SecurityFocus Microsoft Newsletter #133

From: Marc Fossi <mfossi(at)securityfocus.com>
Date: Mon Apr 14 2003 - 14:21:31 EDT

SecurityFocus Microsoft Newsletter #133

---

This issue is Sponsored by: NwTech

STOPPING SPAM !!! Prevent Spam from entering your network.

Request your Free White Paper & Security Solutions CD on how to &#x201c;STOP SPAM&#x201d; from clogging your Mail Server with Junk Mail, and Viruses. Let us show you how !

http://www.securityfocus.com/NwTech-ms-secnews

---

I. FRONT AND CENTER

1. Steganography Revealed
2. Specter: A Commercial Honeypot Solution for Windows
3. Cryptographic File Systems, Part Two: Implementation
4. Super-DMCA Not So Bad
5. SecurityFocus DPP Program II. MICROSOFT VULNERABILITY SUMMARY
6. SETI@home Client Program Information Disclosure Vulnerability
7. MollenSoft Hyperion FTP Server USER Command Buffer Overflow...
8. JPEGX Wizard Password Bypass Vulnerability
9. AutomatedShops WebC Script Name Remote Buffer Overrun...
10. Progress Database Error Message File Disclosure Vulnerability
11. SignHere Guestbook HTML Injection Vulnerability
12. Samba Multiple Unspecified Remote Buffer Overflow Vulnerabilities
13. Invision Board functions.php SQL Injection Vulnerability
14. Sakki Guestbook HTML Injection Vulnerability
15. AutomatedShops WebC Symbolic Link Following Configuration File...
16. Citrix ICA Client Server Key Verification Vulnerability
17. Hyperion FTP Server MKDIR Buffer Overflow Vulnerability
18. Multiple Vendor I/O System Call File Existence Weakness...
19. BRS WebWeaver Long Request Remote Denial of Service Vulnerability
20. Abyss Web Server Incomplete HTTP Request Denial Of Service...
21. SETI@home Client Program Remote Buffer Overflow Vulnerability
22. QuickFront File Disclosure Vulnerability
23. Samba 'call_trans2open' Remote Buffer Overflow Vulnerability
24. MIRC DCC Get Dialog File Spoofing Weakness III. MICROSOFT FOCUS LIST SUMMARY
25. ISA Log file analysis software - suggestions? (Thread)
26. checking server status (Thread)
27. SUS server (Thread)
28. VPN and ISA server (Thread)
29. Federated Security Applications and Implications. (Thread)
30. Closed and Open Systems (was SUS Server) (Thread)
31. Isolating Windows Applications (Thread)
32. AW: SUS server (Thread) IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
33. Firewall
34. Preventon Web Protect
35. ViraLock
36. NEW TOOLS FOR MICROSOFT PLATFORMS
37. wping v0.1a
38. GFI LANguard Network Security Scanner (N.S.S.) v3.0
39. Advanced Archive Password Recovery VI. SPONSOR INFORMATION
40. FRONT AND CENTER

    ---

41. Steganography Revealed By Kristy Westphal

Steganography is a means of protecting the confidentiality of data by
"hiding" it within a larger file of data. This technique can be used for
both legitimate and illegitimate purposes. This article will offer a brief introductory discussion of steganography: what it is, how it can be used, and the implications it can have for security.

http://www.securityfocus.com/infocus/1684

2. Specter: a Commercial Honeypot Solution for Windows by Lance Spitzner

This is the third installment in an ongoing series of articles looking at honeypots. In the first two papers, we discussed the OpenSource honeypot Honeyd, how it works, and a deployment in the wild. In this paper we will look at a different honeypot, the commercially supported solution Specter.

http://www.securityfocus.com/infocus/1683

3. Cryptographic File Systems, Part Two: Implementation by Ido Dubrawsky

This is the second article in a two-part series looking at cryptographic filesystems. The first article in this series covered the background on cryptographic filesystems from the underlying concepts to some of the mechanics of those systems. This article will cover implementation. The focus will be on implementing the Microsoft's EFS under Windows 2000 and the Linux CryptoAPI.

http://www.securityfocus.com/infocus/1685

4. Super-DMCA Not So Bad
By Mark Rasch

The latest version of the controversial law could be a valuable weapon against thieves and pirates.

http://www.securityfocus.com/columnists/153

5. SecurityFocus DPP Program

Attention Universities!! Sign-up now for preferred pricing on the only global early-warning system for cyber attacks - SecurityFocus DeepSight Threat Management System.

Click here for more information:
http://www.securityfocus.com/corporate/products/dpsection.shtml

II. BUGTRAQ SUMMARY

---

1. SETI@home Client Program Information Disclosure Vulnerability BugTraq ID: 7281 Remote: Yes Date Published: Apr 04 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7281 Summary:

SETI@home is a client program designed to run on a computer when it is not in use. The client receives data from a central server, which it later analyzes in search of various information. It is available for a variety of platforms including Linux, Unix, and the Microsoft Windows operating system.

A vulnerability has been reported in the SETI@home client program. Specifically, sensitive information is transmitted from the client to the server in plain text. As a result, sensitive operating system and processor information may be disclosed to an attacker.

An attacker could exploit this system by sniffing network traffic transmitted between the client and the server. Access to this type of information may aid in launching attacks against the system running the client.

This vulnerability was reported for SETI@home version 3.03.

2. MollenSoft Hyperion FTP Server USER Command Buffer Overflow Vulnerability BugTraq ID: 7307
Remote: Yes
Date Published: Apr 08 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7307
Summary:

MollenSoft Hyperion FTP Server is a server that supports basic FTP functionality and more. It is available for the Microsoft Windows operating systems.

MollenSoft Hyperion FTP Server reported prone to a buffer overflow vulnerability.

Reportedly the buffer overflow results from a lack of sufficient bounds checking performed on arguments passed to the FTP 'USER' command. If an excessive quantity of data (> 931 bytes) is passed to the affected command, an internal memory buffer may be overrun. This could result in the memory adjacent to the buffer being corrupted with attacker-supplied data.

If the adjacent memory contains values that are crucial to program execution, the attacker may redirect execution flow, and cause the vulnerable application to execute attacker-supplied instructions.

This vulnerability has been reported to be exploitable to trigger a DoS condition and in some cases bypass the Hyperion FTP server authentication mechanism.

Although unconfirmed arbitrary code execution may also be possible.

It should be noted that this vulnerability was discovered in version 3.0.0 of Hyperion FTP Server. It is not yet known whether this issue affects earlier versions.

3. JPEGX Wizard Password Bypass Vulnerability BugTraq ID: 7298
Remote: No
Date Published: Apr 07 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7298
Summary:

JPEGX is steganography software for Microsoft Windows, it is designed to embed encrypted data into JPEG files.

JpegX has been reported prone to a password bypass vulnerability.

It has been reported that when no password credentials are supplied if using the JpegX wizard to decrypt data contained in JpegX JPEG files, JpegX will decipher the file regardless.

This vulnerability may lead to sensitive information disclosure.

4. AutomatedShops WebC Script Name Remote Buffer Overrun Vulnerability BugTraq ID: 7268
Remote: Yes
Date Published: Apr 03 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7268
Summary:

WebC is the server-side scripting language interpretting engine used by AutomatedShops products. It is available for Unix, Linux, and Microsoft operating systems.

A problem with the program may make it possible for remote users to gain unauthorized access to systems.

It has been reported that a boundary condition error exists in WebC. Because of this, it may be possible for a remote attacker to gain unauthorized access to a vulnerable host.

The problem is in the handling of long script arguments by the WebC engine. When the program is directly invoked with a script name of excessive length, generally 550 bytes or more, an exploitable boundary condition error occurs. This could allow a remote attacker to execute code with the privileges of the web server process. On UNIX systems, this typically would result in an attacker gaining local unprivileged access, whereas on Microsoft Systems, this could result in an attacker gaining access to the host with the privileges of the user SYSTEM.

5. Progress Database Error Message File Disclosure Vulnerability BugTraq ID: 7273
Remote: No
Date Published: Apr 03 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7273
Summary:

Progress Database is a commercial database for Microsoft Windows and Unix systems.

Some Progress Database binaries are reportedly installed setuid root on Unix systems. It is possible for a local user to specify an arbitrary path to a configuration file via environment variables, which will be accessed with elevated privileges. The database reads all configuration files as the root user as a result.

An unprivileged user can specify any file as a Progress configuration file thorugh use of environment variables such as PROSTARTUP. Once the file is set as the PROSTARTUP file, the user simply has to start the database software causing an error message to be generated. The contents of this error message will include the contents of the file specified as the PROSTARTUP file.

6. SignHere Guestbook HTML Injection Vulnerability BugTraq ID: 7289
Remote: Yes
Date Published: Apr 05 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7289
Summary:

SignHere Guestbook is guestbook software implemented in ASP and distributed by Bitstrike Software. It is available for the Microsoft Windows operating system.

It has been reported that SignHere does not sufficiently filter user-supplied values from the 'email' field. As a result, attackers may embed malicious script code or HTML into SignHere posts. When a malicious post is viewed by another user, the attacker-supplied code will be interpreted in their web browser in the security context of the site hosting the software.

This issue may be exploited to steal cookie-based authentication credentials from legitimate users of the website running the vulnerable software. The attacker may hijack the session of the legitimate by using cookie-based authentication credentials. Other attacks are also possible.

7. Samba Multiple Unspecified Remote Buffer Overflow Vulnerabilities BugTraq ID: 7295
Remote: Yes
Date Published: Apr 07 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7295
Summary:

Samba is a freely available file and printer sharing application maintained and developed by the Samba Development Team. Samba allows file and printer sharing between operating systems on the Unix and Microsoft platforms. The Samba daemon is typically run with super user privileges.

Multiple remote buffer overflow vulnerabilities have been reported for Samba and Samba-TNG. The overflows are reported to occur in both stack and heap-based memory. This issue occurs due to insufficient bounds checking when copying user-supplied data to internal buffers.

Although it has not been confirmed, it is likely that these issues can be exploited to execute arbitrary code, with the privileges of Samba (which typically runs as root).

These issues are reported to affect Samba 2.2.8 and Samba-TNG 0.3.1.

The precise technical details regarding these vulnerabilities is currently unknown. This BID will be updated as further information is made available.

It should be noted that these vulnerabilities may be similar to the issue described in BID 7294.

8. Invision Board functions.php SQL Injection Vulnerability BugTraq ID: 7290
Remote: Yes
Date Published: Apr 05 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7290
Summary:

Invision Board is web forum software. It is implemented in PHP and is available for Unix and Linux variants and Microsoft Windows operating systems.

An input validation error has been reported in Invision Board which may result in the manipulation of SQL queries. This vulnerability exists in the load_skin() function of the functions.php script file. Specifically, the value supplied for the 'skinid' variable is not properly cast as an integer type.

An attacker may be able to exploit this vulnerability by manipulating 'skinid' URI parameter to include malicious SQL commands and queries which may result in information disclosure, or database corruption. The consequences depend on the nature of specific queries. This issue may allow the attacker to exploit latent vulnerabilities in the underlying database.

This vulnerability was reported for Invision Board 1.1.1.

9. Sakki Guestbook HTML Injection Vulnerability BugTraq ID: 7265
Remote: Yes
Date Published: Apr 03 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7265
Summary:

Sakki Guestbook is guestbook software implemented in ASP. It is available for the Microsoft Windows operating system.

It has been reported that Guestbook does not sufficiently filter user-supplied values from the 'name' , 'city/state' and 'own url' fields. As a result, attackers may embed malicious script code or HTML into Guestbook posts. When a malicious post is viewed by another user, the attacker-supplied code will be interpreted in their web browser in the security context of the site hosting the software.

This issue may be exploited to steal cookie-based authentication credentials from legitimate users of the website running the vulnerable software. The attacker may hijack the session of the legitimate by using cookie-based authentication credentials. Other attacks are also possible.

This vulnerability was reported for Sakki Guestbook 1.01.

1. AutomatedShops WebC Symbolic Link Following Configuration File Weakness BugTraq ID: 7272 Remote: No Date Published: Apr 03 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7272 Summary:

WebC is the server-side scripting language interpretting engine used by AutomatedShops products. It is available for Unix, Linux, and Microsoft operating systems.

A problem with the program may make it possible for local users to execute the program with a malicious configuration file.

It has been reported that WebC will execute in the directory of a symbolic link from which it is invoked. Because of this, it may be possible for a local user to load a configuration file that enabled dangerous variables.

When WebC is invoked, it typically loads its configuration file from the same directory in which it is executing. An attacker could create a symbolic link to the binary from an arbitrary directory containing a malicious configuration file, and potentially enable debugging variables in the program. This could aid in exploitation of other vulnerabilities, since enabling debugging will cause the environment to be dumped to a local file.

1. Citrix ICA Client Server Key Verification Vulnerability BugTraq ID: 7276 Remote: Yes Date Published: Apr 03 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7276 Summary:

Citrix ICA Client is a remote desktop software package. It is available for a number of platforms including Microsoft Windows and Unix/Linux variants. ICA Client implements the ICA protocol.

A vulnerability has been reported in the Citrix ICA Client. When the ICA client initiates a session with the server, the client does not validate the server's public key in any way, allowing for potential man in the middle attacks.

An attacker could therefore cause the ICA client to connect to a server under their control and send the client a public key to which they possess the private key.

1. Hyperion FTP Server MKDIR Buffer Overflow Vulnerability BugTraq ID: 7278 Remote: Yes Date Published: Apr 04 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7278 Summary:

Hyperion FTP Server is an FTP server for Microsoft Windows platforms.

Hyperion FTP Server is prone to a remotely exploitable buffer overflow condition. This is due to insufficient bounds checking of FTP 'mkdir' commands. It is possible to trigger the condition by submitting a malformed 'mkdir' command with a directory string that is 251+ bytes in length. This will permit an authenticated FTP user to corrupt sensitive regions of memory with malicious values.

It may be possible to exploit this vulnerability to execute malicious instructions in the context of the FTP server. The FTP server is typically run with SYSTEM privileges.

This issue may be related to BID 6467.

1. Multiple Vendor I/O System Call File Existence Weakness BugTraq ID: 7279 Remote: No Date Published: Apr 04 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7279 Summary:

A weakness has been discovered in the implementation of various I/O system calls. The problem occurs due to varying error return times, when accessing existent and non-existent files. This issue has been confirmed to affect the open() system call, however it is likely that other similar calls are also affected.

An attacker could exploit this vulnerability by calling the open() system call on unreadable files. By making requests for various unreadable files, it may be possible for an attacker to deduce a timing window that can be used to verify the existence of the file.

It should be noted that a fix for this weakness might not be plausible, as the kernel is meant to be as efficient as possible. However, the specific problem may occur due to a differing sequence of events while attempting to access non-existent files. A solution may be to have an identical sequence of permission checking on directories, before checking for the file.

It has been reported that this weakness has successfully been exploited on various Linux and BSD releases. However, this weakness likely exists in other operating systems including Sun Solaris and Microsoft Windows.

1. BRS WebWeaver Long Request Remote Denial of Service Vulnerability BugTraq ID: 7280 Remote: Yes Date Published: Apr 04 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7280 Summary:

BRS WebWeaver is a small personal web server available for the Microsoft Windows operating systems.

A denial of service vulnerability has been discovered BRS WebWeaver. The problem occurs when a request is made for a URL containing excessive data. Specifically, making a request containing 2499361 bytes of data will cause the server to consume all available memory.

Exploitation of this vulnerability may allow an anonymous remote attacker to crash a vulnerable service and possibly the entire system. This will effectively deny service to other legitimate users.

1. Abyss Web Server Incomplete HTTP Request Denial Of Service Vulnerability BugTraq ID: 7287 Remote: Yes Date Published: Apr 05 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7287 Summary:

Abyss Web Server is a freely available personal web server. It is maintained by Aprelium Technologies and runs on Microsoft Windows operating systems, as well as Linux.

A denial of service vulnerability has been reported for Abyss Web Server. The vulnerability exists when Abyss attempts to parse certain incomplete HTTP headers. Specifically, if the 'Connection:' and 'Range:' HTTP headers are blank, the web server will crash.

An attacker can exploit this vulnerability by connecting to a vulnerable server and sending blank 'Connection:' and 'Range:' HTTP headers. This will result in a denial of service condition.

This vulnerability was reported for Abyss Web Server 1.1.2.

1. SETI@home Client Program Remote Buffer Overflow Vulnerability BugTraq ID: 7292 Remote: Yes Date Published: Apr 06 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7292 Summary:

SETI@home is a client program designed to run on a computer when it is not in use. The client receives data from a central server, which it later analyzes in search of various information. It is available for a variety of platforms including Linux, Unix, and the Microsoft Windows operating system.

A vulnerability has been discovered in the SETI@home client program. Due to insufficient bounds checking when processing server data, it may be possible for a remote attacker to trigger a buffer overflow.

This issue could be exploited by forging an HTTP request which mimics a server response handler. When a vulnerable client attempts to process the malicious server response, a buffer overflow will be triggered.

Successful exploitatation of this issue may allow an attacker to execute arbitrary commands on a target system, with the privileges of the user invoking the software.

This vulnerability affects SETI@home clients prior to 3.08.

1. QuickFront File Disclosure Vulnerability BugTraq ID: 7308 Remote: Yes Date Published: Apr 09 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7308 Summary:

QuickFront is a tool that is a tool that allows e-mail searches using a web browser. It is marketed as a Microsoft Exchange add-on product.

A vulnerability has been reported for QuickFront that will result in the disclosure of sensitive system resources to remote attackers.

QuickFront does not properly sanitize user-supplied input. Specifically, directory traversal sequences such as '../' to HTTP requests are not removed.

A remote attacker is able to exploit this vulnerability by issuing a HTTP request which includes directory traversal sequences. Upon receiving such a request, the QuickFront web server will return the requested resource.

Information gathered in such a way may be used to launch further attacks against the webserver.

This vulnerability was reported for QuickFront 1.0.0.189.

1. Samba 'call_trans2open' Remote Buffer Overflow Vulnerability BugTraq ID: 7294 Remote: Yes Date Published: Apr 07 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7294 Summary:

Samba is a freely available file and printer sharing application maintained and developed by the Samba Development Team. Samba allows file and printer sharing between operating systems on the Unix and Microsoft platforms. The Samba daemon is typically run with super user privileges.

A buffer overflow vulnerability has been reported for Samba that could allow an anonymous remote attacker to execute arbitrary code.

The vulnerability occurs in the 'call_trans2open()' function when copying data into a 1024 byte static buffer. Sufficient bounds checking is not performed when a call to the 'Strncpy()' function is invoked. The length argument supplied to 'Strncpy()' is exactly the length of the user-supplied data. As a result, an attacker could exploit this vulnerability by sending data in excess of 1024 bytes.

Successful exploitation of this vulnerability could allow an anonymous attacker to overwrite sensitive stack variables, including the 'open_trans2open()' functions' saved return address. The ability to influence sensitive memory could be leveraged by the attacker to execute arbitrary code with the privileges of the Samba server process.

1. MIRC DCC Get Dialog File Spoofing Weakness BugTraq ID: 7304 Remote: Yes Date Published: Apr 08 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7304 Summary:

mIRC is a chat client for the IRC protocol, designed for Microsoft Windows based operating systems.

It has been reported that it is possible to spoof file extensions in mIRC's DCC Get dialog. A malicious IRC user could construct a filename with a "safe" extension such as .jpg or .txt, followed by a number of
"alt+0160" characters to create whitespace, followed by the real
extension. When this file is displayed in the DCC GET dialog, the real extension will not be displayed. The issue occurs because the DCC GET dialog will truncate filenames if they are too long. This will only work if the real extension is not on an ignore list.

This could be exploited to trick a user into thinking a malicious file is safe, which may create a false sense of security and cause the user to open the file.

III. MICROSOFT FOCUS LIST SUMMARY

---

1. ISA Log file analysis software - suggestions? (Thread) Relevant URL:

http://online.securityfocus.com/archive/88/318102

2. checking server status (Thread)
Relevant URL:

http://online.securityfocus.com/archive/88/318179

3. SUS server (Thread)
Relevant URL:

http://online.securityfocus.com/archive/88/318068

4. VPN and ISA server (Thread)
Relevant URL:

http://online.securityfocus.com/archive/88/317934

5. Federated Security Applications and Implications. (Thread) Relevant URL:

http://online.securityfocus.com/archive/88/317927

6. Closed and Open Systems (was SUS Server) (Thread) Relevant URL:

http://online.securityfocus.com/archive/88/317810

7. Isolating Windows Applications (Thread) Relevant URL:

http://online.securityfocus.com/archive/88/317744

8. AW: SUS server (Thread)
Relevant URL:

http://online.securityfocus.com/archive/88/317543

IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS

---

1. Firewall by Ashley Laurent Inc Platforms: MacOS, Windows 2000, Windows 95/98, Windows NT Relevant URL: http://www.ashleylaurent.com/products/firewall_specs.htm Summary:

The Firewall enables the user to create an Internet access policy for a single or multiple devices: Packet Filtering, Intrusion Detection, Content Selection, Permissive or Restrictive Policy Methodology ,Domain Validation, Newsgroup Validation, Content Inspection, Lifestyle Adaptive Policy, Network Address Translation (NAT), Internal DHCP Server, Traffic Scheduling and Priority Queuing

2. Preventon Web Protect
by PreventonTechnologies Ltd.
Platforms: Windows 2000, Windows 95/98, Windows XP Relevant URL:
http://www.preventon.com/webprotect/
Summary:

Preventon Web Protect is an advanced defence system for protecting your website against attack! This exceptional security software provides control over the communications between the Internet and your web server by filtering out malicious attacks that it recognises, including: worm attacks, buffer overflows attacks, unauthorised page uploads, and many others!

3. ViraLock
by SentryBay Corporation
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP Relevant URL:
http://www.viralock.com/
Summary:

For use by individuals and small businesses --and with a network version in development, ViraLock encrypts addresses found in e-mail programs so that a virus cannot replicate by sending itself out. While current anti-virus software blocks known viruses from entering, ViraLock prevents all viruses, known or unknown, from using e-mail addresses to spread by exiting to other computers. In so doing, ViraLock also blocks the potential loss of confidential information. We like to think of it as the first "virus-locking" software and the missing half of the anti-virus solution.

V. NEW TOOLS FOR MICROSOFT PLATFORMS

---

1. wping v0.1a by x-router Relevant URL: http://www.x-router.com Platforms: Perl (any system supporting perl) Summary:

wping is a Web-based graphical ping log. It logs ping response times to a user-defined list of hosts and produces a Web page that contains a current ping graph and a historic ping graph over a specified time period. Ping response times are averaged in order to give a smooth reading.

2. GFI LANguard Network Security Scanner (N.S.S.) v3.0 by GFI
Relevant URL:
http://www.gfisoftware.com/lannetscan/index.htm Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP Summary:

GFI LANguard Network Security Scanner (N.S.S.) is a tool that checks your network for all potential methods that a hacker might use to attack your network. By analyzing the operating system and the applications running on your network, GFI LANguard N.S.S. identifies possible security holes in your network. In other words, it plays the devil's advocate and alerts you to weaknesses before a hacker can find them, enabling you to deal with these issues before a hacker can exploit them.

3. Advanced Archive Password Recovery
by Elcom Ltd.
Relevant URL:
http://www.elcomsoft.com/archpr.html
Platforms: Windows 2000, Windows 95/98, Windows NT Summary:

A program for recovering lost or forgotten passwords for ZIP (PKZip, WinZip), ARJ (WinARJ), RAR (WinRAR) and ACE (WinACE) archives. Supports the customizable "brute-force" attack, effectively optimized for speed (for ZIP, up to ten million passwords per second on Pentium III); dictionary-based attack, and very fast and effective known-plaintext attack. Multilanguage interface is provided.

VI. SPONSOR INFORMATION

---

This issue is Sponsored by: NwTech

STOPPING SPAM !!! Prevent Spam from entering your network.

Request your Free White Paper & Security Solutions CD on how to &#x201c;STOP SPAM&#x201d; from clogging your Mail Server with Junk Mail, and Viruses. Let us show you how !

http://www.securityfocus.com/NwTech-ms-secnews

---

---

Block Spam, Smut & Viruses
SurfControl E-mail Filter for SMTP & Exchange leverages multiple layers of technology including filtering embedded and attached file content. Rid your enterprise of unwanted content.
http://www.securityfocus.com/SurfControl-focus-ms2 Download your free fully functional trial, complete with 30-days of free technical support.

---

Received on Mon Apr 14 14:33:35 2003