SecurityFocus Microsoft Newsletter #127

SecurityFocus Microsoft Newsletter #127

This Issue is sponsored by: SPI Dynamics

ALERT: How a Hacker Launches a SQL Injection Attack Step-by-Step It's as simple as placing additional SQL commands into a Web Form input box giving hackers complete access to all your backend systems! Firewalls and IDS will not stop such attacks because SQL Injections are NOT seen as intruders. Download this *FREE* white paper from SPI Dynamics for a complete guide to protection!

http://www.spidynamics.com/mktg/sqlinjection30

I. FRONT AND CENTER

1. Intrusion Prevention Systems: the Next Step in the Evolution...
2. U.S. Information Security Law, Part One
3. The Consequences of Criminalizing Crypto
4. Media Gone Mad
5. SecurityFocus DPP Program
6. InfoSec World Conference and Expo/2003(March10-12,2003,Orlando,FL) II. MICROSOFT VULNERABILITY SUMMARY
7. TCPDump Malformed ISAKMP Packet Denial Of Service Vulnerability
8. PlatinumFTPServer Directory Traversal Variant Vulnerability
9. Mambo Site Server Cookie Validation Vulnerability
10. Microsoft Internet Explorer Self Executing HTML File Vulnerability
11. AMX Mod Remote 'amx_say' Format String Vulnerability
12. Apache Web Server MIME Boundary Information Disclosure...
13. Apple QuickTime/Darwin Streaming Server Command Execution...
14. Apple QuickTime/Darwin Streaming Administration Server...
15. Apple QuickTime/Darwin Streaming Server Parse_XML.CGI...
16. Apache Web Server ETag Header Information Disclosure Weakness
17. Microsoft Windows ME Help and Support Center Buffer Overflow...
18. Electronic Arts Battlefield 1942 Remote Administration...
19. InstantServer ISMail Remote User Fields Buffer Overflow...
20. Netscape JavaScript Regular Expression Denial Of Service...
21. Typo3 Showpic.PHP File Enumeration Vulnerability
22. Apple QuickTime/Darwin Streaming Server parse_xml.cgi File...
23. Typo3 Log HTML Injection Vulnerability
24. Typo3 Translations.PHP Remote File Include Vulnerability
25. Typo3 Translations.PHP File Disclosure Vulnerability
26. Microsoft Outlook and Outlook Express Arbitrary Program...
27. Netscape Style Sheet Denial Of Service Vulnerability
28. Apple Quicktime/Darwin MP3 Broadcaster Filename Buffer Overrun...
29. Apple QuickTime/Darwin Streaming Server Malicious Port Request...
30. Opera Automatic Redirection Cross Site Scripting Vulnerability
31. Typo3 Runtime Error Page Information Disclosure Vulnerability III. MICROSOFT FOCUS LIST SUMMARY
32. Hostname given to XP clients (Thread)
33. DMZ boxes in the domain - Bad moderator (Thread)
34. How do you patch yours? (was: Monitor Services on Windows...
35. Monitor Services on Windows machines (Thread)
36. [despammed] Utility to determine who deteled files (Thread)
37. Utility to determine who deteled files (Thread)
38. Administrivia: Results (Thread)
39. Article Announcement: Exchange 2000 in the Enterprise: Tips...
40. One Time Passwords (Thread)
41. DMZ boxes in the domain (Thread)
42. Windows2000 QuickLaunch (Thread)
43. MS ISA Logs - Listing IP Addresses v. NetBIOS names (Thread)
44. Antwort: Monitor Services on Windows machines (Thread)
45. SecurityFocus Microsoft Newsletter #126 (Thread)
46. Administrivia (Thread)
47. MS Software Update Service (Thread)
48. Windows 2000 Static arp not static (Thread) IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
49. AbsoluteShield Internet Eraser Pro
50. InTrust
51. iPrism
52. NEW TOOLS FOR MICROSOFT PLATFORMS
53. Anti-Spam SMTP Proxy v0.1.4
54. SSHTerm v0.1.0 beta
55. Funned vFinal VI. SPONSOR INFORMATION
56. FRONT AND CENTER

    ---

57. Intrusion Prevention Systems: the Next Step in the Evolution of IDS By Neil Desai

Intrusion prevention systems combine the blocking capabilities of a firewall with the deep packet inspection of intrusion detection systems. this discussion will look at five different categories of IPSs that focus on attack prevention at layers that most firewalls are not yet able to decipher.

http://www.securityfocus.com/infocus/1670

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

2. U.S. Information Security Law, Part One: Protecting Private Sector Systems, and Information Security Professionals and Trade Secrets by Steven Robinson

Information security professionals work within an enterprise to protect it from all non-physical threats to the integrity and availability of its data and systems. Performing this function draws security professionals into simultaneous, ongoing relationships between the enterprise on the one hand and, successively on the other, the enterprise's employees and other agents, its customers, suppliers, competitors, government officials and regulators, to say nothing of unidentified and sometimes unidentifiable actors.

http://www.securityfocus.com/infocus/1669

3. The Consequences of Criminalizing Crypto By Mark Rasch

There is nothing like the fear of weapons of mass destruction to bring out weary old legislative proposals. Earlier this month, it leaked out that the Justice Department was considering a broad expansion of its investigative authority, including the creation of new criminal offenses, ostensibly to assist in the fight against terrorism. Many of the proposals contained in the "Domestic Security Enhancement Act of 2003" had nothing to do with fighting terrorism, but would substantially increase penalties for such mundane offenses as wire fraud or claiming too many deductions on a federal tax return.

http://www.securityfocus.com/columnists/145

4. Media Gone Mad
By Tim Mullen

"Windows XP Kills Dog, Steals Toaster"

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

That's the next headline I'm expecting to read after wallowing through a week of technology press misreporting about the latest security issue in Windows XP -- an "issue" that's really nothing of the sort.

http://www.securityfocus.com/columnists/144

5. SecurityFocus DPP Program

Attention Universities!! Sign-up now for preferred pricing on the only global early-warning system for cyber attacks - SecurityFocus DeepSight Threat Management System.

Click here for more information:
http://www.securityfocus.com/corporate/products/dpsection.shtml

6. InfoSec World Conference and Expo/2003 (March 10-12, 2003, Orlando, FL)

Optional Workshops March 8, 9, 12, 13, & 14 Vendor Expo March 10 & 11

Solutions to today’s security concerns; hands-on experts; blockbuster vendor expo; the CISO Executive Summit; invaluable networking opportunities. InfoSec World has it all!

Can we help you?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Go to: http://www.misti.com/10/os03nl37inf.html

II. BUGTRAQ SUMMARY

1. TCPDump Malformed ISAKMP Packet Denial Of Service Vulnerability BugTraq ID: 6974 Remote: Yes Date Published: Feb 27 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/6974 Summary:

tcpdump is a freely available, open source network monitoring tool. It is available for the Unix, Linux, and Microsoft Windows operating systems.

A vulnerability in the processing of some packet types may result in an inability to further use the tcpdump application.

It has been reported that tcpdump is vulnerable to a denial of service when some packet types are received. By sending a maliciously formatted packet to a system using a vulnerable version of tcpdump, it is possible for a remote user to cause tcpdump to ignore network traffic from the time the packet is received until the application is terminated and restarted.

The problem is in the handling of ISAKMP packets. When tcpdump receives a maliciously crafted ISAKMP packet, the application enters an infinite loop and ceases to further monitor network traffic. This could allow the passing of undetected network traffic that would typically be seen by tcpdump.

2. PlatinumFTPServer Directory Traversal Variant Vulnerability BugTraq ID: 6925
Remote: Yes
Date Published: Feb 24 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6925
Summary:

PlatinumFTPServer is an FTP server for Microsoft Windows systems. It is commercially available, and distributed by BYTE/400.

Can't find what you're looking for?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Some PlatinumFTPServer commands may allow remote users to break out of the FTP root directory. This is due to insufficient sanitization of directory traversal sequences from FTP commands.

This may potentially be exploited to list files that are on the local system. Under some circumstances, it may be possible to retrieve files or upload malicious files to directories on the local system which are accessible by the FTP server.

This issue is a variant of the issues described in BID 6554 and BID 6691.

3. Mambo Site Server Cookie Validation Vulnerability BugTraq ID: 6926
Remote: Yes
Date Published: Feb 24 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6926
Summary:

Mambo Site Server is a freely available, open source web content management tool. It is written in PHP, and available for Unix, Linux, and Microsoft Windows operating systems.

Mambo Site Server may grant access without sufficiently validating cookie based authentication credentials. It has been reported that Mambo will accept a user cookie sent by the site as an administrative credential. To exploit this issue, the attacker must receive a cookie and then use MD5 to encode their session ID in the cookie. The attacker may then access administrative pages using the modified cookie. Reportedly, session IDs are not issued during normal use of Mambo, but will be issued during logout. A session ID issued during logout is sufficient to exploit this issue.

The attacker may gain unauthorized access to the underlying database through an administrative account. Other administrative actions are also possible.

This issue was reported in Mambo Site Server 4.0.12 RC2. Earlier versions may also be affected.

Don't know where to look next?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

4. Microsoft Internet Explorer Self Executing HTML File Vulnerability BugTraq ID: 6961
Remote: Yes
Date Published: Feb 25 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6961
Summary:

Microsoft Internet Explorer is vulnerable to a condition that may allow an executable file embedded within an HTML file to automatically execute.

If an executable file is embedded within an HTML file and script code within that HTML file points to the embedded executable file, Internet Explorer will parse and execute the code.

This could allow Internet Explorer to automatically execute any code contained within an HTML file. Such code would potentially execute in the security context of Internet Explorer.

This vulnerability could potentially be exploited through HTML email, though this has not been confirmed.

All versions of Internet Explorer 5.5 and 6.0 are reported to be vulnerable. Earlier versions may also be vulnerable.

There have been reports that some users may not be able to reproduce this vulnerability. When more information becomes available, this record will be updated.

5. AMX Mod Remote 'amx_say' Format String Vulnerability BugTraq ID: 6968
Remote: Yes
Date Published: Feb 26 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6968
Summary:

Confused? Frustrated?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

AMX Mod is a plugin for Half-Life and expands game servers to include additional functionality. It is available for the Linux and Microsoft Windows operating systems.

A format string vulnerability has been discovered in AMX Mod. The issue occurs in the 'amx_say' command and may be exploited to execute arbitrary code on an affected Half-Life server. This vulnerability likely exists due to the insecure implementation of printf-like functions.

An attacker can exploit this bug by supplying specially crafted format specifiers as an argument to the 'amx_say' command. By using specifiers, such as '%hn', it is possible for an attacker to overwrite arbitrary locations in memory.

Successful exploitation of this issue would allow an attacker to execute arbitrary code on a target Half-Life server. As servers are typically run with root/admin level privileges this may result in the complete compromise of an affected server.

It should be noted that the affected command can be accessed only by those who have been authenticated by rcon.

6. Apache Web Server MIME Boundary Information Disclosure Vulnerability BugTraq ID: 6943
Remote: Yes
Date Published: Feb 25 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6943
Summary:

Apache is a freely available web server. It is available for a variety of platforms including the Unix, Linux and, Microsoft Windows operating systems.

A vulnerability has been discovered in the Apache web server that may result in the disclosure of sensitive information. Specifically, the getpid() function is used when generating MIME message boundaries. This will effectively disclose the Apache child process identification (PID) to a remote attacker.

Call Pantek today for Open Source Technical Support at 1-877-546-8934 - 24/7/365

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Access to this information may aid an attacker in launching attacks further attacks against target services.

OpenBSD has released a patch that addresses this issue. MIME boundaries are now generated by the server using BASE64 encoded random numbers.

7. Apple QuickTime/Darwin Streaming Server Command Execution Vulnerability BugTraq ID: 6954
Remote: Yes
Date Published: Feb 24 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6954
Summary:

The Darwin/QuickTime Streaming Servers are used as a web interface for Streaming Server configuration. They are available for the Linux, Solaris, Microsoft Windows and MacOS X operating systems.

A command execution vulnerability has been discovered in the Darwin/QuickTime Streaming Servers. The vulnerability exists due to insufficient sanitization performed on some user-supplied input. Specifically, input supplied to the parse_xml.cgi is not sufficiently sanitized of pipe ('|') characters.

An attacker can exploit this vulnerability by submitting a specially crafted string to the parse_xml.cgi application that include malicious shell commands. These commands, when received by the Streaming Servers, will be executed and may be used to compromise a vulnerable system.

This vulnerability was originally described in BID 6932 "Multiple Remote QuickTime/Darwin Streaming Administration Server Vulnerabilities". It is now being assigned a separate BID.

8. Apple QuickTime/Darwin Streaming Administration Server Parse_XML.CGI Directory Listing Vulnerability BugTraq ID: 6955
Remote: Yes
Date Published: Feb 24 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6955
Summary:

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

The QuickTime/Darwin Streaming Adminstration Servers are used as a web interface for Streaming Server configuration. They are available for the Linux, Solaris, Microsoft Windows and MacOS X operating systems.

QuickTime/Darwin Streaming Administration Server is prone to an issue which may allow remote attackers to browse the contents of directories. This is due to insufficient sanitization of user-supplied input, which is passed through an open() function in the 'parse_xml.cgi' script.

Exploitation may lead to disclosure of sensitive information which may aid in further attacks against the system hosting the software. The attacker may need to view the source code of the page to view the directory listing output.

This vulnerability was originally described in BID 6932 "Multiple Remote QuickTime/Darwin Streaming Administration Server Vulnerabilities". It is now being assigned a separate BID.

9. Apple QuickTime/Darwin Streaming Server Parse_XML.CGI Cross-Site Scripting Vulnerability BugTraq ID: 6958
Remote: Yes
Date Published: Feb 24 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6958
Summary:

The Apple QuickTime/Darwin Streaming Servers are used as a web interface for Streaming Server configuration. They are available for the Linux, Solaris, Microsoft Windows and MacOS X operating systems.

The Apple QuickTime/Darwin Streaming Server is prone to cross-site scripting attacks. When an invalid filename is specified from this page, it is output to an error page without sufficient sanitization of HTML and script code. The filename may be specified as a URI parameter. This issue exists in the 'parse_xml.cgi' script.

An attacker may take advantage of this lack of sanitization to embed malicious HTML and script code in a link to the vulnerable script. If the link is visited, the attacker-supplied code may be interpreted in the web client of the user who visits the malicious link.

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Successful exploitation may allow the attacker to steal cookie-based authentication credentials from a legitimate user of the site hosting the software. Other attacks will also be possible.

This vulnerability was originally described in BID 6932 "Multiple Remote QuickTime/Darwin Streaming Administration Server Vulnerabilities". It is now being assigned a separate BID.

1. Apache Web Server ETag Header Information Disclosure Weakness BugTraq ID: 6939 Remote: Yes Date Published: Feb 25 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/6939 Summary:

Apache is a freely available web server. It is available for a variety of platforms including the Unix, Linux and, Microsoft Windows operating systems.

A cache management feature is available for Apache that makes use of an entity tag (ETag) header. When this option is enabled and a request is made for a document relating to a file, for caching purposes, an ETag response header is returned containing various file attributes. ETag information allows further requests for files to contain specific information, such as the file's inode number, which allows for faster lookup times.

A weakness has been found in the generation of ETag headers under certain configurations implementing the FileETag directive. Among the file attributes included in the header is the file inode number that is returned to a client. This poses a security risk, as this information may aid in launching attacks against other network-based services. For instance, NFS uses inode numbers to generate file handles.

OpenBSD has released a patch that addresses this issue. Inode numbers returned from the server are now encoded using a private hash to avoid the release of sensitive information.

Apache 1.3.22 and earlier are not configurable to disable the use of inodes in ETag headers. However, default behaviour in later versions will still release this sensitive information.

1. Microsoft Windows ME Help and Support Center Buffer Overflow Vulnerability BugTraq ID: 6966 Remote: Yes Date Published: Feb 26 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/6966 Summary:

Microsoft Windows ME contains a Help and Support Center (HSC) facility that provides help on several topics such as Windows features and hardware support. The HSC also contains a URI handler that allows pages to be opened through an hcp:// prefix.

Can we help you?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

The hcp:// prefix does not perform sufficient bounds checking on supplied input. This could allow an unusually long string supplied to the HSC through the URI handler to overrun the buffer. Arbitrary code could be executed on the system in the security context of the HSC.

This vulnerability could be exploited by including a malformed link using hcp:// prefixes in a web page or through HTML email.

A similar vulnerability was reported in the Windows XP Help and Support Center (BID 6802). These vulnerabilities may be related.

• Conflicting details have been reported about this vulnerability. The discoverer claims that the issue is cross site scripting that allows script code emebedded into the HCP URL to be executed. ActiveX controls and scripts could be executed without any warnings to the user and in the security context of the HSC. The following example of such a URL was provided by the discoverer: hcp://vulnerable_help_page.htm?topic=javascript:alert('Malicious script here can read, delete and execute any file')

The discoverer also claims that Windows XP without SP1 is also vulnerable to this issue, while Microsoft claims that it is not.

1. Electronic Arts Battlefield 1942 Remote Administration Authentication Buffer Overflow Vulnerability BugTraq ID: 6967 Remote: Yes Date Published: Feb 26 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/6967 Summary:

Battlefield 1942 is a video game distributed and maintained by Electronic Arts. The server software is available for the Linux and Microsoft Windows platforms.

A problem with the software could make it possible for a remote user to potentially perform denial of service or code execution.

It has been reported that Battlefield 1942 does not properly check input sent to the administration port of a game server. By sending a string of excessive length, a remote attacker could crash the server, resulting in a denial of service. A manual restart of the server process would be required to resume normal service.

The problem has been reported as a heap overflow in the authentication infrastructure for the game server. When a user with access to the administrative interface of the game server connects via default port 4711, a long string sent to the port will cause the corruption of heap memory. This could also potentially result in the overwriting of heap memory to execute malicious instructions with the privileges of the game server process. Execution of code through this vulnerability has not been confirmed.

1. InstantServer ISMail Remote User Fields Buffer Overflow Vulnerability BugTraq ID: 6972 Remote: Yes Date Published: Feb 27 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/6972 Summary:

Can't find what you're looking for?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

ISMail is a commercially available mail server implementation by InstantServers. It is available for the Microsoft Windows operating system.

A problem with ISMail could make it possible for a remote attacker to execute arbitrary code on systems using vulnerable software.

It has been reported that ISMail does not properly handle long strings under some circumstances. When an email containing specifically crafted strings in various fields of the email header is passed through the server, a buffer overflow occurs. This could be exploited to execute code on vulnerable server.

The problem is in the RCPT TO and FROM fields. When domain names of excessive length are supplied in these fields, a stack overflow occurs. This problem could be exploited to execute code with the privileges of the ISMail process, which is typically run as SYSTEM.

1. Netscape JavaScript Regular Expression Denial Of Service Vulnerability BugTraq ID: 6959 Remote: Yes Date Published: Feb 25 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/6959 Summary:

Netscape is a Web browser developed for a variety of platforms including Microsoft Windows and Linux and Unix variant operating environments.

It has been reported that Netscape based browsers may be vulnerable to a persistent denial of service condition when executing maliciously crafted JavaScript regular expression methods.

If a malicious page containing a specially crafted JavaScript regular expression method is viewed the browser reportedly becomes un-stable this may result in a critical failure of the affected browser. Specifically, by making a malformed split() function call, it is possible to trigger this Denial of Service condition.

This vulnerability was reported for Netscape version 7. It is not known if previous versions are also affected.

1. Typo3 Showpic.PHP File Enumeration Vulnerability BugTraq ID: 6982 Remote: Yes Date Published: Feb 28 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/6982 Summary:

Don't know where to look next?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

TYPO3 is a web-based content management system. It is available for Microsoft Windows operating systems and Unix and Linux variants.

TYPO3 is prone to a vulnerability that will allow remote attackers to enumerate whether or not files exist on the system hosting the software. This issue exists in the 'showpic.php' and 'thumbs.php' scripts and may be exploited by submitting a malicious request for a file (including the relative path). These scripts will return information about whether or not a file exists.

This type of information may be useful in mounting further attacks against the host system, since the scripts will reveal information about the layout of the host's filesystem.

1. Apple QuickTime/Darwin Streaming Server parse_xml.cgi File Disclosure Vulnerability BugTraq ID: 6990 Remote: Yes Date Published: Feb 28 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/6990 Summary:

QuickTime/Darwin Streaming Administration Server is server technology which allows you to send streaming QuickTime data to clients across the Internet.

A file retrieval vulnerability has been reported for QuickTime/Darwin Streaming Server (SS). The vulnerability exists due to insufficient sanitization of some parameters given to the parse_xml.cgi script. Specifically, directory traversal sequences are not sanitized from the value supplied to the 'filename' URI parameter. Information obtained in this manner may be used by an attacker to launch more organinzed attacks against a vulnerable system.

An attacker may exploit this vulnerability by making a request to the parse_xml.cgi script containing dot-dot-slash ('../') sequences followed by a filename. When the malicious request is processed, the Streaming Server will disclose the contents of the file to an attacker.

This vulnerability was tested on SS for Microsoft Windows systems. Linux versions of Darwin SS are reportedly not vulnerable to this issue.

1. Typo3 Log HTML Injection Vulnerability BugTraq ID: 6983 Remote: Yes Date Published: Feb 28 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/6983 Summary:

TYPO3 is a web-based content management system. It is available for Microsoft Windows operating systems and Unix and Linux variants.

Confused? Frustrated?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

TYP03 logs all system and access related errors in the TYPO3 database and provides a facility for administrators to view this information from the web. However, data is not sanitized of HTML before being logged. As a result, remote attackers may inject malicious HTML and script code into log files. When these logs are viewed, the hostile code will be interpreted in the web client of the user viewing the logs.

This may allow for theft of administrative cookie-based authentication credentials and other attacks.

1. Typo3 Translations.PHP Remote File Include Vulnerability BugTraq ID: 6984 Remote: Yes Date Published: Feb 28 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/6984 Summary:

TYPO3 is a web-based content management system. It is available for Microsoft Windows operating systems and Unix and Linux variants.

TYPO3 is prone to an issue that may allow remote attackers to include files located on attacker-controlled servers.

This vulnerability is as a result of insufficient sanitization performed on remote user supplied data used by a URI parameter of the 'translations.php' PHP page.

Under some circumstances, it is possible for remote attackers to influence the path for an include file to point to an external file by manipulating the '$ONLY' URI parameter.

If the remote file is a malicious file, this may be exploited to execute arbitrary system commands in the context of the web server.

1. Typo3 Translations.PHP File Disclosure Vulnerability BugTraq ID: 6985 Remote: Yes Date Published: Feb 28 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/6985 Summary:

TYPO3 is a web-based content management system. It is available for Microsoft Windows operating systems and Unix and Linux variants.

Call Pantek today for Open Source Technical Support at 1-877-546-8934 - 24/7/365

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

TYPO3 does not sufficiently sanitize input submitted via URI parameters of potentially malicious data. This issue exists in the 'translations.php' script. Specifically, variations of directory traversal sequences and null characters (%00) may be specified as a value for the 'ONLY' URI parameter. By submitting a malicious web request to this script that contains a relative path to a resource and a null character (%00), it is possible to retrieve arbitrary files that are readable by the web server process.

Successful exploitation will permit the attacker to gain access to sensitive information that may aid in mounting further attacks against the system hosting the software.

20. Typo3 Webroot Folders Information Disclosure Weakness BugTraq ID: 6988
Remote: Yes
Date Published: Feb 28 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6988
Summary:

TYPO3 is a web-based content management system. It is available for Microsoft Windows operating systems and Unix and Linux variants.

It has been reported that TYPO3 installs, by default, several directories into the TYPO3 webroot. These directories are reportedly readable or lacking sufficient authentication mechanisms and contain log, configuration and script files. This weakness may result in the disclosure of sensitive system based information to malicious web users.

The following directories and files have been reported to be prone to this issue: /install /fileadmin/ /typo3conf/

The information gathered as a result of this weakness may be used in further attacks against the system.

21. Typo3 HTML Hidden Form Field Information Disclosure Weakness BugTraq ID: 6993
Remote: Yes
Date Published: Feb 28 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6993
Summary:

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

TYPO3 is a web-based content management system. It is available for Microsoft Windows operating systems and Unix and Linux variants.

Clients of TYPO3 systems may access potentially sensitive data that have been obfuscated through hidden form fields. Such fields may contain potentially sensitive information which may provide determined attackers with valuable information which may be useful in exploiting other known issues in the software.

This vulnerability was reported for TYPO3 3.5b5.

22. Microsoft Outlook and Outlook Express Arbitrary Program Execution Vulnerability BugTraq ID: 6923
Remote: Yes
Date Published: Feb 24 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6923
Summary:

Microsoft Outlook and Outlook Express use Internet Explorer to render HTML email and newsgroup messages by default. When an HTML message is viewed, a temporary object is created in the Internet Explorer cache. The security zone applied to this cache should be the Internet Zone by default, as set by Internet Explorer.

It is possible to execute arbitrary programs through an object embedded within an HTML message viewed with Outlook or Outlook Express.

If an object embedded within the HTML message contains a CODEBASE reference to an executable file on the local system, the program file will be executed. The object must use a CLASSID that does not contain only zeroes.

It may also be possible for an attacker to place a file in a known temporary folder through other means and have it executed through this method.

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

This issue is similar in nature to BID 3867, which was reportedly fixed by Microsoft. It is possible that the issue was not correctly fixed in cases where Internet Explorer is used by another application to render HTML content. As a result, other applications that rely on Internet Explorer other than Outlook and Outlook Express may also be vulnerable to this issue.

23. Netscape Style Sheet Denial Of Service Vulnerability BugTraq ID: 6937
Remote: Yes
Date Published: Feb 25 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6937
Summary:

Netscape is a Web browser developed for a variety of platforms including Microsoft Windows and Linux and Unix variant operating environments.

It has been reported that Netscape based browsers may be vulnerable to a persistent denial of service or performance degradation condition when rendering certain style sheet code.

If a malicious page is viewed, the browser reportedly becomes unstable. One possible condition mentioned was critical failure of the browser while another condition reportedly utilized all CPU resources.

This vulnerability was reported for Netscape browser version 6 and 7. It is not known if previous versions are also affected.

24. Apple Quicktime/Darwin MP3 Broadcaster Filename Buffer Overrun Vulnerability BugTraq ID: 6957
Remote: Yes
Date Published: Feb 24 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6957
Summary:

The Apple QuickTime/Darwin MP3 Broadcaster is encoding software used to stream online broadcasts. They are available for the Linux, Solaris, Microsoft Windows and MacOS X operating systems.

Can we help you?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

A vulnerability has been discovered in MP3 Broadcaster. The problem occurs due to insufficient bounds checking on MP3 filenames. Processing an MP3 file with a name containing 256 or more bytes of data will trigger this condition. When this overflow occurs, sensitive locations in memory will be overwritten.

By overwriting sensitive memory, such as a return address, this issue may be exploitable by a remote attacker to execute arbitrary commands. All instructions run in this manner would be executed with the privileges of the user running the vulnerable application.

This vulnerability was originally described in BID 6932 "Multiple Remote QuickTime/Darwin Streaming Administration Server Vulnerabilities". It is now being assigned a separate BID.

25. Apple QuickTime/Darwin Streaming Server Malicious Port Request Code Injection Vulnerability BugTraq ID: 6960
Remote: Yes
Date Published: Feb 24 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6960
Summary:

The Apple QuickTime/Darwin Streaming Servers are used as a web interface for Streaming Server configuration. They are available for the Linux, Solaris, Microsoft Windows and MacOS X operating systems.

A problem with QuickTime/Darwin Streaming Server could make the execution of arbitrary script code possible.

It has been reported that a vulnerability exists in the handling of malicious requests for streaming media in the Apple QuickTime/Darwin Streaming Server. By placing a malicious request to the streaming port of the software, an attacker could potentially cause execution of script code in the security context of an administrator.

Because of the method in which the QuickTime/Darwin Streaming Server administrative interface handles log input, script code inserted into to log files by way of malicious streaming media requests would be executed in the security context of a vulnerable administrator. This is performed through the DESCRIBE option supplied through rtsp, and could result in the execution of malicious HTML and script code when logs containing injected code are viewed. The request will not be sanitized of script code when it is logged.

Can't find what you're looking for?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

This vulnerability was originally described in BID 6932 "Multiple Remote QuickTime/Darwin Streaming Administration Server Vulnerabilities". It is now being assigned a separate BID.

26. Opera Automatic Redirection Cross Site Scripting Vulnerability BugTraq ID: 6962
Remote: Yes
Date Published: Feb 26 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6962
Summary:

Opera is a web client available for a number of platforms, including Microsoft Windows, Linux and Unix variants and Apple MacOS.

A cross site scripting vulnerability has been reported in Opera browsers for Windows and Linux platforms. The vulnerability exists due to insufficient sanitization of some user-supplied input when redirecting visitors to another page or site. Specifically, Opera generates a temporary page to display a redirection URL. The generated page does not filter out any malicious HTML code before being displayed to a user.

When a user visits a site that redirects a user to another page, attacker-supplied script code will be interpreted by Opera in the security context of the malicious site.

Exploitation of this issue may enable an attacker to steal cookie-based authentication credentials of victim users. Other attacks are also possible.

This vulnerability was reported for Opera 7.01 and earlier for Windows operating systems and Opera 6 for Linux systems.

27. Netscape Communicator Password Disclosure Weakness BugTraq ID: 6981
Remote: No
Date Published: Feb 28 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6981
Summary:

Don't know where to look next?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Netscape Communicator is a combined web browser and e-Mail Client developed for a variety of platforms including Microsoft Windows, Linux and Unix variant operating environments.

It has been reported that the Netscape Communicator roaming profile function may store sensitive user credentials in the 'prefs.js' configuration file using plaintext or easily disclosed format.

This weakness may result in an attacker accessing sensitive user credentials that may be used in further attacks launched against the system.

Conflicting details have been reported suggesting that perhaps this issue may be due to a user initiated configuration change and that password data may be encrypted using a trivial XOR based encryption algorithm by default.

This report is closely related to the issue described in BID 6215.

28. Typo3 Runtime Error Page Information Disclosure Vulnerability BugTraq ID: 6986
Remote: Yes
Date Published: Feb 28 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6986
Summary:

TYPO3 is a web-based content management system. It is available for Microsoft Windows operating systems and Unix and Linux variants.

An information disclosure vulnerability has been reported for TYPO3. The vulnerability exists in several 'test', 'class' and 'library' scripts that are included with TYPO3.

Confused? Frustrated?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

These scripts may be forced to execute and generate runtime errors. When these errors occur, the scripts will output path information.

Information obtained in this manner may be used by an attacker to launch further attacks against a vulnerable system.

III. MICROSOFT FOCUS LIST SUMMARY

1. Hostname given to XP clients (Thread) Relevant URL:

http://online.securityfocus.com/archive/88/313437

2. DMZ boxes in the domain - Bad moderator (Thread) Relevant URL:

http://online.securityfocus.com/archive/88/313394

3. How do you patch yours? (was: Monitor Services on Windows machines) (Thread) Relevant URL:

http://online.securityfocus.com/archive/88/313388

Call Pantek today for Open Source Technical Support at 1-877-546-8934 - 24/7/365

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

4. Monitor Services on Windows machines (Thread) Relevant URL:

http://online.securityfocus.com/archive/88/313373

5. [despammed] Utility to determine who deteled files (Thread) Relevant URL:

http://online.securityfocus.com/archive/88/313293

6. Utility to determine who deteled files (Thread) Relevant URL:

http://online.securityfocus.com/archive/88/313318

7. Administrivia: Results (Thread)
Relevant URL:

http://online.securityfocus.com/archive/88/313254

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

8. Article Announcement: Exchange 2000 in the Enterprise: Tips and Tricks Part Three (Thread) Relevant URL:

http://online.securityfocus.com/archive/88/313264

9. One Time Passwords (Thread)
Relevant URL:

http://online.securityfocus.com/archive/88/313236

1. DMZ boxes in the domain (Thread) Relevant URL:

http://online.securityfocus.com/archive/88/313289

1. Windows2000 QuickLaunch (Thread) Relevant URL:

http://online.securityfocus.com/archive/88/313266

1. MS ISA Logs - Listing IP Addresses v. NetBIOS names (Thread) Relevant URL:

http://online.securityfocus.com/archive/88/313235

1. Antwort: Monitor Services on Windows machines (Thread) Relevant URL:

http://online.securityfocus.com/archive/88/313120

1. SecurityFocus Microsoft Newsletter #126 (Thread) Relevant URL:

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

http://online.securityfocus.com/archive/88/313111

1. Administrivia (Thread) Relevant URL:

http://online.securityfocus.com/archive/88/313004

1. MS Software Update Service (Thread) Relevant URL:

http://online.securityfocus.com/archive/88/313012

1. Windows 2000 Static arp not static (Thread) Relevant URL:

http://online.securityfocus.com/archive/88/313025

IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS

1. AbsoluteShield Internet Eraser Pro by SysShield Consulting, Inc Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP Relevant URL: http://www.internet-track-eraser.com/ Summary:

AbsoluteShield Internet Eraser protects your privacy by cleaning up all the tracks of your Internet and computer activities. The tool is integrated with IE and it can erase the browser cache, history, cookies, typed URLs, autocomplete list and so on in one click. You can also set the tool to automatically erase those tracks when you quit IE or quit Windows. The tool is also featured to erase the disk free space and has the open plugin support. With the plugin support, AbsoluteShield Internet Eraser now supports to erase the tracks left by any applications. We currently offer more than 20 plugins which supports the most popular programs such as MS Office, WinZip, UltraEdit, RealPlayer, Media Player... Beside the ability to erase the tracks of your Internet and computer activities, the tool also has an integrated, small, configurable and intelligent Ad window and popup blocker.

2. InTrust
by Aelita Software
Platforms: Windows 2000, Windows NT
Relevant URL:
http://www.aelita.com/products/intrust.htm Summary:

InTrust, formerly EventAdmin, offers consolidated security auditing and monitoring for Windows-centric and heterogeneous networks. Together,Aelita Enterprise Directory Reporter and InTrust fill the security gap between corporate policies and IT infrastructure.

Can we help you?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

3. iPrism
by St. Bernard Software
Platforms: N/A
Relevant URL:
http://www.stbernard.com/products_iprism.asp Summary:

iPrism is the premier plug and play Internet appliance that enables organizations to monitor and control Internet access, making the Internet a more productive environment for employees. It reduces management problems and legal liability for administrators, managers and executives by allowing precise tailoring and enforcement of Acceptable Use Policies for Internet access. Our I-Guard technology sets us apart because our URL review utilizes artificial intelligence combined with human review of each and every site. I-Guard categorization makes our database as accurate as possible, so you can be sure the right sites are blocked or available.

V. NEW TOOLS FOR MI