SecurityFocus Microsoft Newsletter #198
From: Marc Fossi (mfossi_at_securityfocus.com)
Date: 07/21/04
- Previous message: Grau, Andrew: "RE: Windows Update v5 and XPSP2RC2"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 21 Jul 2004 08:39:09 -0600 (MDT) To: Focus-MS <focus-ms@securityfocus.com>
SecurityFocus Microsoft Newsletter #198
----------------------------------------
This issue sponsored by: FaceTime
Free Webinar! Enterprise IM: How IT Managers Can Survive. Featured Speaker:
Nate Root, Senior Analyst, Forrester Research. IT directors and security
managers will gain new insights to balance compliance and security risks.
Highlights an integrated solution from FaceTime Communications and MSN
Messenger Connect for Enterprises. Ideal for financial services,
healthcare, energy companies and other regulated organizations.
View the webinar now!
http://www.securityfocus.com/sponsor/FaceTime_ms-secnews_040720
------------------------------------------------------------------------
I. FRONT AND CENTER
1. Metasploit Framework (Part 2 of 3)
2. Packet Crafting for Firewall & IDS Audits (Part 2 of 2)
3. The Pied Piper Syndrome
II. MICROSOFT VULNERABILITY SUMMARY
1. Microsoft JVM Cross-Domain Applet Unauthorized Communication...
2. Microsoft Internet Explorer JavaScript Method Assignment Cro...
3. Microsoft Internet Explorer Popup.show Mouse Event Hijacking...
4. Microsoft Outlook Express Message Window Script Execution Vu...
5. Microsoft Windows 2000 Media Player Control Media Preview Sc...
6. Microsoft Internet Explorer JavaScript Null Pointer Exceptio...
7. Adobe Acrobat/Reader File Name Handler Buffer Overflow Vulne...
8. Multiple Mozilla Bugzilla Vulnerabilities
9. wvWare Library Field.c WVHANDLEDATETIMEPICTURE Function Remo...
10. Microsoft Windows HTML Help Heap Overflow Vulnerability
11. Microsoft IIS 4 Redirect Remote Buffer Overflow Vulnerabilit...
12. Microsoft Windows Utility Manager Local Privilege Escalation...
13. Microsoft Windows Task Scheduler Remote Buffer Overflow Vuln...
14. Microsoft Windows POSIX Subsystem Buffer Overflow Local Priv...
15. Microsoft Outlook Express Malformed Email Header Denial Of S...
16. INweb Mail Server Remote Denial Of Service Vulnerability
17. PHPBB Multiple Unspecified SQL Injection Vulnerabilities
18. PHP Strip_Tags() Function Bypass Vulnerability
19. Microsoft Systems Management Server Remote Denial Of Service...
20. Novell BorderManager Remote Denial Of Service Vulnerability
21. Gattaca Server 2003 Multiple Denial Of Service Vulnerabiliti...
22. Gattaca Server 2003 Multiple Path Disclosure Vulnerabilities
23. Gattaca Server 2003 Cross-Site Scripting Vulnerability
24. PHPBB Multiple Cross-Site Scripting Vulnerabilities
25. Multiple PHPNuke SQL Injection And Cross-Site Scripting Vuln...
III. MICROSOFT FOCUS LIST SUMMARY
1. Windows Update v5 and XPSP2RC2 (Thread)
2. Browser Vulns (Thread)
3. Microsoft Audit Collection System (Thread)
4. Article Announcement: The Pied Piper Syndrome (Thread)
5. security M$ exchange2003 imap4 (Thread)
6. Tool to view effective AD settings (Thread)
7. MS to dump NT 4.0 Wkstn. Patches (Thread)
8. [security] Tool to view effective AD settings (Thread)
9. SecurityFocus Microsoft Newsletter #197 (Thread)
IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
1. Network Time System
2. Anon-Encrypt
3. RSI
4. WiSSH
5. Firewall RuleMaker
6. CAT Cellular Authentication Token and eAuthentication Servic...
V. NEW TOOLS FOR MICROSOFT PLATFORMS
1. CryptoHeaven v2.4.1
2. Hardening TCP/IP 1.0
3. Xintegrity 1.4
4. Anti-Cracker Shield 1.10
5. cenfw 0.2 beta
6. SiVuS, The VoIP Vulnerability Scanner 1.03
VI. UNSUBSCRIBE INSTRUCTIONS
VII. SPONSOR INFORMATION
I. FRONT AND CENTER
-------------------
1. Metasploit Framework (Part 2 of 3)
By Pukhraj Singh and K.K. Mookhey
This article provides an elaborate insight into the Open Source exploit
framework, the Metasploit Framework, which is meant to change the future of
penetration testing once and for all. Part two of three.
http://www.securityfocus.com/infocus/1790
2. Packet Crafting for Firewall & IDS Audits (Part 2 of 2)
By Don Parker
This article is the second of a two-part series that will discuss various
methods to test the integrity of your firewall and IDS using low-level
TCP/IP packet crafting tools and techniques.
http://www.securityfocus.com/infocus/1791
3. The Pied Piper Syndrome
By Tim Mullen
Making electronic voting terminals more like slot machines won't keep
elections secure from tampering.
http://www.securityfocus.com/columnists/255
II. MICROSOFT VULNERABILITY SUMMARY
-----------------------------------
1. Microsoft JVM Cross-Domain Applet Unauthorized Communication...
BugTraq ID: 10688
Remote: Yes
Date Published: Jul 10 2004
Relevant URL: http://www.securityfocus.com/bid/10688
Summary:
It has been reported that applets running in the Microsoft JVM share a common data structure that can be both written to and read from by any applet, regardless of domain association. This is in violation of the above security policy.
2. Microsoft Internet Explorer JavaScript Method Assignment Cro...
BugTraq ID: 10689
Remote: Yes
Date Published: Jul 12 2004
Relevant URL: http://www.securityfocus.com/bid/10689
Summary:
A vulnerability exists in Microsoft Internet Explorer that may allow cross-domain scripting.
It is reported that the vulnerability presents itself due to a failure to properly validate trust relationships between method calls that are made in separate Internet Explorer windows. This may make it possible for script code to access properties of a foreign domain.
This issue may also potentially be exploited to cross Security Zone boundaries, though this has not been confirmed.
3. Microsoft Internet Explorer Popup.show Mouse Event Hijacking...
BugTraq ID: 10690
Remote: Yes
Date Published: Jul 12 2004
Relevant URL: http://www.securityfocus.com/bid/10690
Summary:
A vulnerability exists in Microsoft Internet Explorer that may permit a malicious Web page to hijack mouse events. This could potentially be exploited to trick an unsuspecting user into performing unintended actions such as approving pop-up dialogs.
The method caching variant of this attack is also reported to work.
This is similar to the vulnerability described in BID 9108.
4. Microsoft Outlook Express Message Window Script Execution Vu...
BugTraq ID: 10692
Remote: Yes
Date Published: Jul 12 2004
Relevant URL: http://www.securityfocus.com/bid/10692
Summary:
Microsoft Outlook Express is reported prone to a vulnerability that may allow unauthorized execution of script code.
It is reported that Outlook Express filters user-supplied input such as script code in the in the 'window.document' object, however, fails to filter script code in any other components of the window object. This may aid in attacks that occur through HTML email.
Microsoft Outlook Express version 6.0 is currently known to be vulnerable to this issue, however, it is possible that other versions are affected as well.
5. Microsoft Windows 2000 Media Player Control Media Preview Sc...
BugTraq ID: 10693
Remote: Yes
Date Published: Jul 12 2004
Relevant URL: http://www.securityfocus.com/bid/10693
Summary:
Microsoft Windows 2000 is reported prone to a script code execution vulnerability. Specifically, this issue arises when a user previews media in Windows Explorer.
It is reported that malicious script code can be executed in the local zone when files in a specially crafted play list are previewed. This can be exploited by specifying the 'javascript:' protocol for one or more of the files.
This issue can be leveraged to carry out various attacks.
6. Microsoft Internet Explorer JavaScript Null Pointer Exceptio...
BugTraq ID: 10694
Remote: Yes
Date Published: Jul 12 2004
Relevant URL: http://www.securityfocus.com/bid/10694
Summary:
A denial of service vulnerability is reported to affect Internet Explorer. The issue is reported to present itself when Internet Explorer attempts to render JavaScript that contains an invalid for statement.
A remote attacker may exploit this vulnerability to cause the running instance of Internet Explorer to crash.
This vulnerability is reported to affect Internet Explorer version 6.0 (SP1), other versions might also be affected.
7. Adobe Acrobat/Reader File Name Handler Buffer Overflow Vulne...
BugTraq ID: 10696
Remote: Yes
Date Published: Jul 12 2004
Relevant URL: http://www.securityfocus.com/bid/10696
Summary:
Adobe Acrobat and Reader are prone to a stack-based buffer overflow vulnerability.
This issue exists in routines that parse document filenames. A malformed file name may trigger this condition when the file is opened.
If a user could be enticed to open an appropriately named document, this could potentially allow for remote code execution.
This issue appears to affect Adobe Acrobat and Reader 6.x releases on Microsoft Windows platforms.
8. Multiple Mozilla Bugzilla Vulnerabilities
BugTraq ID: 10698
Remote: Yes
Date Published: Jul 12 2004
Relevant URL: http://www.securityfocus.com/bid/10698
Summary:
Multiple vulnerabilities are reported to exist in the Bugzilla software. The issues include cross-site scripting, SQL injection, privilege escalation, and information disclosure.
An information disclosure vulnerability is reported to affect Bugzilla installations under certain circumstances. It is reported that when the SQL server is halted, and the HTTP server continues to run, a remote attacker may disclosure the database password.
An attacker, may employ the harvested password information to authenticate to the SQL database.
A privilege escalation vulnerability is reported to affect Bugzilla.
A privileged attacker may exploit this vulnerability to gain membership to other Bugzilla groups.
An additional information disclosure vulnerability is reported to affect Bugzilla. It is reported that hidden products may be revealed using vulnerable CGI scripts.
An attacker may employ the vulnerable scripts in order to disclose product listings that are marked as confidential.
Bugzilla is reported prone to multiple cross-site scripting vulnerabilities. These issues exist due to a lack of sanitization performed on user supplied URI data before this data is incorporated into dynamically generated error messages.
These cross-site scripting issues could permit a remote attacker to create a malicious URI link that includes hostile HTML and script code. If a user follows the malicious link, the attacker-supplied code executes in the web browser of the victim computer.
An additional information disclosure vulnerability is reported to affect Bugzilla. It is reported that a Bugzilla user's password may be embedded as a part of an image URI, the password may be saved into and be visible in web server or web proxy logs.
An attacker who has access to the web server logs may harvest credentials.
Finally, Bugzilla is reported prone to an SQL injection vulnerability. The issue is due to a failure of the application to properly sanitize user-supplied input.
As a result of this issue a privileged attacker could modify the logic and structure of database queries.
9. wvWare Library Field.c WVHANDLEDATETIMEPICTURE Function Remo...
BugTraq ID: 10699
Remote: Yes
Date Published: Jul 09 2004
Relevant URL: http://www.securityfocus.com/bid/10699
Summary:
wvWare is reported prone to a remote buffer overflow vulnerability that may allow attackers to execute arbitrary code on a vulnerable system in order to gain unauthorized access.
Successful exploit of this issue can allow a remote attacker to execute arbitrary code in the context of a vulnerable application.
This issue affects wvWare 0.7.4. Versions 0.7.5, 0.7.6 and 1.0.0 are also affected by a variant of this issue.
10. Microsoft Windows HTML Help Heap Overflow Vulnerability
BugTraq ID: 10705
Remote: Yes
Date Published: Jul 13 2004
Relevant URL: http://www.securityfocus.com/bid/10705
Summary:
The Microsoft Windows HTML Help facility is prone to a remotely exploitable heap overflow vulnerability. This vulnerability could be exploited from a malicious Web page or through HTML email to execute arbitrary code with the privileges of the currently logged in user.
11. Microsoft IIS 4 Redirect Remote Buffer Overflow Vulnerabilit...
BugTraq ID: 10706
Remote: Yes
Date Published: Jul 13 2004
Relevant URL: http://www.securityfocus.com/bid/10706
Summary:
Microsoft IIS 4.0 is reported prone to a buffer overflow vulnerability when handling redirects.
It is reported that an attacker may exploit this vulnerability by issuing a large request to an affected IIS Web server. An attacker may exploit this issue to execute arbitrary code in the context of IIS. This could lead to complete compromise of an affected computer.
12. Microsoft Windows Utility Manager Local Privilege Escalation...
BugTraq ID: 10707
Remote: No
Date Published: Jul 13 2004
Relevant URL: http://www.securityfocus.com/bid/10707
Summary:
Microsoft Utility Manager is prone to a local privilege escalation vulnerability. It is reported that a local user may influence the Utility Manager into executing an attacker-supplied application with elevated privileges. The cause of this issue is that the Utility Manager will attempt to load context sensitive help without dropping privileges.
A local attacker may exploit this vulnerability to gain SYSTEM level privileges on the computer.
This vulnerability is similar to the issue reported in BID 10124. The vendor fixes for BID 10124 addressed the issue by removing access to context sensitive help from the Utility Manager GUI. However, the functionality to access context sensitive help is still present in the Utility Manager application itself.
13. Microsoft Windows Task Scheduler Remote Buffer Overflow Vuln...
BugTraq ID: 10708
Remote: Yes
Date Published: Jul 13 2004
Relevant URL: http://www.securityfocus.com/bid/10708
Summary:
Microsoft Task Scheduler is reported prone to a remote stack-based buffer overflow vulnerability. The source of the vulnerability is that data in '.job' files is copied into an internal buffer without sufficient bounds checking.
It is reported that a remote attacker may exploit this vulnerability through Internet Explorer or Windows Explorer when the '.job' file is opened or a directory containing the file is rendered. The file could also be hosted on a share. Other attack vectors may also exist.
It should be noted that while this issue does not affect Windows NT 4.0 SP6a, it may affect this platform if Internet Explorer 6 SP1 is installed.
14. Microsoft Windows POSIX Subsystem Buffer Overflow Local Priv...
BugTraq ID: 10710
Remote: No
Date Published: Jul 13 2004
Relevant URL: http://www.securityfocus.com/bid/10710
Summary:
The Microsoft POSIX subsystem implementation is prone to a local buffer overflow vulnerability.
A local attacker may exploit this vulnerability in order to run code with elevated privileges, fully compromising the vulnerable computer.
15. Microsoft Outlook Express Malformed Email Header Denial Of S...
BugTraq ID: 10711
Remote: Yes
Date Published: Jul 13 2004
Relevant URL: http://www.securityfocus.com/bid/10711
Summary:
Microsoft Outlook Express is prone to a security vulnerability when processing emails with malformed header data. A remote attacker may potentially exploit this issue to cause a persistent denial of service in the email client.
This issue is only reported to affect Outlook Express 6.0 on Windows XP platforms.
16. INweb Mail Server Remote Denial Of Service Vulnerability
BugTraq ID: 10719
Remote: Yes
Date Published: Jul 13 2004
Relevant URL: http://www.securityfocus.com/bid/10719
Summary:
It is reported that INweb Mail Server contains a denial of service vulnerability in its connection handling code.
A remote attacker is able to crash the application, denying service to legitimate users.
Version 2.40 is reported vulnerable to this issue. Other versions may also be vulnerable.
17. PHPBB Multiple Unspecified SQL Injection Vulnerabilities
BugTraq ID: 10722
Remote: Yes
Date Published: Jul 13 2004
Relevant URL: http://www.securityfocus.com/bid/10722
Summary:
It is reported that phpBB contains multiple unspecified SQL injection vulnerabilities.
One vulnerability is reported to exist in 'admin_board.php'. The other pertains to improper characters in the session id variable.
These issues are due to a failure of the application to properly sanitize user-supplied URI parameters before using them to construct SQL queries to be issued to the underlying database.
Version 2.0.9 has been released addressing these, and other issues. This BID will be updated when further information is known.
18. PHP Strip_Tags() Function Bypass Vulnerability
BugTraq ID: 10724
Remote: Yes
Date Published: Jul 14 2004
Relevant URL: http://www.securityfocus.com/bid/10724
Summary:
It is reported that it is possible to bypass PHPs strip_tags() function.
It is reported that under certain circumstances, PHPs strip_tags() function will improperly leave malformed tags in place.
This vulnerability may mean that previously presumed-safe web applications could contain multiple cross-site scripting and HTML injection vulnerabilities when viewed by Microsoft Internet Explorer or Apple Safari web browsers.
It is reported that 'magic_quotes_gpc' must be off for PHP to be vulnerable to this issue.
19. Microsoft Systems Management Server Remote Denial Of Service...
BugTraq ID: 10726
Remote: Yes
Date Published: Jul 14 2004
Relevant URL: http://www.securityfocus.com/bid/10726
Summary:
Reportedly Microsoft Systems Management Server is vulnerable to a remote denial of service vulnerability. This issue is due to a failure of the affected server to handle exceptional conditions.
Successful exploitation of this issue will allow an attacker to trigger a denial of service condition in the affected server. Code execution might be possible but is unlikely and unconfirmed.
20. Novell BorderManager Remote Denial Of Service Vulnerability
BugTraq ID: 10727
Remote: Yes
Date Published: Jul 15 2004
Relevant URL: http://www.securityfocus.com/bid/10727
Summary:
It has been reported that Novell BorderManager is affected by a remote denial of service vulnerability. This issue is due to a failure of the application to properly handle exceptional network input.
This issue will allow an attacker to cause the affected client computer hang, denying service to legitimate users. It has been reported that the computer must be restarted to return to a usable state.
21. Gattaca Server 2003 Multiple Denial Of Service Vulnerabiliti...
BugTraq ID: 10728
Remote: Yes
Date Published: Jul 15 2004
Relevant URL: http://www.securityfocus.com/bid/10728
Summary:
It is reported that Gattaca Server 2003 contains multiple denial of service vulnerabilities.
These vulnerabilities allow a remote attacker to crash the application, denying service to legitimate users.
Version 1.1.10.0 is reported vulnerable. Prior versions may also contain these vulnerabilities as well.
22. Gattaca Server 2003 Multiple Path Disclosure Vulnerabilities
BugTraq ID: 10729
Remote: Yes
Date Published: Jul 15 2004
Relevant URL: http://www.securityfocus.com/bid/10729
Summary:
It is reported that Gattaca Server 2003 contains multiple path disclosure vulnerabilities.
By sending HTTP requests to Gattaca's web server, it is reportedly possible to cause the application to return error pages that contain the full installation path of the application and the web document root path.
These vulnerabilities could be used by an attacker to aid them in further attacks against the server.
Version 1.1.10.0 is reported vulnerable. Prior versions may also contain these vulnerabilities as well.
23. Gattaca Server 2003 Cross-Site Scripting Vulnerability
BugTraq ID: 10731
Remote: Yes
Date Published: Jul 15 2004
Relevant URL: http://www.securityfocus.com/bid/10731
Summary:
Gattaca Server 2003 is reported prone to a cross-site scripting vulnerability. This issue presents itself due to insufficient sanitization of user-supplied data.
A remote attacker can exploit this issue by creating a malicious link to the vulnerable application that includes hostile HTML and script code. If a user follows this link, the hostile code renders in the web browser of the victim user. This would occur in the security context of the web server and may allow for theft of cookie-based authentication credentials or other attacks.
Cattaca Server 2003 version 1.1.10.0 is reported prone to this issue. Other versions may also be vulnerable.
24. PHPBB Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 10738
Remote: Yes
Date Published: Jul 16 2004
Relevant URL: http://www.securityfocus.com/bid/10738
Summary:
It is reported that phpBB is affected by multiple cross-site scripting vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied URI input.
The problems present themselves in the 'index.php' and 'faq.php' scripts.
These issues could permit a remote attacker to create a malicious URI link that includes hostile HTML and script code. If this link were followed, the hostile code may be rendered in the web browser of the victim user.
25. Multiple PHPNuke SQL Injection And Cross-Site Scripting Vuln...
BugTraq ID: 10741
Remote: Yes
Date Published: Jul 16 2004
Relevant URL: http://www.securityfocus.com/bid/10741
Summary:
It is reported that PHPNuke is susceptible to a cross-site scripting vulnerability and an SQL injection vulnerability.
Both of these vulnerabilities are due to improper sanitization of user-supplied data.
Attackers may supply malicious parameters to manipulate the structure and logic of SQL queries. This may result in unauthorized operations being performed on the underlying database. This issue may be exploited to cause sensitive information to be disclosed to a remote attacker.
The cross-site scripting vulnerability is reported to exist in the same script. As a result of this deficiency, it is possible for a remote attacker to create a malicious link containing script code that will be executed in the browser of a legitimate user.
This may allow for theft of cookie-based authentication credentials and other attacks.
These vulnerabilities were reported in version 7.3 of PHPNuke. Other versions may also be affected.
III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. Windows Update v5 and XPSP2RC2 (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/369386
2. Browser Vulns (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/369383
3. Microsoft Audit Collection System (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/369382
4. Article Announcement: The Pied Piper Syndrome (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/369347
5. security M$ exchange2003 imap4 (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/369305
6. Tool to view effective AD settings (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/369238
7. MS to dump NT 4.0 Wkstn. Patches (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/369107
8. [security] Tool to view effective AD settings (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/369103
9. SecurityFocus Microsoft Newsletter #197 (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/368878
IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
----------------------------------------
1. Network Time System
By: Softros Systems Inc.
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://nts.softros.com/
Summary:
Network Time System - Secure, fast and accurate time sync software across entire network.
2. Anon-Encrypt
By: RiserSoft Corporation
Platforms: Windows 2000, Windows NT, Windows XP
Relevant URL: http://risersoft.com/anon-encrypt.php
Summary:
Surf the Internet Totally Anonymous, and Fully Encrypted with our Internet Explorer Pluging!
3. RSI
By: Digital Labs, LLC
Platforms: Windows 2000, Windows NT, Windows XP
Relevant URL: http://www.digitallabs.net/rsi/
Summary:
Remote System Information audits your network for critical hardware and software information and displays the results in a clear, exportable spread*** view.
Remote Registry technology provides the ability to dynamically scan your network without the need to install client software.
4. WiSSH
By: Digital Labs, LLC
Platforms: Windows 2000, Windows NT, Windows XP
Relevant URL: http://www.wissh.com
Summary:
WiSSH (Windows over SSH) utilizes SSH tunneling technology to secure Microsoft's RDP protocol. Allows access to multiple hosts behind your network perimeter with only a single host's SSH port open to the Internet
5. Firewall RuleMaker
By: The Net Memetic Pte Ltd
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://firewall.rulemaker.net
Summary:
Firewall RuleMaker is a Windows-based firewall configuration version control software product for managers of Cisco PIX and Netscreen firewalls.
6. CAT Cellular Authentication Token and eAuthentication Servic...
By: Mega AS Consulting Ltd
Platforms: Java, Linux, OpenBSD, Os Independent, SecureBSD, Solaris, UNIX, Windows 2000, Windows NT
Relevant URL: http://www.megaas.co.nz
Summary:
Low cost, easy to use Two Factor Authentication One Time Password token using the Cellular. Does not use SMS or communication, manages multiple OTP accounts - new technology. For any business that want a safer access to its Internet Services. More information at our site.
We also provide eAuthentication service for businesses that will not buy an Authentication product but would prefer to pay a monthly charge for authentication services from our our CAT Server.
V. NEW TOOLS FOR MICROSOFT PLATFORMS
------------------------------------
1. CryptoHeaven v2.4.1
By: Marcin Kurzawa <marcin@cryptoheaven.com>
Relevant URL: http://www.cryptoheaven.com/
Platforms: UNIX, Windows 2000, Windows 95/98, Windows NT, Windows XP
Summary:
CryptoHeaven offers secure email and online file sharing/storage. Its main features are secure and highly encrypted services such as group collaboration, file sharing, email, online storage, and instant messaging. It integrates multi-user based security into email, instant messaging, and file storage and sharing in one unique package. It provides real time communication for text and data transfers in a multi-user secure environment. The security and usability of CryptoHeaven is well-balanced; even the no-so-technically oriented computer users can enjoy this crypto product with very high level of encryption.
2. Hardening TCP/IP 1.0
By: D'Amato Luigi
Relevant URL: http://www.securitywireless.info/download/hardtcp.exe
Platforms: Windows 2000, Windows XP
Summary:
Hardening stack TCP/IP tool for Windows. It is designed for all versions of Windows XP, and all version of Windows 2000. The tool supplies a simple GUI for Hardening Stack Tcp/ip os Windows againg many Dos attack.
3. Xintegrity 1.4
By: Global Data Integrity
Relevant URL: http://www.xintegrity.com
Platforms: Windows 2000, Windows 95/98, Windows XP
Summary:
Xintegrity makes it virtually impossible for anybody or anything to modify your files without being detected. When Xintegrity detects a modified file it will show exactly how and when the file was modified and display the contents of the modified file in comparison with an optionally backed up copy of the file. All your files [including operating system files] can be protected. Xintegrity can automatically create protected backup files [optionally encrypted with 256 bit]
4. Anti-Cracker Shield 1.10
By: SoftSphere
Relevant URL: http://www.softsphere.com/cgi-bin/redirect.pl?Name=ACSHIELD
Platforms: Windows 2000, Windows NT, Windows XP
Summary:
Protect your computer from Internet worms and hackers' attacks, which become possible due to the operational system and software vulnerabilities ("exploits"). Neither antiviruses, nor firewalls can protect from exploits.
Only Anti-Cracker Shield, a multilevel security system is able to cope with all known and unknown versions of "exploits". It is possible and is necessary to protect from hackers!
5. cenfw 0.2 beta
By: Peter Robinson
Relevant URL: http://www.securegateway.org
Platforms: Linux, Windows 2000, Windows 95/98, Windows CE, Windows NT, Windows XP
Summary:
The Centron IPTables Firewall Gui is an object oriented, database driven, windows interface to linux IPtables firewall rules.
6. SiVuS, The VoIP Vulnerability Scanner 1.03
By: vopsecurity.org
Relevant URL: http://www.vopsecurity.org/html/downloads.html
Platforms: AIX, FreeBSD, HP-UX, IRIX, Java, MacOS, NetBSD, SecureBSD, SINIX, Solaris, SunOS, True64 UN, True64 UNIX, Ultrix, UNICOS, UNIX, Windows 2000, Windows 3.x, Windows 95/98, Windows NT, Windows XP
Summary:
VoIP vulnerability scanner.
VI. UNSUBSCRIBE INSTRUCTIONS
----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe@securityfocus.com from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.
If your email address has changed email listadmin@securityfocus.com and ask to be manually removed.
VII. SPONSOR INFORMATION
-----------------------
This issue sponsored by: FaceTime
Free Webinar! Enterprise IM: How IT Managers Can Survive. Featured Speaker:
Nate Root, Senior Analyst, Forrester Research. IT directors and security
managers will gain new insights to balance compliance and security risks.
Highlights an integrated solution from FaceTime Communications and MSN
Messenger Connect for Enterprises. Ideal for financial services,
healthcare, energy companies and other regulated organizations.
View the webinar now!
http://www.securityfocus.com/sponsor/FaceTime_ms-secnews_040720
------------------------------------------------------------------------
---------------------------------------------------------------------------
---------------------------------------------------------------------------
- Previous message: Grau, Andrew: "RE: Windows Update v5 and XPSP2RC2"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
