SecurityFocus Microsoft Newsletter #112

SecurityFocus Microsoft Newsletter #112

This issue sponsored by: SecurityFocus DPP Program

Attention Non-profit Organizations and Universities!! Sign-up now for preferred pricing on the only global early-warning system for cyber attacks - SecurityFocus DeepSight Threat Management System.

Click here for more information:
http://www.securityfocus.com/corporate/products/dpsection.shtml

I. FRONT AND CENTER

1. Complete Snort-based IDS Architecture, Part One
2. Polymorphic Macro Viruses, Part Two
3. InfoSec World Conference and Expo/2003 (March 10-12, 2003, Orlando, FL) II. MICROSOFT VULNERABILITY SUMMARY
4. PHP-Nuke 5.6 Modules.PHP SQL Injection Vulnerability 2.
5. Northern Solutions Xeneo Web Server Denial Of Service Vulnerability
6. Jason Orcutt Prometheus Remote File Include Vulnerability
7. ION Script Remote File Disclosure Vulnerability
8. Iomega NAS A300U Plaintext NAS Administration Credentials Vulnerability
9. Iomega NAS A300U CIFS/SMB Mounts Plaintext Authentication Vulnerability
10. Pablo Software Solutions FTP Server Format String Vulnerability
11. RhinoSoft Serv-U FTP Server Denial Of Service Vulnerability
12. Pine From: Field Heap Corruption Vulnerability III. MICROSOFT FOCUS LIST SUMMARY
13. Win 2000 passsword Complexity Requirements (Thread)
14. IIS 5 and client certificates (Thread)
15. Any way to remove ADMIN$ only? (Thread)
16. Certification for Win2k Web Servers (Thread)
17. Win2k IPSec -Default behavior (Thread)
18. Win2K IPSec -Default behavior - XP has same problem (Thread)
19. was - RE: Access to well-known ports on Win2K -now [IPSec (Thread)
20. Win2k IPSec -Default behavior (Thread)
21. Access to well-known ports on Win2K (Thread)
22. Active Directory network security (Thread)
23. EFS in WinXP - how good is it? (Thread)
24. SecurityFocus Microsoft Newsletter #111 (Thread)
25. [RE: Access to well-known ports on Win2K] (Thread) IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
26. iPassConnect Service
27. BlackBerry (RIM)
28. ServerCluster
29. NetPilot Plus
30. AccessMaster NetWall
31. CipherPack Pro
32. Preventon Web Protect (Beta)
33. Preventon Desktop Security
34. Preventon Personal Firewall Pro 1.1
35. NEW TOOLS FOR MICROSOFT PLATFORMS
36. MAILMILL
37. Annoyance Filter
38. Tnefclean
39. IP Blocker
40. MailStripper VI. SPONSOR INFORMATION
41. FRONT AND CENTER

    ---

42. Complete Snort-based IDS Architecture, Part One

Many companies find it hard to justify acquiring the IDS systems due to their perceived high cost of ownership. However, not all IDS systems are prohibitively expensive. This two-part article will provide a set of detailed directions to build an affordable intrusion detection architecture from hardware and freely available software.

http://online.securityfocus.com/infocus/1640

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

2. Polymorphic Macro Viruses, Part Two

This article is the second of a two-part series that will offer a brief overview of polymorphic strategies in macro viruses. This installment will look at the first serious polymorphic macro viruses, as well as the evolution of viruses into true polymorphic and, ultimately, metamorphic viruses.

http://online.securityfocus.com/infocus/1638

3. InfoSec World Conference and Expo/2003 (March 10-12, 2003, Orlando, FL)

Optional Workshops March 8, 9, 12, 13, & 14 Vendor Expo March 10 & 11

Solutions to today’s security concerns; hands-on experts; blockbuster vendor expo; the CISO Executive Summit; invaluable networking opportunities. InfoSec World has it all! Go to: http://www.misti.com/10/os03nl37inf.html

II. BUGTRAQ SUMMARY

1. PHP-Nuke 5.6 Modules.PHP SQL Injection Vulnerability BugTraq ID: 6088 Remote: Yes Date Published: Nov 01 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6088 Summary:

PHP-Nuke is a web based Portal system. Implemented in PHP, it is available for a range of systems, including Microsoft Windows and Linux.

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

A SQL injection vulnerability has been reported for PHP-Nuke 5.6.

The vulnerability is due to insufficient sanitization of variables used to construct SQL queries in the 'modules.php' script. It is possible to modify the logic of SQL queries through malformed query strings in requests for the vulnerable script.

By injecting SQL code into variables, it may be possible for an attacker to corrupt database information.

This issue was reported in PHPNuke version 5.6. Other versions may also be affected.

2. Heysoft EventSave Event Log Notification Weakness BugTraq ID: 6095
Remote: No
Date Published: Nov 01 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6095
Summary:

EventSave is a utility that allows administrators to easily back up Microsoft Windows NT event logs.

EventSave creates files based on the month for which the event took place. If EventSave is executed more than once a month, it will append any new data to the backup log file for the current month.

EventSave may not properly back up event logs if the Microsoft Windows Event Viewer is used to view the event log for the current month. This weakness occurs because when the Windows Event Viewer opens an event log, it does not permit other applications to write to the opened file. Thus EventSave is not able to update the backup event log and events may not be adequately backed up.

Can we help you?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

EventSave 5.3 is not vulnerable to this issue.

3. Northern Solutions Xeneo Web Server Denial Of Service Vulnerability BugTraq ID: 6098
Remote: Yes
Date Published: Nov 04 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6098
Summary:

Northern Solutions Xeneo is a web server designed for use with the Microsoft Windows operating system.

A denial of service vulnerability has been reported for Xeneo web server. The vulnerability occurs when Xeneo attempts to process malformed HTTP requests.

An attacker can exploit this vulnerability by issuing a HTTP request that begins with a '%' character. When the web server processes this request, it will crash and lead to the denial of service condition.

4. Jason Orcutt Prometheus Remote File Include Vulnerability BugTraq ID: 6087
Remote: Yes
Date Published: Nov 01 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6087
Summary:

Jason Orcutt Prometheus is a collection of tools to facilitate the design and implementation of active content Web sites. It is implemented in PHP and is available for Unix and Linux variants as well as Microsoft Windows operating systems.

Prometheus is prone to an issue which may allow remote attackers to include arbitrary files located on remote servers. This issue is present in the following PHP script files provided with Prometheus: index.php
install.php
test_*.php

Can't find what you're looking for?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

An attacker may exploit this by supplying a path to a maliciously created
'autoload.lib' file, located on an attacker-controlled host as a value for
the 'PROMETHEUS_LIBRARY_BASE' parameter.

If the remote file is a PHP script, this may allow for execution of attacker-supplied PHP code with the privileges of the webserver. Successful exploitation may provide local access to the attacker.

5. ION Script Remote File Disclosure Vulnerability BugTraq ID: 6091
Remote: Yes
Date Published: Nov 01 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6091
Summary:

ION Script is language that is used to create IDL-driven Web documents. It is available for the Microsoft Windows and Unix operating systems.

A vulnerability has been discovered in the 'ion-p' script included with ION Script.

It is possible to disclose known sensitive resources by entering malicious values into the 'page' variable, used by 'ion-p'.

By sending a maliciously constructed HTTP request to a vulnerable webserver, it is possible for a remote attacker to disclose arbitrary webserver readable files. As webservers are often run with high privileges, it may be possible to disclose sensitive system files.

Exploiting this issue may allow an attacker to gain information rquired to launch further attacks against the target system.

Don't know where to look next?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

ION Script for UNIX has also been confirmed vulnerable to this issue.

It is not yet known exactly which ION Script versions are vulnerable to this issue.

6. Iomega NAS A300U Plaintext NAS Administration Credentials Vulnerability BugTraq ID: 6092
Remote: Yes
Date Published: Nov 01 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6092
Summary:

Iomega NAS A300U (Network Attached Storage) is a network storage device that supports Unix variants and Microsoft Windows operating systems.

Iomega NAS A300U devices provide a web interface for remote administration.

Iomega NAS A300U is reported to send NAS administrative interface authentication credentials in plaintext across the network. The credentials may be disclosed to attackers with the ability to intercept network traffic, which may enable them to gain unauthorized access to the NAS administrative interface.

It has also been reported that the documentation for the device claims that authentication credentials will be sent encrypted. Users of the device may be led to believe that credentials are sent encrypted, creating a false sense of security.

This issue was reported for Iomega NAS A300U on Unix platforms. Other platforms and Iomega devices may also be affected.

Confused? Frustrated?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

7. Iomega NAS A300U CIFS/SMB Mounts Plaintext Authentication Vulnerability BugTraq ID: 6093
Remote: Yes
Date Published: Nov 01 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6093
Summary:

Iomega NAS A300U (Network Attached Storage) is a network storage device that supports Unix variants and Microsoft Windows operating systems.

Iomega NAS A300U devices provide support for drive mounts using CIFS/SMB.

Iomega NAS A300U devices are reported to use LANMAN authentication for access to CIFS/SMB mounts.

LANMAN authentication credentials are sent across the network in plaintext and may be intercepted by attackers with the ability to sniff network traffic. It has also been reported that this may allow session hijacking attacks to occur. Exploitation of this issue will allow attackers to gain unauthorized access to CIFS/SMB mounts.

This issue was reported for Iomega NAS A300U on Unix platforms. Other platforms and Iomega devices may also be affected.

8. Microsoft SQL Server Login Weak Authentication Mechanism BugTraq ID: 6097
Remote: Yes
Date Published: Nov 02 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6097
Summary:

Microsoft SQL Server Logins employ a weak method of password obfuscation.

Call Pantek today for Open Source Technical Support at 1-877-546-8934 - 24/7/365

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

One method of authentication against a SQL Server is to use Windows Authentication and the other is to use SQL Server Logins. Reportedly, passwords used for SQL Server Logins are sent across the network using a weak password obfuscation algorithm.

An attacker can exploit this weakness to sniff network traffic to obtain SQL Server user and related password authentication credentials.

The weakness is due to the weak obfuscation algorithm which simply converts information to UNICODE format. Then, the four MSBs (most significant bits) are swapped with the four LSBs (least significant bits) of every byte and XOR-ed with a fixed value of 0xA5. This will result in a predictable sequence of network traffic that can be easily deciphered by an attacker.

This weakness may give users a false sense of security and should not be used as the primary means of authentication in critical and sensitive systems.

9. Pablo Software Solutions FTP Server Format String Vulnerability BugTraq ID: 6099
Remote: Yes
Date Published: Nov 04 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6099
Summary:

Pablo Software Solutions FTP Server is freely available software for Microsoft Windows operating systems.

A format string vulnerability has been reported in Pablo Software Solutions FTP Server. The vulnerability occurs due to inadequate checking of user-supplied input for the login credentials.

An attacker can exploit this vulnerability by logging into the FTP server with a username that includes malicious format specifiers. This may result in memory being overwritten by remote attackers, possibly to execute arbitrary code. Any attacker-supplied code will executed with the privileges of the FTP server.

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

This vulnerability was reported for FTP server versions earlier than 1.51.

1. RhinoSoft Serv-U FTP Server Denial Of Service Vulnerability BugTraq ID: 6112 Remote: Yes Date Published: Nov 06 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6112 Summary:

RhinoSoft Serv-U FTP Server is designed for use with Microsoft Windows operating systems.

A denial of service vulnerability has been reported for Serv-U FTP server. The vulnerability is a result of Serv-U FTP Server processing certain commands. When the Serv-U server receives a MKD command it attempts to verify whether the user that issued the command has sufficient rights. When performing this verification, it will not accept any more connections.

An attacker is able to exploit this vulnerability by connecting to the vulnerable server and issuing many MKD commands. As the server will not accept any connections when validating the user's permissions, potential clients will not be able to connect. This will result in a denial of service to legitimate clients.

This vulnerability was reported for Serv-U FTP Server 4.0.0.4 and earlier.

1. Pine From: Field Heap Corruption Vulnerability BugTraq ID: 6120 Remote: Yes Date Published: Nov 07 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6120 Summary:

Pine is an open source mail user agent distributed by the University of Washington. It is freely available for Unix, Linux, and Microsoft operating systems.

It is possible to cause a denial of service in Pine by sending an email message with a specially crafted "From:" address. According to the report, the crash can be reproduced by setting the "From:" address to a value such as:

"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\"\""@host.tld

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

A stack trace suggests that this behaviour may be due to corruption of data in the heap. If that is the case, execution of arbitrary code may be possible.

Note that the user does not have to view the message in order for the denial of service to take place; the message simply has to be present in the user's Inbox. While a message with this address is present in the Pine Inbox, it is not possible to start Pine again. The message containing this address must be manually removed from the spool or by using another MUA.

It is important to note that this specially crafted "From:" address is RFC legal.

This issue will reportedly be fixed in Pine 4.50.

III. MICROSOFT FOCUS LIST SUMMARY

1. Win 2000 passsword Complexity Requirements (Thread) Relevant URL:

http://online.securityfocus.com/archive/88/298907

2. IIS 5 and client certificates (Thread) Relevant URL:

http://online.securityfocus.com/archive/88/298899

Can we help you?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

3. Any way to remove ADMIN$ only? (Thread) Relevant URL:

http://online.securityfocus.com/archive/88/299058

4. Certification for Win2k Web Servers (Thread) Relevant URL:

http://online.securityfocus.com/archive/88/298895

5. Win2k IPSec -Default behavior (Thread) Relevant URL:

http://online.securityfocus.com/archive/88/298825

6. Win2K IPSec -Default behavior - XP has same problem (Thread) Relevant URL:

http://online.securityfocus.com/archive/88/298758

Can't find what you're looking for?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

7. was - RE: Access to well-known ports on Win2K -now [IPSec -Default behavior] Relevant URL:

http://online.securityfocus.com/archive/88/298756

8. Win2k IPSec -Default behavior (Thread) Relevant URL:

http://online.securityfocus.com/archive/88/298755

9. Access to well-known ports on Win2K (Thread) Relevant URL:

http://online.securityfocus.com/archive/88/299059

1. Active Directory network security (Thread) Relevant URL:

http://online.securityfocus.com/archive/88/299078

1. EFS in WinXP - how good is it? (Thread) Relevant URL:

http://online.securityfocus.com/archive/88/298537

1. SecurityFocus Microsoft Newsletter #111 (Thread) Relevant URL:

Don't know where to look next?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

http://online.securityfocus.com/archive/88/298514

1. [RE: Access to well-known ports on Win2K] (Thread) Relevant URL:

http://online.securityfocus.com/archive/88/298500

IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS

1. iPassConnect Service by iPass Inc. Platforms: MacOS, PalmOS, Windows 2000, Windows 95/98, Windows NT, Windows XP

Connect to the Internet anywhere in the world quickly and securely with the award-winning iPassConnect client software. With support for multiple platforms including Windows, Mac OS, Palm OS and Windows CE/Pocket PC, iPassConnect ensures that the Internet is always accessible for the mobile, connected professional. iPassConnect gives users access to the iPass global network of 14,000+ access points in 150 countries via dial-up, ISDN, PHS and high speed broadband connections.

2. BlackBerry (RIM)
by Research In Motion
Platforms: N/A

BlackBerry™ is an end-to-end wireless email solution that provides quick, easy access to your email, contacts, calendar and task list wherever you go. With BlackBerry, mobile professionals get effortless access to email while on the road and IT departments get centralized administration in a secure solution.

3. ServerCluster
by Stonesoft
Platforms: Linux, Solaris

ServerCluster is a High Availability software solution that: • clusters up to 32 servers and applications such as databases, web, mail etc. • Provides continuous 24x7 monitoring with comprehensive fault detection and automated failover to secondary nodes in the cluster and therefore service continuity in the event of a failure, without the need for immediate on-site manual intervention.

Confused? Frustrated?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

4. NetPilot Plus
by Equiinet
Platforms: N/A

NetPilot Plus is an enhanced version of the market-leading NetPilot. This product enables organisations to easily and securely deploy secure Internet based IPSec-based VPNs, Internet access and email facilities, while integrating key communications, networking and server elements into a single secure appliance.

5. AccessMaster NetWall
by Evidian Inc.
Platforms: IRIX, Solaris, Windows 2000, Windows 95/98, Windows NT

Intranets and extranets are now key resources for growing your business. The ultimate Internet security and firewall software, AccessMaster NetWall is the first truly manageable solution for opening your networks to the world while protecting them against threat by: Enforcing network protection from internal and external threats Allowing easy deployment of e-business Reducing internet security management costs

6. CipherPack Pro
by PentaSafe
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP

CipherPack Pro quickly and simply compresses and encrypts files or folders producing a stand-alone Windows executable file. This file contains the decompression and decryption code as well as the encrypted file contents. All that is required is for the correct key to be entered for the data to be recreated. Without the correct key, there is no way that the original contents can ever be viewed.

7. Preventon Web Protect (Beta)
by Preventon
Platforms: Windows 2000, Windows 95/98, Windows XP

Preventon™ Web Protect is an advanced defence system for protecting your website against attack! This exceptional security software provides control over the communications between the Internet and your web server by filtering out malicious attacks that it recognises, including: worm attacks, buffer overflows attacks, unauthorised page uploads, and many others!

Call Pantek today for Open Source Technical Support at 1-877-546-8934 - 24/7/365

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

8. Preventon Desktop Security
by Preventon
Platforms: Windows 2000, Windows 95/98, Windows XP

Preventon™ Veto gives you back control of your PC! With its user-friendly interface you can control exactly what Windows® programs may be run on your computer - and more importantly - those that can't! Preventon Veto can be used to prevent unauthorised software by providing a complete
'lockdown' of your machine, and can even help fight against Trojans and
viruses

9. Preventon Personal Firewall Pro 1.1
by Preventon
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP

Preventon Personal Firewall Pro beats back Internet hacking attacks trying to get into your computer and even has enhanced protection against advanced Trojan attack programs. Preventon uses a patent pending intuitive interface that enables you to take the guesswork out of configuring your personal firewall in order to maximise the security.

V. NEW TOOLS FOR MICROSOFT PLATFORMS

1. MAILMILL v0.1 by less random Relevant URL: http://www.metamagix.net/mailmill.html Platforms: UNIX

MAILMILL is a lightweight mail-receiving component built in Java. It listens on the SMTP port for incoming messages, and once they arrive it looks in its XML-based ruleset for corresponding filters to apply. It is intended for Java developers who need mailserver functionality and want to build their own Java classes for processing incoming mail. Standard filters include forwarding, SMS, SMTP/HTTP conversion (e.g., send a google request by mail) and more.

2. Annoyance Filter v1.0-RC1
by John Walker (kelvin@fourmilab.ch)
Relevant URL: http://www.fourmilab.ch/annoyance-filter/ Platforms: OS Independent

Annoyance Filter sifts mail you wish to read from junk arriving in your mailbox by an adaptive process which gives priority to mail you're interested in reading, and evolves to block cleverly disguised junk mail.

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

3. Tnefclean v1.0
by The Midnite Marauder
Relevant URL: http://www.dread.net/~striker/tnefclean/ Platforms: UNIX

tnefclean is a Perl script to convert attachments from Microsoft Outlook to a readable format. Previously, people would have to find a way to decipher the winmail.dat attachments that came from Outlook users. This tool will either remove the attachment if there is nothing in it, or change it to represent the proper attachment if it actually exists.

4. IP Blocker v1.0.20021107
by Rob Patrick (freshmeat.net@NOSPAMrpatrick.com) Relevant URL: http://www.ipblocker.org/
Platforms: UNIX

IP Blocker is an incident response tool for network admins that automatically updates access control lists (ACL) on Cisco routers and other devices. Web and CLI are both supported. Logging, email notification, and automatic expiration of blocks using policy-based TTL values are all supported.

5. MailStripper v0.62
by Michael McConnell
Relevant URL: http://www.eridani.co.uk/MailStripper/ Platforms: Linux, Os Independent, POSIX

MailStripper is a mail scanner that aims to remove spam and viruses from incoming mail. AV capability is provided by a hook to an external virus scanner. Written from the ground up in Tcl, it aims to be MTA-independent, by working on the SMTP transaction.

VI. SPONSOR INFORMATION

This issue sponsored by: SecurityFocus DPP Program

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Attention Non-profit Organizations and Universities!! Sign-up now for preferred pricing on the only global early-warning system for cyber attacks - SecurityFocus DeepSight Threat Management System.

Click here for more information:
http://www.securityfocus.com/corporate/products/dpsection.shtml Received on Mon Nov 11 14:43:33 2002