home *** CD-ROM | disk | FTP | other *** search
- **********************************************************
- WINDOWS 2000 MAGAZINE SECURITY UPDATE
- **Watching the Watchers**
- The weekly Windows 2000 and Windows NT security update newsletter
- brought to you by Windows 2000 Magazine and NTsecurity.net.
- http://www.win2000mag.com/update/
- **********************************************************
-
- This week's issue sponsored by
-
- Please Vote for BindView!
- http://www.bindview.com/email/trust.html
-
- Sunbelt Software - STAT: NT Vulnerability Scanner
- http://www.sunbelt-software.com/stat.htm
- (Below Security Roundup)
-
- |-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-
- February 9, 2000 - In this issue:
-
- 1. IN FOCUS
- - Serious DoS Attacks
-
- 2. SECURITY RISKS
- - RDISK Race Condition: Update
- - Bypass surfControl URL Blocking
- - WWWThreads Elevates Privileges
- - Web Server Scripting Issues
- - Microsoft Java Exposes Files
- - Windows NT Recycle Bin Goes Unchecked
-
- 3. ANNOUNCEMENTS
- - The Windows(r) DNA 2000 Readiness Conference Featuring SQL
- Server(tm) 2000
- - Technical Pursuit 2000
- - Windows 2000 Magazine Launches IIS Administrator UPDATE
- - Security Book Available in Six Languages
-
- 4. SECURITY ROUNDUP
- - News: Windows NT 4.0 Is C2 Compliant--Windows 2000 Compliance
- Still 2 Years Out
- - News: FBI and CERT Warn Users Against Web-Based Scripting
-
- 5. NEW AND IMPROVED
- - IBM PCs Guard Critical Data with Windows 2000 Security
- - ZoneAlarm 2.0 Prevents Information Theft
-
- 6. SECURITY TOOLKIT
- - Book Highlight: Administering Web Servers, Security and
- Maintenance
- - Tip: Adjust Event Log Settings Remotely
-
- 7. HOT THREADS
- - Windows 2000 Magazine Online Forums:
- * Move People with DHCP
- - Win2KSecAdvice Mailing List:
- * Two MS FrontPage Issues
- * Windows API SHGetPathFromIDList Buffer Overflow
- - HowTo Mailing List:
- * NT as a Firewall for ISP
- * Question About CALCS
-
- ~~~~ SPONSOR: PLEASE VOTE FOR BINDVIEW! ~~~~
- BindView has been nominated for the SC 2000 Awards. Voting for BindView
- in the Reader Trust Awards gives you the chance to spread the word and
- let others know what you already do--that BindView offers the best
- solutions for managing the configuration and security of Windows
- 2000/NT and NetWare environments.
- BindView's IT risk management solutions NOSadmin for Windows 2000/NT
- and NOSadmin for NetWare have been nominated in the Best General
- Security category. BindView's anti hacker software, HackerShield has
- been nominated for Best Internet Security Product products. Please vote
- for BindView at
- http://www.bindview.com/email/trust.html
-
- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
- Want to sponsor Windows 2000 Magazine Security UPDATE? Contact Vicki
- Peterson (Western and International Advertising Sales Manager) at 877-
- 217-1826 or vpeterson@win2000mag.com, OR Tanya T. TateWik (Eastern
- Advertising Sales Manager) at 877-217-1823 or ttatewik@win2000mag.com.
- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
- 1. ========== IN FOCUS ==========
-
- Hello everyone,
-
- Distributed computing is a powerful tool. And although distributed
- computing isn't new in the mainframe world, it is new in the PC arena
- when it comes to low-end applications. One of the more popular means of
- distributed processing is a methodology where individual PCs work
- together to process data from a centralized database. This approach
- spreads the processing load over numerous machines instead of one
- machine with several CPUs. The methodology quickens the overall
- processing time because no one machine or CPU has to process all the
- data.
- Distributed.net helped popularize this technique on PCs by
- developing software to crack encryption keys. Distributed.net hosts
- various encryption-cracking contests, such as the current RC5 challenge
- (see http://www.distributed.net for details). In a nutshell, the
- company's key-cracking software can run on any number of individual
- PCs; the software pulls a data set from a central database, processes
- that data on the local PC, and sends the results back to the central
- database-processing center.
- Black hat computer users have taken an interest in distributed
- processing. Why? Distributed processing lets these black hats take down
- a giant network with relative ease. They can muster the bandwidth and
- processing resources of numerous networks to launch an attack against
- another network or machine. In most instances, the attack quickly
- overpowers the network or machine, knocking the network or machine out
- of service because it can't handle the overwhelming processor and
- bandwidth loads.
- Without distributed processing, denying service to a remote network
- would be incredibly tough in most cases. You'd either have to know of a
- software bug that eats all available CPU cycles on the target machine,
- or you'd have to have more bandwidth and processing power than the
- target network. But with distributed denial of service (DoS) attack
- techniques, those factors have become moot.
- When I turned on the news this morning, I saw a headline story that
- informed me Yahoo's site was down because of a massive DoS attack. I
- was amazed that a DoS attack made national headline news. I was even
- more amazed that people think that a DoS attack is news in the first
- place.
- DoS attacks are as old as computers. The only thing new about the
- attack against Yahoo is that the attack successfully took down Yahoo's
- network, which has mammoth amounts of bandwidth and processing power.
- At the height of the attack, Yahoo received more than 1GBps of traffic.
- That's a huge amount of traffic by any standard. In all probability,
- the attack was a distributed attack because of the amount of bandwidth
- involved.
- So, how do you prevent this type of distributed attack? In most
- cases, it's incredibly difficult, if not impossible, to defend against
- distributed DoS attacks. Today's hardware and software are not equipped
- to fend off such attacks. Although some firewall systems and back-end
- services can prevent a few types of well-known DoS attacks, they have
- not proven they can stand up against even a lightweight distributed
- attack.
- The problem appears to be manifold. New developments must address
- all aspects of networking--from the network border hardware to the
- back-end applications--to prevent outages before we can fend off such
- attacks. Servers need faster processors in greater numbers,
- applications need better user-session filtering, and network hardware
- needs faster CPUs and improvements to the software code base.
- Until these developments happen, networks are easy targets. But even
- with improved hardware and software, DoS attacks will still boil down
- to a war of bandwidth, where the person with the most bandwidth almost
- always wins. And, with distributed processing attack methods, pipe size
- has no upper limit for the intruder.
- I don't see a definitive solution for preventing distributed DoS
- attacks in our near future. I do see that cyber-terrorism has, in fact,
- arrived, and it's riding on the coattails of distributed processing.
- Until next time, have a great week.
-
- Mark Joseph Edwards, News Editor
- mark@ntsecurity.net
-
- 2. ========== SECURITY RISKS =========
- (contributed by Mark Joseph Edwards, mark@ntsecurity.net)
-
- * RDISK RACE CONDITION: UPDATE
- As you know, Microsoft recently released a patch for Windows NT Server
- 4.0, Terminal Server Edition (TSE) because of a problem with the RDISK
- utility. RDISK helps users create an Emergency Repair Disk (ERD) to
- record machine state information as a contingency against system
- failure.
- According to Microsoft's bulletin, during execution, RDISK creates a
- temporary file containing an enumeration of the Registry. The ACLs on
- the file allow global read permission, and as a result, a malicious
- user who knows that the administrator is running RDISK can open the
- file and read the Registry information during its creation. RDISK
- erases the file after completion, so under normal conditions no lasting
- vulnerability exists.
- Microsoft rereleased its bulletin because the utility is part of all
- versions of Windows NT 4.0, and the vulnerability exists on each NT 4.0
- platform. Patches are now available for all affected versions.
- http://www.ntsecurity.net/go/load.asp?iD=/security/rdisk1.htm
-
- * BYPASS SURFCONTROL URL BLOCKING
- surfControl Scout software blocks access to specified URLs. However, by
- appending a period to the end of a URL, a malicious user can still
- access a blocked URL, thereby bypassing the rules defined in the
- surfScout application. For example, if an administrator used
- surfControl Scout to block the site http://www.xyzzy.com, then
- surfControl Scout will allow access to http://www.xyzzy.com.
- A patch is now available for surfControl that upgrades versions
- 2.1.6.x to version 2.6.1.7. In addition, a complete version 2.6.1.7
- package is available for download.
- http://www.ntsecurity.net/go/load.asp?iD=/security/surfcntrl1.htm
-
- * WWWTHREADS ELEVATES PRIVILEGES
- WWWThreads is a Perl-based message-forum software that runs against a
- SQL server back end, such as Microsoft SQL Server or mySQL. According
- to a user identified as rain.forrest.puppy, an intruder can elevate a
- message-board user's privileges to board Administrator within the
- message-forum software. (Note: this is not the same as Administrator
- access on Windows NT.) The vendor, WCSoft, has released an updated
- version that corrects the vulnerability.
- http://www.ntsecurity.net/go/load.asp?iD=/security/wwwt1.htm
-
- * WEB SERVER SCRIPTING ISSUES
- The CERT Coordination Center published an advisory warning users of
- potentially malicious Web-based scripts that can instigate a man-in-
- the-middle attack, session-recording, desktop and local LAN
- manipulation, and other unwanted actions. (The CERT Coordination Center
- is part of the Survivable Systems Initiative at the Software
- Engineering Institute, a federally funded research and development
- center at Carnegie Mellon University.) CERT jointly published an
- advisory with the Department of Defense (DoD)-CERT, the DoD Joint Task
- Force for Computer Network Defense (JTF-CND), the Federal Computer
- Incident Response Capability (FedCIRC), and the National Infrastructure
- Protection Center (NIPC).
- According to the advisory, "A Web site may inadvertently include
- malicious HTML tags or script in a dynamically generated page based on
- invalidated input from untrustworthy sources. This can be a problem
- when a Web server does not adequately ensure that generated pages are
- properly encoded to prevent unintended execution of scripts, and when
- input is not validated to prevent malicious HTML from being presented
- to the user."
- http://www.ntsecurity.net/go/load.asp?iD=/security/webapps1.htm
-
- * MICROSOFT JAVA EXPOSES FILES
- Several developers in Japan jointly discovered and reported a security
- problem with Microsoft's Java implementation. The problem lets an
- intruder who knows the complete path to a file read that file without
- the user's permission. The problem affects Internet Explorer (IE) 4.x
- and 5.x users. Microsoft is aware of the problem but has issued no
- response at the time of this writing.
- http://www.ntsecurity.net/go/load.asp?iD=/security/java3.htm
-
- * WINDOWS NT RECYCLE BIN GOES UNCHECKED
- Arne Vidstrom and Nubuo Miwa discovered a problem with Windows NT's
- Recycle Bin that might let a malicious user manipulate any contained
- files without the file owner's knowledge. The problem exists because of
- the permission settings on the Recycle Bin directory. Microsoft issued
- a patch, FAQ, and Support Online article Q248339 regarding the matter.
- http://www.ntsecurity.net/go/load.asp?iD=/security/recyc1.htm
-
- 3. ========== ANNOUNCEMENTS ==========
-
- * THE WINDOWS(R) DNA 2000 READINESS CONFERENCE FEATURING SQL SERVER(TM)
- 2000
- Join an exclusive audience of Microsoft(r) partners and customers from
- February 29 through March 3, 2000 in Denver, for The Windows DNA 2000
- Readiness Conference featuring SQL Server 2000. This event will be the
- first opportunity to get intensive, technical training on the new
- Windows DNA 2000 products and SQL Server 2000 (code-named Shiloh)--a
- significant evolution of Microsoft's flagship relational database
- management system (RDBMS_. To register and learn more about the
- conference, go to http://msdn.microsoft.com/events/sqlserver2000. When
- registering, you'll need the following registration code: 2-10-secupe.
- Space is limited, so register early.
-
- * TECHNICAL PURSUIT 2000
- Windows 2000 Magazine's "Technical Pursuit 2000" is your chance to show
- up the experts and win cool prizes! Match wits with Windows 2000 (Win2K)
- mavens Mark Smith, Sean Daily, and Kathy Ivens at the Windows 2000
- Conference and Expo in San Francisco from February 15 to 17, 2000.
- "Technical Pursuit 2000" will be held at 11:00 A.M. and 2:00 P.M. on
- February 15 and 16, and at noon on February 17. To enter, drop by the
- Windows 2000 Magazine booth (#1315) at the Expo and pick up your free
- raffle ticket. A drawing will be held 10 minutes before each game to
- select a contestant. Contestants will try to answer five Win2K-related
- questions to win up to $250 in cash. On the final day of the Expo,
- we're giving away $500 for five correct answers! We'll also be giving
- away free prizes every hour during the entire conference, so you have
- plenty of chances to win.
-
- * WINDOWS 2000 MAGAZINE LAUNCHES IIS ADMINISTRATOR UPDATE
- IIS Administrator UPDATE is your direct link to the latest Internet
- Information Server (IIS) essentials. This FREE email newsletter keeps
- you informed with the latest news, product releases, tips, and expert
- advice from other IIS professionals. We'll help you stay on top of
- administration, programming, and security issues that you need to know
- to keep your server running at full speed. Enter your FREE subscription
- now at http://www.win2000mag.com/sub.cfm?code=up99inbiup.
-
- * SECURITY BOOK AVAILABLE IN SIX LANGUAGES
- By now, you know that Windows 2000 Magazine and NTSecurity.net have
- placed the book "Internet Security with Windows NT" online for free.
- But did you know that the book is available online in six different
- languages?
- To read the book in English, French, German, Italian, Spanish, or
- Portuguese, load the home page at http://www.ntsecurity.net. After the
- home page has loaded, click Translate on the menu bar at the top of the
- screen. On the translate page, select your language preference under
- the pull-down menu labeled, "Reload the entire home page translated
- from," and click the Go! button. When the newly translated home page
- loads in the language you chose, Select Security Book under the "So
- What's New?" section.
- http://www.ntsecurity.net/go/translate.asp
-
- 4. ========== SECURITY ROUNDUP ==========
-
- * NEWS: WINDOWS NT 4.0 IS C2 COMPLIANT--WINDOWS 2000 COMPLIANCE STILL 2
- YEARS OUT
- Windows NT 4.0 recently received its C2-level security compliance
- certification; however, Service Pack 6 (SP6) and all the latest service
- packs must be installed to meet that rating. Companies that need C2-
- level security compliance in their environments won't be able to use
- Microsoft's Windows 2000 (Win2K) until at least 2002, which is how long
- it will take for the new OS to pass the required tests.
- The US government dictates C2-level security specifications under
- its Trusted Computer System Evaluation Criteria, and to date, NT 4.0
- and 3.5 are Microsoft's only OSs that qualify.
- Win2K does, however, meet the federal government's FIPS 140-1
- specification for encryption technology. Win2K meets FIPS 140-1 because
- it relies on Microsoft's CryptoAPI, which Microsoft developed and
- released on platforms prior to Win2K.
- http://www.ntsecurity.net/go/2c.asp?f=/news.asp?IDF=209&TB=news
-
- * NEWS: FBI AND CERT WARN AGAINST WEB-BASED SCRIPTING
- The FBI and several software manufacturers are warning users of
- potential risks involved with seemingly harmless Web site surfing. CERT
- released an advisory on Tuesday to help make people aware of readily
- exploitable cross-site scripting risks.
- Although some security aficionados point out that problems of this
- nature have been known for some time, the problems remain widespread
- mostly due to vendor product development cycles that don't address
- issues that CERT cites in its advisory.
- http://www.ntsecurity.net/go/2c.asp?f=/news.asp?IDF=208&TB=news
-
- ~~~~ SPONSOR: SUNBELT SOFTWARE - STAT: NT VULNERABILITY SCANNER ~~~~
- Ever had that feeling of ACUTE PANIC that a hacker has invaded your
- network? Plug NT's holes before they plug you. There are now over 750
- known NT vulnerabilities. You just have to protect your LAN _before_ it
- gets attacked. STAT comes with a responsive web-update service and a
- dedicated Pro SWAT team that helps you to hunt down and kill Security
- holes. Built by anti-hackers for DOD sites. Download a demo copy before
- you become a statistic.
- http://www.sunbelt-software.com/stat.htm
-
- 5. ========== NEW AND IMPROVED ==========
- (contributed by Judy Drennen, products@win2000mag.com)
-
- * IBM PCs GUARD CRITICAL DATA WITH WINDOWS 2000 SECURITY
- IBM announced that new PCs--IBM PC 300PL, IBM IntelliStation E Pro, and
- the IBM IntelliStation M Pro--will come preloaded with Windows 2000
- (Win2K) and the industry's first embedded security chip. IBM is working
- to optimize the interaction between the security chip and Win2K, which
- will push PC security to a new high. IBM's embedded chip offers an
- integrated hardware and software security solution that supports Win2K
- and prevents unauthorized users from accessing sensitive information.
- Identity verification and authentication features complement encryption
- capabilities embedded into Win2K. For more information, contact IBM.
- http://www.ibm.com/Windows 2000
-
- * ZONEALARM 2.0 PREVENTS INFORMATION THEFT
- Zone Labs released the new ZoneAlarm 2.0 Internet security utility.
- ZoneAlarm 2.0 provides users with essential protection for "always on"
- DSL and cable modems by uniting the safety of a dynamic firewall with
- total control over applications' Internet use. ZoneAlarm 2.0 provides
- five interlocking security services that deliver easy-to-use,
- comprehensive protection. Unlike other security utilities, ZoneAlarm
- 2.0 incorporates a firewall, application control, an Internet lock,
- dynamically assigned security levels, and zones. ZoneAlarm 2.0 provides
- out-of-the-box security because it automatically configures itself as
- the user surfs the Internet. The firewall provides state-of-the-art
- protection without requiring knowledge of ports, protocols, or
- hierarchical rule systems, thereby ensuring maximum protection.
- ZoneAlarm 2.0 works on Windows 2000 (Win2K), Windows NT, and Windows 9x
- and is available immediately on the Zone Labs Web site for download.
- Corporations can evaluate ZoneAlarm 2.0 for up to 60 days at no charge.
- For more information, contact Zone Labs, 415-547-0050.
- http://www.zonelabs.com
-
- 6. ========== SECURITY TOOLKIT ==========
-
- * BOOK HIGHLIGHT: ADMINISTERING WEB SERVERS, SECURITY AND MAINTENANCE
- By Eric Larson and Brian Stephens
- Online Price: $40.00
- Softcover; 350 pages
- Published by Prentice Hall, December 1999
-
- This interactive workbook will get you started right away with real-
- world applications for Web server security and maintenance. Demand for
- these skills is sky-high, as businesses everywhere are moving toward e-
- commerce and full online presence.
- Learn from the experts in easy, step-by-step lessons. Every section
- includes reviews to help you check your work and assess your progress
- at every stage. Practical labs in the book help to reinforce what
- you're learning as you go. This book will help you master building new
- Web site networks, Web servers and Web clients, configuration and
- maintenance of your site, CGI security, and secure online transactions.
-
- For Windows 2000 Magazine Security UPDATE readers only--Receive an
- additional 10 PERCENT off the online price by typing WIN2000MAG in the
- referral field on the Shopping Basket Checkout page. To order this
- book, go to http://www.fatbrain.com/shop/info/0130225347?from=SUT864.
-
- * TIP: ADJUST EVENT LOG SETTINGS REMOTELY
- (contributed by Mark Joseph Edwards, mark@ntsecurity.net)
-
- A reader wrote to ask how to remotely manipulate Registry keys.
- Specifically, the person wanted to adjust the keys that govern Event
- Log size and the keys that govern whether log entries are overwritten
- when the log becomes full.
- You can adjust the log setting parameters for a remote machine using
- Event Viewer if you have proper access to that remote machine. But
- using Event Viewer to adjust parameters on numerous machines can be
- time-consuming, so using an automation tool might be a better solution.
- To use an automation tool, you must know what keys to adjust and values
- to set.
- You can remotely manipulate any Registry key's setting provided you
- meet two criteria: You must have some type of remote Registry access to
- the machine you want to manipulate and you must know which Registry
- keys you wish to adjust.
- Step one in hacking most any setting in the Registry is to determine
- where the appropriate Registry keys are located. To learn this
- information, use a tool such as System Internals' RegMon. RegMon
- watches all Registry access and reports its findings in an easy-to-read
- display. I can fire up RegMon, open and use the Event Viewer to set the
- Log Settings parameters (under Log, Log Settings from the pull-down
- menus), and refer back to RegMon to see which keys you adjusted.
- In this case, a quick review of RegMon revealed the Registry keys
- that pertain to the Event Log settings are held in
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog.
- Under the EventLog tree you'll find the three entries that pertain to
- each Event Log type: Application, System, and Security. Under each of
- those keys you'll find two values, MaxSize and Retention, that regulate
- log size and how the log is overwritten, respectively.
- To determine what values to set for these items, you need to conduct
- trials using Windows NT's built-in Event Viewer to change the Log
- Settings on your desktop. The trials reveal how NT records your
- selected parameters in the Registry.
- For example, you'll notice when you use Event Viewer to set the Log
- Settings to "Overwrite Events Older than 7 Days" with a log size of
- 2048KB, that the MaxSize value in the Registry will be 200000, and the
- Retention value will be 0x93a80.
- After you establish the proper values, you can use those values to
- automate the remote adjustment of Event Log's Registry entries on any
- machine that requires such action.
-
- 7. ========== HOT THREADS ==========
-
- * WINDOWS 2000 MAGAZINE ONLINE FORUMS
-
- The following text is from a recent threaded discussion on the Windows
- 2000 Magazine online forums (http://www.win2000mag.com/support).
-
- January 28, 2000 08:31 AM
- Move People with DHCP
- I need to move a large group of people (about 500) to a new subnet that
- has different IP addresses. We use NT DHCP to provide IP address for
- users. I can release IPs for each Win98 and Win NT workstation manually
- before it shuts down, but with 500 users it is going to take a long
- time. Is there a way to let me force users to release when they shut
- down their PCs automatically? I don't want to change lease duration
- time in DHCP server because other users will stay there.
- Thank you in advance.
-
- Thread continues at
- http://www.win2000mag.com/support/Forums/Application/Index.cfm?CFApp=69&Mess
- age_ID=88133
-
- * WIN2KSECADVICE MAILING LIST
- Each week we offer a quick recap of some of the highlights from the
- Win2KSecAdvice mailing list. The following threads are in the spotlight
- this week:
-
- 1. Two MS FrontPage Issues
- http://www.ntsecurity.net/go/w.asp?A2=IND0002A&L=WIN2KSECADVICE&P=866
-
- 2. Windows API SHGetPathFromIDList Buffer Overflow
- http://www.ntsecurity.net/go/w.asp?A2=IND0002A&L=WIN2KSECADVICE&P=2580
-
- Follow this link to read all threads for Feb. Week 2:
- http://www.ntsecurity.net/go/win2ks-l.asp?s=win2ksec
-
- * HOWTO MAILING LIST
- Each week we offer a quick recap of some of the highlights from the
- HowTo for Security mailing list. The following threads are in the
- spotlight this week:
-
- 1. NT as a Firewall for ISP
- http://www.ntsecurity.net/go/L.asp?A2=IND0002A&L=HOWTO&P=10292
-
- 2. Question About CALCS
- http://www.ntsecurity.net/go/L.asp?A2=IND0002A&L=HOWTO&P=8891
-
- Follow this link to read all threads for Feb. Week 2:
- http://www.ntsecurity.net/go/l.asp?s=howto
-
- |-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-
-
- WINDOWS 2000 MAGAZINE SECURITY UPDATE STAFF
- News Editor - Mark Joseph Edwards (mje@win2000mag.com)
- Ad Sales Manager (Western and International) - Vicki Peterson
- (vpeterson@win2000mag.com)
- Ad Sales Manager (Eastern) - Tanya T. TateWik (ttatewik@win2000mag.com)
- Editor - Gayle Rodcay (gayle@win2000mag.com)
- New and Improved û Judy Drennen (products@win2000mag.com)
- Copy Editor û Judy Drennen (jdrennen@win2000mag.com)
-
- |-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-
-
- Thank you for reading Windows 2000 Magazine Security UPDATE.
-
- To subscribe, go to http://www.win2000mag.com/update or send email to
- listserv@listserv.ntsecurity.net with the words "subscribe
- securityupdate anonymous" in the body of the message without the
- quotes.
-
- To unsubscribe, send email to listserv@listserv.ntsecurity.net with the
- words "unsubscribe securityupdate" in the body of the message without
- the quotes.
-
- To change your email address, you must first unsubscribe by sending
- email to listserv@listserv.ntsecurity.net with the words "unsubscribe
- securityupdate" in the body of the message without the quotes. Then,
- resubscribe by going to http://www.win2000mag.com/update and entering
- your current contact information or by sending email to
- listserv@listserv.ntsecurity.net with the words "subscribe
- securityupdate anonymous" in the body of the message without the
- quotes.
-
- ========== GET UPDATED! ==========
- Receive the latest information on the Windows 2000 and Windows NT
- topics of your choice. Subscribe to these other FREE email newsletters
- at
- http://www.win2000mag.com/sub.cfm?code=up99inxsup.
-
- Windows 2000 Magazine UPDATE
- Windows 2000 Magazine Thin-Client UPDATE
- Windows 2000 Magazine Exchange Server UPDATE
- Windows 2000 Magazine Enterprise Storage UPDATE
- Windows 2000 Pro UPDATE
- ASP Review UPDATE
- SQL Server Magazine UPDATE
- IIS Administrator UPDATE
- XML UPDATE
-
- |-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-
- Copyright 2000, Windows 2000 Magazine
-
- Security UPDATE is powered by LISTSERV software.
- http://www.lsoft.com/LISTSERV-powered.html
-
-