home *** CD-ROM | disk | FTP | other *** search
- **********************************************************
- WINDOWS NT MAGAZINE SECURITY UPDATE
- **Watching the Watchers**
- The weekly Windows NT security update newsletter brought to you by
- Windows NT Magazine and NTsecurity.net
- http://www.winntmag.com/update/
- **********************************************************
-
- This week's issue sponsored by
-
- Axent Technologies
- http://www.winntmag.com/jump.cfm?ID=6
- (Below Security Roundup)
-
- |-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-
- December 29, 1999 - In this issue:
-
- 1. IN FOCUS
- - Reflections from 1999 and into 2000
-
- 2. SECURITY RISKS
- - Savant Web Server Denial of Service
- - Avirt Rover Buffer Overflow
- - Netscape Navigator 4.5 Runs Arbitrary Code
-
- 3. ANNOUNCEMENTS
- - Managing Complex Environments: Live Webcast
-
- 4. SECURITY ROUNDUP
- - FEATURE: How Secure is Your Exchange Server? Update
- - HOW-TO: Using Windows 2000's Run As Command
-
- 5. NEW AND IMPROVED
- - Biometric Security Software
- - Cryptography Within Active Server Pages
-
- 6. HOT RELEASE
- - kforce.com
-
- 7. SECURITY TOOLKIT
- - Book Highlight: Firewalls Complete
- - Tip: Limit Shutdown Capabilities
-
- 8. HOT THREADS
- - Windows NT Magazine Online Forums:
- Find the Administrator Password
- - HowTo Mailing List:
- SMB Licensing Issue (Event ID 201)
- Name Conflict on PDC - Event ID 4319
-
- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- Want to sponsor Windows NT Magazine Security UPDATE? Contact Vicki
- Peterson (Western and International Advertising Sales Manager) at 877-
- 217-1826 or vpeterson@winntmag.com, OR Tanya T. TateWik (Eastern
- Advertising Sales Manager) at 877-217-1823 or ttatewik@winntmag.com.
- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
- 1. ========== IN FOCUS ==========
-
- Hello everyone,
-
- It's been a long year for many of us. I can't be the only person who
- feels like they've squeezed 18 months of work into a 12-month time
- frame. Whew!
- Looking back over 1999, it's easy to see that a lot of activity
- occurred in the security world--much more than in 1998. If I had to
- pick one security-related event during the last 12 months that affected
- me more than any other event in that time frame, I'd have to say that
- it was learning how China decided to deal with a couple of relatively
- small-time computer crackers.
- In March of this year, China reported that it had arrested and
- convicted two brothers of embezzling approximately $87,000 (US) from a
- Chinese bank. The brothers cracked a bank's computer security and
- transferred the funds to their own account. And for that act, China
- sentenced the two men to death. But even while setting such a hard
- precedent for thieves--especially cyber-thieves--China wasted no time
- in displaying its bigotry by assuming that it's OK to steal super-
- sensitive nuclear secrets from the United States. Oh, you didn't hear
- about that theft? Check your favorite world news source for details.
- Another set of hacking events occurred that truly gained and held my
- attention for most of 1999, and I see no sign of that attraction
- letting up soon. The events to which I refer are the seemingly never-
- ending security risks that Georgio Guninski discovered in Internet
- Explorer (IE).
- In my opinion, Georgio has done more for the overall security of IE,
- and the security of Windows desktops in general, than any other hacker
- on the planet. Georgio has discovered more than a dozen security risks
- in IE 5.x. Look at his IE Web page sometime, and you'll see why I feel
- that Georgio deserves a gigantic pat on the back for his tireless
- efforts (http://www.nat.bg/~joro/browsers.html).
- Looking ahead to 2000, I predict that by year's end, we'll find that
- the biggest security events of 2000 took place during the first
- quarter. In January and February of 2000, we'll be fighting Y2K
- problems relentlessly. And in February, Microsoft will ship Windows
- 2000 (Win2K), which will open the flood gates for officially reporting
- any security risks the new OS might contain.
- As with any new OS, it's safe to assume that it's not perfect, and
- thus, we'll see more than a few risks surface in the new platform. In
- fact, I bet hackers are already sitting on Win2K risk information,
- waiting for the most inconvenient time to release that information. My
- guess is that the time will come after the official release of the new
- OS in February.
- But even so, I doubt that we'll see any risks as serious as the ones
- discovered in Windows NT 4.0 over the last 24 months. Between finding
- several ways to gain Administrator access and finding ways to subvert
- Microsoft's encryption technology, hackers have given the company a
- fairly serious beating over the security technology used in NT 4.0. I
- think Microsoft has learned valuable lessons from these discoveries,
- but I also know that no one is perfect and, therefore, we can assume
- that Win2K has bugs. What are these bugs, and how will they impact your
- network? Only time will tell. Nonetheless, I'm looking forward to the
- year 2000 and the new OS from Microsoft.
- If you're among those people who have to work on New Year's Eve,
- stop by and hang out with BindView at its online Web party on December
- 31. Visit http://www.BindView.com/onlineparty for details.
- It's been a great year. Have a safe and pleasant New Year's weekend.
- Thanks to each of you for reading Security UPDATE Newsletter.
-
- Sincerely,
- Mark Joseph Edwards, News Editor
- mark@ntsecurity.net
-
- 2. ========== SECURITY RISKS =========
- (contributed by Mark Joseph Edwards, http://www.ntsecurity.net)
-
- * SAVANT WEB SERVER DENIAL OF SERVICE
- USSRLabs discovered a problem with the Savant Web Server 2.0 caused by
- a buffer overflow condition. By appending a NULL character to the end
- of a URL, a malicious user can crash the server. The vendor is aware of
- the problem but had not responded at the time of this writing.
- http://www.ntsecurity.net/go/load.asp?iD=/security/savant1.htm
-
- * AVIRT ROVER BUFFER OVERFLOW
- USSRLabs reported a problem with Avirt's Rover Server, which is a
- software package that includes POP3 and SMTP services. The POP3 service
- contains a buffer overflow condition that can lead to a server crash.
- An intruder can induce the crash by sending a string of 10,000
- characters as the username when logging into the POP server.
- Avirt has phased out the Rover and recommends migrating to a current
- product (Avirt Mail 3.5 or later).
- http://www.ntsecurity.net/go/load.asp?iD=/security/avirt3.htm
-
- * NETSCAPE NAVIGATOR 4.5 RUNS ARBITRARY CODE
- A person using the pseudonym "darkplan" reported a buffer overflow
- condition in Netscape Navigator 4.5. The problem might let arbitrary
- code execute on a user's system. Netscape is aware of this problem;
- however, no response was known at the time of this writing.
- http://www.ntsecurity.net/go/load.asp?iD=/security/nn45-1.htm
-
- 3. ========== ANNOUNCEMENTS ==========
-
- * MANAGING COMPLEX ENVIRONMENTS: LIVE WEBCAST
- Do you have questions regarding managing Windows 2000 environments? Now's
- your chance to ask them!
- The new millennium is upon us and topics related to managing complex
- environments are key to your migration efforts. Join IBM and Windows NT
- Magazine for our upcoming live Webcast,"Managing complex environments
- which include Windows 2000," January 6, from 10:00 A.M.-11:30 A.M. CST.
- Mark Minasi, Windows NT Magazine contributing editor and author of
- Mastering Windows NT Server 4.0 and the upcoming Mastering Windows 2000
- Server, as well as John Enck with the GartnerGroup, will discuss this
- key area. Also, hear about IBM's Business Intelligence and Tivoli's
- systems management solutions.
- Without leaving your desk, you can ask questions of our panel of
- experts online or live. And you'll be eligible to download informative
- white papers and technical reports. Find out more about our live Web
- broadcast series, and register today at
- http://webevents.broadcast.com/ibm/win2000/index.tl?loc=61.
-
- 4. ========== SECURITY ROUNDUP ==========
-
- * FEATURE: HOW SECURE IS YOUR EXCHANGE SERVER? UPDATE
- Last week, I mentioned Jerry Cochran's Web Exclusive article regarding
- Exchange Server security. This week Jerry corrects some errors that
- were present in his original article. The corrections are significant,
- so be sure to read the new article.
- http://www.ntsecurity.net/go/2c.asp?f=/features.asp?IDF=145&TB=f
-
- * HOW-TO: USING WINDOWS 2000'S RUN AS COMMAND
- In this Web Exclusive article, Zubair Ahmad offers some great insight
- into a useful utility that ships with Windows 2000 (Win2K). You might
- already be aware of a handy utility called Run As. The command tool
- lets a user log on under one account and then run programs under a
- different user.
- So, for example, a user might log on under an account that is a
- member of the Administrators group but need to test programs as those
- programs would run under a regular user account with membership in the
- default Users group. The Run As command permits this type of
- functionality. If you're migrating to Win2K in the next year, be sure
- to read the article.
- http://www.ntsecurity.net/go/2c.asp?f=/howto.asp?IDF=116&TB=howto
-
- ~~~~ SPONSOR: AXENT TECHNOLOGIES ~~~~
- How to protect against application level attacks
- Raptor Firewall delivers the most intuitive management interface and
- high performance, multi-threaded services, giving you the most secure,
- manageable, and flexible solution for enterprise security needs.
- Now through December 24, download your FREE guide, "Everything You Need
- to Know about Network Security" at
- http://www.winntmag.com/jump.cfm?ID=6
- AXENT is the leading provider of e-security solutions for
- your business, delivering integrated products and expert
- services to 45 of the Fortune 50 companies.
-
- 5. ========== NEW AND IMPROVED ==========
- (contributed by Carolyn Mascarenas, products@winntmag.com)
-
- * BIOMETRIC SECURITY SOFTWARE
- Net Nanny Software announced the beta of BioPassword LogOn for Windows
- NT, software that adds biometric authentication as an extra level of
- security during the NT logon process. Using keystroke dynamics, the
- software combats problems associated with using traditional password
- security, such as internal security breaches, password-cracking
- programs, and employee negligence. The software complements existing NT
- permissions and logon procedures. You install the BIOServer component
- on the NT server and deploy the BIOClient component through the shared
- network. The software then prompts users to enter their user ID and
- password to create a unique keystroke profile. Users are authenticated
- by matching their logon attempt against their keystroke profile, which
- resides on the server in an encrypted template.
- Net Nanny Software is seeking beta testers with 100 workstations or
- more to test BioPassword LogOn for Windows NT. Contact Net Nanny
- Software, 425-688-3008.
- http://www.netnanny.com
-
- * CRYPTOGRAPHY WITHIN ACTIVE SERVER PAGES
- CryptoObject announced CryptoObject 1.0, software that enables
- cryptography from within Microsoft's Active Server Pages (ASP).
- CryptoObject is a COM object that wraps the base cryptography functions
- provided by the Microsoft Cryptographic API (CryptoAPI). The CryptoAPI
- works well for traditional C++ and Visual Basic (VB) developers but
- doesn't work well when used within Internet Information Server (IIS),
- ASP, or Windows Scripting Host. Until CryptoObject, the VBScript
- couldn't call any Windows DLL functions, so it couldn't use any
- CryptoAPI features. CryptoObject uses the original constant names,
- function names, member variables, and error codes.
- CryptoObject works on Windows NT and Windows 9x systems and requires
- a COM client. A single-server license starts at $100. Contact
- CryptoObject, info@cryptoobject.com.
- http://www.cryptoobject.com
-
- 6. ========== HOT RELEASE (ADVERTISEMENT) ==========
-
- * KFORCE.COM
- Real results by real people!***kforce.com*** Resumes read by over 2,300
- Career Specialists, Not another Job Board, But the Career Resource
- Center. Search our Vast Database, use the Salary Calculator, and
- receive your own Career Development Coach. Opportunity has a new
- address kforce.com
- http://ad.doubleclick.net/clk;629716;3578931;w?http://www.kforce.com
-
- 7. ========== SECURITY TOOLKIT ==========
-
- * BOOK HIGHLIGHT: FIREWALLS COMPLETE
- By Marcus Goncalves
- Online Price: $43.95
- Softcover; 632 pages
- Published by McGraw-Hill Publishing, February 1998
-
- With the McGraw-Hill Complete Series, you get 100 percent of what you
- need to deliver fully functional applications quickly. You get complete
- coverage of technical issues, from experts who understand the problems
- you must solve. And the CD-ROM lets you demonstrate today's hottest
- firewall products (because so many different technologies are on the
- market, and they're not all created equal).
-
- For Windows NT Magazine Security UPDATE readers only--Receive an
- additional 10 PERCENT off the online price by typing WINNTMAG in the
- referral field on the Shopping Basket Checkout page. To order this
- book, go to http://www.fatbrain.com/shop/info/0070246459?from=SUT864.
-
- * TIP: LIMIT SHUTDOWN CAPABILITIES
- (contributed by Mark Joseph Edwards, mark@ntsecurity.net)
-
- In many cases, it's necessary to control who might shut down a given
- workstation or server. As you know, anyone can shut down Windows NT by
- simply clicking the Shutdown button located on the logon screen dialog.
- But did you know you can disable the logon dialog Shutdown button?
- If the logon dialog's Shutdown button is disabled, then a user must
- first log on to the system before that user can shut down the system.
- To disable the Shutdown button on the logon dialog, adjust the
- following Registry key as indicated. Be advised that incorrectly
- modifying the Registry can lead to a non-bootable system, so be sure to
- back up your Registry before making changes.
- Hive: HKEY_LOCAL_MACHINE
- Key: Software\Microsoft\Windows NT\CurrentVersion\Winlogon
- Name: ShutdownWithoutLogon
- Type: REG_SZ
- Value: 0
-
- 8. ========== HOT THREADS ==========
-
- * WINDOWS NT MAGAZINE ONLINE FORUMS
-
- The following text is from a recent threaded discussion on the Windows
- NT Magazine online forums (http://www.winntmag.com/support).
-
- Find the Administrator Password
- December 20, 1999, 01:37 P.M.
- Is there an easy way to find the administrator password for the local
- machine? A user changed the computer name on a machine and can no
- longer log into the domain, and the previous IT guy used an unknown
- password for the local login.
-
- Thread continues at
- http://www.winntmag.com/support/Forums/Application/Index.cfm?CFApp=69&Messag
- e_ID=82781
-
- * HOWTO MAILING LIST
- Each week we offer a quick recap of some of the highlights from the
- "HowTo for Security" mailing list. The following threads are in the
- spotlight this week:
-
- 1. SMB Licensing Issue (Event ID 201)
- http://www.ntsecurity.net/go/L.asp?A2=IND9912D&L=HOWTO&P=418
- 2. Name Conflict on PDC - Event ID 4319
- http://www.ntsecurity.net/go/L.asp?A2=IND9912C&L=HOWTO&P=2297
-
- Follow this link to read all threads for Dec. Week 4:
- http://www.ntsecurity.net/go/l.asp?s=howto
-
- |-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-
-
- WINDOWS NT MAGAZINE SECURITY UPDATE STAFF
- News Editor - Mark Joseph Edwards (mje@winntmag.com)
- Ad Sales Manager (Western and International) - Vicki Peterson
- (vpeterson@winntmag.com)
- Ad Sales Manager (Eastern) - Tanya T. TateWik (ttatewik@winntmag.com)
- Editor - Gayle Rodcay (gayle@winntmag.com)
- New and Improved - Carolyn Mascarenas (products@winntmag.com)
- Editor-at-Large - Jane Morrill (jane@winntmag.com)
-
- |-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-
-
- Thank you for reading Windows NT Magazine Security UPDATE
-
- To subscribe, go to http://www.winntmag.com/update or send email to
- listserv@listserv.ntsecurity.net with the words "subscribe
- securityupdate anonymous" in the body of the message without the
- quotes.
-
- To unsubscribe, send email to listserv@listserv.ntsecurity.net with the
- words "unsubscribe securityupdate" in the body of the message without
- the quotes.
-
- To change your email address, you must first unsubscribe by sending
- email to listserv@listserv.ntsecurity.net with the words "unsubscribe
- securityupdate" in the body of the message without the quotes. Then,
- resubscribe by going to http://www.winntmag.com/update and entering
- your current contact information or by sending email to
- listserv@listserv.ntsecurity.net with the words "subscribe
- securityupdate anonymous" in the body of the message without the
- quotes.
-
- ========== GET UPDATED! ==========
- Receive the latest information on the NT topics of your choice.
- Subscribe to these other FREE email newsletters at
- http://www.winntmag.com/sub.cfm?code=up99inxsup.
-
- Windows NT Magazine UPDATE
- Windows NT Magazine Thin-Client UPDATE
- Windows NT Exchange Server UPDATE
- Windows 2000 Pro UPDATE
- ASP Review UPDATE
- SQL Server Magazine UPDATE
-
- |-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-
- Copyright 1999, Windows NT Magazine
-
- Security UPDATE Newsletter is powered by LISTSERV software
- http://www.lsoft.com/LISTSERV-powered.html
-
-