SecurityFocus Microsoft Newsletter #116

SecurityFocus Microsoft Newsletter #116

This issue is sponsored by St. Bernard Software

Solution to Find & Fix Network Vulnerabilities

Identifying and eliminating network vulnerabilities just got easier. Award-winning Retina scans networks for early detection of vulnerabilities, while UpdateEXPERT provides automated critical patch management assistance.

For a FREE TRIAL visit: http://www.eeye.com/ctrack.asp?ref=STBJOINT2

I. FRONT AND CENTER

1. Barbarians at the Gate: An Introduction to Distributed Denial...
2. Does Research Support Dumping Linux?
3. SecurityFocus DPP Program
4. InfoSec World Conference and Expo/2003 (March 10-12, 2003,Orlando, FL) II. MICROSOFT VULNERABILITY SUMMARY
5. Computer Associates InoculateIT Yaha.E Exchange Filter Bypassing
6. YaBB YaBB.pl Cross Site Scripting Vulnerability
7. Moby NetSuite POST Handler Buffer Overflow Vulnerability
8. McAfee VirusScan WebScanX Code Execution Vulnerability
9. Microsoft Windows XP Wireless LAN AP Information Disclosure...
10. PortailPHP SQL Injection Vulnerability
11. Pedestal Software Integrity Protection Driver Bypass Vulnerability
12. 3D3.Com ShopFactory Shopping Cart Cookie Price Manipulation...
13. Microsoft Internet Explorer Dialog Style Same Origin Policy...
14. phpBB search.php Cross Site Scripting Vulnerability
15. pWins Web Server Directory Traversal Vulnerability
16. Webster HTTP Server Long Request Buffer Overrun Vulnerability
17. Webster HTTP Server File Disclosure Vulnerability
18. Webster HTTP Server Cross Site Scripting Vulnerability
19. Lawson Financials Account Credentials World Accessible... III. MICROSOFT FOCUS LIST SUMMARY
20. Container Names in RSACryptoServiceProvider class (Thread)
21. issues with syskey in NT 4.0 (Thread)
22. SecurityFocus Microsoft Newsletter #115 (Thread)
23. Question: Buffer Overrun in Microsoft Data Access Components...
24. Secure / Encrypt Terminal Services (Thread) IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
25. ActivPack for NDS
26. i.Secure Office
27. SafeBoot 3
28. NEW TOOLS FOR MICROSOFT PLATFORMS
29. klogger v1.0
30. CECrypt v1.1
31. KerbCrack v1.0 VI. SPONSOR INFORMATION
32. FRONT AND CENTER

    ---

33. Barbarians at the Gate: An Introduction to Distributed Denial of Service Attacks By Matthew Tanase

DDoS attacks first made headlines in February 2000. Now, almost three years later, can it be that we're still vulnerable? Unfortunately the answer is yes. This article will explain the concept of DDoS attacks, how they work, how to react if you become a target, and how the security community can work together to prevent them.

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

http://online.securityfocus.com/infocus/1647

2. Does Research Support Dumping Linux?
By Tim Mullen

Microsoft's security policies are getting better every day, even as a new report slams open-source competitors as security nightmares. But the easy answers aren't always the right ones.

http://online.securityfocus.com/columnists/127

3. SecurityFocus DPP Program

Attention Universities!! Sign-up now for preferred pricing on the only global early-warning system for cyber attacks - SecurityFocus DeepSight Threat Management System.

Click here for more information:
http://www.securityfocus.com/corporate/products/dpsection.shtml

4. InfoSec World Conference and Expo/2003 (March 10-12, 2003, Orlando, FL)

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Optional Workshops March 8, 9, 12, 13, & 14 Vendor Expo March 10 & 11

Solutions to today’s security concerns; hands-on experts; blockbuster vendor expo; the CISO Executive Summit; invaluable networking opportunities. InfoSec World has it all!

Go to: http://www.misti.com/10/os03nl37inf.html

II. BUGTRAQ SUMMARY

1. Computer Associates InoculateIT Yaha.E Exchange Filter Bypassing Vulnerability BugTraq ID: 6290 Remote: Yes Date Published: Dec 02 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6290 Summary:

Computer Associates InoculateIT's Exchange option allows incoming email to be scanned as well as background scanning of the Exchange database.

It has been reported that some email messsages containing the W32.Yaha.E@mm worm are able to bypass the incoming mail scanner. Most messages containing this worm are detected by the scanner, but some messages are allowed through.

Some messages generated by the Yaha worm use the Microsoft IE MIME Header Attachment Execution Vulnerability (BID 2524). This may be related to this issue, however, precise details are not currently known.

This entry will be updated if and when more details become available.

Can we help you?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

2. YaBB YaBB.pl Cross Site Scripting Vulnerability BugTraq ID: 6272
Remote: Yes
Date Published: Nov 28 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6272
Summary:

YaBB (Yet Another Bulletin Board) is freely available web forum software that is written in Perl. YaBB will run on most Unix/Linux variants, MacOS, and Microsoft Windows 9x/ME/NT/2000/XP platforms.

A cross-site scripting vulnerability has been reported in the YaBB forum 'YaBB.pl' script. This vulnerability is due to insufficient sanitization of URI parameters.

As a result, it is possible for a remote attacker to create a malicious link to the login page of a site hosting the web forum. The malicious link may contain arbitrary HTML code in URI parameters. When this link is visited by an unsuspecting web user, the attacker-supplied code will be executed in their browser in the security context of the vulnerable website.

It has been demonstrated that this vulnerability may be exploited to steal cookie-based authentication credentials.

This vulnerability has been reported for YaBB 1 Gold - SP 1. It is not known if other versions are affected.

3. Moby NetSuite POST Handler Buffer Overflow Vulnerability BugTraq ID: 6277
Remote: Yes
Date Published: Nov 29 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6277
Summary:

Moby NetSuite is a small SMTP and HTTP/CGI server designed for use with the Microsoft Windows operating system.

Can't find what you're looking for?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

A buffer overflow vulnerability has been reported for Moby NetSuite that may result in a denial of service condition. Reportedly, it is possible to cause NetSuite to crash when a malformed POST request is received. Specifically, the denial of service condition is triggered when a POST request is received that has an overly large integer value as the value for the 'Content-Length' header field.

An attacker can exploit this vulnerability by issuing a POST request with a 'Content-Length' value that is a very large integer. When NetSuite attempts to service the malformed POST request, it will crash resulting in a denial of service. Restarting the service is neccessary to restore functionality.

Although unconfirmed, this may be a remotely exploitable buffer overflow condition and code execution may be possible.

4. McAfee VirusScan WebScanX Code Execution Vulnerability BugTraq ID: 6288
Remote: No
Date Published: Dec 02 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6288
Summary:

McAfee VirusScan contains a component for scanning Internet downloads and active content called WebScanX. Since explorer.exe can also be used as a web browser, WebScanX will hook the application.

A vulnerability exists in WebScanX that could allow arbitrary code execution in the security context of the local system account. This behaviour only appears to occur if a user's home directory (ie. Documents and Settings\<username>) is located on a network share.

When Explorer is used to browse the local disk, WebScanX appears to open several DLL (Dynamic Link Libraries) from the user's home directory. If one of these DLLs were replaced with a malicious file, WebScanX could execute the attacker-supplied code in the local system context.

This vulnerability was reported on VirusScan 4.5.1sp1. Other versions may be vulnerable.

Don't know where to look next?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

5. Microsoft Windows XP Wireless LAN AP Information Disclosure Vulnerability BugTraq ID: 6312
Remote: Yes
Date Published: Dec 04 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6312
Summary:

An information disclosure vulnerability has been reported for Microsoft Windows XP systems using a wireless LAN setup.

The vulnerability exists due to the configuration of Windows XP. If a system is configured for use with a wireless network, Windowx XP systems will automatically search for available access points (APs). If APs are not found, requests are still submitted until a connection is achieved.

An attacker can exploit this vulnerability to set up an AP with the same SSID (Service Set ID) of an AP configured for use with an XP system. When the vulnerable system recognizes this malicious AP, it will then begin transmission of data.

This can be exploited by an attacker to intercept and decrypt any transmissions received from a vulnerable system. Information obtained in this manner may be used to launch further, destructive attacks against a vulnerable system.

6. PortailPHP SQL Injection Vulnerability BugTraq ID: 6273
Remote: Yes
Date Published: Nov 28 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6273
Summary:

Portail PHP is a Web portal project based PHP and MySQL. It is available for the Linux, Unix, and Microsoft Windows operating systems.

A vulnerability exists in the mod_search module included with PortailPHP. The vulnerability is due to insufficient sanitization of variables used to construct SQL queries in the 'index.php' script. Specifically, the 'rech' variable is not sanitized of malicious SQL input. It is possible to modify the logic of SQL queries through malformed query strings in requests for the vulnerable script.

Confused? Frustrated?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

By injecting SQL code into the 'rech' variable, it may be possible for an attacker to corrupt database information.

7. Pedestal Software Integrity Protection Driver Bypass Vulnerability BugTraq ID: 6295
Remote: No
Date Published: Dec 02 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6295
Summary:

Pedestal Software Integrity Protection Driver (IPD) is open source software designed to prohibit new services and drivers from being installed and to prevent the modification of existing drivers. This provides protection from rootkit installation on Microsoft Windows NT/2000 systems.

When systems with IPD installed are rebooted, the IPD does not start until the system has been up for twenty minutes. This allows new services and drivers to be installed, or the uninstallation of IPD.

IPD appears to rely on the system clock to determine the end of the twenty minute startup window. This could allow an attacker who gains privileged access to the system to set the system clock back in order to increase the time window before IPD starts.

During this period, the attacker could install a rootkit or make further modifications to the system before resetting the system clock allowing IPD to start.

8. 3D3.Com ShopFactory Shopping Cart Cookie Price Manipulation Vulnerability BugTraq ID: 6296
Remote: Yes
Date Published: Dec 02 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6296
Summary:

ShopFactory is an e-commerce application for Microsoft Windows operating systems. It is distributed by 3D3.Com.

Call Pantek today for Open Source Technical Support at 1-877-546-8934 - 24/7/365

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

A problem with ShopFactory may make it possible for users to change prices on items.

When a user visits a site and creates a shopping cart, information on items added to the cart are stored in web cookies. The information stored in these cookies is later retrieved by ShopFactory and used to give the user the price on the item. Changing the information contained in the cookie could change variables quoted to the user by the ShopFactory site.

This vulnerability has been reported to allow the changing of prices. A malicious user could attempt to exploit this vulnerability to steal from e-commerce sites.

9. Microsoft Internet Explorer Dialog Style Same Origin Policy Bypass Vulnerability BugTraq ID: 6306
Remote: Yes
Date Published: Dec 03 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6306
Summary:

It is possible to bypass the origin policy used by Internet Explorer for the showModalDialog and showModelessDialog functions. Under some circumstances, it may be possible to execute script code in sensitive contexts.

Microsoft Internet Explorer includes support for dialog windows through script calls to the two functions showModalDialog and showModelessDialog. These functions accept a URL location for the dialog content, and an option argument parameter to allow data to be passed to the dialog from the calling page. Additionally, various styles can be applied to the dialog from the calling page such as font-size, width, and height.

A check is done to ensure that data is only passed to dialogs located in the same domain, port and protocol as the calling page. This prevents a malicious party from injecting content into arbitrary dialogs. However, script code can be injected into the style parameters and bypass this check.

As a result, a malicious party may open a dialog with a URL which will pass this check, and have the script code within the style parameters execute in the zone of the target URL.

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

The consequences of exploitation are highly dependant on the functionality of the targetted dialog. It is likely that this vulnerability could lead to subversion of information or social engineering attacks.

It has been demonstrated to possibly inject script code into dialogs included by default with versions of Internet Explorer 6.0 and 6.0SP1, however, earlier versions may also be vulnerable. This can be used to execute arbitrary script code in the Local Computer Zone.

1. phpBB search.php Cross Site Scripting Vulnerability BugTraq ID: 6311 Remote: Yes Date Published: Dec 03 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6311 Summary:

phpBB is an open-source web forum application that is written in PHP and supported by a number of database products. It will run on most Unix and Linux variants, as well as Microsoft Windows operating systems.

phpBB is prone to cross site scripting attacks. The problem lies in the search.php script which fails to properly sanitize user-supplied input in the 'search_username' parameter.

By exploiting this issue it may be possible to steal a users cookie-based authentication credentials. This could be accomplished by constructing a malicious link containing script code embedded in the 'search_username' parameter.

1. pWins Web Server Directory Traversal Vulnerability BugTraq ID: 6271 Remote: Yes Date Published: Nov 28 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6271 Summary:

pWins is a Web server implemented using Ruby and Perl. It is designed for use on Linux variant and Microsoft Windows operating environments.

It has been reported that pWins fails to properly sanitize web requests. By sending a malicious web request to the vulnerable server, using directory traversal sequences, it is possible for a remote attacker to access sensitive resources located outside of the web root.

An attacker is able to traverse outside of the established web root by using dot-dot-slash (../) directory traversal sequences. An attacker may be able to obtain any web server readable files from outside of the web root directory.

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Disclosure of sensitive system files may aid the attacker in launching further attacks against the target system.

This vulnerability has been reported for pWins 0.2.5 for the Microsoft Windows platform.

1. Microsoft Windows XP Fast User Switching Process Viewing Weakness BugTraq ID: 6280 Remote: No Date Published: Nov 29 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6280 Summary:

Microsoft Windows XP contains a feature called Fast User Switching (FUS). This allows multiple users to be concurrently logged onto the system; only one user can interact with the system at a time. FUS is enabled by default on Windows XP Home edition, but not on Professional edition. It cannot be enabled on systems that are members of a domain.

FUS contains a weakness that could allow unprivileged users to view other users' process lists.

Members of the Administrators group can enable an option to view other users' process lists. If a member of the Administrators group enables this option and is subsequently removed from the group, they are still able to view other users' process lists.

While this is not directly exploitable, it may violate other users' privacy or the information obtained may potentially be used to mount attacks on other local users.

1. Webster HTTP Server Long Request Buffer Overrun Vulnerability BugTraq ID: 6289 Remote: Yes Date Published: Dec 02 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6289 Summary:

Webster HTTP Server is an HTTP/1.0 server written in C++ using Microsoft Foundation Classes (MFC). It is available for the Microsoft Windows operating system.

A buffer overrun vulnerability has been discovered in Webster HTTP server. It is possible to trigger this condition by passing Webster HTTP server a malicious URL containing 275 or more bytes of data.

Can we help you?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

This issue can be exploited to overwrite the programs instruction pointer, potentially resulting in the execution of malicious code. Exploitation of this issue would allow an attacker to run arbitrary system commands with the privileges of Webster.

1. Webster HTTP Server File Disclosure Vulnerability BugTraq ID: 6291 Remote: Yes Date Published: Dec 02 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6291 Summary:

Webster HTTP Server is an HTTP/1.0 server written in C++ using Microsoft Foundation Classes (MFC). It is available for the Microsoft Windows operating system.

A file disclosure vulnerability has been discovered in Webster HTTP Server. By constructing a malicious URL containing directory traversal sequences (../), it is possible for a remote attacker to disclose a known system resource.

This vulnerability could be exploited to obtain the systems SAM file or other sensitive resources, which may be used by the attacker to launch further attacks against the target system.

1. Webster HTTP Server Cross Site Scripting Vulnerability BugTraq ID: 6292 Remote: Yes Date Published: Dec 02 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6292 Summary:

Webster HTTP Server is an HTTP/1.0 server written in C++ using Microsoft Foundation Classes (MFC). It runs on Windows 95, 98, NT, 2000, Me, and XP platforms.

It has been discovered that Webster HTTP Server fails to sanitize user-supplied input, making it vulnerable to cross site scripting attacks. By including HTML or script code in a malconstructed link, it may be possible to execute arbitrary code within the context of the visited website.

This issue may be exploited to steal cookie-based authentication credentials from legitimate users of the website running the vulnerable software. The attacker may hijack the session of the legitimate by using cookie-based authentication credentials.

1. Lawson Financials Account Credentials World Accessible Vulnerability BugTraq ID: 6293 Remote: No Date Published: Dec 02 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6293 Summary:

Lawson Financials is a commercially available financial planning and tracking software package. It is available for the Unix and Microsoft Windows platforms.

Can't find what you're looking for?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

A problem with Lawson Financials may make it possible for local users to gain access to other user's accounts.

Lawson Financials requires specific configuration guidelines for the Lawson certification process. These guidelines give users the ability to install Lawson Financials with a limited set of configuration options.

Some default configurations of Lawson Financials may allow unauthorized users access to sensitive information. By default, user credentials such as the Lawson Financials user name and password are stored in a world-readable, world-writable file. This could allow a user with local access to a Lawson Financials system to gain access to the Financials database. This is known to affect Financials installed on the UNIX operating system.

Exploiting this vulnerability could result in an attacker connecting directly to the database via some means such as ODBC or JDBC. The attacker would then have access to the Financials database with the privileges of any user listed in the database user file. It should be noted that passwords stored in the file are in plain text.

III. MICROSOFT FOCUS LIST SUMMARY

1. Container Names in RSACryptoServiceProvider class (Thread) Relevant URL:

http://online.securityfocus.com/archive/88/302112

2. issues with syskey in NT 4.0 (Thread) Relevant URL:

http://online.securityfocus.com/archive/88/302111

Don't know where to look next?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

3. SecurityFocus Microsoft Newsletter #115 (Thread) Relevant URL:

http://online.securityfocus.com/archive/88/301856

4. Question: Buffer Overrun in Microsoft Data Access Components Coul d Lead to Code Execution (Q329414) (Thread) Relevant URL:

http://online.securityfocus.com/archive/88/301855

5. Secure / Encrypt Terminal Services (Thread) Relevant URL:

http://online.securityfocus.com/archive/88/301663

IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS

1. ActivPack for NDS by ActivCard Platforms: RACF, Windows 2000, Windows 95/98, Windows NT, Windows XP http://www.activcard.com/activ/products/infrastructure/activpack_nds/index.html Summary:

ActivPack delivers integrated digital identity services, strong authentication and smart card/token management for a comprehensive solution seamlessly integrated into NDS® eDirectory and the ConsoleOne management system. Linked tightly with Novell Modular Authentication Service (NMAS) and iChain, ActivCard enables smart card-based login to NDS using a private key and digital certificate stored securely on the user's card, and token-based login with one-time passwords.

Confused? Frustrated?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

2. i.Secure Office
by Archisoft Security Solutions Limited
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP http://www.archisoft.com.hk/secureoffice.html Summary:

i.Secure Office is a plug-in security module for Microsoft Office. It makes use of the latest PKI technology together with personal Smart Token to ensure that every document that reaches its users is uniquely identified, confidential and intact. i.Secure Office works transparently with Microsoft Office to promote unsurpassed security.

3. SafeBoot 3
by Control Break International
Platforms: DOS, Windows 2000, Windows 95/98, Windows NT, Windows XP http://www.safeboot.com/products/safeboot.html Summary:

SafeBoot 3 is a PC security system that prevents the data stored on a PC's hard disk from being read or used by an unauthorized person. SafeBoot 3 encrypts the data stored on the hard disk and secures access to the PC via a password or token at boot time. If a user fails to logon to SafeBoot 3, or if an unauthorized person tries to access or use the PC, SafeBoot 3 will prevent access to the PC and its data.

V. NEW TOOLS FOR MICROSOFT PLATFORMS

1. klogger v1.0 by Arne Vidstrom Relevant URL: http://www.ntsecurity.nu/toolbox/klogger/ Platforms: Windows 2000, Windows NT, Windows XP Summary:

"klogger" is a keystroke logger for Windows NT / 2000.

2. CECrypt v1.1
by Arne Vidstrom
Relevant URL:
http://www.ntsecurity.nu/toolbox/cecrypt/ Platforms: Windows CE
Summary:

CECrypt is a file encryption tool for Windows CE, that can encrypt with either 3-DES or IDEA.

Call Pantek today for Open Source Technical Support at 1-877-546-8934 - 24/7/365

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

3. KerbCrack v1.0
by Arne Vidstrom
Relevant URL:
http://www.ntsecurity.nu/toolbox/kerbcrack/ Platforms: Windows 2000, Windows XP
Summary:

KerbCrack consists of two programs, kerbsniff and kerbcrack. The sniffer listens on the network and captures Windows 2000/XP Kerberos logins. The cracker can be used to find the passwords from the capture file using a brute force attack or a dictionary attack.

VI. SPONSOR INFORMATION

Solution to Find & Fix Network Vulnerabilities

Identifying and eliminating network vulnerabilities just got easier. Award-winning Retina scans networks for early detection of vulnerabilities, while UpdateEXPERT provides automated critical patch management assistance.

For a FREE TRIAL visit: http://www.eeye.com/ctrack.asp?ref=STBJOINT2