SecurityFocus Microsoft Newsletter #129

SecurityFocus Microsoft Newsletter #129

This Issue is Sponsored By: NetIQ

Need security policies? Don't start from scratch..."Information Security Policies Made Easy" is the best security policy resource guide you can buy with 1300+ ready-to-use security policies that can be quickly customized for any company. Build best practice security policies in half the time and expense. Also check out "Information Security Roles & Responsibilities Made Easy. "

Download a free policy now at http://www.netiq.com/order/publications.asp

I. FRONT AND CENTER

1. Open Source Honeypots, Part Two: Deploying Honeyd in the Wild
2. IP Spoofing: An Introduction
3. Iraqi Cyberwar: an Ageless Joke
4. SecurityFocus DPP Program II. MICROSOFT VULNERABILITY SUMMARY
5. DBTools DBManager Professional Information Disclosure Weakness
6. Ethereal SOCKS Dissector Format String Vulnerability
7. Ethereal NTLMSSP Dissector Heap Corruption Vulnerability
8. MySQL mysqld Privilege Escalation Vulnerability
9. PHP-Nuke Multiple SQL Injection Vulnerabilities
10. NetScreen ScreenOS Loss of Configuration Vulnerability
11. DeleGate HTTP Proxy Robot.TXT User-Agent: Buffer Overflow...
12. Multiple PHP-Nuke Forums/Private_Messages SQL Injection...
13. SaveMyModem Statusbar_Set_Text Buffer Overflow Vulnerability
14. Microsoft Windows XP Safe Mode Policy Bypass Weakness
15. PHPPing Remote Command Execution Vulnerability
16. Opera Long Filename Download Buffer Overrun Vulnerability
17. Microsoft Internet Explorer .MHT File Buffer Overflow... III. MICROSOFT FOCUS LIST SUMMARY
18. SQL Service Pack doesn't upgrade SQL Server (Thread)
19. Exchange/MAPI/RPC (Thread)
20. DisableIPSourceRouting registry key (Thread)
21. SecurityFocus Microsoft Newsletter #128 (Thread)
22. AW: Exchange/MAPI/RPC (Thread)
23. SV: DisableIPSourceRouting registry key (Thread)
24. Worm.Dvldr analysis report (Thread)
25. Article Announcement: Cryptographic Filesystems: Design and...
26. Free SQL chapter available on www.SpecialOpsSecurity.com (Thread)
27. AD replication - IP site to site encryption? (Thread)
28. User rights on Terminal Services (Thread) IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
29. EverLink SRAC Gateway
30. iChain
31. NetOp Remote Control
32. NEW TOOLS FOR MICROSOFT PLATFORMS
33. WaveLock v1.0
34. NtDump v1
35. SMAC v1.0 VI. SPONSOR INFORMATION
36. FRONT AND CENTER

    ---

37. Open Source Honeypots, Part Two: Deploying Honeyd in the Wild By Lance Spitzner

This is the second part of a three-part series looking at Honeyd, the open source honeypot. In this paper we we will deploy Honeyd on the Internet for one week and watch what happens. The intent is to test Honeyd by letting real bad guys interact with and attack it. We will then analyze how the honeypot performed and what it discovered

http://www.securityfocus.com/infocus/1675

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

2. IP Spoofing: An Introduction
by Matthew Tanase

Criminals have long employed the tactic of masking their true identity, from disguises to aliases to caller-id blocking. It should come as no surprise then, that criminals who conduct their nefarious activities on networks and computers should employ such techniques. IP spoofing is one of the most common forms of on-line camouflage. In IP spoofing, an attacker gains unauthorized access to a computer or a network by making it appear that a malicious message has come from a trusted machine by spoofing” the IP address of that machine. In this article, we will examine the concepts of IP spoofing: why it is possible, how it works, what it is used for and how to defend against it.

http://www.securityfocus.com/infocus/1674

3. Iraqi Cyberwar: an Ageless Joke
By George Smith

Did U.S. infowar commandos smuggle a deadly computer virus into Iraq inside a printer? Of course not. So why does it keep getting reported?

http://www.securityfocus.com/columnists/147

4. SecurityFocus DPP Program

Attention Universities!! Sign-up now for preferred pricing on the only global early-warning system for cyber attacks - SecurityFocus DeepSight Threat Management System.

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Click here for more information:
http://www.securityfocus.com/corporate/products/dpsection.shtml

II. BUGTRAQ SUMMARY

1. DBTools DBManager Professional Information Disclosure Weakness BugTraq ID: 7040 Remote: No Date Published: Mar 07 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7040 Summary:

DBManager Professional is database management software for MySQL and PostgreSQL. It is available for Microsoft Windows operating systems.

Sensitive DBManager Professional configuration information, including authentication credentials, is stored in plaintext on the system hosting the software. This information is typically stored in the "catalog.mdb" in the "DATA" directory of the program folder.

It has been reported that this information may also be readable by other local users in the default installation of the software. As a result, sensitive information which is sufficient to compromise the database may be exposed to malicious local users.

2. Ethereal SOCKS Dissector Format String Vulnerability BugTraq ID: 7049
Remote: Yes
Date Published: Mar 08 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7049
Summary:

Ethereal is a freely available, open source network traffic analysis tool. It is maintained by the Ethereal Project and is available for most Unix and Linux variants as well as Microsoft Windows operating systems.

The Ethereal SOCKS dissector is a mechanism for decoding the SOCKS protocol. A format string vulnerability has been reported in some versions of this dissector. The vulnerability exists in the packet-socks.c source file.

Can we help you?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

An attacker can exploit this vulnerability by connecting to a vulnerable SOCKS server and sending malicious format string specifiers to the SOCKS server. If Ethereal is being used as a security tool to monitor network packets, it is possible that sensitive memory may be corrupted.

This has been confirmed to result in a denial of service condition. Additionally, it may be possible to cause Ethereal to execute malicious attacker-supplied code.

This vulnerability affects Ethereal 0.9.9 and earlier.

3. Ethereal NTLMSSP Dissector Heap Corruption Vulnerability BugTraq ID: 7050
Remote: Yes
Date Published: Mar 08 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7050
Summary:

Ethereal is a freely available, open source network traffic analysis tool. It is maintained by the Ethereal Project and is available for most Unix and Linux variants as well as Microsoft Windows operating systems.

The NTLMSSP (NTLM Security Support Provider) dissector is a mechanism for evaluating packets that use the NTLM protocol. A heap corruption vulnerability has been reported for some versions of the dissector.

The precise technical details of this vulnerability are currently unknown. This BID will be updated as further information is available.

An attacker may be able to exploit this vulnerability by crafting a specially formed packet and sending it to a system using the NTLMSSP dissector or by convincing a victim user to use Ethereal to read a malformed packet trace file.

Can't find what you're looking for?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Due to the nature of this vulnerability it may be possible for an attacker to create a situation in which sensitive memory could be overwritten. If successful this may allow for the execution of arbitrary code with the privileges of the Ethereal process.

This vulnerability affects Ethereal 0.9.9 and earlier.

4. MySQL mysqld Privilege Escalation Vulnerability BugTraq ID: 7052
Remote: Yes
Date Published: Mar 08 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7052
Summary:

MySQL is an open source relational database project. It is available for the Microsoft Windows, Linux, and Unix operating systems.

A vulnerability has been discovered for MySQL that may allow the mysqld service to start with elevated privileges.

MySQL uses a series of configuration files to set the privileges of the service. The configuration files are typically stored in /etc/my.cnf, DATADIR/my.cnf and ~/.my.cnf. When executed, the mysqld service reads configuration information from /etc/my.cnf first, then DATADIR/my.cnf and finally ~/.my.cnf.

An attacker can exploit this vulnerability by creating a DATADIR/my.cnf that includes the line 'user=root' under the '[mysqld]' option section. Furthermore, the ~/.my.cnf file must not exist.

When the mysqld service is executed, it will run as the root user instead of the default user.

Don't know where to look next?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

This may allow an attacker to obtain elevated privileges on a compromised system.

This vulnerability was reported for MySQL 3.23.55.

5. PHP-Nuke Multiple SQL Injection Vulnerabilities BugTraq ID: 7031
Remote: Yes
Date Published: Mar 06 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7031
Summary:

PHP-Nuke is a web-based portal system. Implemented in PHP, it is available for a range of systems, including Unix, Linux, and Microsoft Windows.

Multiple SQL injection vulnerabilities were reported in the 'Members_List' and 'Your_Account' modules of PHP-Nuke. This is due to insufficient sanitization of externally supplied data which is used to construct SQL queries. This data may be supplied via URI parameters in requests for certain module functions. A remote attacker may take advantage of these issues to inject malicious data into SQL queries, possibly resulting in modification of query logic.

The consequences may vary depending on the particular database implementation and the nature of the specific queries. At the very least, it is possible to compromise the PHP-Nuke web portal. SQL injection also makes it possible, under some circumstances, to exploit vulnerabilities that may exist in the database implementation.

This BID will be divided into separate BIDs for each distinct issue and retired when further analysis of these vulnerabilities is complete.

6. NetScreen ScreenOS Loss of Configuration Vulnerability BugTraq ID: 7042
Remote: Yes
Date Published: Mar 07 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7042
Summary:

Confused? Frustrated?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

NetScreen is a line of Internet security appliances integrating firewall, VPN and traffic management features. ScreenOS is the software used to manage and configure the firewall. NetScreen supports Microsoft Windows 95, 98, ME, NT and 2000 clients.

Under certain circumstances, the device may lose its configuration during periods of heavy load.

When the configuration is lost, the device will revert to its factory configuration settings, which rejects all inbound traffic on the untrusted interface. At the same time, the device will NAT all traffic on the trusted interface to the untrusted interface. The external network will not be accessible to the internal network since the device no longer has a default route defined. This results in a denial of service to external hosts requiring access to resources behind the device and internal hosts requiring access to resources on the external network.

In addition, if the default settings are considered insecure, this condition may result in an exposure.

7. DeleGate HTTP Proxy Robot.TXT User-Agent: Buffer Overflow Vulnerability BugTraq ID: 7054
Remote: Yes
Date Published: Mar 10 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7054
Summary:

DeleGate is an open source proxy server developed by Yutaka Sato. DeleGate allows for proxying of several application protocols, including HTTP. It is available for multiple platforms, including Microsoft Windows and Unix and Linux variants.

The DeleGate HTTP Proxy component is prone to a remotely exploitable buffer overflow vulnerability. This is due to insufficient bounds checking of User-Agent: fields in remote 'robot.txt' files. It is reported that it is possible to trigger this issue by specifying multiple lines of User-Agent: data in the file, which will cause an internal array of pointers to be overflowed with attacker-supplied data. This will occur when a malicious 'robot.txt' file is retrieved via the proxy.

Successful exploitation may result in execution of malicious code in the security context of the DeleGate proxy server.

Call Pantek today for Open Source Technical Support at 1-877-546-8934 - 24/7/365

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

This issue was reported in DeleGate versions 8.3.4 and 8.4.0. Other versions may also be affected.

8. Multiple PHP-Nuke Forums/Private_Messages SQL Injection Vulnerabilities BugTraq ID: 7060
Remote: Yes
Date Published: Mar 10 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7060
Summary:

PHP-Nuke is a web-based portal system. Implemented in PHP, it is available for a range of systems, including Unix, Linux, and Microsoft Windows.

Multiple SQL injection vulnerabilities were reported in the Forums scripts and 'Private_Messages' module of PHP-Nuke. This is due to insufficient sanitization of externally supplied data which is used to construct SQL queries. This data may be supplied via URI parameters in requests for certain functions. A remote attacker may take advantage of these issues to inject malicious data into SQL queries, possibly resulting in modification of query logic.

The consequences may vary depending on the particular database implementation and the nature of the specific queries. At the very least, it is possible to compromise the PHP-Nuke web portal. SQL injection also makes it possible, under some circumstances, to exploit vulnerabilities that may exist in the database implementation.

This BID will be divided into separate BIDs for each distinct issue and retired when further analysis of these vulnerabilities is complete.

9. SaveMyModem Statusbar_Set_Text Buffer Overflow Vulnerability BugTraq ID: 7068
Remote: Yes
Date Published: Mar 10 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/7068
Summary:

SaveMyModem is mail filtering software. It is available for Microsoft Windows and Unix and Linux platforms.

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

SaveMyModem is prone to a buffer overflow in the 'statusbar_set_text' function. In some instances, this function will be called with externally supplied data, such as when messages are processed. The vulnerable function includes a call to vsnprintf(), specifying a source buffer that is much larger than the destination buffer.

When the vulnerable function is called with externally supplied data, it may be possible to corrupt sensitive regions of data. This may potentially occur if a message is processed with an excessively long subject.

Successful exploitation will result in code execution in the context of the SaveMyModem process.

1. Microsoft Windows XP Safe Mode Policy Bypass Weakness BugTraq ID: 7046 Remote: No Date Published: Mar 07 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7046 Summary:

Microsoft Windows allows users to start the operating system in "Safe Mode" to allow troubleshooting of configuration settings and device driver conflicts.

The Microsoft Knowledgebase states that only members of the local Administrators group are able to log in to a system that has been started in Safe Mode.

When the Windows XP "Welcome Screen" is enabled, it is possible for unprivileged users to log into the system when it is started in Safe Mode. Normally in Safe Mode with the Welcome Screen enabled, only the names of administrative accounts are visible. If the user holds down the left CTRL and ALT keys and presses delete twice, the normal login prompt will be displayed. At this point, an unprivileged user can log in to the system in Safe Mode.

1. PHPPing Remote Command Execution Vulnerability BugTraq ID: 7030 Remote: Yes Date Published: Mar 06 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7030 Summary:

PHPPing is a PHP script designed to test to see whether hosts are alive on a network. It is designed to be used in a networked Microsoft Windows environment.

A vulnerability has been reported in PHPPing that may allow remote attackers to execute commands on vulnerable systems.

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

The vulnerability exists in the index.php script file. Specifically, the variable $cible is not properly sanitized of malicious shell metacharacters. An attacker can exploit this vulnerability by executing the PHPPing script and include malicious shell metacharacters as values for the $cible parameter.

This vulnerability was reported for PHPPing 0.1.

1. Opera Long Filename Download Buffer Overrun Vulnerability BugTraq ID: 7056 Remote: Yes Date Published: Mar 10 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7056 Summary:

Opera is a web browser available for a number of platforms, including Microsoft Windows, Linux and Unix variants and Apple MacOS.

A vulnerability has been discovered in various versions of Opera on the Microsoft Windows platform.

When specific types of files are downloaded by Opera, the transfer is displayed within a 'Download Dialog'. Due to insufficient bounds checking when processing the requested filename, it may be possible for memory to be corrupted.

Specifically, when a filename is to be displayed within the 'Download Dialog' the type of file must be verified. When this occurs, the filename in question is copied into a static buffer on the stack.

By hosting a downloadable file containing a name of excessive length, it may be possible for an attacker to overwrite sensitive memory locations within Opera. Successful exploitation of this issue would result in the execution of arbitrary attacker-supplied commands.

It should be noted that this issue affects Opera versions 6 and 7 on the Microsoft Windows platform.

1. Microsoft Internet Explorer .MHT File Buffer Overflow Vulnerability BugTraq ID: 7057 Remote: Yes Date Published: Mar 10 2003 12:00AM Relevant URL: http://www.securityfocus.com/bid/7057 Summary:

Can we help you?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Microsoft Internet Explorer allows a web page and all content embedded within to be saved in a Web Archive format using Multipurpose Internet Mail Extension HTML (MHTML) format. This format saves the entire page and all the embedded content as a single .mht file.

The .mht files are encoded and decoded by the inetcomm.dll component. This component does not appear to perform sufficient bounds checking on the .mht files.

If encoded data within the .mht file is designated as executable or the Content-Type is not defined and has a single word 'MZP' encoded within, a buffer will be overrun and Internet Explorer will fail. If the encoded content begins with 'TvPQ' it will be interpreted by Internet Explorer as a Win32 executable file, but inetcomm.dll will decode it as plain text data and assign a small buffer to the data.

Internet Explorer creates a stream for the executable file with a smaller buffer than is required by the Base64 decoder. This results in the buffer being overrun and Internet Explorer failing. The EIP register may also be overwritten, potentially allowing for execution of arbitrary code within the security context of Internet Explorer.

The Web Archive feature was introduced in Internet Explorer 5, therefore earlier versions are not affected. Outlook Express must be installed in order to obtain the Web Archive functionality through Internet Explorer.

Applications that use Internet Explorer to render HTML content, such as Outlook and Outlook Express, may also be indirectly vulnerable. An HTML email message containing a malicious .mht file would be executed by Internet Explorer.

III. MICROSOFT FOCUS LIST SUMMARY

1. SQL Service Pack doesn't upgrade SQL Server (Thread) Relevant URL:

http://online.securityfocus.com/archive/88/314825

Can't find what you're looking for?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

2. Exchange/MAPI/RPC (Thread)
Relevant URL:

http://online.securityfocus.com/archive/88/314807

3. DisableIPSourceRouting registry key (Thread) Relevant URL:

http://online.securityfocus.com/archive/88/314667

4. SecurityFocus Microsoft Newsletter #128 (Thread) Relevant URL:

http://online.securityfocus.com/archive/88/314565

5. AW: Exchange/MAPI/RPC (Thread)
Relevant URL:

http://online.securityfocus.com/archive/88/314561

Don't know where to look next?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

6. SV: DisableIPSourceRouting registry key (Thread) Relevant URL:

http://online.securityfocus.com/archive/88/314493

7. Worm.Dvldr analysis report (Thread)
Relevant URL:

http://online.securityfocus.com/archive/88/314519

8. Article Announcement: Cryptographic Filesystems: Design and Implementation (Thread) Relevant URL:

http://online.securityfocus.com/archive/88/314351

9. Free SQL chapter available on www.SpecialOpsSecurity.com (Thread) Relevant URL:

http://online.securityfocus.com/archive/88/314324

1. AD replication - IP site to site encryption? (Thread) Relevant URL:

Confused? Frustrated?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

http://online.securityfocus.com/archive/88/314292

1. User rights on Terminal Services (Thread) Relevant URL:

http://online.securityfocus.com/archive/88/314294

IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS

1. EverLink SRAC Gateway by Anyware Technology Platforms: N/A Relevant URL: http://www.anywareusa.com/products/srac_gateway.htm Summary:

EverLink SRAC Gateway is a high performance network appliance that integrates many security technologies into a simple network device. Operating at the application layer, the Gateway allows enterprises to build fully secured Virtual Private Network as easy as PLUG AND PLAY. By incorporating all authentication methods, including PKI and dynamic password, the Gateway provides the most thorough check of a user's identity. For those who have installed VPNs, the Gateway provides enterprises with significant added functionalities and security features to instantly accommodate mobile users anywhere in the world.

2. iChain
by Novell
Platforms: N/A
Relevant URL:
http://www.novell.com/products/ichain/
Summary:

iChain provides identity-based web security services that control access to application and network resources across technical and organizational boundaries, as one Net.

3. NetOp Remote Control
by CrossTec Corporation
Platforms: DOS, Linux, OS/2, Windows 2000, Windows 95/98, Windows CE, Windows NT, Windows XP
Relevant URL:
http://www.crossteccorp.com/netopremote/index.html Summary:

With New NetOp Remote Control v7.5 you can easily reach any Windows, Linux, Sun Solaris or legacy OS/2 and DOS PC from your desktop or even via any Internet connected PC via our new IE browser Guest. View the remote PC's screen, control its keyboard and mouse, synchronize files, inventory its hardware and software, launch applications or chat with someone at the remote PC -- just as if you were seated at that computer.

Call Pantek today for Open Source Technical Support at 1-877-546-8934 - 24/7/365

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

V. NEW TOOLS FOR MICROSOFT PLATFORMS

1. WaveLock v1.0 by SecureWave http://www.securewave.com Relevant URL: http://www.securewave.com/products/free_utilities/wavelock.html Platforms: Windows 2000, Windows NT, Windows XP Summary:

Windows 2000 and Windows XP come with drivers for several wireless LAN ("WLAN") adapters; installation requires only insertion of one of those adapters. Administrative privileges are not required, as no new drivers must be registered with the operating system. WaveLock assists in enforcing security policies by blocking access to these adapters, making it harder to circumvent firewalls, filters, proxies, and other required safeguards.

To install WaveLock, download and uncompress wavelock.zip. Execute the resulting wavelock.msi file (a Windows Installer setup), which installs wavelock.sys. Reboot to load and activate WaveLock.

A list of the wireless network adapters supported out-of-the-box on Windows 2000 and Windows XP can be found below. Note that WaveLock cannot know about and will therefore not block additional drivers installed by administrators.

2. NtDump v1
by Ben Maurer bmaurer@users.sf.net
Relevant URL:
http://ntdump.sourceforge.net/
Platforms: Windows 2000, Windows NT
Summary:

NtDump allows the dumping of password hashes and LSA secrets on Windows NT computers. NtDump is small as so to reduce network traffic. It is also able to run in a batch-mode in which it can dump from multiple computers with maximum performance.

3. SMAC v1.0
by KLC Consulting Security Team
Relevant URL:
http://www.klcconsulting.net/smac/
Platforms: Windows 2000, Windows XP
Summary:

SMAC is a free GUI tool, which allows users to change MAC address for almost any Network Interface Cards (NIC) on the Windows 2000 and XP systems, whether the manufactures allow this option or not.

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

SMAC does not change the hardware burned-in MAC addresses. It is not necessary. SMAC changes the "software based" MAC addresses on the Windows 2000 & XP systems, and the new MAC addresses you change will sustain from the reboots.

VI. SPONSOR INFORMATION

Need security policies? Don't start from scratch..."Information Security Policies Made Easy" is the best security policy resource guide you can buy with 1300+ ready-to-use security policies that can be quickly customized for any company. Build best practice security policies in half the time and expense. Also check out "Information Security Roles & Responsibilities Made Easy. "

Download a free policy now at http://www.netiq.com/order/publications.asp