SecurityFocus Microsoft Newsletter #114

SecurityFocus Microsoft Newsletter #114

This Issue is Sponsored by: Qualys

Strengthening Network Security: FREE Guide Network security is a constantly moving target - even proven solutions lose their punch over time. Find out how to get COMPLETE PROTECTION against ever-growing security threats with our FREE new Guide. Get your copy today at:

https://www.qualys.com/forms/nsguideh_376.php

I. FRONT AND CENTER

1. Complete Snort-based IDS Architecture, Part Two
2. SecurityFocus DPP Program
3. InfoSec World Conference and Expo/2003 (March 10-12, 2003,Orlando, FL) II. MICROSOFT VULNERABILITY SUMMARY
4. Multiple Unspecified Opera 7 Vulnerabilities
5. Microsoft Internet Explorer IFRAME dialogArguments Cross-Zone...
6. IISPop Remote Buffer Overflow Denial of Service Vulnerability
7. Netscape/Mozilla JAR Remote Heap Corruption Vulnerability
8. Perception LiteServe CGI Source Disclosure Vulnerability
9. Lonerunner Zeroo HTTP Server Remote Buffer Overflow Vulnerability
10. NeoSoft NeoBook 4 ActiveX Control Arbitrary File Type Inclusion...
11. Perception LiteServe Malformed GET Request Buffer Overflow...
12. AOL Instant Messenger Screen Name Buffer Overflow Vulnerability
13. PHPBB2 ViewTopic.PHP Cross Site Scripting Vulnerability
14. TFTPD32 Long Filename Buffer Overflow Vulnerability
15. MailEnable Email Server Buffer Overflow Vulnerability
16. TFTPD32 Arbitrary File Download/Upload Vulnerability III. MICROSOFT FOCUS LIST SUMMARY
17. outlook 2000 vs latest outlook express deployment (Thread)
18. How to secure Internet Explorer (Thread)
19. SecurityFocus Microsoft Newsletter #113 (Thread)
20. re: Unknown Workgroup in Network Neighborhood (Thread)
21. Active Directory network security (Thread) IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
22. QuickStart Data Rescue
23. BRU-Pro
24. NetSign CAC
25. CryptoGram Secure Login
26. NEW TOOLS FOR MICROSOFT PLATFORMS
27. NATAS v3.00.01
28. Pluto v1.2b
29. Coopersniff v0.1 VI. SPONSOR INFORMATION
30. FRONT AND CENTER

    ---

31. Complete Snort-based IDS Architecture, Part Two by Anton Chuvakin, Ph.D. and Vladislav V. Myasnyankin

Many companies find it hard to justify acquiring the IDS systems due to their perceived high cost of ownership. However, not all IDS systems are prohibitively expensive. This is second part of a two-part article that will provide a set of detailed directions to build an affordable intrusion detection architecture from hardware and freely available software. In this installment we shall discuss Web interface configuration, summaries and daily reporting, automated attack response, sensor installation, installation of the central station, and big distributed IDS systems.

http://online.securityfocus.com/infocus/1643

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

2. SecurityFocus DPP Program

Attention Universities!! Sign-up now for preferred pricing on the only global early-warning system for cyber attacks - SecurityFocus DeepSight Threat Management System.

Click here for more information:
http://www.securityfocus.com/corporate/products/dpsection.shtml

3. InfoSec World Conference and Expo/2003 (March 10-12, 2003, Orlando, FL)

Optional Workshops March 8, 9, 12, 13, & 14 Vendor Expo March 10 & 11

Solutions to today’s security concerns; hands-on experts; blockbuster vendor expo; the CISO Executive Summit; invaluable networking opportunities. InfoSec World has it all!

Go to: http://www.misti.com/10/os03nl37inf.html

II. BUGTRAQ SUMMARY

1. Multiple Unspecified Opera 7 Vulnerabilities BugTraq ID: 6184 Remote: Yes Date Published: Nov 14 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6184 Summary:

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Opera is web browser software which is available for a number of platforms, including Microsoft Windows, Linux and Unix variants and Apple MacOS.

A reliable source has announced two major unspecified vulnerabilities in the beta version of Opera 7. It has been reported that these issues in combination may allow attackers to gain full read access to a client filesystem or may allow scripting across any domain. It may also be possible to view websites that a user of the client visits.

An attacker may exploit these issues by embedding malicious script code in a webpage.

This record will be updated when further details become publicly available.

Opera 7 is only available for Microsoft Windows platforms at the time of writing. These issues are not present in earlier versions of the browser.

2. Microsoft Internet Explorer IFRAME dialogArguments Cross-Zone Access Vulnerability BugTraq ID: 6205
Remote: Yes
Date Published: Nov 19 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6205
Summary:

Microsoft Internet Explorer includes support for dialog windows through script calls to the two functions showModalDialog and showModelessDialog. These functions accept a URL location for the dialog content, and an option argument parameter to allow data to be passed to the dialog from the calling page.

A vulnerability has been reported in Explorer that may allow for script code to be executed in the Local Zone. When an IFRAME in a dialog changes its location or Zone, the dialogArguments object provided by the calling content should not be accessible. It has been reported that this is not the case. The dialogArguments object is accessible despite the fact that its originating location/Zone is different from the parent.

Can we help you?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

In some circumstances, this may result in code being executed in the Local Zone. One method of accomplishing this is by exploiting the local "res://shdoclc.dll/privacypolicy.dlg", which happens to write the dialogArguments property "cookieUrl" to the document body. If the value of this property is set to script code, the code will execute when the document is rendered. This technique is demonstrated by the discoverer of this vulnerability.

Using the method developed by Andreas Sandblad, attackers may also exploit this vulnerability to execute commands on victim hosts.

3. IISPop Remote Buffer Overflow Denial of Service Vulnerability BugTraq ID: 6183
Remote: Yes
Date Published: Nov 14 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6183
Summary:

IISPop is a small POP3 mail server designed to be used with the SMTP service in Microsoft Windows 2000 with IIS 5.

IISPop is vulnerable to a denial of service due to a buffer overflow. It is possible to connect to TCP port 110 on the IISPop server and send an unusually large amount of data (289999 bytes) which will cause IISPop to throw an unhandled exception due to an access violation. This will cause the IISPop service to fail.

Execution of arbitrary code may be possible.

4. Netscape/Mozilla JAR Remote Heap Corruption Vulnerability BugTraq ID: 6185
Remote: Yes
Date Published: Nov 14 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6185
Summary:

Netscape and Mozilla are freely available web browsers. They are available for various platforms including Linux variant and Microsoft Windows operating systems.

Can't find what you're looking for?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

A heap corruption vulnerability has been reported for Mozilla and Netscape browsers.

The vulnerability is present in the JAR (Java Archive) URI handler used by Netscape and Mozilla. The vulnerability is due to inadequate checks when decompressing JAR files.

An attacker can exploit this vulnerability by creating a malformed JAR file that contains invalid information about the sizes of the files it contains. When a victim user is enticed to view a file contained within the malformed JAR file, the vulnerable browser will attempt to decompress the JAR file. During decompression, proper bounds checking of inflated data against the allocated buffer is not performed. Consequently, an overrun condition in the heap can occur. This may be exploited by attackers to cause code to be executed.

An attacker can overwrite arbitrary values in heap memory to execute malicious attacker-supplied code.

5. Perception LiteServe CGI Source Disclosure Vulnerability BugTraq ID: 6188
Remote: Yes
Date Published: Nov 14 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6188
Summary:

LiteServe provides web, email, and ftp server functionality. It is available for the Microsoft Windows operating system.

The Windows operating system treats a file appended with a period (.), as if the character did not exist. LiteServe fails to treat this issue the same, which may allow a remote attacker to disclose CGI script source by requesting a file appended with a period.

Information gained by exploiting this issue may aid an attacker in launching further attacks against the target system.

Don't know where to look next?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

6. Lonerunner Zeroo HTTP Server Remote Buffer Overflow Vulnerability BugTraq ID: 6190
Remote: Yes
Date Published: Nov 16 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6190
Summary:

Zeroo HTTP server is a freely available, open source web server. It is available for the Linux and Microsoft Windows platforms.

A problem with Zeroo HTTP server could lead to remote code execution.

It has been reported that Zeroo HTTP server does not sufficiently check bounds on some requests. This occurs when a string of excessive length is received by the server. This can result in the overwriting of stack memory, and potential code execution.

It is not required that this data be sent in HTTP request format. Sending a string of 1024 bytes or greater to the server without structure has been reported to reproduce this issue.

Previous versions of the software may also be affected.

7. NeoSoft NeoBook 4 ActiveX Control Arbitrary File Type Inclusion Vulnerability BugTraq ID: 6191
Remote: Yes
Date Published: Nov 16 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6191
Summary:

NeoBook is a commercially available multimedia authoring software package. It is available for Microsoft Windows.

Confused? Frustrated?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

A problem with NeoBook 4 could lead to arbitrary file inclusion, and command execution.

It has been reported that the ActiveX control used by NeoBook does not sufficiently filter types of files that are included in NeoBook content. This may allow the packaging of malicious files in NeoBook content. When interpretted by the ActiveX control, the placement and execution of files could occur.

This vulnerability requires the NeoBook ActiveX control. This control is not distributed with default implementations of web browsers.

8. Perception LiteServe Malformed GET Request Buffer Overflow Vulnerability BugTraq ID: 6192
Remote: Yes
Date Published: Nov 18 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6192
Summary:

Perception LiteServe provides web, email, and ftp server functionality. It is available for the Microsoft Windows operating system.

A buffer overflow vulnerability has been reported for Perception LiteServe HTTP server. The vulnerability occurs when the web server attempts to process malformed GET requests. Reportedly, when processing overly long GET requests consisting of illegal '%' sequences, the web server will crash.

An attacker can exploit this vulnerability by issuing a long, malformed GET request consisting of at least 290,759 '%' characters. This will cause the LiteServe HTTP server to crash.

Although unconfirmed, it may be possible to cause the web server to execute malicious attacker-supplied code.

Call Pantek today for Open Source Technical Support at 1-877-546-8934 - 24/7/365

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

9. AOL Instant Messenger Screen Name Buffer Overflow Vulnerability BugTraq ID: 6194
Remote: Yes
Date Published: Nov 18 2002 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6194
Summary:

AOL Instant Messenger (AIM) is an instant messenging client for Microsoft Windows, MacOS, and other platforms.

AIM contains an unchecked buffer which could result in a denial of service or arbitrary code execution.

When viewing the information for a user with a screen name containing 88 characters or more, a buffer in AIM will be overrun, causing the client to terminate with an error reading memory. Although not yet confirmed, arbitrary code execution may be possible.

This vulnerability was discovered in AIM v5.1.3036. It is not yet known whether other versions are affected.

• There have been conflicting reports as to the existence of this vulnerability. See the Reference section for details.
  1. PHPBB2 ViewTopic.PHP Cross Site Scripting Vulnerability BugTraq ID: 6195 Remote: Yes Date Published: Nov 18 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6195 Summary:

phpBB2 is an open-source web forum application that is written in PHP and supported by a number of database products. It will run on most Unix and Linux variants, as well as Microsoft Windows operating systems.

A cross site scripting vulnerability has been discovered in the 'viewtopic.php' script included with phpBB2.

An attacker may exploit this vulnerability by enticing a victim user to follow a malicious link. Attacker-supplied HTML and script code may be executed on a web client in the context of the site hosting the web forum.

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

This may allow for theft of cookie-based authentication credentials and other attacks.

This vulnerability was reported for phpBB 2.0.3. Other versions may also be affected.

1. TFTPD32 Long Filename Buffer Overflow Vulnerability BugTraq ID: 6199 Remote: Yes Date Published: Nov 19 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6199 Summary:

Tftpd32 is a freely available TFTP (Trivial FTP) server available for use on Microsoft Windows operating systems.

A buffer overflow vulnerability has been reported for Tftpd32. The vulnerability is due to insufficient checks on user supplied input. Specifically, proper bounds checking is not implemented on requested filenames.

A remote attacker is able to exploit this vulnerability by supplying a long string, consisting of at least 116 characters, as a name of the file to retrieve. This will trigger the buffer overflow condition. Successful exploitation of this issue will result in the execution of attacker-supplied code, with the privileges of the Tftpd32 process.

This vulnerability affects Tftpd32 2.50.2 and earlier.

1. MailEnable Email Server Buffer Overflow Vulnerability BugTraq ID: 6197 Remote: Yes Date Published: Nov 18 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6197 Summary:

MailEnable is a commercially available POP3 and SMTP server available for the Microsoft Windows operating systems.

A buffer overflow vulnerability has been reported for MailEnable's POP3 server. The vulnerability is due to insufficent bounds checking of the USER login field.

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

An attacker can exploit this vulnerability by connecting to a vulnerable MailEnable server and sending an overly long string, consisting of more than 512 characters, as the value for the USER login prompt. This will trigger the buffer overflow condition.

Although unconfirmed, an attacker may be able to exploit this vulnerability to cause MailEnable to execute malicious attacker-supplied code.

1. TFTPD32 Arbitrary File Download/Upload Vulnerability BugTraq ID: 6198 Remote: Yes Date Published: Nov 18 2002 12:00AM Relevant URL: http://www.securityfocus.com/bid/6198 Summary:

Tftpd32 is a freely available TFTP (Trivial FTP) server designed for use with Microsoft Windows operating systems.

A vulnerability has been discovered in Tftpd32, which allows a remote attacker to download and/or upload files. By exploiting this vulnerability it is possible for an attacker to disclose arbitrary system files, by using the GET command, which may contain sensitive user credentials. It may also be possible for an attacker to replace key system files with trojaned copies, using the PUT command, which could be used to open backdoors into a target system.

This vulnerability affects Tftpd32 2.50.2 and earlier.

III. MICROSOFT FOCUS LIST SUMMARY

1. outlook 2000 vs latest outlook express deployment (Thread) Relevant URL:

http://online.securityfocus.com/archive/88/300601

2. How to secure Internet Explorer (Thread) Relevant URL:

Can we help you?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

http://online.securityfocus.com/archive/88/300604

3. SecurityFocus Microsoft Newsletter #113 (Thread) Relevant URL:

http://online.securityfocus.com/archive/88/300590

4. re: Unknown Workgroup in Network Neighborhood (Thread) Relevant URL:

http://online.securityfocus.com/archive/88/300406

5. Active Directory network security (Thread) Relevant URL:

http://online.securityfocus.com/archive/88/300357

1. outlook 2000 vs latest outlook express deployment (Thread) Relevant URL:

http://online.securityfocus.com/archive/88/300601

Can't find what you're looking for?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

2. How to secure Internet Explorer (Thread) Relevant URL:

http://online.securityfocus.com/archive/88/300604

3. SecurityFocus Microsoft Newsletter #113 (Thread) Relevant URL:

http://online.securityfocus.com/archive/88/300590

4. re: Unknown Workgroup in Network Neighborhood (Thread) Relevant URL:

http://online.securityfocus.com/archive/88/300406

5. Active Directory network security (Thread) Relevant URL:

http://online.securityfocus.com/archive/88/300357

1. outlook 2000 vs latest outlook express deployment (Thread) Relevant URL:

Don't know where to look next?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

http://online.securityfocus.com/archive/88/300601

2. How to secure Internet Explorer (Thread) Relevant URL:

http://online.securityfocus.com/archive/88/300604

3. SecurityFocus Microsoft Newsletter #113 (Thread) Relevant URL:

http://online.securityfocus.com/archive/88/300590

4. re: Unknown Workgroup in Network Neighborhood (Thread) Relevant URL:

http://online.securityfocus.com/archive/88/300406

5. Active Directory network security (Thread) Relevant URL:

Confused? Frustrated?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

http://online.securityfocus.com/archive/88/300357

IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS

1. QuickStart Data Rescue by TOLIS Group Platforms: FreeBSD, Linux, Netware, OpenBSD, OS/2, SCO, Solaris, Unixware, Windows 2000, Windows 95/98, Windows NT, Windows XP http://www.tolisgroup.com/qsdr3.html Summary:

QuickStart Data RescueTM is a PC crash and disaster recovery utility that recovers damaged systems while virtually eliminating the human error associated with the process. And, you can even recover to a larger hard disk! QuickStart Data RescueTM is a self-contained product. Other disaster recovery products rely on interaction with some other utility or application, or require a base OS reinstall, in order to do their job. QuickStart can write an image backup of the disk to the target device, and verify the backup for accuracy as well as manage the disaster recovery process. Used independently, or in conjunction with your normal backup procedure, QuickStart gets you up and running simply and effectively.

2. BRU-Pro
by TOLIS Group
Platforms: AIX, FreeBSD, HP-UX, IRIX, Linux, MacOS, OpenBSD, Solaris, Windows 2000, Windows 95/98, Windows NT
http://www.tolisgroup.com/bru-pro3.html
Summary:

BRU-Pro[tm], provides backup and recovery services on medium to large heterogeneous network systems. Implemented on a Linux tape server, BRU-Pro delivers market leading reliable data protection and "makes sense" value across client/server topologies. BRU-Pro is the only professional level backup solution that literally backs itself up to provide the highest availability to your archived data. The functionally robust BRU-Pro employs multiple technologies to protect your critical data.

3. NetSign CAC
by SSP Solutions
Platforms: Windows 2000, Windows 95/98, Windows NT http://www.sspsolutions.com/products/netsigncac/ Summary:

NetSign® CAC is a complete smart card client package that provides network security and desktop protection for users of the GSA Common Access Card (CAC). With a NetSign CAC-enabled system, users can be assured of strong authentication, confidentiality and non-repudiation. NetSign CAC allows users to digitally sign and encrypt email, access secure restricted web sites, enter physically secure areas and login systems using PKI digital certiciates. CAC also acts as identification to provide authentication for benefits and entitlement management. Supported by Windows NT smart card logon, Windows 2000 certificate-based logon and workstation locking using CAC smart cards issued by Department of Defense (DoD), NetSign CAC offers unparalleled desktop security. In addition to PKI and desktop security, NetSign CAC also provides multi-application support for non-PKI secure data storage applications through support of the GSA defined Basic Services Interface (BSI) and DoD CAC Extended Service Interface (XSI). NetSign CAC is also available as an SDK, providing a complete client application library support for PKCS #11, Microsoft CAPI or BSI-based applications.

4. CryptoGram Secure Login
by CryptoGram SA
Platforms: Windows 2000, Windows NT, Windows XP http://www.cryptogram-fr.com/english/securelogin.htm Summary:

Call Pantek today for Open Source Technical Support at 1-877-546-8934 - 24/7/365

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

As computer crime rises (computer theft, fraud, piracy, etc.) secure access to information has become a key factor in the architecture of computer systems. To combat these threats, only a hardware based authentication solution can fully protect access to your computers. With CryptoGram Secure Login, users must possess a token and provide information to be authenticated. Using the latest cryptographic and biometric technologies, the CryptoGram Secure Login solution protects access to your Windows NT 4.0, Windows 2000 and Windows XP computers and keeps all unauthorized users out

V. NEW TOOLS FOR MICROSOFT PLATFORMS

1. NATAS 3.00.01 by Björn Stickler, stickler@rbg.informatik.tu-darmstadt.de Relevant URL: http://intex.ath.cx/natas.shtml Platforms: Windows 2000 Summary:

Natas is an advanced network packet capturing and analysing programm designed for Windows 2000. It only works with the new Windows 2000 winsock v2.2 which supports raw sockets like *nix operating systems. You have to be admin on the machine you are running Natas on.

2. Pluto v1.2b
by Dr.Astral astral@astralclinic.com
Relevant URL:
http://www.astralclinic.com/tools.asp
Platforms: Windows 2000, Windows 95/98, Windows CE, Windows NT, Windows XP Summary:

Pluto is a tool that allows you to perform automated vulnerability assesment against remote host. Features included are:

- Multi thread portscanner
- CGI scanner
- Port fingerprinting (under construction, can cause GUI to hang)
- MSSQL Audit
- FTP Audits
- SMTP Audits
- Password Audit
- Great database of vulnerable software

3. Coopersniff 0.1
by Brett Cooper, BrettJCooper@hotmail.com Relevant URL:
http://www4.50megs.com/sniffer/index.html Platforms: Windows NT
Summary:

NT Sniffer 0.01 - For NT4.0 includes a packet driver. Sniffs packets from networks and displays full information for: Ethernet, IP, TCP (data also), and UDP

VI. SPONSOR INFORMATION

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Strengthening Network Security: FREE Guide Network security is a constantly moving target - even proven solutions lose their punch over time. Find out how to get COMPLETE PROTECTION against ever-growing security threats with our FREE new Guide. Get your copy today at:

https://www.qualys.com/forms/nsguideh_376.php