From: InfoSec News (isnC4I.ORG)
Date: Wed Apr 11 2001 - 18:41:50 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

********************
Windows 2000 Magazine Security UPDATE
**Watching the Watchers**
The weekly Windows 2000 and Windows NT security update newsletter from
the Windows 2000 Magazine Network
http://www.win2000mag.net/Channels/Security
********************

This week's issue sponsored by

UltraBac Version 6.3 Deploys Machines Faster!
http://www.ultrabac.com/default.asp?src=SecUpdateApr1101&tgt=./

|-+-|-+-|-+-|-+-|-+-|-+-|
April 11, 2001 - In this issue:

1. IN FOCUS
     - Outlook 2002: Crippled to Protect You

2. SECURITY RISKS
     - DoS Condition in Navision's Financials Server 2.50 and 2.60

3. ANNOUNCEMENTS
     - Announcing Windows 2000 Magazine Network Seminars!
     - Join Industry Experts at Microsoft Tech Ed

4. SECURITY ROUNDUP
     - News: Can You Break Windows XP Security?
     - News: Authentify Helps Solve E-Commerce Authentication Woes
     - News: Three More Security Risks Found in WEP Protocol
     - News: Microsoft Intensifies Hunt for Software Pirates

5. NEW AND IMPROVED
     - Intrusion Prevention
     - Protection from DoS and DDoS Attacks
     - Halt Viruses While Abolishing Spam

6. SECURITY TOOLKIT
     - Book Highlight: Security Engineering: A Guide to Building
Dependable Distributed Systems
     - Virus Alert
     - FAQ: In Windows XP, How Do I Use the Password Reset Disk?
     - SOHO Security: Using Network Address Translation to Secure Your
Soho's Web Connection

7. HOT THREADS
     - Windows 2000 Magazine Online Forums
           Windows NT 4.0 Server and Win 98 Policies Are Not Working
     - HowTo Mailing List
           Security Risks with "Out of Office" Assistants

8. CONTACT US
See this section for a list of ways to contact us.

~~~~ SPONSOR: ULTRABAC VERSION 6.3 DEPLOYS MACHINES FASTER! ~~~~
UltraBac Software announces new support for Windows NT(R)/2000/XP
disaster recovery, disk cloning, and ultra-fast rollouts of server and
workstation installations. The utility runs using a Win9x/DOS bootable
floppy and can backup/restore only the clusters marked in-use. A system
administrator can now copy or restore multiple images onto a network
share (or tape) in significantly less time than other options. The
program is available without charge for personal use. Visit
http://www.ultrabac.com/default.asp?src=SecUpdateApr1101&tgt=./ to learn
more about this exciting new functionality.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Want to sponsor Security UPDATE?
Email emedia_oppswin2000mag.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

1. ========== IN FOCUS ==========

Hello everyone,

Have you seen Microsoft's new Office XP suite? The new software will be
on store shelves May 31, but some people are already complaining about
the new suite's Outlook 2002 client. Apparently, Microsoft has changed
the way Outlook handles sending and receiving file attachments because
of the onslaught of viruses, worms, and Trojans that constantly target
Outlook users.

As you know, previous Outlook versions can sometimes automatically
launch file attachments without the user's permission, and in other
cases, previous versions let unsuspecting users inadvertently launch
malicious files. In either scenario, the damage can become heavy and
widespread very quickly. The "IloveYou" virus reportedly spread via
Outlook into some 600,000 systems, where it has caused billions of
dollars in damage.

Microsoft hopes to curtail that sort of damage by limiting the types of
file attachments that can launch from within an email message.
Apparently, Outlook 2002 will block more than 30 different file types,
including executables, VBScript, JavaScript, Windows Help files, batch
files, and even some types of image files. Clearly, Microsoft is
protecting us from ourselves as much as it's protecting us from viruses,
worms, and Trojans.

When the "ILoveYou" virus struck, Microsoft quickly released updates for
Outlook 2000 and Outlook 97 that help make those mail clients more
immune to such nuisances. However, not everyone installed the patches,
and that virus and its mutations are still infecting users' systems. As
a result, Microsoft has taken much of the blame for the infections even
though it quickly provided a remedy. Outlook 2002's expanded file
attachment restrictions will prevent many such scenarios in the future
and save Microsoft plenty of backlash.

A news story in Tuesday's InfoWorld (URL below) offers a strong case for
Outlook 2002's new file attachment restriction. The article revealed
that Japanese audiovisual electronics manufacturer Pioneer inadvertently
sent email containing a worm to 10,758 consumers who had registered
their email addresses on the company's Web site to receive product and
event news. The virus, formally named Hybris (better known as Snow
White) is received as a file attachment, and users have to open the file
to become infected. As of today, 19 recipients of Pioneer's email have
actually opened the file to infect their systems. Outlook 2002 would
have prevented this infection outright.
http://www.infoworld.com/articles/hn/xml/01/04/10/010410hnpio.xml

Not everyone is happy about the new features. Many people feel that
Microsoft is breaking functionality that users rely on as an inherent
part of their daily routines. But Microsoft said that although the
restrictions will be part of Outlook 2002's default configuration, users
can disable the feature, although doing so will require editing the
registry. You can learn about the registry key settings in Sue Mosher's
article "The Scoop on Office XP and Outlook 2002" on our Web site (URL
below). The article first appeared in the March 5 edition of our
Exchange & Outlook UPDATE newsletter ( Subscribe here:
http://www.win2000mag.net/email ). In addition, Microsoft has a document
online that explains how to further customize Outlook 2002 security
settings via additional registry edits.
http://www.win2000mag.com/Articles/Index.cfm?ArticleID=20196
http://www.microsoft.com/Office/ork/xp/four/outg03.htm

In the meantime, anyone using Outlook 2002 will have to accept the file
attachment restrictions and develop workarounds to their daily email
usage. Richard Smith of the Privacy Foundation pointed out that although
the new mail client will restrict users from launching certain file
types, users can learn to Zip their files before transmission. In
addition, users can place their files on Web servers and email a URL to
the location in lieu of the actual file.

Personally, I think Microsoft's new approach is a good thing. However, I
run my mail client in a paranoid fashion; I don't open a file attachment
unless I'm absolutely certain of its origin and its content, and even
then, I do so with some hesitance. So to me, the changes are no real
burden; they simply mimic current practices that many leery users
already employ. But the new restrictions are bound to affect many
businesses' preferred workflow methods.

What do you think about Outlook 2002's new file attachment restrictions?
Send me a note with your thoughts. I'd love to hear them. Until next
time, have a great week!

Sincerely,
Mark Joseph Edwards, News Editor
markntsecurity.net

2. ========== SECURITY RISKS =========
(contributed by Ken Pfeil, Kenwin2000mag.com)

* DOS CONDITION IN NAVISION'S FINANCIALS SERVER 2.50 AND 2.60
Defcom Labs discovered a Denial of Service (DoS) condition in Navision
Financials Server versions 2.50 and 2.60 for Windows 2000 and Windows NT
that lets a remote attacker crash the server service. By sending a null
character followed by 30,000 bytes of the character "A" to TCP port
2047, the attacker can cause a buffer overflow that terminates the
process server.exe. The vendor recommends preventing access to port 2047
from untrusted systems. Contact Navision-Damgaard Support to obtain a
patch for this problem.
http://www.windowsitsecurity.com/articles/index.cfm?articleID=20597

3. ========= ANNOUNCEMENTS ==========

* ANNOUNCING WINDOWS 2000 MAGAZINE NETWORK SEMINARS!
Don't miss our new 1- and 2-day seminars presented by industry experts
Mark Minasi, Kalen Delaney, and Steve Milroy. Polish your IT skills in
informative sessions about Windows 2000 Server, SQL Server, and mobile
and wireless connectivity. Seminars will be held in Los Angeles, Boston,
and San Francisco in May and June. Sign up today!
http://www.win2000mag.net/seminars

* JOIN INDUSTRY EXPERTS AT MICROSOFT TECH ED
Microsoft Tech Ed 2001 (June 17 through 21) is the premiere technical
education event for building solutions on the Microsoft platform. Learn
how to develop and deploy Web Services and hear the latest buzz about
supplier enablement, mobility, integrated enterprise solutions, and
.NET. This event has sold out for 6 years in a row so register today!
http://msdn.microsoft.com/events/teched

4. ========== SECURITY ROUNDUP ==========

* NEWS: CAN YOU BREAK WINDOWS XP SECURITY?
Microsoft quietly put a new test site online March 31 to let hackers
attempt to breach Windows XP's security. Microsoft placed a version of
Windows XP Home Edition online in a configuration that resembles a
typical user's home setup. The Web site will help Microsoft determine
configuration settings that it can recommend to the new OS's potential
users.
http://www.windowsitsecurity.com/Articles/Index.cfm?ArticleID=20596

* NEWS: AUTHENTIFY HELPS SOLVE E-COMMERCE AUTHENTICATION WOES
Authentify recently announced the release of its flagship product,
Authentify|Register. Authentify's new product authenticates Internet
users with a two-factor technique that also adds to audit trails.
According to company representatives, Authentify|Register adds another
layer of security to secure registration systems by synchronizing a
user's registration process with an automated outbound telephone call to
that user. During the call, the user must enter data on the telephone
keypad and have his or her voice data recorded for use in custom
applications.
http://www.windowsitsecurity.com/Articles/Index.cfm?ArticleID=20595

* NEWS: THREE MORE SECURITY RISKS FOUND IN WEP PROTOCOL
Researchers at the University of Maryland's Computer Science Department
have discovered three new security risks in the Wired Equivalent Privacy
(WEP) technology used in the 802.11 standard. According to a report by
William A. Arbaugh, Narendar Shankar, and Y.C. Justin Wan, published
March 30, the three risks involve vulnerabilities in two access control
mechanisms currently used in Orinoco and in Lucent Technology's Wavelan
PCMCIA cards. In addition, the researchers identified an eavesdropping
attack that an intruder can leverage against WEP's shared-key
authentication mechanisms.
http://www.windowsitsecurity.com/Articles/Index.cfm?ArticleID=20577

* NEWS: MICROSOFT INTENSIFIES HUNT FOR SOFTWARE PIRATES
Microsoft is scanning the Internet looking for pirated copies of its
software. Six months ago, Microsoft launched a worldwide antipiracy
campaign using its proprietary Internet Scanning Tool that helps the
company locate potentially illegal copies of its software for sale on
Web sites, particularly at online auctions.
http://www.windowsitsecurity.com/Articles/Index.cfm?ArticleID=20533

5. ========== NEW AND IMPROVED ==========
(contributed by Judy Drennen, productswin2000mag.com)

* INTRUSION PREVENTION
Hewlett-Packard's (HP's) WebEnforcer for Windows 2000 provides in-depth
intrusion prevention for Win2K environments by continually discovering
and fixing security vulnerabilities, while protecting against
unauthorized changes and attacks. WebEnforcer disables system services
and subsystems that might become security vulnerabilities. The product
secures Distributed COM (DCOM) permissions, remote registry access, and
hundreds of registry settings; assigns appropriate user rights; and
secures files and folders. For more information, go to the following HP
Web site.
http://www.hp.com/security

* PROTECTION FROM DOS AND DDOS ATTACKS
VHB Technologies released content-intelligent VHB-2000, an appliance
that you can install on the Internet backbone because it filters data,
voice, and video at extremely high speeds. When hackers launch Denial of
Service (DoS) or Distributed Denial of Service (DDoS) attacks over the
Internet, VHB-2000 prevents service disruption by stopping the onslaught
at the WAN level before the attack clogs local customers' networks. For
more information, contact VHB Technologies, 972-783-6880.
http://www.vhbtech.com

* HALT VIRUSES WHILE ABOLISHING SPAM
Atypie Software released Kill the Spams to keep your inbox free of
unsolicited commercial email (UCE) and malicious virus attachments. Kill
the Spams runs on Windows 2000, Windows NT, and Windows 9x and uses a
custom algorithm to analyze the emails in your inbox, before you
download them to your computer. Kill the Spams can determine whether an
individual or bulk email program sent an email. The product costs $20.
For more information or to order the product, contact Atypie Software
through its Web site.
http://www.zipstore.com

6. ========== SECURITY TOOLKIT ==========

* BOOK HIGHLIGHT: SECURITY ENGINEERING: A GUIDE TO BUILDING DEPENDABLE
DISTRIBUTED SYSTEMS
By Ross Anderson
Fatbrain Online Price: $59.99
Softcover; 640 pages
Published by John Wiley & Sons, March 2001
ISBN 0471389226
Written by Ross Anderson, a security design expert, "Security
Engineering: A Guide to Building Dependable Distributed Systems" shows
you how to create dependable security systems. This guide introduces the
basic concepts of security, provides security design tips, secrets to
Internet intrusion detection, and explains security tools, including
cryptography, Data Encryption Standard (DES), Advanced Encryption
Standard (AES), Skipjack, and stream ciphers.

For more information or to purchase this book, go to the Windows 2000
Magazine Bookstore and click UPDATE Highlights under Highlighted Titles.
http://www1.fatbrain.com/store.cl?p=win2000mag&s=97772

Or go to
http://www1.fatbrain.com/asp/bookinfo/bookinfo.asp?theisbn=0471389226
and enter WIN2000MAG as the discount code when you order the book.

* VIRUS ALERT
Panda Software and the Windows 2000 Magazine Network have teamed to
bring you the Center for Virus Control. Visit the site often to remain
informed about the latest threats to your system security.
http://www.windowsitsecurity.com/panda

* FAQ: IN WINDOWS XP, HOW DO I USE THE PASSWORD RESET DISK?
( contributed by John Savill, http://www.windows2000faq.com )

Windows XP includes a feature that lets you reset your password if you
should forget what it is. To enable the functionality, a user must
create a password reset disk (on 3.5" diskette). If users forget their
password, they can use the disk during the logon process to reset the
forgotten password. To learn all about this new feature in Windows XP be
sure to visit our FAQ!
http://www.windows2000faq.com/Articles/Index.cfm?ArticleID=20545

* SOHO SECURITY: USING NETWORK ADDRESS TRANSLATION TO SECURE YOUR SOHO'S
WEB CONNECTION
Are you thinking about adding multiple computers to your small
office/home office (SOHO) Internet connection? Find out what you need to
know about Network Address Translation (NAT) to secure your Web
connection in Jonathan Hassel's latest article on our Web site!
http://www.windowsitsecurity.com/Articles/Index.cfm?ArticleID=20569

7. ========== HOT THREADS ==========

* WINDOWS 2000 MAGAZINE ONLINE FORUMS

The following text is from a recent threaded discussion on the Windows
2000 Magazine online forums.
http://www.win2000mag.net/forums

April 01, 2001, 07:38 P.M.
Windows NT 4.0 Server and Win98 Policies Are Not Working
(Three messages in this thread)
I am running a Windows NT 4.0 server and the Win98 policies I've created
are not working correctly. I set up a policy file to use for Win98,
where the stations would not be able to use the command prompt, reg edit
tools, etc. (this is in a school setting). Now I set a policy for a
certain user and all seemed to be working fine for approximately 3
weeks. Then all of a sudden when I try logging in using the student user
ID everything works as I set it up. Then when I try to log in using my
account, I end up with the same restrictions. Even though I never
included my account in the policy. Then I tried deleting the policy file
from the server and the work stations appear to have inherited the
policy settings. Even though I have removed the Config.Pol file from the
log in directory. I'd appreciate any input on fixing this and continuing
to use Win98 policies.

Thread continues at
http://www.win2000mag.net/Forums/Application/Thread.cfm?CFApp=64&Thread_ID=63242&mc=3

* HOWTO MAILING LIST
Each week we offer a quick recap of some of the highlights from the
HowTo for Security mailing list. The following thread is in the
spotlight this week.

Security Risks with "Out of Office" Assistants
(Four messages in this thread)
What are the security risks involved with allowing "out-of-office"
replies to the Internet? My users scream for the ability to do this, but
something bothers me about automatically sending messages out of my
network giving specific information on who is gone, and when they will
be back. Maybe I'm just paranoid. I know this has been a hot
administrative topic on this mailing list from time to time, but I am
wondering about the security aspects of this feature.
http://63.88.172.96/go/page_listserv.asp?A2=IND0104A&L=HOWTO&P=555

Follow this link to read all threads for April, Week 1:
http://63.88.172.96/go/page_listserv.asp?A1=ind0104A&L=howto

8. ============ CONTACT US ============
Here's how to reach us with your comments and questions.

* COMMENTS ABOUT THE COMMENTARY?
Email Mark Joseph Edwards at markntsecurity.net

* COMMENTS ABOUT THE NEWSLETTER IN GENERAL?
Email Managing Editor Trish Faubion at tfaubionwin2000mag.com. Please
mention the name of the newsletter in the subject line or body.

* TECHNICAL QUESTIONS?
Please post your technical questions to the discussion area.
http://www.win2000mag.net/forums

* PRODUCT NEWS?
Email press releases to productswin2000mag.com.

* QUESTIONS ABOUT YOUR SECURITY UPDATE SUBSCRIPTION?
Email Customer Support at securityupdatewin2000mag.com.

* WANT TO SPONSOR SECURITY UPDATE?
Email emedia_oppswin2000mag.com

********************
This Security UPDATE is brought to you by Windows 2000 Magazine, the
leading publication for Windows 2000/NT professionals who want to learn
more and perform better. Subscribe today.
http://www.win2000mag.com/sub.cfm?code=00inxupb

|-+-|-+-|-+-|-+-|-+-|-+-|

Windows 2000 Magazine Security UPDATE Staff
News Editor - Mark Joseph Edwards (mjewin2000mag.com)
Editor - Gayle Rodcay (gaylewin2000mag.com)
New and Improved - Judy Drennen (productswin2000mag.com)
Copy Editor - Heather Lennert (hlennertwin2000mag.com)

|-+-|-+-|-+-|-+-|-+-|-+-|

========== GET UPDATED! ==========
Receive the latest information about the Windows 2000 and Windows NT
topics of your choice, including Win2K Pro, Exchange Server, training
and certification, SQL Server, IIS administration, XML, application
service provision, .NET, wireless and mobile devices, and more. Visit
our Web site to subscribe to our other FREE email newsletters.
http://www.win2000mag.com/sub.cfm?code=up00inxwnf
|-+-|-+-|-+-|-+-|-+-|-+-|-

Thank you for reading Security UPDATE.

SUBSCRIBE
To subscribe send a blank email to
subscribe-Security_UPDATElist.win2000mag.net.

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERVSecurityFocus.com with a message body of
"SIGNOFF ISN".

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]