Security UPDATE, October 9, 2002

Windows & .NET Magazine Security UPDATE—brought to you by Security Administrator, a print newsletter bringing you practical, how-to articles about securing your Windows .NET Server, Windows 2000, and Windows NT systems.
http://www.secadministrator.com


THIS ISSUE SPONSORED BY

VeriSign - The Value of Trust
http://www.verisign.com/cgi-bin/go.cgi?a=n26110107130057000

Real Time Monitoring is a Security Requirement
http://www.tntsoftware.com/download/

(below IN FOCUS)

SPONSOR: VERISIGN - THE VALUE OF TRUST

FREE E-COMMERCE SECURITY GUIDE
Is your e-business built on a strong, secure foundation? Find out with VeriSign's FREE White Paper, "Building an E-Commerce Trust Infrastructure." Learn how to authenticate your site to customers, secure your web servers with 128-Bit SSL encryption, and accept secure payments online. Click here:
http://www.verisign.com/cgi-bin/go.cgi?a=n26110107130057000


October 9, 2002—In this issue:

1. IN FOCUS

  • Advancements in Quantum-Based Encryption Technology

2. SECURITY RISKS

  • Unchecked Buffer in Microsoft's File Decompression Functions
  • Multiple Vulnerabilities in Windows Help Facility

3. ANNOUNCEMENTS

  • Mark Minasi and Paul Thurrott Are Bringing Their Security Expertise to You!
  • Announcing the New Windows & .NET Magazine VIP Site!

4. SECURITY ROUNDUP

  • News: Two New Worms, Bugbear and Opasoft, Spreading Across Internet
  • News: Ballmer Talks Software and Blueberry Muffins
  • News: Windows & .NET Magazine Names MEC 2002 Best of Show Finalists
  • News: 64-Bit RC5 Algorithm Finally Cracked

5. HOT RELEASES

  • FREE Network Security Web Seminars

6.SECURITY TOOLKIT

  • Virus Center
    Virus Alert: Bugbear
  • FAQ: How Can I Save Microsoft Internet Explorer (IE) 6.0 Service Pack 1 (SP1) Locally?

7. NEW AND IMPROVED

  • Email Exploit Engine Blocks Threats and Attacks
  • Server-Based Security Application
  • Submit Top Product Ideas

8. HOT THREADS

  • Windows & .NET Magazine Online Forums
  • Featured Thread: IPSec Without Kerberos

9. CONTACT US

  • See this section for a list of ways to contact us.

1. IN FOCUS
(contributed by Mark Joseph Edwards, News Editor, [email protected])

  • ADVANCEMENTS IN QUANTUM-BASED ENCRYPTION TECHNOLOGY

  • Almost 2 years ago, I wrote about a new type of encryption technology being developed that employs encryption techniques so strong that they might be virtually impenetrable. "Physics Today" magazine discussed the technology, quantum cryptography, which uses fundamental particles of light (photons) to establish random numbers at a transmitter and receiver. Those numbers can then be used as cryptographic keys to encode and decode data on a standard communications line. One of the companies involved in developing quantum cryptography, British company QinetiQ, recently announced an advancement in the technology.

    Quantum encryption uses a photon's state as the key for encoding information. According to the Heisenberg uncertainty principle, it's impossible to discover both the momentum and position of a particle at any given instant in time. In theory, therefore, an intruder couldn't discover a cryptographic key based on particle state information; the intruder would need the actual particle to decipher any data encrypted with the key. If someone tried to intercept the digital key, the quantum state of the photon would change, alerting the intended recipient.

    IBM scientists constructed the first working prototype of a quantum key distribution (QKD) system in 1989. At that time, they could transmit quantum signals only about 12.6" through open air. Today, fiber-optic cables can transmit the signals up to about 42 miles. Now, QinetiQ has successfully transmitted quantum encryption-based data over a distance of about 14.5 miles without fiber-optic cable.

    Although photons aren't suited to carry an actual message, according to QinetiQ, quantum key technology works because photons can establish identical random numbers at both the transmitter and receiver. "These large random numbers can then be used as 'cryptographic keys' for encoding and decoding data on a standard communications link."

    QinetiQ's testing took place in the mountains of Germany, where the company works in conjunction with Ludwig Maximilians University in Munich. Teams on two mountaintops successfully transmitted quantum encryption keys through the air, then decrypted the data successfully using the keys. They demonstrated that one can use the technology to send encryption keys over increasing distances without using fiber-optic cables.

    The researchers used a green laser to accurately align the transmitter and receiver located on the mountaintops. The transmission setup involved a transmitter that sent a 10MHz beam of light between 1 to 2 yards in diameter. The receiver was a commercial telescope with a photon-counting module mounted on the end. Polarizing beam splitters in the module determined the polarization of the received photons, and thus, the bit value of those photons. The researchers then used the bit values to determine the quantum keys that encrypted and decrypted associated data transmitted over a separate traditional communication link.

    QinetiQ's goal is to use earth-orbiting satellites to transmit keys around the globe. "Having demonstrated that it's possible to send a key through the air over long distances, it should soon be possible to send a message from the ground to an orbiting satellite," explained Professor John Rarity, leader of the QinetiQ team developing this technology. "We should then be able to relay quantum-encoded keys around the globe, providing absolutely secure communications ... using well established communications systems \[to move any associated encrypted data\]." To learn more about how QinetiQ structured its tests, read the press release on the company's Web site

    The technology is intriguing, although we have much to learn about its capabilities and potential flaws. Currently, at least one company, Switzerland-based id Quantique, offers fiber-optic equipment based on the technology. For more about the current state of QKD development, plug the term into your favorite search engine.


    SPONSOR: REAL TIME MONITORING IS A SECURITY REQUIREMENT

    A proactive IT Manager installed ELM Enterprise Manager 3.0 on his critical servers to assess the benefits of real time monitoring. A week later, EEM 3.0 paged him as a disgruntled employee was attempting to access confidential personal files. Within minutes, the hacker was escorted off company property. Use ELM Enterprise Manager 3.0 to monitor the health and status of your systems, protect your intellectual property, and prevent avoidable downtime. Download your FREE 30-day evaluation copy at:
    http://www.tntsoftware.com/download/


    2. SECURITY RISKS
    (contributed by Ken Pfeil, [email protected])

  • UNCHECKED BUFFER IN MICROSOFT'S FILE DECOMPRESSION FUNCTIONS

  • Joe Testa of Rapid7 and "zen-parse" discovered two vulnerabilities in the Windows Compressed Folders feature, one of which might let an attacker execute arbitrary code on the vulnerable system. The first vulnerability stems from an unchecked buffer in programs that handle decompressing files from zipped files. The second vulnerability involves the decompression feature and could place a file in a directory that isn't the same as, or a child of, the target directory that the user specifies. Microsoft has released Security Bulletin MS02-054 (Unchecked Buffer in File Decompression Functions Could Lead to Code Execution) to address these vulnerabilities, and recommends that affected users apply the appropriate patch mentioned in the bulletin.
    http://www.secadministrator.com/articles/index.cfm?articleid=26876

  • MULTIPLE VULNERABILITIES IN WINDOWS HELP FACILITY

  • David Litchfield of Next Generation Security Software (NGSSoftware) and Thor Larholm of PivX Solutions discovered two vulnerabilities in the Windows Help Facility, one of which could let an attacker execute arbitrary code on the vulnerable system. The first vulnerability stems from an unchecked buffer in an ActiveX control function that provides some of the Help Facility's functionality. The second vulnerability is the result of two flaws associated with the handling of compiled HTML Help (.chm) files that contain shortcuts. The first flaw involves the HTML Help facility incorrectly determining the Security Zone, and the second flaw involves the HTML Help facility not considering what folder the content resides in and trusting the Temporary Internet Folder. Microsoft has released Security Bulletin MS02-055 (Unchecked Buffer in Windows Help Facility Could Enable Code Execution) to address these vulnerabilities and recommends that affected users immediately apply the appropriate patch mentioned in the bulletin.
    http://www.secadministrator.com/articles/index.cfm?articleid=26877

    3. ANNOUNCEMENTS
    (brought to you by Windows & .NET Magazine and its partners)

  • MARK MINASI AND PAUL THURROTT ARE BRINGING THEIR SECURITY EXPERTISE TO YOU!

  • Windows & .NET Magazine Network Road Show 2002 is coming this October to New York, Chicago, Denver, and San Francisco! Industry experts Mark Minasi and Paul Thurrott will show you how to shore up your system's security and what desktop security features are planned for Microsoft .NET and beyond. Sponsored by NetIQ, Microsoft, and Trend Micro. Registration is free, but space is limited so sign up now!
    http://www.winnetmag.com/seminars/roadshow

  • ANNOUNCING THE NEW WINDOWS & .NET MAGAZINE VIP SITE!

  • The Windows & .NET Magazine VIP Site is a new subscription-based online technical resource. For a limited time, you can access this banner-free site where you'll find exclusive content normally reserved for VIP Site members only. Only subscribers will be able to enjoy this new site after October 14, so check it out today!
    http://vip.winnetmag.com

    4. SECURITY ROUNDUP

  • NEWS: TWO NEW WORMS, BUGBEAR AND OPASOFT, SPREADING ACROSS INTERNET

  • Two recently discovered worms are spreading across the Internet. One of the worms, Bugbear, is more dangerous than the other, Opasoft (aka Opaserv). Users should learn about Bugbear quickly to defend against it.
    http://www.secadministrator.com/articles/index.cfm?articleid=26863

  • NEWS: BALLMER TALKS SOFTWARE AND BLUEBERRY MUFFINS

  • In a sometimes-strange open letter posted to the Microsoft Web site, Microsoft CEO Steve Ballmer discusses how his company needs to do more to better serve its customers. The strange part comes early in the letter, with Ballmer discussing his only non-Microsoft job--marketing brownie mix and blueberry muffin mix.
    http://www.secadministrator.com/articles/index.cfm?articleid=26868

  • NEWS: WINDOWS & .NET MAGAZINE NAMES MEC 2002 BEST OF SHOW FINALISTS

  • Windows & .NET Magazine announced finalists for the Best of Show Awards for MEC 2002. Finalists were selected in five categories: management, mobility, networking/infrastructure, security, and collaboration and productivity. Windows & .NET Magazine editors will announce the Best of Show winners in Booth #526 at 12:00 p.m. on October 10 during MEC 2002 in Anaheim, California.
    http://www.secadministrator.com/articles/index.cfm?articleid=26859

  • NEWS: 64-BIT RC5 ALGORITHM FINALLY CRACKED

  • RSA Security announced that its RC5-64 Challenge was finally finished when someone discovered the correct encryption key on July 14. However, because of a glitch in the software running the competition, the winning key wasn't noted until August 12. Also, link to challenge winner Distributed.net's 72-bit RC5 key contest.
    http://www.secadministrator.com/articles/index.cfm?articleid=26857

    5. HOT RELEASES

  • FREE NETWORK SECURITY WEB SEMINARS

  • Want to bullet-proof your networks against malicious code? Register now for one or more web seminars and gain the experience from the world's leading virus experts. Seating is limited, register today to ensure your spot!
    http://www.sophos.com/products/training/webseminars/index.html#new

    6. SECURITY TOOLKIT

  • VIRUS CENTER

  • Panda Software and the Windows & .NET Magazine Network have teamed to bring you the Center for Virus Control. Visit the site often to remain informed about the latest threats to your system security.
    http://www.secadministrator.com/panda

  • VIRUS ALERT: BUGBEAR

  • Bugbear affects several antivirus programs and firewalls, leaving the computer somewhat defenseless against other viruses, worms, and network-based attacks. Bugbear also installs a keystroke logger, which records all keyboard activity, including entry of usernames and passwords. In addition, the worm allows a degree of remote control over infected machines by providing a means for remote users to manipulate users' files, including downloading and execution, through a Web-based interface the worm installs. The worm can also force specified processes to terminate. Systems already infected with the Klez worm (one of the widest-spreading worms to date) are especially vulnerable to Bugbear because both worms take advantage of an IFRAME-related security problems with Windows OSs.
    http://www.secadministrator.com/panda/index.cfm?fuseaction=virus&virusid=1284

  • FAQ: HOW CAN I SAVE MICROSOFT INTERNET EXPLORER (IE) 6.0 SERVICE PACK 1 (SP1) LOCALLY?

  • (contributed by John Savill, http://www.windows2000faq.com)

    A. To install IE SP1, you typically download the installation wizard, which then downloads and installs the required components. Using this process, you must connect to the Web for every installation.

    Alternatively, you can save the entire service pack to disk by performing the following steps:

    1. Download the Microsoft installation wizard (i.e., ie6setup.exe.
    2. Copy the installation wizard setup file into a folder (e.g., ie6sp1).
    3. Open the Run dialog box (go to Start, Run), then enter the command "d:\ie6sp1\ie6setup.exe" /c:"ie6wzd.exe /d /s:""#E".
    4. Click Yes to the license agreement.
    5. Select the service pack versions you want to download, specify the download location, then click Next.

    The installation wizard will save the installation files locally so that you can perform network installations without connecting to the Microsoft Web site each time. After the download is complete, a dialog box will ask you to confirm using ie6setup.exe in the selected folder to begin installation.

    7. NEW AND IMPROVED
    (contributed by Judy Drennen, [email protected])

  • EMAIL EXPLOIT ENGINE BLOCKS THREATS AND ATTACKS

  • GFI Software launched an email exploit engine, which is included in GFI MailSecurity for Exchange/SMTP. The exploit engine protects networks against current and future email attacks. Antivirus software is designed to detect known malicious code. An email exploit engine takes a different approach: It works like an Intrusion Detection System (IDS) for email and analyzes code for exploits that could be malicious. Therefore, it can protect against new and unknown malicious code. Prices start at $295 for 10 users and include a year of free antivirus engine updates. Contact GFI at 888-243-4329 or go to the Web site.
    http://www.gfi.com/mailsecurity.

  • SERVER-BASED SECURITY APPLICATION

  • Appligent released SecurSign 2.0, a server-based software application that adds unique security and authentication capabilities to PDF files. The software lets PDF users add digital signatures directly to PDFs, as well as apply standard Adobe security features to these documents at the 40-bit or 128-bit level. SecurSign 2.0 runs on Windows, Linux 7, AIX, Mac OS X, Solaris, and HP-UX. For pricing, contact Appligent at 610-284-4006 or go to the Web site. http://www.appligent.com.

  • SUBMIT TOP PRODUCT IDEAS

  • Have you used a product that changed your IT experience by saving you time or easing your daily burden? Do you know of a terrific product that others should know about? Tell us! We want to write about the product in a future What's Hot column. Send your product suggestions to [email protected].

    8. HOT THREAD

  • WINDOWS & .NET MAGAZINE ONLINE FORUMS

  • http://www.winnetmag.com/forums

    Featured Thread: IPSec Without Kerberos
    (Two messages in this thread)

    A user wants to know what the IP Security (IPSec) options are for workstations or standalone servers that aren't members of a domain. For example, can he still set IPSec policies (under "local security policies")? A message he received during configuration seems to indicate that he can't set IPSec policies or that the policies might not work because the computer isn't a member of a domain. Read the responses or lend a hand:
    http://www.winnetmag.com/forums/rd.cfm?cid=42&tid=47327

    9. CONTACT US
    Here's how to reach us with your comments and questions:

    This email newsletter is brought to you by Security Administrator, the print newsletter with independent, impartial advice for IT administrators securing a Windows 2000/Windows NT enterprise. Subscribe today!
    http://www.secadministrator.com/sub.cfm?code=saei25xxup

    Receive the latest information about the Windows and .NET topics of your choice. Subscribe to our other FREE email newsletters.
    http://www.winnetmag.net/email

    Hide comments

    Comments

    • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

    Plain text

    • No HTML tags allowed.
    • Web page addresses and e-mail addresses turn into links automatically.
    • Lines and paragraphs break automatically.
    Publish