SecurityFocus Microsoft Newsletter #290

[Marc Fossi]

SecurityFocus Microsoft Newsletter #290
----------------------------------------
FREE Safend Auditor - Monitor your endpoints!
Safend's FREE Auditor provides the visibility you need to protect your desktops 
and laptops. Safend Auditor identifies every USB, FireWire and PCMCIA device 
that has connected to your endpoints. Asses you endpoint vulnerabilities for 
FREE!

http://www.securityfocus.com/cgi-bin/ib.pl

------------------------------------------------------------------
I.   FRONT AND CENTER
       1. Innovative ways to fool people
       2. Malicious cryptography, part 1
II.  MICROSOFT VULNERABILITY SUMMARY
       1. Microsoft Infotech Storage Library Heap Corruption Vulnerability
       2. ICQ Banner Ad Cross-Application Scripting Vulnerability
       3. Microsoft Exchange Server Calendar Remote Code Execution 
Vulnerability
       4. Microsoft Windows MSDTC Invalid Memory Access Denial Of Service 
Vulnerability
       5. Microsoft Windows MSDTC Heap Buffer Overflow Vulnerability
       6. Drupal Project Module HTML Injection Vulnerability
       7. Intervations FileCopa User Command Remote Buffer Overflow 
Vulnerability
       8. Sophos Anti-Virus CAB File Scanning Remote Heap Overflow 
Vulnerability
       9. Kerio WinRoute Firewall Unspecified Remote Denial of Service 
Vulnerability
       10. Xeneo Web Server Source Disclosure Vulnerability
       11. ACFTP FTP Server User Command Remote Denial of Service Vulnerability
       12. Cryptomathic ActiveX Control Remote Buffer Overflow Vulnerability
       13. Invision Power Board Index.PHP SQL Injection Vulnerability
       14. Invision Power Board Func_mod.PHP SQL Injection Vulnerability
       15. XM Easy Personal FTP Server Unspecified Authentication Buffer 
Overflow Vulnerability
       16. Sami FTP Server Unspecified Authentication Buffer Overflow 
Vulnerability
       17. Microsoft May Advance Notification Multiple Vulnerabilities
       18. Linux Kernel RNDIS_Query_Response Remote Buffer Overflow 
Vulnerability
       19. UltraVNC Weak Challenge-Response Authentication Vulnerability
       20. Microsoft Internet Explorer Unspecified OBJECT Tag Memory Corruption 
Variant Vulnerability
       21. BankTown ActiveX Control Remote Buffer Overflow Vulnerability
       22. Gene6 FTP Server Multiple Commands Remote Buffer Overflow 
Vulnerabilities
       23. LibTiff TIFFToRGB Denial of Service Vulnerability
       24. WarFTPD WDM.EXE Remote Buffer Overflow Vulnerability
       25. FileZilla FTP Server Multiple Remote Buffer Overflow Vulnerabilities
       26. Golden FTP Server NLST Command Remote Buffer Overflow Vulnerability
       27. EMC Dantz Retrospect Backup Server Local Privilege Escalation 
Vulnerability
       28. Invision Gallery Post.PHP SQL Injection Vulnerability
       29. MySQL Remote Information Disclosure and Buffer Overflow 
Vulnerabilities
       30. Clam AntiVirus FreshClam Remote Buffer Overflow Vulnerability
       31. Cisco Secure ACS Insecure Password Storage Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
       1. USB device installation problem
       2. Autorun in screensaver
       3. Sniffer question
       4. Patch Management on Critical Servers (Healthcare)
       5. windows 2003 1wan 2lan => vpn to ech private lan?
IV.  UNSUBSCRIBE INSTRUCTIONS
V.   SPONSOR INFORMATION

I.   FRONT AND CENTER
---------------------
1. Innovative ways to fool people
By Scott Granneman
Scott Granneman's latest column looks at recent security examples where people 
have been fooled in increasingly innovative ways: from keyloggers used in a 
massive bank heist and new Trojans that encrypt data and request ransom money, 
to real financial rip-offs that extend out from online virtual gaming worlds 
like World of Warcraft.
http://www.securityfocus.com/columnists/401

2. Malicious cryptography, part 1
By Frederic Raynal
This two-part article series looks at how cryptography is a double-edged sword: 
it is used to make us safer, but it is also being used for malicious purposes 
within sophisticated viruses. Part one introduces the concepts behind 
cryptovirology and offers examples of malicious potential with the SuckIt 
rootkit and a possible SSH worm. It then introduces armored viruses that use 
shape shifting (polymorphism and metamorphism) to avoid detection.
http://www.securityfocus.com/infocus/1865


II.  MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. Microsoft Infotech Storage Library Heap Corruption Vulnerability
BugTraq ID: 17926
Remote: Yes
Date Published: 2006-05-09
Relevant URL: http://www.securityfocus.com/bid/17926
Summary:
Microsoft Windows is susceptible to a heap-corruption vulnerability while 
attempting to read specially crafted CHM or ITS files. This occurs in the 
'ITSS.DLL' library.

This vulnerability allows remote attackers to execute arbitrary machine code in 
the context of applications utilizing the affected library.

Attackers may exploit this issue by coercing users to open malicious CHM or ITS 
files with Internet Explorer, or when users attempt to decompile these files 
with the 'hh -decompile' command. CHM files are considered unsafe files, so 
there is a possibility that advanced users or security researchers may attempt 
to decompile these files in order to inspect their contents.

2. ICQ Banner Ad Cross-Application Scripting Vulnerability
BugTraq ID: 17913
Remote: Yes
Date Published: 2006-05-09
Relevant URL: http://www.securityfocus.com/bid/17913
Summary:
ICQ is prone to a cross-application scripting vulnerability. This issue is a 
result of the application accessing content in a different and presumably 
higher security context than the original content.

An attacker can exploit this issue to have arbitrary attacker-supplied HTML or 
JavaScript executed on a victim user's computer in the 'My Computer' security 
zone.

3. Microsoft Exchange Server Calendar Remote Code Execution Vulnerability
BugTraq ID: 17908
Remote: Yes
Date Published: 2006-05-09
Relevant URL: http://www.securityfocus.com/bid/17908
Summary:
Microsoft Exchange Server is prone to a vulnerability that may let attackers 
execute code remotely.  This issue is exposed when the server handles emails 
that contain malicious calendar data that is included in meeting requests.

If the issue is successfully exploited, this could completely compromise the 
computer hosting the mail server.

4. Microsoft Windows MSDTC Invalid Memory Access Denial Of Service 
Vulnerability
BugTraq ID: 17906
Remote: Yes
Date Published: 2006-05-09
Relevant URL: http://www.securityfocus.com/bid/17906
Summary:
Microsoft Windows Distributed Transaction Coordinator is prone to a 
denial-of-service vulnerability.

This vulnerability can be exploited remotely to disrupt the MSDTC service, and 
any services that depend on MSDTC.

This vulnerability affects Windows NT and Windows 2000 by default, since the 
service comes enabled. The vulnerability only affects Windows XP and Windows 
Server 2003 if the service is manually enabled.

5. Microsoft Windows MSDTC Heap Buffer Overflow Vulnerability
BugTraq ID: 17905
Remote: Yes
Date Published: 2006-05-09
Relevant URL: http://www.securityfocus.com/bid/17905
Summary:
Microsoft Windows Distributed Transaction Coordinator is prone to a remote heap 
buffer-overflow vulnerability. This issue is due to the failure of the software 
to properly bounds check user-supplied input prior to copying it to an 
insufficiently sized memory buffer.

This BID is flagged with the 'Conflicting Details' credibility rating because 
of the descrepancy between the vendor and the discoverer as to the possibility 
of remote code execution.

Microsoft states that this issue may only be exploited to disrupt the MSDTC 
service, and any services that depend on MSDTC. The discoverer of this issue 
states that it may be exploited for remote code execution.

This vulnerability affects Windows NT and Windows 2000 by default, since the 
service comes enabled.  The vulnerability only affects Windows XP and Windows 
Server 2003 if the service is manually enabled.

6. Drupal Project Module HTML Injection Vulnerability
BugTraq ID: 17885
Remote: Yes
Date Published: 2006-05-08
Relevant URL: http://www.securityfocus.com/bid/17885
Summary:
Drupal is prone to an HTML-injection vulnerability. This issue is due to the 
application's failure to properly sanitize user-supplied input before using it 
in dynamically generated content.

Attacker-supplied HTML and script code would be executed in the context of the 
affected website, potentially allowing the attacker to steal cookie-based 
authentication credentials. An attacker could also exploit this issue to 
control how the site is rendered to the user; other attacks are also possible.

7. Intervations FileCopa User Command Remote Buffer Overflow Vulnerability
BugTraq ID: 17881
Remote: Yes
Date Published: 2006-05-08
Relevant URL: http://www.securityfocus.com/bid/17881
Summary:
FileCopa is prone to a buffer-overflow vulnerability when handling data through 
the USER command.
Reportedly, passing excessive data may overflow a finite-sized internal memory 
buffer. A successful attack may result in memory corruption as memory adjacent 
to the buffer is overwritten with user-supplied data.

This issue may lead to a denial-of-service condition or the execution of 
arbitrary code.

8. Sophos Anti-Virus CAB File Scanning Remote Heap Overflow Vulnerability
BugTraq ID: 17876
Remote: Yes
Date Published: 2006-05-08
Relevant URL: http://www.securityfocus.com/bid/17876
Summary:
A remote heap-overflow vulnerability exists in Sophos Anti-Virus Library when 
scanning CAB files. This issue is due to the library's failure to properly 
bounds-check user-supplied input before copying data to an internal memory 
buffer.

Successfully exploiting this vulnerability could result in arbitrary code 
execution with the privileges of the application.

9. Kerio WinRoute Firewall Unspecified Remote Denial of Service Vulnerability
BugTraq ID: 17859
Remote: Yes
Date Published: 2006-05-05
Relevant URL: http://www.securityfocus.com/bid/17859
Summary:
Kerio WinRoute Firewall is prone to a remote denial-of-service vulnerability. 
The exact cause of this issue is currently unknown.

This vulnerability allows remote attackers to crash the server, denying further 
network service to legitimate users.

This issue affects Kerio WinRoute Firewall versions prior to 6.2.1.

10. Xeneo Web Server Source Disclosure Vulnerability
BugTraq ID: 17858
Remote: Yes
Date Published: 2006-05-05
Relevant URL: http://www.securityfocus.com/bid/17858
Summary:
A problem with Xeneo results in the disclosure of the source code of scripts. 
This allows attackers to gain unauthorized access to sensitive information, 
potentially aiding them in further attacks.

This issue affects Xeneo version 2.2.22.0; other versions may also be 
vulnerable.

11. ACFTP FTP Server User Command Remote Denial of Service Vulnerability
BugTraq ID: 17855
Remote: Yes
Date Published: 2006-05-05
Relevant URL: http://www.securityfocus.com/bid/17855
Summary:
acFTP is susceptible to a remote denial-of-service vulnerability. This issue is 
due to the application's failure to properly handle unexpected input.

This vulnerability allows remote attackers to crash affected servers, denying 
service to legitimate users.

This issue affects version 1.4; other versions may also be vulnerable.

12. Cryptomathic ActiveX Control Remote Buffer Overflow Vulnerability
BugTraq ID: 17852
Remote: Yes
Date Published: 2006-05-05
Relevant URL: http://www.securityfocus.com/bid/17852
Summary:
Cryptomathic ActiveX control is prone to a buffer-overflow vulnerability. The 
software fails to perform sufficient bounds-checking of user-supplied input 
before copying it to an insufficiently sized memory buffer.

Invoking the object from a malicious website or HTML email may trigger the 
condition. If the vulnerability were successfully exploited, this would corrupt 
process memory, resulting in arbitrary code execution. Arbitrary code would be 
executed in the context of the client application.

13. Invision Power Board Index.PHP SQL Injection Vulnerability
BugTraq ID: 17839
Remote: Yes
Date Published: 2006-05-04
Relevant URL: http://www.securityfocus.com/bid/17839
Summary:
Invision Power Board is prone to an SQL-injection vulnerability. This issue is 
due to a failure in the application to properly sanitize user-supplied input 
before using it in an SQL query.

Successful exploitation could allow an attacker to compromise the application, 
access or modify data, or exploit vulnerabilities in the underlying database 
implementation.

14. Invision Power Board Func_mod.PHP SQL Injection Vulnerability
BugTraq ID: 17837
Remote: Yes
Date Published: 2006-05-04
Relevant URL: http://www.securityfocus.com/bid/17837
Summary:
Invision Power Board is prone to an SQL-injection vulnerability. This issue is 
due to a failure in the application to properly sanitize user-supplied input 
before using it in an SQL query.

Successful exploitation could allow an attacker to compromise the application, 
access or modify data, or exploit vulnerabilities in the underlying database 
implementation.

15. XM Easy Personal FTP Server Unspecified Authentication Buffer Overflow 
Vulnerability
BugTraq ID: 17836
Remote: Yes
Date Published: 2006-05-04
Relevant URL: http://www.securityfocus.com/bid/17836
Summary:
XM Easy Personal FTP Server is prone to an unspecified buffer-overflow 
vulnerability. This issue is due to a failure in the application to do proper 
bounds checking on user-supplied data before storing it in a finite-sized 
buffer.

An attacker can exploit this issue to execute arbitrary machine code in the 
context of the affected server application. This likely occurs with 
SYSTEM-level privileges.

Version 4.3 of XM Easy Personal FTP Server is affected by this issue; other 
versions may also be affected.

16. Sami FTP Server Unspecified Authentication Buffer Overflow Vulnerability
BugTraq ID: 17835
Remote: Yes
Date Published: 2006-05-04
Relevant URL: http://www.securityfocus.com/bid/17835
Summary:
Sami FTP Server is prone to an unspecified buffer-overflow vulnerability. This 
issue is due to a failure in the application to do proper bounds checking on 
user-supplied data before storing it in a finite-sized buffer.

An attacker can exploit this issue to execute arbitrary machine code in the 
context of the affected server application. This likely occurs with 
SYSTEM-level privileges.

Version 2.0.2 of Sami FTP Server is affected by this issue; other versions may 
also be affected.

17. Microsoft May Advance Notification Multiple Vulnerabilities
BugTraq ID: 17833
Remote: Yes
Date Published: 2006-05-04
Relevant URL: http://www.securityfocus.com/bid/17833
Summary:
Microsoft has released advance notification that they will be releasing three 
security bulletins for Windows on May 9, 2006. The highest severity rating for 
these issues is Critical.

Further details about these issues are not currently available. Individual BIDs 
will be created and this record will be removed when the security bulletins are 
released.

18. Linux Kernel RNDIS_Query_Response Remote Buffer Overflow Vulnerability
BugTraq ID: 17831
Remote: Yes
Date Published: 2006-05-04
Relevant URL: http://www.securityfocus.com/bid/17831
Summary:
The Linux kernel is prone to a remote buffer-overflow vulnerability. This issue 
is due to the kernel's failure to properly bounds-check user-supplied data 
before copying it to an insufficiently sized memory buffer.

This issue allows remote attackers to crash affected computers. Presumably, 
attackers could execute arbitrary machine code in the context of affected 
kernels, but this has not been confirmed.

Linux kernel versions in the 2.6 series prior to 2.6.16 are vulnerable to this 
issue.

19. UltraVNC Weak Challenge-Response Authentication Vulnerability
BugTraq ID: 17824
Remote: Yes
Date Published: 2006-05-03
Relevant URL: http://www.securityfocus.com/bid/17824
Summary:
UltraVNC is susceptible to a weak challenge-response authentication 
vulnerability. This issue is due to the use of insecure encryption during the 
authentication process of UltraVNC.

Exploiting this issue allows attackers to gain access to the plaintext password 
used during the UltraVNC authentication process. This will aid them in further 
attacks.

UltraVNC version 1.0.1 is vulnerable to this issue; other versions may also be 
affected.

20. Microsoft Internet Explorer Unspecified OBJECT Tag Memory Corruption 
Variant Vulnerability
BugTraq ID: 17820
Remote: Yes
Date Published: 2006-05-03
Relevant URL: http://www.securityfocus.com/bid/17820
Summary:
Microsoft Internet Explorer is prone to an unspecified memory-corruption 
vulnerability.

An attacker could exploit this issue via a malicious web page to potentially 
execute arbitrary code in the context of the currently logged-in user. Failed 
exploit attempts will likely crash the affected application.

Microsoft Internet Explorer 6 for Microsoft Windows XP SP2 is reportedly 
vulnerable to this issue; other versions may also be affected.

This issue is reportedly a variant of BID 17658 (Microsoft Internet Explorer 
Nested OBJECT Tag Memory Corruption Vulnerability). Further details are 
currently unavailable. This BID will be updated as more information is 
disclosed.

21. BankTown ActiveX Control Remote Buffer Overflow Vulnerability
BugTraq ID: 17815
Remote: Yes
Date Published: 2006-05-03
Relevant URL: http://www.securityfocus.com/bid/17815
Summary:
BankTown ActiveX control is prone to a buffer-overflow vulnerability. The 
software fails to perform sufficient bounds-checking of user-supplied input 
before copying it to an insufficiently sized memory buffer.

Invoking the object from a malicious website may trigger the condition. If the 
vulnerability were successfully exploited, this would corrupt process memory, 
resulting in arbitrary code execution. Arbitrary code would be executed in the 
context of the client application.

22. Gene6 FTP Server Multiple Commands Remote Buffer Overflow Vulnerabilities
BugTraq ID: 17810
Remote: Yes
Date Published: 2006-05-03
Relevant URL: http://www.securityfocus.com/bid/17810
Summary:
Gene6 FTP Server is prone to multiple buffer-overflow vulnerabilities when 
handling data through various commands.

Reportedly, passing excessive data may overflow a finite-sized internal memory 
buffer. A successful attack may result in memory corruption as memory adjacent 
to the buffer is overwritten with user-supplied data.

These issues may lead to a denial-of-service condition or the execution of 
arbitrary code.

This issue is reported to affect version 3.1.0; other versions may also be 
vulnerable.

23. LibTiff TIFFToRGB Denial of Service Vulnerability
BugTraq ID: 17809
Remote: Yes
Date Published: 2006-05-03
Relevant URL: http://www.securityfocus.com/bid/17809
Summary:
LibTIFF is affected by a denial-of-service vulnerability.

An attacker can exploit this vulnerability to cause a denial of service in 
applications using the affected library.

24. WarFTPD WDM.EXE Remote Buffer Overflow Vulnerability
BugTraq ID: 17803
Remote: Yes
Date Published: 2006-05-02
Relevant URL: http://www.securityfocus.com/bid/17803
Summary:
WarFTPD is prone to a buffer-overflow vulnerability.

Reportedly, passing excessive data may overflow a finite-sized internal memory 
buffer. A successful attack may result in memory corruption as memory adjacent 
to the buffer is overwritten with user-supplied data.

This issue may lead to a denial-of-service condition or the execution of 
arbitrary code.

The specific versions of WarFTPd vulnerable to this issue are not currently 
known. Presumably,  this issue affects the latest release of the affected 
software, and possibly earlier versions.

25. FileZilla FTP Server Multiple Remote Buffer Overflow Vulnerabilities
BugTraq ID: 17802
Remote: Yes
Date Published: 2006-05-02
Relevant URL: http://www.securityfocus.com/bid/17802
Summary:
FileZilla FTP Server is prone to multiple buffer-overflow vulnerabilities.

Reportedly, passing excessive data may overflow finite-sized internal memory 
buffers. A successful attack may result in memory corruption as memory adjacent 
to the buffer is overwritten with user-supplied data.

These issues may lead to a denial-of-service condition or the execution of 
arbitrary code.

Version 2.2.22 of FileZilla is vulnerable to these issues; other versions may 
also be affected.

26. Golden FTP Server NLST Command Remote Buffer Overflow Vulnerability
BugTraq ID: 17801
Remote: Yes
Date Published: 2006-05-02
Relevant URL: http://www.securityfocus.com/bid/17801
Summary:
Golden FTP Server is prone to a buffer-overflow vulnerability when handling 
data through the NLST command.

Reportedly, passing excessive data may overflow a finite-sized internal memory 
buffer. A successful attack may result in memory corruption as memory adjacent 
to the buffer is overwritten with user-supplied data.

This issue may lead to a denial-of-service condition or the execution of 
arbitrary code.

Version 2.70 of Golden FTP Server is vulnerable to this issue; other versions 
may also be affected.

27. EMC Dantz Retrospect Backup Server Local Privilege Escalation Vulnerability
BugTraq ID: 17798
Remote: No
Date Published: 2006-05-02
Relevant URL: http://www.securityfocus.com/bid/17798
Summary:
Dantz Retrospect Backup Server is prone to a local privilege-escalation 
vulnerability. This issue is due to the software's failure to properly ensure 
that administrative privileges are dropped before executing applications.

This issue allows local users to gain administrative privileges, facilitating 
the complete compromise of affected computers.

28. Invision Gallery Post.PHP SQL Injection Vulnerability
BugTraq ID: 17793
Remote: Yes
Date Published: 2006-05-02
Relevant URL: http://www.securityfocus.com/bid/17793
Summary:
Invision Gallery is prone to a SQL-injection vulnerability.  This issue is due 
to a failure in the application to properly sanitize user-supplied input before 
using it in an SQL query.

A successful exploit could allow an attacker to compromise the application, 
access or modify data, or exploit vulnerabilities in the underlying database 
implementation.

29. MySQL Remote Information Disclosure and Buffer Overflow Vulnerabilities
BugTraq ID: 17780
Remote: Yes
Date Published: 2006-05-02
Relevant URL: http://www.securityfocus.com/bid/17780
Summary:
MySQL is susceptible to multiple remote vulnerabilities:

- A buffer-overflow vulnerability due to insufficient bounds-checking of 
user-supplied data before copying it to an insufficiently sized memory buffer. 
This issue allows remote attackers to execute arbitrary machine code in the 
context of affected database servers. Failed exploit attempts will likely crash 
the server, denying further service to legitimate users.

- Two information-disclosure vulnerabilities due to insufficient 
input-sanitization and bounds-checking of user-supplied data. These issues 
allow remote users to gain access to potentially sensitive information that may 
aid them in further attacks.

30. Clam AntiVirus FreshClam Remote Buffer Overflow Vulnerability
BugTraq ID: 17754
Remote: Yes
Date Published: 2006-05-01
Relevant URL: http://www.securityfocus.com/bid/17754
Summary:
ClamAV's freshclam utility is susceptible to a remote buffer-overflow 
vulnerability. The utility fails to perform sufficient boundary checks in 
server-supplied HTTP data before copying it to an insufficiently sized memory 
buffer.

To exploit this issue, attackers must subvert webservers in the ClamAV database 
server pool. Or, they would perform DNS-based attacks or man-in-the-middle 
attacks to cause affected freshclam applications to connect to 
attacker-controlled webservers.

This issue allows remote attackers to execute arbitrary machine code in the 
context of the freshclam utility. The affected utility may run with superuser 
privileges, aiding remote attackers in the complete compromise of affected 
computers.

ClamAV versions 0.88 and 0.88.1 are affected by this issue.

31. Cisco Secure ACS Insecure Password Storage Vulnerability
BugTraq ID: 16743
Remote: Yes
Date Published: 2006-05-08
Relevant URL: http://www.securityfocus.com/bid/16743
Summary:
Cisco Secure ACS is susceptible to an insecure password-storage vulnerability. 
This issue is due to a failure of the application to properly secure sensitive 
password information.

This issue allows attackers to gain access to encrypted passwords and to the 
key used to encrypt them. This allows them to obtain the plaintext passwords, 
aiding them in attacking other services that depend on the ACS server for 
authentication.

Cisco Secure Access Control Server for Windows versions 3.x are affected by 
this issue.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. USB device installation problem
http://www.securityfocus.com/archive/88/433355

2. Autorun in screensaver
http://www.securityfocus.com/archive/88/433357

3. Sniffer question
http://www.securityfocus.com/archive/88/433354

4. Patch Management on Critical Servers (Healthcare)
http://www.securityfocus.com/archive/88/433214

5. windows 2003 1wan 2lan => vpn to ech private lan?
http://www.securityfocus.com/archive/88/432951

IV.  UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to 
[EMAIL PROTECTED] from the subscribed address. The 
contents of the subject or message body do not matter. You will receive a 
confirmation request message to which you will have to answer. Alternatively 
you can also visit http://www.securityfocus.com/newsletters and unsubscribe via 
the website.

If your email address has changed email [EMAIL PROTECTED] and ask to 
be manually removed.

V.   SPONSOR INFORMATION
------------------------
FREE Safend Auditor - Monitor your endpoints!
Safend's FREE Auditor provides the visibility you need to protect your desktops 
and laptops. Safend Auditor identifies every USB, FireWire and PCMCIA device 
that has connected to your endpoints. Asses you endpoint vulnerabilities for 
FREE!

http://www.securityfocus.com/cgi-bin/ib.pl




---------------------------------------------------------------------------
---------------------------------------------------------------------------