phpBB is an open-source web forum application that is written in PHP and
    supported by a number of database products. It will run on most Unix and
    Linux variants, as well as Microsoft Windows operating systems.

    A vulnerability has been reported to exist in the software that may a
    remote user to inject malicious SQL syntax into database queries. The
    problem reportedly exists in the 'search_id' parameter of search.php
    script. This issue is caused by insufficient sanitization of
    user-supplied data. A remote attacker may exploit this issue to influence
    SQL query logic to disclose sensitive information that could be used to
    gain unauthorized access.

    A malicious user may influence database queries in order to view or modify
    sensitive information potentially compromising the software or the
    database.

    phpBB version 2.06 has been prone to this issue, however other versions
    may be affected as well.

    III. MICROSOFT FOCUS LIST SUMMARY
    ---------------------------------
    1. are my binaries being exposed on my ASP.NET website? (Thread)
    Relevant URL:

    http://www.securityfocus.com/archive/88/345894

    2. local admin account password (Thread)
    Relevant URL:

    http://www.securityfocus.com/archive/88/345893

    3. how do I force secure ASP.NET session cookies? (Thread)
    Relevant URL:

    http://www.securityfocus.com/archive/88/345782

    4. Strange behaviour of MS SQL 2000 (Thread)
    Relevant URL:

    http://www.securityfocus.com/archive/88/345550

    5. IIS traffic (Thread)
    Relevant URL:

    http://www.securityfocus.com/archive/88/345549

    6. SecurityFocus Microsoft Newsletter #164 (Thread)
    Relevant URL:

    http://www.securityfocus.com/archive/88/345505

    7. Administrivia: Article Announcements (Thread)
    Relevant URL:

    http://www.securityfocus.com/archive/88/345503

    8. TS group policy / hide notification area (Thread)
    Relevant URL:

    http://www.securityfocus.com/archive/88/345489

    9. Article Announcement: Busting the Worm Writers (Thread)
    Relevant URL:

    http://www.securityfocus.com/archive/88/345487

    10. Betr.: Strange behaviour of MS SQL 2000 (Thread)
    Relevant URL:

    http://www.securityfocus.com/archive/88/345444

    IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
    ----------------------------------------
    1. AccessMaster
    By: Evidian Inc.
    Platforms: IRIX, Solaris, Windows 2000, Windows 95/98, Windows NT
    Relevant URL: http://www.evidian.com/accessmaster/about/index.htm
    Summary:

    Extending onto a networked world means embracing the unknown. Piracy,
    vandalism, industrial espionage... - attacks on companies are doubling
    each year. With uniquely integrated security software, AccessMaster
    manages and safeguards access to your data, end-to-end, from portals to
    legacy, and lets you enforce a single, unified security policy across the
    enterprise and beyond.

    AccessMaster ensures high security level by federating your existing
    security solutions, while ensuring at the same time user's convenience
    with Single Sign-On and security officer's ease of administration with
    centralized, Ldap-compliant, user and PKI management. In this way,
    AccessMaster reduces IT security cost of ownership, with rapid return on
    investment.

    AccessMaster is recognized by analysts as a leading security suite for
    large enterprises today. It was awarded "best access control" software by
    Secure Computing Magazine three years running, in 2000, 2001, and 2002.

    2. KeyGhost SX
    By: KeyGhost Ltd
    Platforms: BeOS, DOS, Linux, OS/2, Solaris, SunOS, Windows 2000, Windows
    95/98, Windows NT, Windows XP
    Relevant URL: http://www.keyghost.com/SX/
    Summary:

    KeyGhost SX discreetly captures and records all keystrokes typed,
    including chat conversations, email, word processor, or even activity
    within an accounting or specialist system. It is completely undetectable
    by software scanners and provides you with one of the most powerful
    stealth surveillance applications offered anywhere.

    Because KeyGhost uses STRONG 128-Bit encryption to store the recorded data
    in it?s own internal memory (not on the hard drive), it is impossible for
    a network intruder to gain access to any sensitive data stored within the
    device.

    3. SafeKit
    By: Evidian Inc.
    Platforms: AIX, HP-UX, Linux, Solaris, Windows 2000
    Relevant URL: http://www.evidian.com/safekit/index.htm
    Summary:

    Evidian's SafeKit technology makes it possible to render any application
    available 24 hours per day. With no extra hardware: just use your existing
    servers and install this software-only solution.

    This provides ultimate scalability. As your needs grow, all you need to do
    is add more standard servers into the cluster. With the load balancing
    features of SafeKit, you can distribute applications over multiple
    servers. If one system fails completely, the others will continue to serve
    your users.

    4. SecurDataStor
    By: encryptX Corporation
    Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
    Relevant URL: http://www.encryptx.com/products/securdatastor.asp
    Summary:

    The SecurDataStor product line is designed to provide a comprehensive
    software security solution that manages and controls access to sensitive
    information that you need to share internally and externally.
    SecurDataStor is available in three versions: Basic, Premium, and
    Platinum. Depending on the level of security that you need, you can choose
    the SecurDataStor product that suits your needs.

    With its end-to-end protection of sensitive business information,
    SecurDataStor products protect sensitive information when used by the
    originator, stored locally on a hard drive or file server, and when
    shared. Users can safely share sensitive information across different
    Microsoft Windows operating systems, over different network and firewall
    technologies, and across different forms of removable media.

    5. Proactive Windows Security Explorer
    By: Elcomsoft Co. Ltd.
    Platforms: Windows 2000, Windows NT, Windows XP
    Relevant URL: http://www.elcomsoft.com/pwsex.html#
    Summary:

    Proactive Windows Security Explorer (PWSEX) is a password security test
    tool that's designed to allow Windows NT, Windows 2000, and Windows
    XP-based systems administrators to identify and close security holes in
    their networks. Proactive Windows Security Explorer helps secure networks
    by executing an audit of account passwords, and exposing insecure account
    passwords. If it is possible to recover the password within a reasonable
    time, the password is considered insecure.

    An administrator can also use it to recover any lost password and access a
    user's Windows account. Proactive Windows Security Explorer works by
    analyzing user password hashes and recovering plain-text passwords.

    6. Outpost Personal Firewall Pro 2.0
    By: Agnitum
    Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
    Relevant URL: http://www.outpost.uk.com
    Summary:

    New Outpost Personal Firewall Pro 2.0 outdistances the award-winning
    Outpost Personal Firewall Pro 1.0 on multiple levels, from enhanced
    privacy features to ease-of-use. As the foremost security application for
    personal computers, Outpost Personal Firewall Pro 2.0 gives you the latest
    in personal firewall technology, making version 2.0 the clear security
    choice for your system.

    V. NEW TOOLS FOR MICROSOFT PLATFORMS
    ------------------------------------
    1. Generic Security Service v0.0.7
    By: Simon Josefsson
    Relevant URL: http://www.gnu.org/software/gss/
    Platforms: UNIX, Windows 2000, Windows NT, Windows XP
    Summary:

    A bug that prevented 3DES gss_wrap from working in the Kerberos 5
    mechanism was fixed. The library headers file now works even when the
    Kerberos 5 mechanism is disabled. The package has been tested on more
    platforms.

    2. Enigmail v0.82.3
    By: Patrick
    Relevant URL: http://enigmail.mozdev.org/thunderbird.html
    Platforms: Linux, MacOS, POSIX, UNIX, Windows 2000, Windows 3.x, Windows
    95/98, Windows CE, Windows NT, Windows XP
    Summary:

    Enigmail is a "plugin" for the mail client of Mozilla and Netscape 7.x
    which allows users to access the authentication and encryption features
    provided by the popular GnuPG software. Enigmail can encrypt/sign mail
    when sending, and can decrypt/authenticate received mail. It can also
    import/export public keys. Enigmail supports both the inline PGP format
    and the PGP/MIME format, which can be used to encrypt attachments.
    Enigmail is cross-platform, although binaries are supplied only for a
    limited number of platforms. Enigmail uses inter-process communication to
    execute GPG to carry out encryption/authentication.

    3. Stealth HTTP Security Scanner v2.0b36
    By: Felipe Moniz, Security Specialist
    Relevant URL: http://www.hideaway.net/stealth
    Platforms: Linux, Windows 2000, Windows 95/98, Windows NT
    Summary:

    Stealth 1.0 scans for 2883 HTTP vulnerabilities. This tool is designed
    especially for the system administrators, security consultants and IT
    professionals to check the possible security holes and to confirm any
    present security vulnerabilities that hackers can exploit. Totally free
    for commercial and non-commercial use.

    4. aNTG v2.0
    By: Lucas
    Relevant URL: http://www.thebobo.com/antg.php
    Platforms: UNIX, Windows 2000, Windows 95/98, Windows NT, Windows XP
    Summary:

    aNTG (another Network Traffic Grapher) is a PHP program that collects and
    graphs network traffic statistics on a Linux machine.

    5. Logrep v1.4.2
    By: Tevfik Karagülle
    Relevant URL: http://logrep.sourceforge.net/
    Platforms: Linux, POSIX, Windows 2000, Windows NT
    Summary:

    Logrep is a secure multi-platform framework for the collection,
    extraction, and presentation of information from various log files. It
    features HTML reports, multi-dimensional analysis, overview pages, SSH
    communication, and graphs, and supports more than 15 popular systems
    including Snort, Squid, Postfix, Apache, syslog, iptables/ipchains, NT
    event logs, Firewall-1, wtmp, Oracle listener, and Pix.

    6. OSIRIS v2.1.0
    By: The Shmoo Group
    Relevant URL: http://osiris.shmoo.com
    Platforms: BSDI, FreeBSD, Linux, MacOS, OpenBSD, UNIX, Windows 2000,
    Windows NT, Windows XP
    Summary:

    Osiris is a host integrity management system that can be used to monitor
    changes to a network of hosts over time and report those changes back to
    the administrator(s). Currently, this includes monitoring any changes to
    the filesystems. Osiris takes periodic snapshots of the filesystem and
    stores them in a database. These databases, as well as the
    configurations and logs, are all stored on a central management host.
    When changes are detected, Osiris will log these events to the system
    log and optionally send email to an administrator. In addition to files,
    Osiris has preliminary support for the monitoring of other system
    information including user lists, file system details, kernel modules,
    and network interface configurations (not included with in this beta
    release).

    VI. SPONSOR INFORMATION
    -----------------------
    This Issue is Sponsored by: Tenable Security

    Tenable provides security software which enables enterprises to
    distribute, manage, and communicate vulnerability and intrusion detection
    information across the entire organization.  Tenable's breakthrough
    Lightning(tm) technology elegantly simplifies the complex nature of
    network security by offering detailed useable reports for network and
    security administrators and high-level organizational reports for CxOs.
    In addition, Tenable offers both active (NeWT) and passive (NeVO)
    vulnerability detection solutions to further enhance your network
    vulnerability identification. For more information, Tenable can be
    reached at 410-872-0555 or on the Internet at
    http://www.securityfocus.com/sponsor/TenableSecurity_ms-secnews_031201
    ------------------------------------------------------------------------

    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------


  • Next message: Erik Birkholz: "RE: Hiding MS SQL databases in Enterprise Manager"

    Relevant Pages

    • [NT] Cumulative Security Update for Internet Explorer (MS06-021)
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Get your security news from a reliable source. ... Improper memory and user input handling with Internet Explorer allows ... A remote code execution vulnerability exists in the way Internet Explorer ...
      (Securiteam)
    • [NT] Cumulative Security Update for Internet Explorer (MS06-013)
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Get your security news from a reliable source. ... Microsoft Internet Explorer allow attackers to execute arbitrary code, ... A remote code execution vulnerability exists in the way Internet Explorer ...
      (Securiteam)
    • [NT] Cumulative Security Update for Internet Explorer (MS05-038)
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Get your security news from a reliable source. ... A buffer overflow vulnerability within Internet Explorer allows attackers ...
      (Securiteam)
    • [NT] Cumulative Security Update For Internet Explorer (MS04-004)
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Get your security news from a reliable source. ... previously-released updates for Internet Explorer 5.01, ... vulnerability could result in the execution of a script in the Local ...
      (Securiteam)
    • SecurityFocus Microsoft Newsletter #301
      ... AGEphone SIP Packet Handling Buffer Overflow Vulnerability ... Microsoft Internet Explorer NMSA.ASFSourceMediaDescription Stack Overflow Vulnerability ... Microsoft Windows is reportedly prone to a remote denial-of-service vulnerability. ...
      (Focus-Microsoft)