--- Begin Message ---
SecurityFocus Microsoft Newsletter #195
----------------------------------------
This issue sponsored by: FaceTime
Free Webinar! Enterprise IM: How IT Managers Can Survive.
Featured Speaker: Nate Root, Senior Analyst, Forrester Research. IT
directors and security managers will gain new insights to balance
compliance and security risks. Highlights an integrated solution from
FaceTime Communications and MSN Messenger Connect for Enterprises. Ideal
for financial services, healthcare, energy companies and other regulated
organizations.
View the webinar now!
http://www.securityfocus.com/sponsor/FaceTime_ms-secnews_040629
------------------------------------------------------------------------
I. FRONT AND CENTER
1. Packet Crafting for Firewall & IDS Audits (Part 1 of 2)
2. When Spyware Crosses the Line
3. Redmond's Butterfly Effect
II. MICROSOFT VULNERABILITY SUMMARY
1. Microsoft Internet Explorer Non-FQDN URI Address Zone Bypass...
2. Multiple Vendor Broadband Router Web-Based Administration De...
3. PHP-Nuke Multiple Vulnerabilities
4. VBulletin Multiple Module HTML Injection Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
1. Consumer Security Web Site (Thread)
2. Article Announcement: Redmond's Butterfly Effect (Thread)
3. [news] Consumer Security Web Site (Thread)
4. Problem with patches after import the Windows 2003 b... (Thread)
5. SecurityFocus Microsoft Newsletter #194 (Thread)
IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
1. Softros LAN Messenger
2. Network Time System
3. Anon-Encrypt
4. RSI
5. WiSSH
6. Firewall RuleMaker
V. NEW TOOLS FOR MICROSOFT PLATFORMS
1. Athena 1.0
2. CryptoHeaven v2.4.0
3. XArp 0.1
4. Honeynet Security Console 1.0
5. LogMonitor 1.0
6. Ettercap v0.7.0 pre2
VI. UNSUBSCRIBE INSTRUCTIONS
VII. SPONSOR INFORMATION
I. FRONT AND CENTER
-------------------
1. Packet Crafting for Firewall & IDS Audits (Part 1 of 2)
By Don Parker
This article is the first of a two-part series that will discuss various
methods to test the integrity of your firewall and IDS using low-level
TCP/IP packet crafting tools and techniques.
http://www.securityfocus.com/infocus/1787
2. When Spyware Crosses the Line
By Kelly Martin
"Spyware" isn't harmless software when it starts hijacking your browser,
downloading updates, and displaying adult porn images to small children.
http://www.securityfocus.com/columnists/250
3. Redmond's Butterfly Effect
By Tim Mullen
Criminals are benefiting from an Internet Explorer that's so complex even
Microsoft can't predict its behavior.
http://www.securityfocus.com/columnists/251
II. MICROSOFT VULNERABILITY SUMMARY
-----------------------------------
1. Microsoft Internet Explorer Non-FQDN URI Address Zone Bypass...
BugTraq ID: 10579
Remote: Yes
Date Published: Jun 21 2004
Relevant URL: http://www.securityfocus.com/bid/10579
Summary:
Microsoft Internet Explorer is prone to a zone bypass vulnerability. A remote
attacker may execute code in the Intranet zone. An attacker can exploit this
issue by using a non-FQDN URI.
Successful exploitation of this vulnerability could lead to the execution of
malicious script or ActiveX controls in the Intranet zone.
Update: It is reported that this issue can also be exploited to bypass to
other zones. For example, by using a trusted URI, an attacker can access the
Trusted zone.
This issue seems to be related to BID 10517 (Multiple Browser URI Obfuscation
Weakness).
2. Multiple Vendor Broadband Router Web-Based Administration De...
BugTraq ID: 10585
Remote: Yes
Date Published: Jun 21 2004
Relevant URL: http://www.securityfocus.com/bid/10585
Summary:
Multiple broadband routers from several different vendors, used for home and
small office Internet sharing and routing are reported affected by a denial of
service vulnerability in their web-based administration interfaces.
The embedded web server is reportedly unable to maintain more than a small
number of simultaneous TCP connections. An attacker who maintains a number of
connections to port 80 of an affected device will block access to the web
administration application for legitimate users.
An attacker could block access to the administration interface as long as they
can maintain the TCP connections.
Netgear FVS318, Linksys BEFSR41, and Microsoft MN-500 devices are reported to
be susceptible.
3. PHP-Nuke Multiple Vulnerabilities
BugTraq ID: 10595
Remote: Yes
Date Published: Jun 23 2004
Relevant URL: http://www.securityfocus.com/bid/10595
Summary:
PHP-Nuke is prone to multiple vulnerabilities. The issues result from
insufficient sanitization of user-supplied data and may allow an attacker to
carry out cross-site scripting, HTML injection, and SQL injection attacks.
Although unconfirmed, all versions of PHP-Nuke are considered to be vulnerable
at this point. This BID will be updated as more information becomes available.
4. VBulletin Multiple Module HTML Injection Vulnerability
BugTraq ID: 10602
Remote: Yes
Date Published: Jun 24 2004
Relevant URL: http://www.securityfocus.com/bid/10602
Summary:
VBulletin is reported prone to an HTML injection vulnerability. This issue
affects the 'newreply.php' and 'newthread.php' scripts.
An attacker may exploit this issue by including hostile HTML and script code in
fields that may be viewable by other users, potentially allowing for theft of
cookie-based authentication credentials and other attacks.
This issue is reported to affect VBulletin version 3.0.1, however, it is likely
that other versions are affected as well.
III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. Consumer Security Web Site (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/367370
2. Article Announcement: Redmond's Butterfly Effect (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/367361
3. [news] Consumer Security Web Site (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/367326
4. Problem with patches after import the Windows 2003 b... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/366904
5. SecurityFocus Microsoft Newsletter #194 (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/366852
IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
----------------------------------------
1. Softros LAN Messenger
By: Softros Systems Inc.
Platforms: Windows 2000, Windows NT, Windows XP
Relevant URL: http://messenger.softros.com
Summary:
Softros Messenger is a secure network messaging software application for
corporate LANs (local area networks). It does not require a server and is very
easy to install and use. Softros Messenger comes with a variety of handy
features, like message notification alarms, personal or group messaging, and
intuitive interface. Softros Messenger offers strong encryption options for all
incoming and outgoing messages, guaranteeing no unauthorized person ever reads
personal correspondence. The program is very stable when running under any
Windows operating system and in any TCP/IP network, regardless of its size.
Also Softros Messenger correctly identifies and works under Windows NT/2000/XP
limited user accounts (without administrative privileges).
2. Network Time System
By: Softros Systems Inc.
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://nts.softros.com/
Summary:
Network Time System - Secure, fast and accurate time sync software across
entire network.
3. Anon-Encrypt
By: RiserSoft Corporation
Platforms: Windows 2000, Windows NT, Windows XP
Relevant URL: http://risersoft.com/anon-encrypt.php
Summary:
Surf the Internet Totally Anonymous, and Fully Encrypted with our Internet
Explorer Pluging!
4. RSI
By: Digital Labs, LLC
Platforms: Windows 2000, Windows NT, Windows XP
Relevant URL: http://www.digitallabs.net/rsi/
Summary:
Remote System Information audits your network for critical hardware and
software information and displays the results in a clear, exportable
spreadsheet view.
Remote Registry technology provides the ability to dynamically scan your
network without the need to install client software.
5. WiSSH
By: Digital Labs, LLC
Platforms: Windows 2000, Windows NT, Windows XP
Relevant URL: http://www.wissh.com
Summary:
WiSSH (Windows over SSH) utilizes SSH tunneling technology to secure
Microsoft's RDP protocol. Allows access to multiple hosts behind your network
perimeter with only a single host's SSH port open to the Internet
6. Firewall RuleMaker
By: The Net Memetic Pte Ltd
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://firewall.rulemaker.net
Summary:
Firewall RuleMaker is a Windows-based firewall configuration version control
software product for managers of Cisco PIX and Netscreen firewalls.
V. NEW TOOLS FOR MICROSOFT PLATFORMS
------------------------------------
1. Athena 1.0
By: Steve Lord
Relevant URL: http://www.buyukada.co.uk/projects/athena/
Platforms: Windows 2000, Windows XP
Summary:
Athena is a search engine query tool designed to help find information leakage
vulnerabilties using 'googledork' strings. Athena uses an extensible
configuration format that supports multiple search engines (Yahoo and Google
included). Athena is designed with ease of use in mind and a full illustrated
manual is included featuring a full walkthrough.
2. CryptoHeaven v2.4.0
By: Marcin Kurzawa <[EMAIL PROTECTED]>
Relevant URL: http://www.cryptoheaven.com/
Platforms: UNIX, Windows 2000, Windows 95/98, Windows NT, Windows XP
Summary:
CryptoHeaven offers secure email and online file sharing/storage. Its main
features are secure and highly encrypted services such as group collaboration,
file sharing, email, online storage, and instant messaging. It integrates
multi-user based security into email, instant messaging, and file storage and
sharing in one unique package. It provides real time communication for text and
data transfers in a multi-user secure environment. The security and usability
of CryptoHeaven is well-balanced; even the no-so-technically oriented computer
users can enjoy this crypto product with very high level of encryption.
3. XArp 0.1
By: Christoph Mayer
Relevant URL: http://www.chrismc.de
Platforms: Windows 2000, Windows XP
Summary:
XArp is a graphical tool to monitor the ARP cache. It periodically requests the
local ARP cache and reports changes in the IP to MAC mapping. Thus it can be
used to recognize ARP poisoning which is used to prepare 'man in the middle'
attacks on switched networks.
4. Honeynet Security Console 1.0
By: Activeworx, Inc.
Relevant URL: http://www.activeworx.org
Platforms: Windows 2000, Windows XP
Summary:
Honeynet Security Console is an analysis tool to view events on your personal
honeynet. It gives you the power to view events from Snort, TCPDump, Firewall,
Syslog and Sebek logs. It also allows you to correlate events from each of
these data types to have a full grasp of the attackers' actions.
5. LogMonitor 1.0
By: Adam Richard/SécurIT Informatique Inc.
Relevant URL: ftp://ftp.digitalvoodoo.org/pub/mirrors/securit/Logmon10free.zip
Platforms: Windows 2000, Windows NT, Windows XP
Summary:
LogMonitor is a log analysis console. It is 75% based on LogIDS, excepted for
the GUI which is a complete makeover. Instead of focusing on network location,
LogMonitor presents the data in a set of floating windows grouped by
application, which may be a more intuitive interface to some people. The
analysis is performed by defining the fields of each log we are monitoring, and
then by using these fields to define rules as to what is important data or not.
6. Ettercap v0.7.0 pre2
By: ALoR <[EMAIL PROTECTED]>
Relevant URL: http://ettercap.sourceforge.net/
Platforms: FreeBSD, Linux, MacOS, NetBSD, Windows 2000, Windows NT, Windows XP
Summary:
Ettercap is a network sniffer/interceptor/logger for ethernet LANs. It supports
active and passive dissection of many protocols (even ciphered ones, like SSH
and HTTPS). Data injection in an established connection and filtering on the
fly is also possible, keeping the connection synchronized. Many sniffing modes
were implemented to give you a powerful and complete sniffing suite. Plugins
are supported. It has the ability to check whether you are in a switched LAN or
not, and to use OS fingerprints (active or passive) to let you know the
geometry of the LAN.
VI. UNSUBSCRIBE INSTRUCTIONS
----------------------------
To unsubscribe send an e-mail message to [EMAIL PROTECTED] from the subscribed
address. The contents of the subject or message body do not matter. You will
receive a confirmation request message to which you will have to answer.
Alternatively you can also visit http://www.securityfocus.com/newsletters and
unsubscribe via the website.
If your email address has changed email [EMAIL PROTECTED] and ask to be
manually removed.
VII. SPONSOR INFORMATION
-----------------------
This issue sponsored by: FaceTime
Free Webinar! Enterprise IM: How IT Managers Can Survive.
Featured Speaker: Nate Root, Senior Analyst, Forrester Research. IT
directors and security managers will gain new insights to balance
compliance and security risks. Highlights an integrated solution from
FaceTime Communications and MSN Messenger Connect for Enterprises. Ideal
for financial services, healthcare, energy companies and other regulated
organizations.
View the webinar now!
http://www.securityfocus.com/sponsor/FaceTime_ms-secnews_040629
------------------------------------------------------------------------
---------------------------------------------------------------------------
---------------------------------------------------------------------------
--- End Message ---