Power Hacker 2003

home *** CD-ROM | disk | FTP | other *** search

/ Power Hacker 2003 / Power_Hacker_2003.iso / E-zine / Magazines / winsd / nt.security.update.120899.txt < prev next >

Wrap

Text File | 2002-05-27 | 70.4 KB | 1,526 lines

********************************************************** WINDOWS NT MAGAZINE SECURITY UPDATE **Watching the Watchers** The weekly Windows NT security update newsletter brought to you by Windows NT Magazine and NTsecurity.net http://www.winntmag.com/update/ ********************************************************** This week's issue sponsored by: Norton 2000 Corporate Edition from Symantec http://www.symantec.com/specprog/sym/12899a.html Stac Announces Replica NDM V2.0 http://www.stac.com/laptop (Below Security Roundup) |-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+- December 8, 1999 - In this issue: 1. IN FOCUS - Are You Certain You're Ready for Y2K? 2. SECURITY RISKS - IE 5.0 WPAD Spoofing - IIS ISAPI Filter Plain Text Leak - FTP Serv-U Subject to Denial of Service - IE 5.0 Subject to Frame Spoofing 3. ANNOUNCEMENTS - Windows NT Magazine Launches ASP Email Newsletter - The Bean Counter, the Techie, and the Future of Business Intelligence - Security Poll: Which Security-Related Management Skills Do You Desire Most? 4. SECURITY ROUNDUP - News: MiniZip Virus on the Loose - News: Symantec Detects Babylonia Computer Virus - News: Y2K-Specific Worm 5. NEW AND IMPROVED - Desktop Virus Protection - Authentication Tokens 6. HOT RELEASES - K-Force - VeriSign - The Internet Trust Company 7. SECURITY TOOLKIT - Book Highlight: Network Security: In a Mixed Environment - Tip: Listing Administrative Users - HowTo: More Windows 2000 Topics, Acronyms, and Concepts 8. HOT THREADS - Windows NT Magazine Online Forums: * Hacker - What Can I Do? - Win2KSecAdvice Mailing List: * SP6a Included Security Fixes? * SQL 7 Magic Packet Denial of Service - HowTo Mailing List: * PDC Multi-Homed * Local Group Listing Utility * Sync Time on Domain Computers ~~~~ SPONSOR: NORTON 2000 CORPORATE EDITION FROM SYMANTEC ~~~~ Norton 2000 gives you an easy, reliable, and flexible way to identify Year 2000 desktop anomalies in applications and documents, to repair potentially damaging files, and to fix system clocks and BIOS. Norton 2000 scans for two-digit dates in spreadsheet cells and formulas, database fields, forms and text, and includes a reliable fix assistant for Microsoft Excel files. It also checks desktop applications for compliance, includes a SQL database component for roll-up graphing and analysis, and it easily integrates with Norton System Center to support one-console administration. http://www.symantec.com/specprog/sym/12899a.html ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Want to sponsor Windows NT Magazine Security UPDATE? Contact Vicki Peterson (Western and International Advertising Sales Manager) at 877- 217-1826 or vpeterson@winntmag.com, OR Tanya T. TateWik (Eastern Advertising Sales Manager) at 877-217-1823 or ttatewik@winntmag.com. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 1. ========== IN FOCUS ========== Hello everyone, Do you have all your Y2K remedies and prevention in place? Are you sure? What about viruses, Trojans, and worms? How will you cover your bases in that area? If you don't think viruses and worms pose a Y2K threat, think again. Researchers have reported at least two new Y2K-centric virus and worm strains in recent weeks. Granted, you can head over to your favorite antivirus software vendor site and download the latest signature detection update files, but think about that action for a moment. You're downloading signatures of viruses and worms that the vendor knows about, and that's the key to any viral or worm detection and eradication: knowledge. The reality is that any number of undetected viruses and worms might be out there waiting to trigger on a given date in the year 2000. The problem is that we just don't know what's out there, and outside of a good file and system integrity checker, you have no way to guarantee that such code hasn't entered your system. The way you'll find out about a Y2K-based infection is when a virus or worm actually activates. Quite a dilemma, don't you think? Certainly, you can roll a computer's date forward to see how your system reacts, but that approach isn't really adequate to cover all the bases when it comes to viruses and worms. For example, what if a given virus or worm only triggers at a specific time of day? How can you test all the possible time combinations for an entire year? Realistically, you can't. The alternative route to date and time trigger checking is comparative analysis. You can feasibly compare aspects of any system in question against aspects of a similar system that is known to be tamper-free. By examining Registry entries, file dates, and checksums, you might be able to detect potential infection before that infection becomes a serious problem. With either route, the course is tough and time-consuming. Comparative checks are certainly more time-conservative and beneficial than date- and time-based testing alone, but even so, there is no guarantee that something is not amiss. Can you accept that risk? Perhaps your situation forces you to accept it, but perhaps not. I've read messages on our HowTo for Security mailing list in which people have indicated they will power down their Exchange servers and other mission-critical systems to wait and see how the date rollover affects others around the world. I like that approach, but not everyone has the luxury of taking that course. The bottom line is that you should protect your system's integrity from the start with utilities such as TripWire (http://www.tripwiresecurity.com/) and use a good antivirus scanner that fits your needs. In addition, handle all email messages with caution until you're certain they're harmless. Do those things and you'll significantly reduce the amount of worry you'll experience regarding viruses and worms both now and in the future. Using real-time integrity checkers and adequate email practices in addition to up-to-date antivirus software will lessen the likelihood that your servers or workstations will get hammered into bits of useless data. As you know, an ounce of prevention is worth a pound of cure. Until next time, have a great week. Sincerely, Mark Joseph Edwards, News Editor mark@ntsecurity.net 2. ========== SECURITY RISKS ========= (contributed by Mark Joseph Edwards, http://www.ntsecurity.net) * IE 5.0 WPAD SPOOFING Tim Adam reported a problem with Internet Explorer (IE) 5.0 that affects the Web Proxy Auto-Discovery (WPAD) protocol. According to Microsoft's bulletin, "The IE 5 Web Proxy Auto-Discovery (WPAD) feature enables Web clients to automatically detect proxy settings without user intervention. The algorithm used by WPAD prepends the hostname 'wpad' to the fully qualified domain name and progressively removes subdomains until it either finds a WPAD server answering the hostname or reaches the third-level domain. A vulnerability arises because in international usage, the third-level domain might not be trusted. A malicious user could set up a WPAD server and serve proxy configuration commands of his or her choice." Microsoft has released IE 5.01 (a new version), which remedies this problem. Be sure to read the FAQ regarding this matter. http://www.ntsecurity.net/go/load.asp?iD=/security/ie56.htm http://www.microsoft.com/security/bulletins/MS99-054faq.asp * IIS ISAPI FILTER PLAIN TEXT LEAK Microsoft reported a vulnerability in the Secure Sockets Layer (SSL) ISAPI filter shipped with Internet Information Server (IIS) 4.0 and Site Server 3.0. Other Microsoft products also use the filter. According to Microsoft's report, "If called by a multi-threaded application under very specific, and fairly rare, circumstances, a synchronization error in the filter could allow a single buffer of plain text to be transmitted back to the data's owner." Microsoft has issued a patch for Intel and Alpha and a FAQ regarding this matter. http://www.ntsecurity.net/go/load.asp?iD=/security/iis2.htm http://www.microsoft.com/security/bulletins/MS99-053faq.asp * FTP SERV-U SUBJECT TO DENIAL OF SERVICE UssrLabs reported a possible denial of service (DoS) attack against Deerfield.com's FTP Serv-U 2.5a caused by a buffer overflow condition. A malformed SITE command causes the buffer overflow condition. Deerfield.com is aware of the problem and has issued a patched version of the software in FTP Serv-U 2.5b. http://www.ntsecurity.net/go/load.asp?iD=/security/servu1.htm http://ftpserv-u.deerfield.com/download.cfm * IE 5.0 SUBJECT TO FRAME SPOOFING Georgio Guninski reported a problem with Internet Explorer (IE) 5.0 that lets frame spoofing take place. The problem can let an intruder fool unsuspecting users into thinking they are visiting a trusted site, when in fact, they are not. Microsoft has issued no comment regarding this matter. To protect yourself against such attacks, be sure to read the instructions at the Web page listed below. http://www.ntsecurity.net/go/load.asp?iD=/security/ie55.htm 3. ========== ANNOUNCEMENTS ========== * WINDOWS NT MAGAZINE LAUNCHES ASP EMAIL NEWSLETTER Stay current with the latest industry news and trends of the exciting new application service provider (ASP) marketplace with ASP Review UPDATE, a free bi-weekly email newsletter. With coverage of industry players, available and emerging technologies, and tips on how to evaluate service providers, ASP Review UPDATE is a must-read for IT and business professionals who want to stay at the forefront of their business. Enter your FREE subscription now at http://www.winntmag.com/sub.cfm?code=UP99INLUP. * THE BEAN COUNTER, THE TECHIE, AND THE FUTURE OF BUSINESS INTELLIGENCE Everybody knows what business intelligence can do for a company. We know what hidden information it can bring to light, what surprising opportunities it can uncover, what competition-squashing power it can unleash. But what are businesses really doing with it? Readers of Windows NT Magazine and Business Finance Magazine told us how they're applying business intelligence now and what they're planning in the future, and their answers don't always jibe. What does MIS know that Accounting doesn't? Find out at http://www.businessfinancemag.com/busint99.html. * SECURITY POLL: WHICH SECURITY-RELATED MANAGEMENT SKILLS DO YOU DESIRE MOST? Security training is a hot market right now. You might even have plans to take some classes. If you do have such plans, what type of security management skills do you desire most? Place your vote, and view the survey results at the URL below. http://www.ntsecurity.net/go/2c.asp?f=/polls.asp?idf=109&tb=p 4. ========== SECURITY ROUNDUP ========== * NEWS: MINIZIP VIRUS ON THE LOOSE The ExplorerZip Worm is back in the news again. Researchers have discovered a new rendition of the dangerous virus in the wild. The new version is compressed, letting it bypass detection routines that would capture and contain ExplorerZip. The new virus, ExplorerZipPack (or MiniZip), is very dangerous and spreading rapidly; therefore, you need to guard against it immediately. http://www.ntsecurity.net/go/2c.asp?f=/news.asp?IDF=188&TB=news * NEWS: SYMANTEC DETECTS BABYLONIA COMPUTER VIRUS Symantec discovered a new Y2K virus on December 6 that disguises itself as a Y2K fix. The virus is unique because it can download its viral components from the Internet. When the virus executes, it will wait for an Internet connection. After detecting a connection, the virus downloads several files from a Web server in Japan. This capability lets the virus writer update the virus centrally. http://www.ntsecurity.net/go/2c.asp?f=/news.asp?IDF=190&TB=news * NEWS: Y2K-SPECIFIC WORM Computer Associates warns of a new virus named W32.Mypics.Worm (Mypics) that can cause extensive damage in the Year 2000. The worm spreads on Windows and Windows NT platforms through email and has a highly dangerous payload that triggers in 2000. The worm's payload can cause users to lose all the data on their hard disks. http://www.ntsecurity.net/go/2c.asp?f=/news.asp?IDF=189&TB=news ~~~~ SPONSOR: STAC ANNOUNCES REPLICA NDM V2.0 ~~~~ Recover your CEO's crashed PC while you enjoy a cup of coffee! Replica NDM is the first to offer centrally managed backup and bare-metal disaster recovery for all your desktop, mobile and remote PCs. For more information and a FREE white paper on mobile PC backup by Gartner Group, simply visit us at http://www.stac.com/laptop 5. ========== NEW AND IMPROVED ========== (contributed by Carolyn Mascarenas, products@winntmag.com) * DESKTOP VIRUS PROTECTION Trend Micro announced OfficeScan Corporate Edition 3.5, antivirus software for the corporate desktop. New features include mobile and remote user support, improved interoperability and manageability, incremental pattern file updates, new ActiveUpdate technology, and additional antivirus client deployment methods. You can manage virus prevention on the desktop without requiring involvement from the end user. You can remotely install client software on the network to perform virus scanning on the workstation. You can also configure and update clients from a central Windows or Web-based management console. OfficeScan Corporate Edition 3.5 runs on Windows NT. Pricing starts at $300 for a 25-seat license. Contact Trend Micro, 408-867-6404. http://www.antivirus.com * AUTHENTICATION TOKENS CRYPTOCard announced the KF-1 and the PT-1, new authentication tokens in the company's CRYPTOAdmin 4.1 administration platform. Unlike other key chain-based authentication tokens, the KF-1 is a steel-cased unit with PIN entry for activation. Only on activation does the KF-1 display the password, eliminating the risks presented by systems that send the PIN in the clear across the network. The PT-1 provides authentication for accessing corporate networks with Palm handheld devices and provides one-time password authentication without requiring the Palm user to carry an additional hardware device. PT-1 has no predetermined expiration date and is a one-time purchase for network security officers. CRYPTOAdmin 4.1 runs on Window NT, Linux, Sun Solaris, AIX, and FreeBSD systems. For pricing, contact CRYPTOCard, 800-307-7042. http://www.cryptocard.com 6. ========== HOT RELEASE (ADVERTISEMENT) ========== * K-FORCE Afraid of getting lost on another job board? Real results by real people at kforce.com. Resumes read by 2,300 Career Specialists, Confidential Searching, and a Career Development Coach! Click on ***kforce.com*** where opportunity has a new address. http://ad.doubleclick.net/clk;629716;3578931;w?http://www.kforce.com * VERISIGN - THE INTERNET TRUST COMPANY Protect your servers with 128-bit SSL encryption! Get a FREE Guide from VeriSign, "Securing Your Web Site for Business." Click Here! http://www.verisign.com/cgi-bin/go.cgi?a=n016004150008000 7. ========== SECURITY TOOLKIT ========== * BOOK HIGHLIGHT: NETWORK SECURITY: IN A MIXED ENVIRONMENT By Dan Blacharski Online Price: $31.95 Softcover; 408 pages Published by IDG Books Worldwide, March 1998 Protect your network with the help of Network Security: In a Mixed Environment. Industry expert Dan Blacharski combines technical insight and real-world experience to produce a solid how-to manual designed to reduce the dangers inherent in mixed environment computing. Network Security: In a Mixed Environment covers all the basics in establishing a protected network, from determining security needs to acquiring the right hardware and software. You'll get detailed information on NetWare, Windows NT, and UNIX security features; safeguarding your network against various threats; hardware and software; security monitors; and more. For Windows NT Magazine Security UPDATE readers only--Receive an additional 10 PERCENT off the online price by typing in WINNTMAG in the referral field on the Shopping Basket Checkout page. To order this book, go to http://www.fatbrain.com/shop/info/0764531522?from=SUT864. * TIP: LISTING ADMINISTRATIVE USERS (contributed by Mark Joseph Edwards, http://www.ntsecurity.net) Rick Mitchell posted a message on the "HowTo for Security" mailing list asking readers if they know of a utility that will remotely dump a list of users in a particular group on a Windows NT 4.0 server. Rick says he has more than 250 NT servers in his domain, and he needs a tool that will provide a list of all users who have administrative rights on each machine. The Microsoft Windows NT Server 4.0 Resource Kit is the most obvious place to seek such utilities. Within the resource kit, you can find two utilities: local.exe and global.exe. Each tool lists users and groups by domain or server. In addition, SomarSoft's DumpACL utility can identify users and groups and identify NTFS and share permissions. Frank Ramos' tools at SomarSoft are all free. Adkins Resource also produces a nifty tool to get the job done. Head over to its Web site and download Hyena 2.2. Pricing for the tool starts at $269, and it's available as a 30-day evaluation. http://mspress.microsoft.com/reslink http://www.somarsoft.com http://www.adkins-resource.com * HOWTO: MORE WINDOWS 2000 TOPICS, ACRONYMS, AND CONCEPTS Zubair Ahmad presents his third column in an occasional series of Windows 2000 Ready Web exclusive features that define new Windows 2000 (Win2K) terms and concepts. http://www.ntsecurity.net/go/2c.asp?f=/howto.asp?IDF=115&TB=howto 8. ========== HOT THREADS ========== * WINDOWS NT MAGAZINE ONLINE FORUMS The following text is from a recent threaded discussion on the Windows NT Magazine online forums (http://www.winntmag.com/support). December 02, 1999, 01:33 P.M. Hacker - What Can I Do? I'm hoping someone can help me. I have what I believe to be a hacker attempting to access my mail server. I'm showing entries in my Security Event Log with an outside SMTP attempt to access my server. It then says "LogonUser()call failed with error. Logon failure: unknown user name or bad password." I'm assuming this means someone is trying to enter but is unsuccessful. If I am incorrect, or if anyone has any ideas as to how I can track this person down or scare them off, let me know. Any help would be appreciated. Thanks in advance. Thread continues at http://www.winntmag.com/support/Forums/Application/Index.cfm?CFApp=69&Messag e_ID=80519 * WIN2KSECADVICE MAILING LIST Each week, we offer a quick recap of some of the highlights from the Win2KSecAdvice mailing list. The following threads are in the spotlight this week: 1. SP6A INCLUDED SECURITY FIXES? http://www.ntsecurity.net/go/w.asp?A2=IND9912A&L=WIN2KSECADVICE&P=307 2. SQL 7 MAGIC PACKET DENIAL OF SERVICE http://www.ntsecurity.net/go/w.asp?A2=IND9912A&L=WIN2KSECADVICE&P=792 Follow this link to read all threads for Dec. Week 1: http://www.ntsecurity.net/go/win2ks-l.asp?s=win2ksec * HOWTO MAILING LIST Each week we offer a quick recap of some of the highlights from the "HowTo for Security" mailing list. The following threads are in the spotlight this week: 1. PDC MULTI-HOMED http://www.ntsecurity.net/go/L.asp?A2=IND9912A&L=HOWTO&P=2986 2. LOCAL GROUP LISTING UTILITY http://www.ntsecurity.net/go/L.asp?A2=IND9912A&L=HOWTO&P=200 3. SYNC TIME ON DOMAIN COMPUTERS http://www.ntsecurity.net/go/L.asp?A2=IND9912A&L=HOWTO&P=2886 Follow this link to read all threads for Dec. Week 1: http://www.ntsecurity.net/go/l.asp?s=howto |-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+- WINDOWS NT MAGAZINE SECURITY UPDATE STAFF News Editor - Mark Joseph Edwards (mje@winntmag.com) Ad Sales Manager (Western and International) - Vicki Peterson (vpeterson@winntmag.com) Ad Sales Manager (Eastern) - Tanya T. TateWik (ttatewik@winntmag.com) Editor - Gayle Rodcay (gayle@winntmag.com) New and Improved - Carolyn Mascarenas (products@winntmag.com) Editor-at-Large - Jane Morrill (jane@winntmag.com) |-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+- Thank you for reading Windows NT Magazine Security UPDATE. To subscribe, go to http://www.winntmag.com/update or send email to listserv@listserv.ntsecurity.net with the words "subscribe securityupdate anonymous" in the body of the message without the quotes. To unsubscribe, send email to listserv@listserv.ntsecurity.net with the words "unsubscribe securityupdate" in the body of the message without the quotes. To change your email address, you must first unsubscribe by sending email to listserv@listserv.ntsecurity.net with the words "unsubscribe securityupdate" in the body of the message without the quotes. Then, resubscribe by going to http://www.winntmag.com/update and entering your current contact information or by sending email to listserv@listserv.ntsecurity.net with the words "subscribe securityupdate anonymous" in the body of the message without the quotes. ========== GET UPDATED! ========== Receive the latest information on the NT topics of your choice. Subscribe to these other FREE email newsletters at http://www.winntmag.com/sub.cfm?code=up99inxsup. Windows NT Magazine UPDATE Windows NT Magazine Thin-Client UPDATE Windows NT Exchange Server UPDATE Windows 2000 Pro UPDATE ASP Review UPDATE SQL Server Magazine UPDATE |-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+- Copyright 1999, Windows NT Magazine Security UPDATE Newsletter is powered by LISTSERV software http://www.lsoft.com/LISTSERV-powered.html ------_=_NextPart_001_01BF41C7.39CEBA50 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> <HTML> <HEAD> <META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; = charset=3Diso-8859-1"> <META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version = 5.5.2448.0"> <TITLE>[Windows NT Magazine Security UPDATE] 1999 - December 8</TITLE> </HEAD> <BODY> ********************************************************** WINDOWS NT MAGAZINE SECURITY = UPDATE **Watching the = Watchers** The weekly Windows NT security = update newsletter brought to you by Windows NT Magazine and = NTsecurity.net <A = HREF=3D"http://www.winntmag.com/update/" = TARGET=3D"_blank">http://www.winntmag.com/update/</A> ********************************************************** This week's issue sponsored = by: Norton 2000 Corporate Edition = from Symantec <A = HREF=3D"http://www.symantec.com/specprog/sym/12899a.html" = TARGET=3D"_blank">http://www.symantec.com/specprog/sym/12899a.html</A></= FONT> Stac Announces Replica NDM = V2.0 <A = HREF=3D"http://www.stac.com/laptop" = TARGET=3D"_blank">http://www.stac.com/laptop</A> (Below Security Roundup) = |-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-= December 8, 1999 - In this = issue: 1. IN FOCUS - Are = You Certain You're Ready for Y2K? 2. SECURITY RISKS - IE = 5.0 WPAD Spoofing - IIS = ISAPI Filter Plain Text Leak - FTP = Serv-U Subject to Denial of Service - IE = 5.0 Subject to Frame Spoofing 3. ANNOUNCEMENTS - = Windows NT Magazine Launches ASP Email Newsletter - The = Bean Counter, the Techie, and the Future of Business Intelligence - = Security Poll: Which Security-Related Management Skills Do You Desire Most? 4. SECURITY ROUNDUP - = News: MiniZip Virus on the Loose - = News: Symantec Detects Babylonia Computer Virus - = News: Y2K-Specific Worm 5. NEW AND IMPROVED - = Desktop Virus Protection - = Authentication Tokens 6. HOT RELEASES - = K-Force - = VeriSign - The Internet Trust Company 7. SECURITY TOOLKIT - Book = Highlight: Network Security: In a Mixed Environment - Tip: = Listing Administrative Users - = HowTo: More Windows 2000 Topics, Acronyms, and Concepts 8. HOT THREADS - = Windows NT Magazine Online Forums: * Hacker - What Can I = Do? - = Win2KSecAdvice Mailing List: * SP6a Included = Security Fixes? * SQL 7 Magic Packet = Denial of Service - = HowTo Mailing List: * PDC = Multi-Homed * Local Group Listing = Utility * Sync Time on Domain = Computers ~~~~ SPONSOR: NORTON 2000 = CORPORATE EDITION FROM SYMANTEC ~~~~ Norton 2000 gives you an easy, = reliable, and flexible way to identify Year 2000 desktop anomalies in = applications and documents, to repair potentially damaging files, and = to fix system clocks and BIOS. Norton 2000 scans for two-digit dates = in spreadsheet cells and formulas, database fields, forms and = text, and includes a reliable fix assistant for Microsoft Excel files. It = also checks desktop applications for compliance, includes a SQL = database component for roll-up graphing and analysis, and it easily = integrates with Norton System Center to support one-console = administration. <A = HREF=3D"http://www.symantec.com/specprog/sym/12899a.html" = TARGET=3D"_blank">http://www.symantec.com/specprog/sym/12899a.html</A></= FONT> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~= ~ Want to sponsor Windows NT = Magazine Security UPDATE? Contact Vicki Peterson (Western and = International Advertising Sales Manager) at 877- 217-1826 or = vpeterson@winntmag.com, OR Tanya T. TateWik (Eastern Advertising Sales Manager) at = 877-217-1823 or ttatewik@winntmag.com. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~= ~ 1. = =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D IN FOCUS = =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D Hello everyone, Do you have all your Y2K = remedies and prevention in place? Are you sure? What about viruses, = Trojans, and worms? How will you cover your bases in that area? If you don't think = viruses and worms pose a Y2K threat, think again. Researchers have reported at = least two new Y2K-centric virus and worm strains in recent weeks. = Granted, you can head over to your favorite antivirus software vendor site = and download the latest signature detection update files, but = think about that action for a moment. You're downloading signatures = of viruses and worms that the vendor knows about, and that's the key = to any viral or worm detection and eradication: knowledge. The reality is = that any number of undetected viruses and worms might be out there waiting to trigger = on a given date in the year 2000. The problem is that we just don't = know what's out there, and outside of a good file and system integrity = checker, you have no way to guarantee that such code hasn't entered = your system. The way you'll find out about a Y2K-based infection is = when a virus or worm actually activates. Quite a dilemma, = don't you think? Certainly, you can roll a computer's date forward to see = how your system reacts, but that approach isn't really adequate = to cover all the bases when it comes to viruses and worms. For example, = what if a given virus or worm only triggers at a specific time of = day? How can you test all the possible time combinations for an entire = year? Realistically, you can't. The alternative = route to date and time trigger checking is comparative analysis. You can = feasibly compare aspects of any system in question against aspects of a = similar system that is known to be tamper-free. By examining = Registry entries, file dates, and checksums, you might be able to detect = potential infection before that infection becomes a serious = problem. With either route, = the course is tough and time-consuming. Comparative checks are = certainly more time-conservative and beneficial than date- and time-based = testing alone, but even so, there is no guarantee that something is not = amiss. Can you accept that risk? Perhaps your situation forces = you to accept it, but perhaps not. I've read messages = on our HowTo for Security mailing list in which people have indicated they will = power down their Exchange servers and other mission-critical systems = to wait and see how the date rollover affects others around the = world. I like that approach, but not everyone has the luxury of taking that = course. The bottom line is = that you should protect your system's integrity from the start with utilities = such as TripWire (<A = HREF=3D"http://www.tripwiresecurity.com/" = TARGET=3D"_blank">http://www.tripwiresecurity.com/</A>) and use a good antivirus scanner = that fits your needs. In = addition, handle all email messages with caution until you're certain = they're harmless. Do those things and you'll significantly reduce the = amount of worry you'll experience regarding viruses and worms = both now and in the future. Using real-time = integrity checkers and adequate email practices in addition to up-to-date = antivirus software will lessen the likelihood that your servers or = workstations will get hammered into bits of useless data. As you know, an = ounce of prevention is worth a pound of cure. Until next time, have a = great week. Sincerely, Mark Joseph Edwards, News = Editor mark@ntsecurity.net 2. = =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D SECURITY RISKS = =3D=3D=3D=3D=3D=3D=3D=3D=3D (contributed by Mark Joseph = Edwards, <A HREF=3D"http://www.ntsecurity.net" = TARGET=3D"_blank">http://www.ntsecurity.net</A>) * IE 5.0 WPAD SPOOFING Tim Adam reported a problem = with Internet Explorer (IE) 5.0 that affects the Web Proxy = Auto-Discovery (WPAD) protocol. According to Microsoft's bulletin, "The = IE 5 Web Proxy Auto-Discovery (WPAD) feature enables Web clients to = automatically detect proxy settings without user intervention. The algorithm = used by WPAD prepends the hostname 'wpad' to the fully qualified domain = name and progressively removes subdomains until it either finds a WPAD = server answering the hostname or reaches the third-level domain. A = vulnerability arises because in international usage, the third-level domain = might not be trusted. A malicious user could set up a WPAD server and = serve proxy configuration commands of his or her choice." Microsoft has = released IE 5.01 (a new version), which remedies this problem. Be sure to read the = FAQ regarding this matter. <A = HREF=3D"http://www.ntsecurity.net/go/load.asp?iD=3D/security/ie56.htm" = TARGET=3D"_blank">http://www.ntsecurity.net/go/load.asp?iD=3D/security/i= e56.htm</A> <A = HREF=3D"http://www.microsoft.com/security/bulletins/MS99-054faq.asp" = TARGET=3D"_blank">http://www.microsoft.com/security/bulletins/MS99-054fa= q.asp</A> * IIS ISAPI FILTER PLAIN TEXT = LEAK Microsoft reported a = vulnerability in the Secure Sockets Layer (SSL) ISAPI filter shipped with = Internet Information Server (IIS) 4.0 and Site Server 3.0. Other = Microsoft products also use the filter. According to Microsoft's = report, "If called by a multi-threaded application under very = specific, and fairly rare, circumstances, a synchronization error in the = filter could allow a single buffer of plain text to be transmitted = back to the data's owner." Microsoft has = issued a patch for Intel and Alpha and a FAQ regarding this matter. <A = HREF=3D"http://www.ntsecurity.net/go/load.asp?iD=3D/security/iis2.htm" = TARGET=3D"_blank">http://www.ntsecurity.net/go/load.asp?iD=3D/security/i= is2.htm</A> <A = HREF=3D"http://www.microsoft.com/security/bulletins/MS99-053faq.asp" = TARGET=3D"_blank">http://www.microsoft.com/security/bulletins/MS99-053fa= q.asp</A> * FTP SERV-U SUBJECT TO DENIAL = OF SERVICE UssrLabs reported a possible = denial of service (DoS) attack against Deerfield.com's FTP Serv-U 2.5a = caused by a buffer overflow condition. A malformed SITE command causes = the buffer overflow condition. Deerfield.com is = aware of the problem and has issued a patched version of the software in FTP = Serv-U 2.5b. <A = HREF=3D"http://www.ntsecurity.net/go/load.asp?iD=3D/security/servu1.htm"= = TARGET=3D"_blank">http://www.ntsecurity.net/go/load.asp?iD=3D/security/s= ervu1.htm</A> <A = HREF=3D"http://ftpserv-u.deerfield.com/download.cfm" = TARGET=3D"_blank">http://ftpserv-u.deerfield.com/download.cfm</A>= * IE 5.0 SUBJECT TO FRAME = SPOOFING Georgio Guninski reported a = problem with Internet Explorer (IE) 5.0 that lets frame spoofing take = place. The problem can let an intruder fool unsuspecting users into = thinking they are visiting a trusted site, when in fact, they are not. = Microsoft has = issued no comment regarding this matter. To protect yourself against such attacks, = be sure to read the instructions at the Web page listed below. <A = HREF=3D"http://www.ntsecurity.net/go/load.asp?iD=3D/security/ie55.htm" = TARGET=3D"_blank">http://www.ntsecurity.net/go/load.asp?iD=3D/security/i= e55.htm</A> 3. = =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D ANNOUNCEMENTS = =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D * WINDOWS NT MAGAZINE LAUNCHES = ASP EMAIL NEWSLETTER Stay current with the latest = industry news and trends of the exciting new application service = provider (ASP) marketplace with ASP Review UPDATE, a free bi-weekly email = newsletter. With coverage of industry players, available and emerging = technologies, and tips on how to evaluate service providers, ASP = Review UPDATE is a must-read for IT and business professionals who want = to stay at the forefront of their business. Enter your FREE = subscription now at <A = HREF=3D"http://www.winntmag.com/sub.cfm?code=3DUP99INLUP" = TARGET=3D"_blank">http://www.winntmag.com/sub.cfm?code=3DUP99INLUP</A></= FONT>. * THE BEAN COUNTER, THE TECHIE, = AND THE FUTURE OF BUSINESS INTELLIGENCE Everybody knows what business = intelligence can do for a company. We know what hidden information it = can bring to light, what surprising opportunities it can uncover, = what competition-squashing power it can unleash. But what are = businesses really doing with it? Readers of Windows = NT Magazine and Business Finance Magazine told us how they're applying business = intelligence now and what they're planning in the future, and = their answers don't always jibe. What does MIS know that Accounting = doesn't? Find out at <A = HREF=3D"http://www.businessfinancemag.com/busint99.html" = TARGET=3D"_blank">http://www.businessfinancemag.com/busint99.html</A></F= ONT>. * SECURITY POLL: WHICH = SECURITY-RELATED MANAGEMENT SKILLS DO YOU DESIRE MOST? Security training is a hot = market right now. You might even have plans to take some classes. If you do = have such plans, what type of security management skills do you desire = most? Place your vote, and view the survey results at the URL = below. <A = HREF=3D"http://www.ntsecurity.net/go/2c.asp?f=3D/polls.asp?idf=3D109&tb=3D= p" = TARGET=3D"_blank">http://www.ntsecurity.net/go/2c.asp?f=3D/polls.asp?idf= =3D109&tb=3Dp</A> 4. = =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D SECURITY ROUNDUP = =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D * NEWS: MINIZIP VIRUS ON THE = LOOSE The ExplorerZip Worm is back in = the news again. Researchers have discovered a new rendition of = the dangerous virus in the wild. The new version is compressed, letting = it bypass detection routines that would capture and contain = ExplorerZip. The new virus, ExplorerZipPack (or MiniZip), is very dangerous and = spreading rapidly; therefore, you need to guard against it = immediately. <A = HREF=3D"http://www.ntsecurity.net/go/2c.asp?f=3D/news.asp?IDF=3D188&TB=3D= news" = TARGET=3D"_blank">http://www.ntsecurity.net/go/2c.asp?f=3D/news.asp?IDF=3D= 188&TB=3Dnews</A> * NEWS: SYMANTEC DETECTS = BABYLONIA COMPUTER VIRUS Symantec discovered a new Y2K = virus on December 6 that disguises itself as a Y2K fix. The virus is = unique because it can download its viral components from the Internet. = When the virus executes, it will wait for an Internet connection. After = detecting a connection, the virus downloads several files from a = Web server in Japan. This capability lets the virus writer update = the virus centrally. <A = HREF=3D"http://www.ntsecurity.net/go/2c.asp?f=3D/news.asp?IDF=3D190&TB=3D= news" = TARGET=3D"_blank">http://www.ntsecurity.net/go/2c.asp?f=3D/news.asp?IDF=3D= 190&TB=3Dnews</A> * NEWS: Y2K-SPECIFIC WORM Computer Associates warns of a = new virus named W32.Mypics.Worm (Mypics) that can cause extensive damage = in the Year 2000. The worm spreads on Windows and Windows NT = platforms through email and has a highly dangerous payload that triggers = in 2000. The worm's payload can cause users to lose all the data on = their hard disks. <A = HREF=3D"http://www.ntsecurity.net/go/2c.asp?f=3D/news.asp?IDF=3D189&TB=3D= news" = TARGET=3D"_blank">http://www.ntsecurity.net/go/2c.asp?f=3D/news.asp?IDF=3D= 189&TB=3Dnews</A> ~~~~ SPONSOR: STAC ANNOUNCES = REPLICA NDM V2.0 ~~~~ Recover your CEO's crashed PC = while you enjoy a cup of coffee! Replica NDM is the first to offer = centrally managed backup and bare-metal disaster recovery for all your = desktop, mobile and remote PCs. For more information and a FREE = white paper on mobile PC backup by Gartner Group, simply visit us = at <A = HREF=3D"http://www.stac.com/laptop" = TARGET=3D"_blank">http://www.stac.com/laptop</A> 5. = =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D NEW AND IMPROVED = =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D (contributed by Carolyn = Mascarenas, products@winntmag.com) * DESKTOP VIRUS = PROTECTION Trend Micro announced = OfficeScan Corporate Edition 3.5, antivirus software for the corporate = desktop. New features include mobile and remote user support, improved = interoperability and manageability, incremental pattern file = updates, new ActiveUpdate technology, and additional antivirus client = deployment methods. You can manage virus prevention on the desktop = without requiring involvement from the end user. You can remotely install = client software on the network to perform virus scanning on the = workstation. You can also configure and update clients from a central = Windows or Web-based management console. OfficeScan = Corporate Edition 3.5 runs on Windows NT. Pricing starts at $300 for a 25-seat license. = Contact Trend Micro, 408-867-6404. <A = HREF=3D"http://www.antivirus.com" = TARGET=3D"_blank">http://www.antivirus.com</A> * AUTHENTICATION TOKENS CRYPTOCard announced the KF-1 = and the PT-1, new authentication tokens in the company's CRYPTOAdmin = 4.1 administration platform. Unlike other key chain-based authentication = tokens, the KF-1 is a steel-cased unit with PIN entry for activation. = Only on activation does the KF-1 display the password, eliminating the = risks presented by systems that send the PIN in the clear across the = network. The PT-1 provides authentication for accessing corporate = networks with Palm handheld devices and provides one-time password = authentication without requiring the Palm user to carry an additional = hardware device. PT-1 has no predetermined expiration date and is a = one-time purchase for network security officers. CRYPTOAdmin 4.1 = runs on Window NT, Linux, Sun Solaris, AIX, and FreeBSD systems. For pricing, = contact CRYPTOCard, 800-307-7042. <A = HREF=3D"http://www.cryptocard.com" = TARGET=3D"_blank">http://www.cryptocard.com</A> 6. = =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D HOT RELEASE (ADVERTISEMENT) = =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D * K-FORCE Afraid of getting lost on = another job board? Real results by real people at kforce.com. Resumes = read by 2,300 Career Specialists, Confidential Searching, and a = Career Development Coach! Click on ***kforce.com*** where = opportunity has a new address. <A = HREF=3D"http://ad.doubleclick.net/clk;629716;3578931;w?http://www.kforce= .com" = TARGET=3D"_blank">http://ad.doubleclick.net/clk;629716;3578931;w?http://= www.kforce.com</A> * VERISIGN - THE INTERNET TRUST = COMPANY Protect your servers with = 128-bit SSL encryption! Get a FREE Guide from VeriSign, "Securing = Your Web Site for Business." Click Here! <A = HREF=3D"http://www.verisign.com/cgi-bin/go.cgi?a=3Dn016004150008000" = TARGET=3D"_blank">http://www.verisign.com/cgi-bin/go.cgi?a=3Dn0160041500= 08000</A> 7. = =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D SECURITY TOOLKIT = =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D * BOOK HIGHLIGHT: NETWORK = SECURITY: IN A MIXED ENVIRONMENT By Dan Blacharski Online Price: $31.95 Softcover; 408 pages Published by IDG Books = Worldwide, March 1998 Protect your network with the = help of Network Security: In a Mixed Environment. Industry expert = Dan Blacharski combines technical insight and real-world experience to = produce a solid how-to manual designed to reduce the dangers inherent in = mixed environment computing. Network Security: = In a Mixed Environment covers all the basics in establishing a protected = network, from determining security needs to acquiring the right hardware = and software. You'll get detailed information on NetWare, Windows = NT, and UNIX security features; safeguarding your network = against various threats; hardware and software; security monitors; = and more. For Windows NT Magazine Security = UPDATE readers only--Receive an additional 10 PERCENT off the = online price by typing in WINNTMAG in the referral field on the Shopping = Basket Checkout page. To order this book, go to <A = HREF=3D"http://www.fatbrain.com/shop/info/0764531522?from=3DSUT864" = TARGET=3D"_blank">http://www.fatbrain.com/shop/info/0764531522?from=3DSU= T864</A>. * TIP: LISTING ADMINISTRATIVE = USERS (contributed by Mark Joseph Edwards, <A HREF=3D"http://www.ntsecurity.net" = TARGET=3D"_blank">http://www.ntsecurity.net</A>) Rick Mitchell posted a message = on the "HowTo for Security" mailing list asking readers if they know of = a utility that will remotely dump a list of users in a particular group = on a Windows NT 4.0 server. Rick says he has more than 250 NT servers in = his domain, and he needs a tool that will provide a list of all = users who have administrative rights on each machine. The Microsoft = Windows NT Server 4.0 Resource Kit is the most obvious place to seek such utilities. = Within the resource kit, you can find two utilities: local.exe and = global.exe. Each tool lists users and groups by domain or server. In addition, = SomarSoft's DumpACL utility can identify users and groups and identify NTFS and = share permissions. Frank Ramos' tools at SomarSoft are all free. Adkins Resource = also produces a nifty tool to get the job done. Head over to its Web site and = download Hyena 2.2. Pricing for the tool starts at $269, and it's = available as a 30-day evaluation. <A = HREF=3D"http://mspress.microsoft.com/reslink" = TARGET=3D"_blank">http://mspress.microsoft.com/reslink</A><FO= NT SIZE=3D2 FACE=3D"Courier New"> <A = HREF=3D"http://www.somarsoft.com" = TARGET=3D"_blank">http://www.somarsoft.com</A> <A = HREF=3D"http://www.adkins-resource.com" = TARGET=3D"_blank">http://www.adkins-resource.com</A> * HOWTO: MORE WINDOWS 2000 = TOPICS, ACRONYMS, AND CONCEPTS Zubair Ahmad presents his third = column in an occasional series of Windows 2000 Ready Web = exclusive features that define new Windows 2000 (Win2K) terms and concepts. = <A = HREF=3D"http://www.ntsecurity.net/go/2c.asp?f=3D/howto.asp?IDF=3D115&TB=3D= howto" = TARGET=3D"_blank">http://www.ntsecurity.net/go/2c.asp?f=3D/howto.asp?IDF= =3D115&TB=3Dhowto</A> 8. = =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D HOT THREADS = =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D * WINDOWS NT MAGAZINE ONLINE = FORUMS The following text is from a = recent threaded discussion on the Windows NT Magazine online forums = (<A = HREF=3D"http://www.winntmag.com/support" = TARGET=3D"_blank">http://www.winntmag.com/support</A>). December 02, 1999, 01:33 = P.M. Hacker - What Can I Do? I'm hoping someone can help me. = I have what I believe to be a hacker attempting to access my mail = server. I'm showing entries in my Security Event Log with an outside SMTP = attempt to access my server. It then says "LogonUser()call = failed with error. Logon failure: unknown user name or bad password." I'm = assuming this means someone is trying to enter but is unsuccessful. If I = am incorrect, or if anyone has any ideas as to how I can track = this person down or scare them off, let me know. Any help would be = appreciated. Thanks in advance. Thread continues at <A = HREF=3D"http://www.winntmag.com/support/Forums/Application/Index.cfm?CFA= pp=3D69&Message_ID=3D80519" = TARGET=3D"_blank">http://www.winntmag.com/support/Forums/Application/Ind= ex.cfm?CFApp=3D69&Message_ID=3D80519</A> * WIN2KSECADVICE MAILING = LIST Each week, we offer a quick = recap of some of the highlights from the Win2KSecAdvice mailing list. = The following threads are in the spotlight this week: 1. SP6A INCLUDED SECURITY = FIXES? <A = HREF=3D"http://www.ntsecurity.net/go/w.asp?A2=3DIND9912A&L=3DWIN2KSECADV= ICE&P=3D307" = TARGET=3D"_blank">http://www.ntsecurity.net/go/w.asp?A2=3DIND9912A&L=3DW= IN2KSECADVICE&P=3D307</A> 2. SQL 7 MAGIC PACKET DENIAL OF = SERVICE <A = HREF=3D"http://www.ntsecurity.net/go/w.asp?A2=3DIND9912A&L=3DWIN2KSECADV= ICE&P=3D792" = TARGET=3D"_blank">http://www.ntsecurity.net/go/w.asp?A2=3DIND9912A&L=3DW= IN2KSECADVICE&P=3D792</A> Follow this link to read all = threads for Dec. Week 1: <A = HREF=3D"http://www.ntsecurity.net/go/win2ks-l.asp?s=3Dwin2ksec" = TARGET=3D"_blank">http://www.ntsecurity.net/go/win2ks-l.asp?s=3Dwin2ksec= </A> * HOWTO MAILING LIST Each week we offer a quick = recap of some of the highlights from the "HowTo for Security" = mailing list. The following threads are in the spotlight this week: 1. PDC MULTI-HOMED <A = HREF=3D"http://www.ntsecurity.net/go/L.asp?A2=3DIND9912A&L=3DHOWTO&P=3D2= 986" = TARGET=3D"_blank">http://www.ntsecurity.net/go/L.asp?A2=3DIND9912A&L=3DH= OWTO&P=3D2986</A> 2. LOCAL GROUP LISTING = UTILITY <A = HREF=3D"http://www.ntsecurity.net/go/L.asp?A2=3DIND9912A&L=3DHOWTO&P=3D2= 00" = TARGET=3D"_blank">http://www.ntsecurity.net/go/L.asp?A2=3DIND9912A&L=3DH= OWTO&P=3D200</A> 3. SYNC TIME ON DOMAIN = COMPUTERS <A = HREF=3D"http://www.ntsecurity.net/go/L.asp?A2=3DIND9912A&L=3DHOWTO&P=3D2= 886" = TARGET=3D"_blank">http://www.ntsecurity.net/go/L.asp?A2=3DIND9912A&L=3DH= OWTO&P=3D2886</A> Follow this link to read all = threads for Dec. Week 1: <A = HREF=3D"http://www.ntsecurity.net/go/l.asp?s=3Dhowto" = TARGET=3D"_blank">http://www.ntsecurity.net/go/l.asp?s=3Dhowto</A></FONT= > |-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-= WINDOWS NT MAGAZINE SECURITY = UPDATE STAFF News Editor - Mark Joseph = Edwards (mje@winntmag.com) Ad Sales Manager (Western and = International) - Vicki Peterson (vpeterson@winntmag.com) Ad Sales Manager (Eastern) - = Tanya T. TateWik (ttatewik@winntmag.com) Editor - Gayle Rodcay = (gayle@winntmag.com) New and Improved - Carolyn = Mascarenas (products@winntmag.com) Editor-at-Large - Jane Morrill = (jane@winntmag.com) |-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-= Thank you for reading Windows NT = Magazine Security UPDATE. To subscribe, go to = <A = HREF=3D"http://www.winntmag.com/update" = TARGET=3D"_blank">http://www.winntmag.com/update</A> or send email to listserv@listserv.ntsecurity.net with the words "subscribe = securityupdate anonymous" = in the body of the message without the quotes. To unsubscribe, send email to = listserv@listserv.ntsecurity.net with the words "unsubscribe = securityupdate" in the body of the message without the quotes. To change your email address, = you must first unsubscribe by sending email to = listserv@listserv.ntsecurity.net with the words "unsubscribe = securityupdate" in the = body of the message without the quotes. Then, resubscribe by going = to <A = HREF=3D"http://www.winntmag.com/update" = TARGET=3D"_blank">http://www.winntmag.com/update</A> and entering your current contact = information or by sending email to listserv@listserv.ntsecurity.net with the words "subscribe = securityupdate anonymous" = in the body of the message without the quotes. =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D = GET UPDATED! =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D Receive the latest information = on the NT topics of your choice. Subscribe to these other FREE = email newsletters at <A = HREF=3D"http://www.winntmag.com/sub.cfm?code=3Dup99inxsup" = TARGET=3D"_blank">http://www.winntmag.com/sub.cfm?code=3Dup99inxsup</A><= /FONT>. Windows NT Magazine = UPDATE Windows NT Magazine Thin-Client = UPDATE Windows NT Exchange Server = UPDATE Windows 2000 Pro UPDATE ASP Review UPDATE SQL Server Magazine = UPDATE |-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-= Copyright 1999, Windows NT = Magazine Security UPDATE Newsletter is = powered by LISTSERV software <A = HREF=3D"http://www.lsoft.com/LISTSERV-powered.html" = TARGET=3D"_blank">http://www.lsoft.com/LISTSERV-powered.html</A><= /U> </BODY> </HTML> ------_=_NextPart_001_01BF41C7.39CEBA50--