**********************************************************
WINDOWS NT MAGAZINE SECURITY UPDATE
**Watching the Watchers**
The weekly Windows NT security update newsletter brought to you by
Windows NT Magazine and NTsecurity.net
http://www.winntmag.com/update/
**********************************************************

This week's issue sponsored by

UltraBac.com
http://www.ultrabac.com/counter/winnt0100a.htm

AXENT’s VPN Webcast -- Win a Palm Vx!
http://www.axent.com/redirect/w2kupdate
(Below Security Roundup)

|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-
January 26, 2000 - In this issue:

1. IN FOCUS
     - 2001: An Encryption Odyssey?
     - Follow up: Who's Watching Who?

2. SECURITY RISKS
     - RDISK Race Condition
     - InetSrv 3.0 Buffer Overflow

3. ANNOUNCEMENTS
     - Technology Week--Microsoft's Professional Trainer Conference
     - You Could Be a Winner!

4. SECURITY ROUNDUP
     - News: Internet Security with Windows NT

5. NEW AND IMPROVED
     - Email Encryption Plugin
     - Change-Detection Software

6. HOT RELEASE
     - Toshiba Copier and Fax: the 21st Century's Technological Leader

7. SECURITY TOOLKIT
     - Book Highlight: Securing Computer Networks: Analysis, Design,
and Implementation
     - Tip: What's Listening on Which Port?

8. HOT THREADS
     - Windows NT Magazine Online Forums:
        * Access to the Internet
     - Win2KSecAdvice Mailing List:
        * RFPoison Is Not a Trojan
     - HowTo Mailing List:
        * RE: NT IIS Parent Path Question (answer)

~~~~ SPONSOR: ULTRABAC.COM ~~~~
Y2K Leap Year Upgrade: Convert up to FIVE backup & recovery licenses
from either ArcServe or Backup Exec to UltraBac version 5.5 and receive
50% off!! (Offer good through February 29th. Limit 5 licenses per
customer -- this is an exclusive offer to Update Email Newsletter
readers only). For more information, call UltraBac.com today at (425)
644-6000 or visit our website at:
http://www.ultrabac.com/counter/winnt0100a.htm

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Want to sponsor Windows NT Magazine Security UPDATE? Contact Vicki
Peterson (Western and International Advertising Sales Manager) at 877-
217-1826 or vpeterson@winntmag.com, OR Tanya T. TateWik (Eastern
Advertising Sales Manager) at 877-217-1823 or ttatewik@winntmag.com.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

1. ========== IN FOCUS ==========

Hello everyone,

Windows 2000 (Win2K) is ready to go. The new OS, which Microsoft
released to manufacturing (RTM) in December, will soon be in the hands
of early adopters across the globe and will undoubtedly be the center
of attention for some time. The only other event in 2000 that will have
as much of an affect on computing is the simple expiration of a patent.
   In September of this year, the patent on RSA encryption technology
expires. Developers Rivest, Shamir, and Adelman created RSA in the 70s,
and the technology has become one of the most widely used algorithms on
the planet. You'll find RSA technology in such popular products as
pretty good privacy (PGP). Why will the patent expiration have such a
big affect on computing? Money.
   In the past, developers paid hefty license fees to use RSA
technology. When the RSA patent expires this September, developers will
have free and unrestricted access to RSA encryption. No more
hefty license fees and strict licensing guidelines. In a nutshell, the
patent expiration means that we'll see new products that use strong
encryption, and we'll see current products that now use lesser
encryption technology begin to use the stronger RSA technology. You'll
enjoy stronger VPNs, safer mail clients, more secure disk drives, and
more.
   The September patent expiration leaves 3 months before the end of
the year for developers to use the newly available technology. Because
of the timing, little will happen regarding new RSA developments in
2000. Instead, I think we'll see most of the new activity in encryption
occurring in 2001. By the summer of 2001, not only will RSA technology
be available for free, but other encryption technologies will also have
come to fruition--namely CIPHERUNICORN and the Advanced Encryption
Standard (AES). Where today the cornerstone of network security seems
to be sophisticated session authentication and various forms of
obscurity, tomorrow the cornerstone will be super strong encryption.
The future is clear and the future is encryption galore.

Follow up: Who's Watching Who?
In my editorial last week, I talked about the danger of conducting
purchases online using credit cards. Several readers wrote to rebut my
stance or to inform me of protection systems that credit card companies
use specifically for making online purchases. For example, according to
one reader, some companies now offer special credit cards designed
specifically to protect the holder from Internet-based fraud by
minimizing a buyer's liability.
   Of those readers who disagreed with my stance, most accused me of
practicing and spreading unwarranted paranoia. Readers sent me numerous
every day examples that compare online buying to other forms of credit
card purchases, such as buying a meal at a restaurant or paying for new
sneakers at a local shoe store. The assertion was that these type of
retail credit card purchases are no different than online purchases
because we must still hand over our card number to a stranger. For the
most part, I agree, but differences do exist that make buying online
more of a risk.
   The differences between buying online and buying in your
neighborhood are distinct, and they all boil down to trust--either we
trust a vendor or we don't. When you physically visit a store, you get
a first-hand view of that establishment and its personnel. You develop
an overall impression of the business and its employees, with whom you
must trust your credit card information. With the Internet, you lose
that advantage. You can't inspect a business on the Internet, so the
vendor-customer experience is limited to flashy graphics and extensive
catalogs. If you’re lucky, you might be able to talk to someone at the
company on the phone. The bottom line is that anybody with a computer
and HTML editor can put an alleged business online, complete with
credit card acceptance, so the risk of placing trust in online
merchants is higher than when making a physical purchase.
   Even if the online vendor is reputable, how do we know the vendor is
handling our information securely? To trust a business and its
employees is one thing, but to trust its computer network is entirely
different. When we buy at a physical business location, that business
probably does not enter our credit card information into computer
systems that connect to open public networks such as the Internet. But
when you buy online, that's not the case. You voluntarily deliver your
credit card information over a publicly available network to a publicly
available computer system. So the question quickly becomes, "Is that
system secure?"
   The point of my editorial last week was to raise the question of who
is watching all these allegedly secure online merchants to ensure they
are, in fact, secure? By what standard do we weigh the claim of secure
e-commerce? The answer is that, to date, no standard gauge is in
widespread use, so the risk of buying online remains high. Until next
time, have a great week.

Sincerely,
Mark Joseph Edwards, News Editor
mark@ntsecurity.net

2. ========== SECURITY RISKS =========
(contributed by Mark Joseph Edwards, mark@ntsecurity.net)

* RDISK RACE CONDITION
Arne Vidstrom reported a race condition with Windows NT's RDISK utility
where a user might be able to obtain sensitive system information
during a specific period of time during the program's use. The problem
occurs because of loose permission settings on a file that RDISK
creates.
   When RDISK is running, a user can view the contents of a temporary
file that contains an enumerated copy of the system Registry. Microsoft
has released a patch for the problem.
   http://www.ntsecurity.net/go/load.asp?iD=/security/rdisk1.htm
   http://www.microsoft.com/downloads/release.asp?ReleaseID=17384

* INETSRV 3.0 BUFFER OVERFLOW
Greg Hoagland discovered a serious buffer overflow condition within
InetSrv 3.0 (a Windows NT-based proxy server) that can lead to the
execution of arbitrary code on the server. The problem results from an
unchecked buffer in the GET command routine. For complete details on
the problem, including source code that demonstrates how an intruder
can overflow the buffer, please visit the URL below.
   http://www.ntsecurity.net/go/load.asp?iD=/security/inetsrv1.htm

3. ========== ANNOUNCEMENTS ==========

* TECHNOLOGY WEEK--MICROSOFT'S PROFESSIONAL TRAINER CONFERENCE
If you're a professional trainer on Microsoft products, this event is
for you! Technology Week, which will take place February 6 to 11 in New
Orleans, is an exclusive opportunity to get the training you need
directly from Microsoft courseware teams. Microsoft designed the
sessions to develop your technical knowledge and enhance your training
skills. Session topics include Windows 2000 Administration and Support,
Windows 2000 Infrastructure Design, Exchange 2000 Server, SQL Server,
Knowledge Management/Collaboration, BackOffice Server Integration, MSDN
Training, and instructional skills.
   Technology Week provides optimum learning with minimum downtime in
your career. Attendance is limited--register today!
   http://www.microsoft.com/mct/techweek

* YOU COULD BE A WINNER!
Win a PalmPilot or one of several Amazon.com gift certificates. Hurry!
Click below and do it now! Your chance won’t last forever!
http://www.zoomerang.com/recipient/survey-intro.zgi?ID=83QQGW03EDJC

4. ========== SECURITY ROUNDUP ==========

* NEWS: INTERNET SECURITY WITH WINDOWS NT
As you recall, 2 weeks ago we placed our book, Internet Security with
Windows NT, on the Web for free. The response has been phenomenal, and
we're happy that you find the free offering beneficial.
   Several readers wrote to inform us of various problems with the HTML
of the online book, citing issues ranging from broken image links to
unviewable pages under certain versions of Netscape Communicator. We've
now corrected the HTML formatting errors, so if you had trouble reading
the book online, please come back and check it out.
   In addition, several readers wrote to ask whether we have plans to
offer an Adobe Portable Document Format (PDF) version or a zipped file
that contains all the HTML pages in one downloadable archive. The
answer is no to both questions; you can only read the book on the Web.
If you want to view the pages offline or print the pages, you must
handle that task page by page. However, in lieu of printing the book
yourself, you can still purchase a professionally printed and bound
version of the book from 29th Street Press for about $20--and that's
one heck of a bargain.
   http://www.ntsecurity.net/go/load.asp?id=/book/toc.asp

~~~~ SPONSOR: AXENT’S VPN WEBCAST -- WIN A PALM VX! ~~~~
"Everything You Need to Know About VPNs."  Learn how to:  Implement
VPNs for site-to-site, extranets, and remote access; See the
differences between firewall, hardware, software, and router VPNs;
Overcome interoperability, security, and IPSec concerns; Reduce costs
and increase bandwidth & uptime.
Register today: http://www.axent.com/redirect/w2kupdate.  AXENT is the
leading provider of e-security solutions for your business, delivering
integrated products and expert services to 45 of the Fortune 50.

5. ========== NEW AND IMPROVED ==========
(contributed by Carolyn Mascarenas, products@winntmag.com)

* EMAIL ENCRYPTION PLUGIN
PC Guardian announced Encryption Plus (EP) for Email, an encryption
plugin that lets you quickly enable and disable the encryption of
outgoing messages. Encrypting is done in one step by selecting Encrypt
to protect your confidential email messages. You can securely send
encrypted email messages to non-EP for Email users--they don’t need
special software to decrypt and read your executable files. All these
users need is the password that you share with them. EP for Email also
provides security using the Blowfish algorithm, a 192-bit block cipher.
   EP for Email runs on Windows NT and Windows 9x systems that support
Microsoft Outlook 97 and 98. Pricing starts at $29.95 for a single-user
license and $69.95 for a multiple-user license. Contact PC Guardian,
800-288-8126.
   http://www.pcguardian.com

* CHANGE-DETECTION SOFTWARE
Pedestal Software announced Intact Directory Services, change-detection
software for directory servers. The software uses the Lightweight
Directory Access Protocol (LDAP) to access a variety of directory
servers including Microsoft’s Active Directory (AD), Novell Directory
Services (NDS), and Netscape’s iPlanet Directory Server. The software
monitors the health of crucial enterprise directories, identifies
unauthorized tampering, and recovers from intrusions. In e-commerce,
directory servers usually store digital certificates, access control
information, and customer profiles. In the enterprise, directory
servers store network maps, user information, and authentication data.
Intact Directory Services can pinpoint potential problems in these
areas before they affect business operations. The software’s central
administration console, configuration wizards, and remote operation
features can help you simplify deployment in a distributed client-
server environment.
   Intact Directory Services runs on Windows 2000 (Win2K) and Windows
NT systems. Pricing starts at $795 per system. Volume discounts and
site licenses are available. Contact Pedestal Software, 508-520-8960.
   http://www.pedestalsoftware.com

6. ========== HOT RELEASE (ADVERTISEMENT) ==========

* TOSHIBA COPIER AND FAX: THE 21ST CENTURY'S TECHNOLOGICAL LEADER
Visit
http://static.admaximize.com/redirect/0034/002266d/0002/ESV/A08/01/
to check out Toshiba's multifunctional and networking product line. No
matter what your business needs: Demand more, Demand Toshiba.

7. ========== SECURITY TOOLKIT ==========

* BOOK HIGHLIGHT: SECURING COMPUTER NETWORKS: ANALYSIS, DESIGN, AND
IMPLEMENTATION
By Eric A. Fisch and Udo W. Pooch
Online Price: $55.95
Hardcover; 356 pages
Published by CRC Press, June 1999

This updated guide presents expert information on analyzing, designing,
and implementing all aspects of computer network security. Based on the
authors' earlier work, "Computer System and Network Security," this new
book addresses important concerns regarding network security. It
contains new chapters on Web security issues, secure e-commerce,
incident response, and two new appendices on pretty good privacy (PGP)
and UNIX security fundamentals.

For Windows NT Magazine Security UPDATE readers only--Receive an
additional 10 PERCENT off the online price by typing WINNTMAG in the
referral field on the Shopping Basket Checkout page. To order this
book, go to http://www.fatbrain.com/shop/info/0849318688?from=SUT864.

* TIP: WHAT'S LISTENING ON WHICH PORT?
(contributed by Mark Joseph Edwards, mark@ntsecurity.net)

Many of you are familiar with the netstat -a command and know that it
will enumerate all listening ports on a given Windows NT machine. But
how do you find out what program is actually using which port? No clear
way exists to accomplish that with built-in Windows tools; however, a
third-party application called Inzider can determine which program is
listening on which port.
   Inzider is useful for general system troubleshooting and can be
handy when attempting to analyze a system for suspected Trojans. For
example, someone might have inserted the administrative tool
BackOrifice 2000 on a system as a Trojan hidden under another process
name. If that were the case, Inzider could detect that situation and
inform you accordingly.
   Give Inzider a try. It's a slick little tool that you should
consider adding to your security toolkit. You can download a copy from
the URL listed below.
   http://ntsecurity.nu/toolbox/inzider/

8. ========== HOT THREADS ==========

* WINDOWS NT MAGAZINE ONLINE FORUMS

The following text is from a recent threaded discussion on the Windows
NT Magazine online forums (http://www.winntmag.com/support).

January 24, 2000, 12:58 P.M.
Access to the Internet
I have been instructed that certain people in our company are NOT to
have Internet access, but need Internet email. In order to disable
Internet access I could remove DNS. But then I wouldn’t be able to get
to my POP server for email. What is the easiest way to do this? I
checked and was told my firewall can’t do anything. I’m in the process
of upgrading--any ideas?

Thread continues at
http://www.winntmag.com/support/Forums/Application/Index.cfm?CFApp=69&Messag
e_ID=87301

* WIN2KSECADVICE MAILING LIST
Each week we offer a quick recap of some of the highlights from the
Win2KSecAdvice mailing list. The following threads are in the spotlight
this week:

1. RFPoison Is Not a Trojan
http://www.ntsecurity.net/go/w.asp?A2=IND0001D&L=WIN2KSECADVICE&P=325

Follow this link to read all threads for Jan. Week 4:
   http://www.ntsecurity.net/go/win2ks-l.asp?s=win2ksec

* HOWTO MAILING LIST
Each week we offer a quick recap of some of the highlights from the
"HowTo for Security" mailing list. The following threads are in the
spotlight this week:

1. RE: NT IIS PARENT PATH QUESTION (ANSWER)
http://www.ntsecurity.net/go/L.asp?A2=IND0001D&L=HOWTO&P=83

Follow this link to read all threads for Jan. Week 4:
   http://www.ntsecurity.net/go/l.asp?s=howto

|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-

WINDOWS NT MAGAZINE SECURITY UPDATE STAFF
News Editor - Mark Joseph Edwards (mje@winntmag.com)
Ad Sales Manager (Western and International) - Vicki Peterson
(vpeterson@winntmag.com)
Ad Sales Manager (Eastern) - Tanya T. TateWik (ttatewik@winntmag.com)
Editor - Gayle Rodcay (gayle@winntmag.com)
New and Improved – Carolyn Mascarenas (products@winntmag.com)
Copy Editor – Judy Drennen (jdrennen@winntmag.com)

|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-

Thank you for reading Windows NT Magazine Security UPDATE

To subscribe, go to http://www.winntmag.com/update or send email to
listserv@listserv.ntsecurity.net with the words "subscribe
securityupdate anonymous" in the body of the message without the quotes

To unsubscribe, send email to listserv@listserv.ntsecurity.net with the
words "unsubscribe securityupdate" in the body of the message without
the quotes.

To change your email address, you must first unsubscribe by sending
email to listserv@listserv.ntsecurity.net with the words "unsubscribe
securityupdate" in the body of the message without the quotes. Then,
resubscribe by going to http://www.winntmag.com/update and entering
your current contact information or by sending email to
listserv@listserv.ntsecurity.net with the words "subscribe
securityupdate anonymous" in the body of the message without the
quotes.

========== GET UPDATED! ==========
Receive the latest information on the NT topics of your choice.
Subscribe to these other FREE email newsletters at
http://www.winntmag.com/sub.cfm?code=up99inxsup.

Windows NT Magazine UPDATE
Windows NT Magazine Thin-Client UPDATE
Windows NT Exchange Server UPDATE
Windows 2000 Pro UPDATE
ASP Review UPDATE
SQL Server Magazine UPDATE

|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-
Copyright 2000, Windows NT Magazine

Security UPDATE Newsletter is powered by LISTSERV software
http://www.lsoft.com/LISTSERV-powered.html