Security UPDATE, November 20, 2002

Windows & .NET Magazine Security UPDATE--brought to you by Security Administrator, a print newsletter bringing you practical, how-to articles about securing your Windows .NET Server, Windows 2000, and Windows NT systems.
http://www.secadministrator.com


THIS ISSUE SPONSORED BY

FREE 15 Day Trial Download from SPI Dynamics
http://www.spidynamics.com/mktg/freewebinspect18

VeriSign - The Value of Trust
http://www.verisign.com/cgi-bin/go.cgi?a=n20400107130057000
(below IN FOCUS)


SPONSOR: FREE 15 DAY TRIAL DOWNLOAD FROM SPI DYNAMICS

ALERT! Test and assess your Web Applications TODAY!
Learn why 75% of today's successful hacks involve Web Application attacks such as:

  • SQL Injection
  • Cross-Site Scripting
  • Buffer OverFlow
  • Cookie Manipulation
  • Parameter Manipulation
  • Reverse Directory Transversal
  • All undetectable by Firewalls and IDS!
  • Download our FREE 15 Day Product Trial, which delivers a Comprehensive Vulnerability Report

http://www.spidynamics.com/mktg/freewebinspect18


November 20, 2002—In this issue:

1. IN FOCUS

  • Attackers Might Face Life in Prison; You Might Forfeit Some Privacy

2. SECURITY RISKS

  • Multiple Vulnerabilities in ISC's DNS BIND 8.x and BIND 4.x
  • Buffer Overflow in Macromedia's ColdFusion and JRun

3. ANNOUNCEMENTS

  • The Microsoft Mobility Tour Is Coming Soon to a City Near You!
  • Planning on Getting Certified? Make Sure to Pick Up Our New eBook!

4. SECURITY ROUNDUP

  • Feature: Use ISA Server to Secure Exchange

5. HOT RELEASES (ADVERTISEMENTS)

  • FREE Security Assessment Tool from Aelita!
  • Now Available - Fire & Water Security Toolkit

6. SECURITY TOOLKIT

  • Virus Center
  • Virus Alert: W32/Oror
  • FAQ: Why Doesn't Windows 2000 Service Pack 3 (SP3) Install the Set Program Access and Defaults Tool When I Apply the Service Pack to My Win2K Server?

7. NEW AND IMPROVED

  • Detect System Intruders
  • Secure Exchange Environments
  • Submit Top Product Ideas

8. HOT THREADS

  • Windows & .NET Magazine Online Forums
  • Featured Thread: Relaying in Microsoft Exchange 5.5 SP4
  • HowTo Mailing List
  • Featured Thread: Problems Implementing Windows Update Client and SUS

9. CONTACT US

  • See this section for a list of ways to contact us.

1. IN FOCUS
(contributed by Mark Joseph Edwards, News Editor, [email protected])

  • ATTACKERS MIGHT FACE LIFE IN PRISON; YOU MIGHT FORFEIT SOME PRIVACY

  • Have you been keeping up with the Homeland Security Act of 2002? The bill (which Congress just passed) will soon become law. According to the bill's provisions, computer attackers could face many years—or life—in prison for their activities.
    http://hsc.house.gov/legislation/hr5710.pdf

    When you read the bill, you'll see that if attacker activities appear to be intended to "intimidate or coerce the civilian population; to influence the policy of a government by intimidation or coercion; or to affect the conduct of a government by mass destruction \[of computers and/or networks in this case\]," law enforcement can deem the attacker a terrorist. According to the bill, the term "terrorism" can mean any act that's dangerous to human life "or potentially destructive of critical infrastructure or key resources; and is a violation of the criminal laws of the United States or of any State or other subdivision of the United States."

    According to various news reports, lawmakers made last-minute additions to the Homeland Security Act of 2002—provisions from the Cyber Security Enhancement Act (CSEA)—that give law enforcement agencies broad powers. For example, law officers could perform wiretaps and other eavesdropping without court orders. Although Congress previously didn't pass CSEA, according to reports, legislators inserted CSEA provisions into the current Homeland Security Act in a roundabout attempt to have those provisions become law.

    The Homeland Security Act also makes sweeping changes to privacy rights both on and off the Internet. Although I agree that computer attackers who intentionally and severely jeopardize infrastructures should be dealt with severely, I don't agree that our right to privacy should be stripped away in the name of the War on Terrorism—not at this stage anyway.

    According to a Reuters news story, "buried deep in the 500-page bill are several provisions that could have lasting effects on computer security and Internet privacy" although the bill doesn't contain "authorization for a comprehensive data-mining effort proposed by the Pentagon that would break down long-established barriers against domestic surveillance."
    http://reuters.com/newsArticle.jhtml?storyID=1752157 \[caps are necessary\]

    That data-mining effort referred to is the proposed Total Information Awareness (TIA) System project, which would fall under the Defense Advanced Research Projects Agency's Information Awareness Office (IAO). TIA would let the military collect information from both private and public sectors and pool that information into centralized databases—looking for patterns or details in an effort to track suspected "terrorists and criminals."
    http://www.darpa.mil/iao

    Many believe that implementing a program such as TIA would effectively destroy the Fourth Amendment right to privacy and gives the military (whose legal system lies outside the public criminal and civil courts) the right to snoop on everyone about everything. Anything you do that's recorded—on paper or digitally (including your individual and business Internet activities)—can be subject to scrutiny.

    Retired US Navy Admiral John Poindexter, former national security adviser, heads the IAO, which would use TIA to process large amounts of information from different sources to predict and prevent terrorist attacks. According to "The Washington Post," Poindexter was fired from his Reagan-era post and subsequently convicted of lying to Congress, defrauding the government, and destroying evidence related to the Iran-Contra scandal," although the convictions were overturned on appeal.
    http://www.washingtonpost.com/wp-dyn/articles/A40942-2002Nov11.html
    \[caps in URLs below required\]
    http://www.washingtonpost.com/wp-dyn/articles/A61653-2002Nov15.html

    The impact of new information-gathering methods remains to be seen; however, programs such as TIA will include technology that uses facial recognition and body movement to identify people at a distance. Could those programs push us toward technology such as the "skin chip," a digital implant about the size of a grain of rice? Such chips are already available to the public and can contain almost any kind of personal data. In theory, they could effectively be used for computer and network authentication, but they would also change ideas about privacy. To read more about these matters, visit the Electronic Privacy Information Center (EPIC) Web site.
    http://www.epic.org/privacy/profiling/tia/


    SPONSOR: VERISIGN - THE VALUE OF TRUST

    Get the strongest server security — 128-bit SSL encryption! Download VeriSign's FREE guide, "Securing Your Web Site for Business" and learn everything you need to know about using SSL to encrypt your e-commerce transactions for serious online security. Click here!
    http://www.verisign.com/cgi-bin/go.cgi?a=n20400107130057000


    2. SECURITY RISKS
    (contributed by Ken Pfeil, [email protected])

  • MULTIPLE VULNERABILITIES IN ISC'S DNS BIND 8.X AND BIND 4.X

  • Multiple remote vulnerabilities exist in Internet Software Consortium's (ISC's) BIND 8.x and BIND 4.x, the most serious of which can lead to remote compromise of the vulnerable server. For more details about these vulnerabilities, see the discoverer's Web site. ISC has released version 9.2.1 to correct these and other problems and recommends that affected users immediately upgrade their software.
    http://www.secadministrator.com/articles/index.cfm?articleid=27286

  • BUFFER OVERFLOW IN MACROMEDIA'S COLDFUSION AND JRUN

  • A buffer-overflow vulnerability exists in Macromedia's ColdFusion 6.0 and JRun 4.0 that might let an attacker execute arbitrary code in the system context of the vulnerable system. This vulnerability stems from various heap overflows in the Microsoft IIS Internet Server API (ISAPI) handlers as they handle Uniform Resource Identifier (URI) filenames. By supplying a filename more than 4096 bytes, an attacker can overwrite heap memory. To gain control of the remote IIS process with system-level access, an attacker can overwrite various structures in the process heap. For more details about this vulnerability, see the discoverer's Web site. Macromedia has released patches for both the ColdFusion and JRun products.
    http://www.secadministrator.com/articles/index.cfm?articleid=27285

    3. ANNOUNCEMENTS
    (brought to you by Windows & .NET Magazine and its partners)

  • THE MICROSOFT MOBILITY TOUR IS COMING SOON TO A CITY NEAR YOU!

  • Brought to you by Windows & .NET Magazine, this outstanding seven-city event will help support your growing mobile workforce! Industry guru Paul Thurrott discusses the coolest mobility hardware solutions around, demonstrates how to increase the productivity of your "road warriors" with the unique features of Windows XP and Office XP, and much more. There is no charge for these live events, but space is limited so register today!
    http://www.winnetmag.com/seminars/mobility

  • PLANNING ON GETTING CERTIFIED? MAKE SURE TO PICK UP OUR NEW EBOOK!

  • "The Insider's Guide to IT Certification" eBook is hot off the presses and contains everything you need to know to help you save time and money while preparing for certification exams from Microsoft, Cisco Systems, and CompTIA and have a successful career in IT. Get your copy of the Insider's Guide today!
    http://winnet.bookaisle.com/ebookcover.asp?ebookid=13475

    4. SECURITY ROUNDUP

  • FEATURE: USE ISA SERVER TO SECURE EXCHANGE

  • Because exposing your Windows computers to remote procedure call (RPC) traffic directly from the Internet is a bad idea, administrators who want to offer Microsoft Outlook to remote users either need to depend on direct dial-up connections or a VPN. VPNs work well but require a certain degree of care and feeding, particularly when you're deploying a VPN solution for many users or using hardware VPN devices that require special client software. Microsoft Internet Security and Acceleration (ISA) Server 2000 offers another solution to the dilemma of how best to provide access to remote users.
    http://www.secadministrator.com/articles/index.cfm?articleid=27260

    5. HOT RELEASES (ADVERTISEMENTS)

  • FREE SECURITY ASSESSMENT TOOL FROM AELITA!

  • HIPAA? Gramm-Leach-Bliley? New Aelita InTrust(tm) 7.0 consolidates, archives, and analyzes heterogeneous IT audit data and offers reports to assist in documenting compliance. Get started with the FREE security assessment tool: Aelita InTrust Audit Advisor!
    http://www.aelita.com/update111402

  • NOW AVAILABLE - FIRE & WATER SECURITY TOOLKIT

  • NT OBJECTives offers the first integrated security toolkit for any size network. Fire & Water provides discovery, assessment, mapping, reporting and an advanced ISAPI filter for robust web server defense.
    Download freeware version now.
    http://www.ntobjectives.com/securityupdate.php

    6. SECURITY TOOLKIT

  • VIRUS CENTER

  • Panda Software and the Windows & .NET Magazine Network have teamed to bring you the Center for Virus Control. Visit the site often to remain informed about the latest threats to your system security.
    http://www.secadministrator.com/panda

  • VIRUS ALERT: W32/OROR

  • W32/Oror is a dangerous worm that's now spreading a variety of renditions. The worm deletes all files on the computer's hard disk as well as on every network drive accessible from the infected machine. After it's activated, it displays an error message with the title Error Starting Program. It uses email, Internet Relay Chat (IRC), and the Kazaa program to spread. For detailed information about the variations, visit the URLs below. \[caps in URLs below are required\]

    http://63.88.172.127/Panda/Index.cfm?FuseAction=Virus&VirusID=1297
    http://63.88.172.127/Panda/Index.cfm?FuseAction=Virus&VirusID=1298
    http://63.88.172.127/Panda/Index.cfm?FuseAction=Virus&VirusID=1299

  • FAQ: WHY DOESN'T WINDOWS 2000 SERVICE PACK 3 (SP3) INSTALL THE SET PROGRAM ACCESS AND DEFAULTS TOOL WHEN I APPLY THE SERVICE PACK TO MY WIN2K SERVER?

  • ( contributed by John Savill, http://www.windows2000faq.com )

    A. The Program Access and Defaults tool is available only for Win2K Professional. The tool isn't available for any of the Win2K server versions.

    7. NEW AND IMPROVED
    (contributed by Sue Cooper, [email protected])

  • DETECT SYSTEM INTRUDERS

  • Ionx released Data Sentinel, customizable host-based Intrusion Detection System (IDS) software that scans any number of files and registry entries for modification. You can modify the properties the software scans for each file, group files, schedule integrity checks, generate reports, and send automatic email alerts. Data Sentinel supports Windows XP Professional, Windows 2000 Server, Windows 2000 Professional, Windows NT Server, and Windows NT Workstation. For pricing, contact Ionx at [email protected].
    http://www.ionx.co.uk

  • SECURE EXCHANGE ENVIRONMENTS

  • Sybari Software announced Antigen 7.0 for Microsoft Exchange, software that provides antivirus protection, content filtering, and email security for Exchange messaging and collaboration environments. Features new to this version include the ability to add outbound disclaimers, new quarantine and incident databases, and advanced file filtering. Antigen 7.0 for Microsoft Exchange supports Exchange Server 2000, Exchange Server 5.5, Exchange 5.0, and Exchange running on Microsoft Cluster Servers. The price is $5750 for 250 users and includes a 2-year renewable license. Contact Sybari at [email protected] or 631-630-8500.
    http://www.sybari.com

  • SUBMIT TOP PRODUCT IDEAS

  • Have you used a product that changed your IT experience by saving you time or easing your daily burden? Do you know of a terrific product that others should know about? Tell us! We want to write about the product in a future What's Hot column. Send your product suggestions to [email protected]

    8. HOT THREADS

  • WINDOWS & .NET MAGAZINE ONLINE FORUMS

  • http://www.winnetmag.com/forums

  • Featured Thread: Relaying with Microsoft Exchange 5.5 SP4

  • (One message in this thread)

    A user hosts POP3 accounts by using Exchange Server 5.5 with Service Pack 4 (SP4) and needs to be able to relay messages. At the same time, he wants to close access to outside calls to the server to eliminate spam. He can't find a solution that will block outside access to his server. Lend a hand or read the responses:
    http://www.winnetmag.com/forums/rd.cfm?cid=42&tid=49691

  • HOWTO MAILING LIST

  • http://63.88.172.96/listserv/page_listserv.asp?a0=howto

  • Featured Thread: Problems Implementing Windows Update Client and SUS

  • (One message in this thread)

    A user says he's in the process of implementing Microsoft ate Server\[SoftwSoftware Update Services is the usual expansion, and I can't find this one used anywhere.\] (SUS) to deliver service packs and patches to Windows 2000 desktops on his network. However, for some reason, his Windows Update Client installations aren't running the updates, and log files indicate that the clients aren't querying his SUS server. Can you help figure out why? Read the responses or lend a hand at the following URL:
    http://63.88.172.96/listserv/page_listserv.asp?A2=IND0211C&L=HOWTO&P=3425

    9. CONTACT US
    Here's how to reach us with your comments and questions:

    (please mention the newsletter name in the subject line)

    This email newsletter is brought to you by Security Administrator, the print newsletter with independent, impartial advice for IT administrators securing a Windows 2000/Windows NT enterprise. Subscribe today!
    http://www.secadministrator.com/sub.cfm?code=saei25xxup

    Receive the latest information about the Windows and .NET topics of your choice. Subscribe to our other FREE email newsletters.
    http://www.winnetmag.net/email

    Hide comments

    Comments

    • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

    Plain text

    • No HTML tags allowed.
    • Web page addresses and e-mail addresses turn into links automatically.
    • Lines and paragraphs break automatically.
    Publish