exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

nt.security.update.120899.txt

nt.security.update.120899.txt
Posted Dec 9, 1999
Authored by winsd

Windows NT security update for December 8, 1999. New vulnerabilities covered include IE 5.0 WPAD Spoofing, IIS ISAPI Filter Plain Text Leak, FTP Serv-U Subject to Denial of Service, and IE 5.0 Subject to Frame Spoofing. Also has info on making certain you are ready for y2k, the MiniZip virus, Babylonia virus, and Y2K-Specific Worms. NTsecurity homepage here.

tags | worm, denial of service, spoof, vulnerability, virus, magazine
systems | windows
SHA-256 | a6aa9fff249cad6fef9c9fcdb215405e054d8eabe95afcbcebb4e26b213704a6

nt.security.update.120899.txt

Change Mirror Download

**********************************************************
WINDOWS NT MAGAZINE SECURITY UPDATE
**Watching the Watchers**
The weekly Windows NT security update newsletter brought to you by
Windows NT Magazine and NTsecurity.net
http://www.winntmag.com/update/
**********************************************************

This week's issue sponsored by:

Norton 2000 Corporate Edition from Symantec
http://www.symantec.com/specprog/sym/12899a.html

Stac Announces Replica NDM V2.0
http://www.stac.com/laptop
(Below Security Roundup)

|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-
December 8, 1999 - In this issue:

1. IN FOCUS
- Are You Certain You're Ready for Y2K?

2. SECURITY RISKS
- IE 5.0 WPAD Spoofing
- IIS ISAPI Filter Plain Text Leak
- FTP Serv-U Subject to Denial of Service
- IE 5.0 Subject to Frame Spoofing

3. ANNOUNCEMENTS
- Windows NT Magazine Launches ASP Email Newsletter
- The Bean Counter, the Techie, and the Future of Business
Intelligence
- Security Poll: Which Security-Related Management Skills Do You
Desire Most?

4. SECURITY ROUNDUP
- News: MiniZip Virus on the Loose
- News: Symantec Detects Babylonia Computer Virus
- News: Y2K-Specific Worm

5. NEW AND IMPROVED
- Desktop Virus Protection
- Authentication Tokens

6. HOT RELEASES
- K-Force
- VeriSign - The Internet Trust Company

7. SECURITY TOOLKIT
- Book Highlight: Network Security: In a Mixed Environment
- Tip: Listing Administrative Users
- HowTo: More Windows 2000 Topics, Acronyms, and Concepts

8. HOT THREADS
- Windows NT Magazine Online Forums:
* Hacker - What Can I Do?
- Win2KSecAdvice Mailing List:
* SP6a Included Security Fixes?
* SQL 7 Magic Packet Denial of Service
- HowTo Mailing List:
* PDC Multi-Homed
* Local Group Listing Utility
* Sync Time on Domain Computers

~~~~ SPONSOR: NORTON 2000 CORPORATE EDITION FROM SYMANTEC ~~~~
Norton 2000 gives you an easy, reliable, and flexible way to identify
Year 2000 desktop anomalies in applications and documents, to repair
potentially damaging files, and to fix system clocks and BIOS. Norton
2000 scans for two-digit dates in spreadsheet cells and formulas,
database fields, forms and text, and includes a reliable fix assistant
for Microsoft Excel files. It also checks desktop applications for
compliance, includes a SQL database component for roll-up graphing and
analysis, and it easily integrates with Norton System Center to support
one-console administration.
http://www.symantec.com/specprog/sym/12899a.html

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Want to sponsor Windows NT Magazine Security UPDATE? Contact Vicki
Peterson (Western and International Advertising Sales Manager) at 877-
217-1826 or vpeterson@winntmag.com, OR Tanya T. TateWik (Eastern
Advertising Sales Manager) at 877-217-1823 or ttatewik@winntmag.com.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

1. ========== IN FOCUS ==========

Hello everyone,

Do you have all your Y2K remedies and prevention in place? Are you
sure? What about viruses, Trojans, and worms? How will you cover your
bases in that area?
If you don't think viruses and worms pose a Y2K threat, think again.
Researchers have reported at least two new Y2K-centric virus and worm
strains in recent weeks. Granted, you can head over to your favorite
antivirus software vendor site and download the latest signature
detection update files, but think about that action for a moment.
You're downloading signatures of viruses and worms that the vendor
knows about, and that's the key to any viral or worm detection and
eradication: knowledge.
The reality is that any number of undetected viruses and worms might
be out there waiting to trigger on a given date in the year 2000. The
problem is that we just don't know what's out there, and outside of a
good file and system integrity checker, you have no way to guarantee
that such code hasn't entered your system. The way you'll find out
about a Y2K-based infection is when a virus or worm actually activates.
Quite a dilemma, don't you think? Certainly, you can roll a
computer's date forward to see how your system reacts, but that
approach isn't really adequate to cover all the bases when it comes to
viruses and worms. For example, what if a given virus or worm only
triggers at a specific time of day? How can you test all the possible
time combinations for an entire year? Realistically, you can't.
The alternative route to date and time trigger checking is
comparative analysis. You can feasibly compare aspects of any system in
question against aspects of a similar system that is known to be
tamper-free. By examining Registry entries, file dates, and checksums,
you might be able to detect potential infection before that infection
becomes a serious problem.
With either route, the course is tough and time-consuming.
Comparative checks are certainly more time-conservative and beneficial
than date- and time-based testing alone, but even so, there is no
guarantee that something is not amiss. Can you accept that risk?
Perhaps your situation forces you to accept it, but perhaps not.
I've read messages on our HowTo for Security mailing list in which
people have indicated they will power down their Exchange servers and
other mission-critical systems to wait and see how the date rollover
affects others around the world. I like that approach, but not everyone
has the luxury of taking that course.
The bottom line is that you should protect your system's integrity
from the start with utilities such as TripWire
(http://www.tripwiresecurity.com/) and use a good antivirus scanner
that fits your needs. In addition, handle all email messages with
caution until you're certain they're harmless. Do those things and
you'll significantly reduce the amount of worry you'll experience
regarding viruses and worms both now and in the future.
Using real-time integrity checkers and adequate email practices in
addition to up-to-date antivirus software will lessen the likelihood
that your servers or workstations will get hammered into bits of
useless data. As you know, an ounce of prevention is worth a pound of
cure. Until next time, have a great week.

Sincerely,
Mark Joseph Edwards, News Editor
mark@ntsecurity.net

2. ========== SECURITY RISKS =========
(contributed by Mark Joseph Edwards, http://www.ntsecurity.net)

* IE 5.0 WPAD SPOOFING
Tim Adam reported a problem with Internet Explorer (IE) 5.0 that
affects the Web Proxy Auto-Discovery (WPAD) protocol. According to
Microsoft's bulletin, "The IE 5 Web Proxy Auto-Discovery (WPAD) feature
enables Web clients to automatically detect proxy settings without user
intervention. The algorithm used by WPAD prepends the hostname 'wpad'
to the fully qualified domain name and progressively removes subdomains
until it either finds a WPAD server answering the hostname or reaches
the third-level domain. A vulnerability arises because in international
usage, the third-level domain might not be trusted. A malicious user
could set up a WPAD server and serve proxy configuration commands of
his or her choice."
Microsoft has released IE 5.01 (a new version), which remedies this
problem. Be sure to read the FAQ regarding this matter.
http://www.ntsecurity.net/go/load.asp?iD=/security/ie56.htm
http://www.microsoft.com/security/bulletins/MS99-054faq.asp


* IIS ISAPI FILTER PLAIN TEXT LEAK
Microsoft reported a vulnerability in the Secure Sockets Layer (SSL)
ISAPI filter shipped with Internet Information Server (IIS) 4.0 and
Site Server 3.0. Other Microsoft products also use the filter.
According to Microsoft's report, "If called by a multi-threaded
application under very specific, and fairly rare, circumstances, a
synchronization error in the filter could allow a single buffer of
plain text to be transmitted back to the data's owner."
Microsoft has issued a patch for Intel and Alpha and a FAQ regarding
this matter.
http://www.ntsecurity.net/go/load.asp?iD=/security/iis2.htm
http://www.microsoft.com/security/bulletins/MS99-053faq.asp

* FTP SERV-U SUBJECT TO DENIAL OF SERVICE
UssrLabs reported a possible denial of service (DoS) attack against
Deerfield.com's FTP Serv-U 2.5a caused by a buffer overflow condition.
A malformed SITE command causes the buffer overflow condition.
Deerfield.com is aware of the problem and has issued a patched
version of the software in FTP Serv-U 2.5b.
http://www.ntsecurity.net/go/load.asp?iD=/security/servu1.htm
http://ftpserv-u.deerfield.com/download.cfm

* IE 5.0 SUBJECT TO FRAME SPOOFING
Georgio Guninski reported a problem with Internet Explorer (IE) 5.0
that lets frame spoofing take place. The problem can let an intruder
fool unsuspecting users into thinking they are visiting a trusted site,
when in fact, they are not.
Microsoft has issued no comment regarding this matter. To protect
yourself against such attacks, be sure to read the instructions at the
Web page listed below.
http://www.ntsecurity.net/go/load.asp?iD=/security/ie55.htm

3. ========== ANNOUNCEMENTS ==========

* WINDOWS NT MAGAZINE LAUNCHES ASP EMAIL NEWSLETTER
Stay current with the latest industry news and trends of the exciting
new application service provider (ASP) marketplace with ASP Review
UPDATE, a free bi-weekly email newsletter. With coverage of industry
players, available and emerging technologies, and tips on how to
evaluate service providers, ASP Review UPDATE is a must-read for IT and
business professionals who want to stay at the forefront of their
business. Enter your FREE subscription now at
http://www.winntmag.com/sub.cfm?code=UP99INLUP.

* THE BEAN COUNTER, THE TECHIE, AND THE FUTURE OF BUSINESS INTELLIGENCE
Everybody knows what business intelligence can do for a company. We
know what hidden information it can bring to light, what surprising
opportunities it can uncover, what competition-squashing power it can
unleash. But what are businesses really doing with it?
Readers of Windows NT Magazine and Business Finance Magazine told us
how they're applying business intelligence now and what they're
planning in the future, and their answers don't always jibe. What does
MIS know that Accounting doesn't? Find out at
http://www.businessfinancemag.com/busint99.html.

* SECURITY POLL: WHICH SECURITY-RELATED MANAGEMENT SKILLS DO YOU DESIRE
MOST?
Security training is a hot market right now. You might even have plans
to take some classes. If you do have such plans, what type of security
management skills do you desire most? Place your vote, and view the
survey results at the URL below.
http://www.ntsecurity.net/go/2c.asp?f=/polls.asp?idf=109&tb=p

4. ========== SECURITY ROUNDUP ==========

* NEWS: MINIZIP VIRUS ON THE LOOSE
The ExplorerZip Worm is back in the news again. Researchers have
discovered a new rendition of the dangerous virus in the wild. The new
version is compressed, letting it bypass detection routines that would
capture and contain ExplorerZip. The new virus, ExplorerZipPack (or
MiniZip), is very dangerous and spreading rapidly; therefore, you need
to guard against it immediately.
http://www.ntsecurity.net/go/2c.asp?f=/news.asp?IDF=188&TB=news

* NEWS: SYMANTEC DETECTS BABYLONIA COMPUTER VIRUS
Symantec discovered a new Y2K virus on December 6 that disguises itself
as a Y2K fix. The virus is unique because it can download its viral
components from the Internet. When the virus executes, it will wait for
an Internet connection. After detecting a connection, the virus
downloads several files from a Web server in Japan. This capability
lets the virus writer update the virus centrally.
http://www.ntsecurity.net/go/2c.asp?f=/news.asp?IDF=190&TB=news

* NEWS: Y2K-SPECIFIC WORM
Computer Associates warns of a new virus named W32.Mypics.Worm (Mypics)
that can cause extensive damage in the Year 2000. The worm spreads on
Windows and Windows NT platforms through email and has a highly
dangerous payload that triggers in 2000. The worm's payload can cause
users to lose all the data on their hard disks.
http://www.ntsecurity.net/go/2c.asp?f=/news.asp?IDF=189&TB=news

~~~~ SPONSOR: STAC ANNOUNCES REPLICA NDM V2.0 ~~~~
Recover your CEO's crashed PC while you enjoy a cup of coffee! Replica
NDM is the first to offer centrally managed backup and bare-metal
disaster recovery for all your desktop, mobile and remote PCs.
For more information and a FREE white paper on mobile PC backup by
Gartner Group, simply visit us at
http://www.stac.com/laptop

5. ========== NEW AND IMPROVED ==========
(contributed by Carolyn Mascarenas, products@winntmag.com)

* DESKTOP VIRUS PROTECTION
Trend Micro announced OfficeScan Corporate Edition 3.5, antivirus
software for the corporate desktop. New features include mobile and
remote user support, improved interoperability and manageability,
incremental pattern file updates, new ActiveUpdate technology, and
additional antivirus client deployment methods. You can manage virus
prevention on the desktop without requiring involvement from the end
user. You can remotely install client software on the network to
perform virus scanning on the workstation. You can also configure and
update clients from a central Windows or Web-based management console.
OfficeScan Corporate Edition 3.5 runs on Windows NT. Pricing starts
at $300 for a 25-seat license. Contact Trend Micro, 408-867-6404.
http://www.antivirus.com

* AUTHENTICATION TOKENS
CRYPTOCard announced the KF-1 and the PT-1, new authentication tokens
in the company's CRYPTOAdmin 4.1 administration platform. Unlike other
key chain-based authentication tokens, the KF-1 is a steel-cased unit
with PIN entry for activation. Only on activation does the KF-1 display
the password, eliminating the risks presented by systems that send the
PIN in the clear across the network. The PT-1 provides authentication
for accessing corporate networks with Palm handheld devices and
provides one-time password authentication without requiring the Palm
user to carry an additional hardware device. PT-1 has no predetermined
expiration date and is a one-time purchase for network security
officers.
CRYPTOAdmin 4.1 runs on Window NT, Linux, Sun Solaris, AIX, and
FreeBSD systems. For pricing, contact CRYPTOCard, 800-307-7042.
http://www.cryptocard.com

6. ========== HOT RELEASE (ADVERTISEMENT) ==========

* K-FORCE
Afraid of getting lost on another job board? Real results by real
people at kforce.com. Resumes read by 2,300 Career Specialists,
Confidential Searching, and a Career Development Coach! Click on
***kforce.com*** where opportunity has a new address.
http://ad.doubleclick.net/clk;629716;3578931;w?http://www.kforce.com

* VERISIGN - THE INTERNET TRUST COMPANY
Protect your servers with 128-bit SSL encryption! Get a FREE Guide
from VeriSign, "Securing Your Web Site for Business." Click Here!
http://www.verisign.com/cgi-bin/go.cgi?a=n016004150008000

7. ========== SECURITY TOOLKIT ==========

* BOOK HIGHLIGHT: NETWORK SECURITY: IN A MIXED ENVIRONMENT
By Dan Blacharski
Online Price: $31.95
Softcover; 408 pages
Published by IDG Books Worldwide, March 1998

Protect your network with the help of Network Security: In a Mixed
Environment. Industry expert Dan Blacharski combines technical insight
and real-world experience to produce a solid how-to manual designed to
reduce the dangers inherent in mixed environment computing.
Network Security: In a Mixed Environment covers all the basics in
establishing a protected network, from determining security needs to
acquiring the right hardware and software. You'll get detailed
information on NetWare, Windows NT, and UNIX security features;
safeguarding your network against various threats; hardware and
software; security monitors; and more.

For Windows NT Magazine Security UPDATE readers only--Receive an
additional 10 PERCENT off the online price by typing in WINNTMAG in the
referral field on the Shopping Basket Checkout page. To order this
book, go to http://www.fatbrain.com/shop/info/0764531522?from=SUT864.

* TIP: LISTING ADMINISTRATIVE USERS
(contributed by Mark Joseph Edwards, http://www.ntsecurity.net)

Rick Mitchell posted a message on the "HowTo for Security" mailing list
asking readers if they know of a utility that will remotely dump a list
of users in a particular group on a Windows NT 4.0 server. Rick says he
has more than 250 NT servers in his domain, and he needs a tool that
will provide a list of all users who have administrative rights on each
machine.
The Microsoft Windows NT Server 4.0 Resource Kit is the most obvious
place to seek such utilities. Within the resource kit, you can find two
utilities: local.exe and global.exe. Each tool lists users and groups
by domain or server.
In addition, SomarSoft's DumpACL utility can identify users and
groups and identify NTFS and share permissions. Frank Ramos' tools at
SomarSoft are all free.
Adkins Resource also produces a nifty tool to get the job done. Head
over to its Web site and download Hyena 2.2. Pricing for the tool
starts at $269, and it's available as a 30-day evaluation.
http://mspress.microsoft.com/reslink
http://www.somarsoft.com
http://www.adkins-resource.com

* HOWTO: MORE WINDOWS 2000 TOPICS, ACRONYMS, AND CONCEPTS
Zubair Ahmad presents his third column in an occasional series of
Windows 2000 Ready Web exclusive features that define new Windows 2000
(Win2K) terms and concepts.
http://www.ntsecurity.net/go/2c.asp?f=/howto.asp?IDF=115&TB=howto

8. ========== HOT THREADS ==========

* WINDOWS NT MAGAZINE ONLINE FORUMS

The following text is from a recent threaded discussion on the Windows
NT Magazine online forums (http://www.winntmag.com/support).

December 02, 1999, 01:33 P.M.
Hacker - What Can I Do?
I'm hoping someone can help me. I have what I believe to be a hacker
attempting to access my mail server. I'm showing entries in my Security
Event Log with an outside SMTP attempt to access my server. It then
says "LogonUser()call failed with error. Logon failure: unknown user
name or bad password." I'm assuming this means someone is trying to
enter but is unsuccessful. If I am incorrect, or if anyone has any
ideas as to how I can track this person down or scare them off, let me
know. Any help would be appreciated. Thanks in advance.

Thread continues at
http://www.winntmag.com/support/Forums/Application/Index.cfm?CFApp=69&Messag
e_ID=80519

* WIN2KSECADVICE MAILING LIST
Each week, we offer a quick recap of some of the highlights from the
Win2KSecAdvice mailing list. The following threads are in the spotlight
this week:
1. SP6A INCLUDED SECURITY FIXES?
http://www.ntsecurity.net/go/w.asp?A2=IND9912A&L=WIN2KSECADVICE&P=307
2. SQL 7 MAGIC PACKET DENIAL OF SERVICE
http://www.ntsecurity.net/go/w.asp?A2=IND9912A&L=WIN2KSECADVICE&P=792

Follow this link to read all threads for Dec. Week 1:
http://www.ntsecurity.net/go/win2ks-l.asp?s=win2ksec

* HOWTO MAILING LIST
Each week we offer a quick recap of some of the highlights from the
"HowTo for Security" mailing list. The following threads are in the
spotlight this week:

1. PDC MULTI-HOMED
http://www.ntsecurity.net/go/L.asp?A2=IND9912A&L=HOWTO&P=2986
2. LOCAL GROUP LISTING UTILITY
http://www.ntsecurity.net/go/L.asp?A2=IND9912A&L=HOWTO&P=200
3. SYNC TIME ON DOMAIN COMPUTERS
http://www.ntsecurity.net/go/L.asp?A2=IND9912A&L=HOWTO&P=2886

Follow this link to read all threads for Dec. Week 1:
http://www.ntsecurity.net/go/l.asp?s=howto

|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-

WINDOWS NT MAGAZINE SECURITY UPDATE STAFF
News Editor - Mark Joseph Edwards (mje@winntmag.com)
Ad Sales Manager (Western and International) - Vicki Peterson
(vpeterson@winntmag.com)
Ad Sales Manager (Eastern) - Tanya T. TateWik (ttatewik@winntmag.com)
Editor - Gayle Rodcay (gayle@winntmag.com)
New and Improved - Carolyn Mascarenas (products@winntmag.com)
Editor-at-Large - Jane Morrill (jane@winntmag.com)

|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-

Thank you for reading Windows NT Magazine Security UPDATE.

To subscribe, go to http://www.winntmag.com/update or send email to
listserv@listserv.ntsecurity.net with the words "subscribe
securityupdate anonymous" in the body of the message without the
quotes.

To unsubscribe, send email to listserv@listserv.ntsecurity.net with the
words "unsubscribe securityupdate" in the body of the message without
the quotes.

To change your email address, you must first unsubscribe by sending
email to listserv@listserv.ntsecurity.net with the words "unsubscribe
securityupdate" in the body of the message without the quotes. Then,
resubscribe by going to http://www.winntmag.com/update and entering
your current contact information or by sending email to
listserv@listserv.ntsecurity.net with the words "subscribe
securityupdate anonymous" in the body of the message without the
quotes.

========== GET UPDATED! ==========
Receive the latest information on the NT topics of your choice.
Subscribe to these other FREE email newsletters at
http://www.winntmag.com/sub.cfm?code=up99inxsup.

Windows NT Magazine UPDATE
Windows NT Magazine Thin-Client UPDATE
Windows NT Exchange Server UPDATE
Windows 2000 Pro UPDATE
ASP Review UPDATE
SQL Server Magazine UPDATE

|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-
Copyright 1999, Windows NT Magazine

Security UPDATE Newsletter is powered by LISTSERV software
http://www.lsoft.com/LISTSERV-powered.html






------_=_NextPart_001_01BF41C7.39CEBA50
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Diso-8859-1">
<META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version =
5.5.2448.0">
<TITLE>[Windows NT Magazine Security UPDATE] 1999 - December 8</TITLE>
</HEAD>
<BODY>
<BR>
<BR>

<P><FONT SIZE=3D2 FACE=3D"Courier =
New">**********************************************************</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">WINDOWS NT MAGAZINE SECURITY =
UPDATE </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">**Watching the =
Watchers**</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">The weekly Windows NT security =
update newsletter brought to you by </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">Windows NT Magazine and =
NTsecurity.net</FONT>
<BR><U><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Courier New"><A =
HREF=3D"http://www.winntmag.com/update/" =
TARGET=3D"_blank">http://www.winntmag.com/update/</A></FONT></U><FONT =
SIZE=3D2 FACE=3D"Courier New"> </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier =
New">**********************************************************</FONT>
</P>

<P><FONT SIZE=3D2 FACE=3D"Courier New">This week's issue sponsored =
by:</FONT>
</P>

<P><FONT SIZE=3D2 FACE=3D"Courier New">Norton 2000 Corporate Edition =
from Symantec</FONT>
<BR><U><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Courier New"><A =
HREF=3D"http://www.symantec.com/specprog/sym/12899a.html" =
TARGET=3D"_blank">http://www.symantec.com/specprog/sym/12899a.html</A></=
FONT></U>
</P>

<P><FONT SIZE=3D2 FACE=3D"Courier New">Stac Announces Replica NDM =
V2.0</FONT>
<BR><U><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Courier New"><A =
HREF=3D"http://www.stac.com/laptop" =
TARGET=3D"_blank">http://www.stac.com/laptop</A></FONT></U>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">(Below Security Roundup) =
</FONT>
</P>

<P><FONT SIZE=3D2 FACE=3D"Courier =
New">|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-</FONT>=

<BR><FONT SIZE=3D2 FACE=3D"Courier New">December 8, 1999 - In this =
issue:</FONT>
</P>

<P><FONT SIZE=3D2 FACE=3D"Courier New">1. IN FOCUS</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">&nbsp;&nbsp;&nbsp;&nbsp; - Are =
You Certain You're Ready for Y2K?</FONT>
</P>

<P><FONT SIZE=3D2 FACE=3D"Courier New">2. SECURITY RISKS</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">&nbsp;&nbsp;&nbsp;&nbsp; - IE =
5.0 WPAD Spoofing</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">&nbsp;&nbsp;&nbsp;&nbsp; - IIS =
ISAPI Filter Plain Text Leak</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">&nbsp;&nbsp;&nbsp;&nbsp; - FTP =
Serv-U Subject to Denial of Service </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">&nbsp;&nbsp;&nbsp;&nbsp; - IE =
5.0 Subject to Frame Spoofing</FONT>
</P>

<P><FONT SIZE=3D2 FACE=3D"Courier New">3. ANNOUNCEMENTS</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">&nbsp;&nbsp;&nbsp;&nbsp; - =
Windows NT Magazine Launches ASP Email Newsletter</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">&nbsp;&nbsp;&nbsp;&nbsp; - The =
Bean Counter, the Techie, and the Future of Business </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">Intelligence</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">&nbsp;&nbsp;&nbsp;&nbsp; - =
Security Poll: Which Security-Related Management Skills Do You </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">Desire Most?</FONT>
</P>

<P><FONT SIZE=3D2 FACE=3D"Courier New">4. SECURITY ROUNDUP</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">&nbsp;&nbsp;&nbsp;&nbsp; - =
News: MiniZip Virus on the Loose</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">&nbsp;&nbsp;&nbsp;&nbsp; - =
News: </FONT><FONT COLOR=3D"#000000" SIZE=3D2 FACE=3D"Courier =
New">Symantec Detects Babylonia Computer Virus</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">&nbsp;&nbsp;&nbsp;&nbsp; - =
News: Y2K-Specific Worm</FONT>
</P>

<P><FONT SIZE=3D2 FACE=3D"Courier New">5. NEW AND IMPROVED</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">&nbsp;&nbsp;&nbsp;&nbsp; - =
Desktop Virus Protection</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">&nbsp;&nbsp;&nbsp;&nbsp; - =
Authentication Tokens</FONT>
</P>

<P><FONT SIZE=3D2 FACE=3D"Courier New">6. HOT RELEASES</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">&nbsp;&nbsp;&nbsp;&nbsp; - =
K-Force</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">&nbsp;&nbsp;&nbsp;&nbsp; - =
VeriSign - The Internet Trust Company</FONT>
</P>

<P><FONT SIZE=3D2 FACE=3D"Courier New">7. SECURITY TOOLKIT</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">&nbsp;&nbsp;&nbsp;&nbsp; - Book =
Highlight: Network Security: In a Mixed Environment</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">&nbsp;&nbsp;&nbsp;&nbsp; - Tip: =
Listing Administrative Users</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">&nbsp;&nbsp;&nbsp;&nbsp; - =
HowTo: More Windows 2000 Topics, Acronyms, and Concepts</FONT>
</P>

<P><FONT SIZE=3D2 FACE=3D"Courier New">8. HOT THREADS </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">&nbsp;&nbsp;&nbsp;&nbsp; - =
Windows NT Magazine Online Forums:</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier =
New">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; * Hacker - What Can I =
Do?</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">&nbsp;&nbsp;&nbsp;&nbsp; - =
Win2KSecAdvice Mailing List: </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier =
New">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; * SP6a Included =
Security Fixes?</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier =
New">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; * SQL 7 Magic Packet =
Denial of Service</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">&nbsp;&nbsp;&nbsp;&nbsp; - =
HowTo Mailing List: </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier =
New">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; * PDC =
Multi-Homed</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier =
New">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; * Local Group Listing =
Utility</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier =
New">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; * Sync Time on Domain =
Computers</FONT>
</P>

<P><FONT SIZE=3D2 FACE=3D"Courier New">~~~~ SPONSOR: NORTON 2000 =
CORPORATE EDITION FROM SYMANTEC ~~~~</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">Norton 2000 gives you an easy, =
reliable, and flexible way to identify </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">Year 2000 desktop anomalies in =
applications and documents, to repair </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">potentially damaging files, and =
to fix system clocks and BIOS. Norton </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">2000 scans for two-digit dates =
in spreadsheet cells and formulas, </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">database fields, forms and =
text, and includes a reliable fix assistant </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">for Microsoft Excel files. It =
also checks desktop applications for </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">compliance, includes a SQL =
database component for roll-up graphing and </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">analysis, and it easily =
integrates with Norton System Center to support </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">one-console =
administration.</FONT>
<BR><U><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Courier New"><A =
HREF=3D"http://www.symantec.com/specprog/sym/12899a.html" =
TARGET=3D"_blank">http://www.symantec.com/specprog/sym/12899a.html</A></=
FONT></U><B></B>
</P>

<P><FONT SIZE=3D2 FACE=3D"Courier =
New">~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~=
~</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">Want to sponsor Windows NT =
Magazine Security UPDATE? Contact Vicki </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">Peterson (Western and =
International Advertising Sales Manager) at 877-</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">217-1826 or =
vpeterson@winntmag.com, OR Tanya T. TateWik (Eastern </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">Advertising Sales Manager) at =
877-217-1823 or ttatewik@winntmag.com.</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier =
New">~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~=
~</FONT>
</P>

<P><FONT SIZE=3D2 FACE=3D"Courier New">1. =
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D IN FOCUS =
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D</FONT>
<BR><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Courier New"></FONT>&nbsp;
<BR><FONT SIZE=3D2 FACE=3D"Courier New">Hello everyone,</FONT>
</P>

<P><FONT SIZE=3D2 FACE=3D"Courier New">Do you have all your Y2K =
remedies and prevention in place? Are you </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">sure? What about viruses, =
Trojans, and worms? How will you cover your </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">bases in that area? </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">&nbsp;&nbsp; If you don't think =
viruses and worms pose a Y2K threat, think again. </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">Researchers have reported at =
least two new Y2K-centric virus and worm </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">strains in recent weeks. =
Granted, you can head over to your favorite </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">antivirus software vendor site =
and download the latest signature </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">detection update files, but =
think about that action for a moment. </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">You're downloading signatures =
of viruses and worms that the vendor </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">knows about, and that's the key =
to any viral or worm detection and </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">eradication: knowledge. </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">&nbsp;&nbsp; The reality is =
that any number of undetected viruses and worms might </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">be out there waiting to trigger =
on a given date in the year 2000. The </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">problem is that we just don't =
know what's out there, and outside of a </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">good file and system integrity =
checker, you have no way to guarantee </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">that such code hasn't entered =
your system. The way you'll find out </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">about a Y2K-based infection is =
when a virus or worm actually activates.</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">&nbsp;&nbsp; Quite a dilemma, =
don't you think? Certainly, you can roll a </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">computer's date forward to see =
how your system reacts, but that </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">approach isn't really adequate =
to cover all the bases when it comes to </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">viruses and worms. For example, =
what if a given virus or worm only </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">triggers at a specific time of =
day? How can you test all the possible </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">time combinations for an entire =
year? Realistically, you can't.</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">&nbsp;&nbsp; The alternative =
route to date and time trigger checking is </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">comparative analysis. You can =
feasibly compare aspects of any system in </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">question against aspects of a =
similar system that is known to be </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">tamper-free. By examining =
Registry entries, file dates, and checksums, </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">you might be able to detect =
potential infection before that infection </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">becomes a serious =
problem.</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">&nbsp;&nbsp; With either route, =
the course is tough and time-consuming. </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">Comparative checks are =
certainly more time-conservative and beneficial </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">than date- and time-based =
testing alone, but even so, there is no </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">guarantee that something is not =
amiss. Can you accept that risk? </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">Perhaps your situation forces =
you to accept it, but perhaps not.</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">&nbsp;&nbsp; I've read messages =
on our HowTo for Security mailing list in which </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">people have indicated they will =
power down their Exchange servers and </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">other mission-critical systems =
to wait and see how the date rollover </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">affects others around the =
world. I like that approach, but not everyone </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">has the luxury of taking that =
course.</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">&nbsp;&nbsp; The bottom line is =
that you should protect your system's integrity </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">from the start with utilities =
such as TripWire </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">(</FONT><U><FONT =
COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Courier New"><A =
HREF=3D"http://www.tripwiresecurity.com/" =
TARGET=3D"_blank">http://www.tripwiresecurity.com/</A></FONT></U><FONT =
SIZE=3D2 FACE=3D"Courier New">) and use a good antivirus scanner =
</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">that fits your needs. In =
addition, handle all email messages with </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">caution until you're certain =
they're harmless. Do those things and </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">you'll significantly reduce the =
amount of worry you'll experience </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">regarding viruses and worms =
both now and in the future. </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">&nbsp;&nbsp; Using real-time =
integrity checkers and adequate email practices in </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">addition to up-to-date =
antivirus software will lessen the likelihood </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">that your servers or =
workstations will get hammered into bits of </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">useless data. As you know, an =
ounce of prevention is worth a pound of </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">cure. Until next time, have a =
great week.</FONT>
</P>

<P><FONT SIZE=3D2 FACE=3D"Courier New">Sincerely,</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">Mark Joseph Edwards, News =
Editor</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">mark@ntsecurity.net</FONT>
</P>

<P><FONT SIZE=3D2 FACE=3D"Courier New">2. =
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D SECURITY RISKS =
=3D=3D=3D=3D=3D=3D=3D=3D=3D</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">(contributed by Mark Joseph =
Edwards,</FONT><U> <FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Courier =
New"><A HREF=3D"http://www.ntsecurity.net" =
TARGET=3D"_blank">http://www.ntsecurity.net</A></FONT></U><FONT =
SIZE=3D2 FACE=3D"Courier New">)</FONT>
</P>

<P><FONT SIZE=3D2 FACE=3D"Courier New">* IE 5.0 WPAD SPOOFING</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">Tim Adam reported a problem =
with Internet Explorer (IE) 5.0 that </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">affects the Web Proxy =
Auto-Discovery (WPAD) protocol. According to </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">Microsoft's bulletin, "The =
IE 5 Web Proxy Auto-Discovery (WPAD) feature </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">enables Web clients to =
automatically detect proxy settings without user </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">intervention. The algorithm =
used by WPAD prepends the hostname 'wpad' </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">to the fully qualified domain =
name and progressively removes subdomains </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">until it either finds a WPAD =
server answering the hostname or reaches </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">the third-level domain. A =
vulnerability arises because in international </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">usage, the third-level domain =
might not be trusted. A malicious user </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">could set up a WPAD server and =
serve proxy configuration commands of </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">his or her choice."</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">&nbsp;&nbsp; Microsoft has =
released IE 5.01 (a new version), which remedies this </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">problem. Be sure to read the =
FAQ regarding this matter. </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">&nbsp;&nbsp;</FONT><U> <FONT =
COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Courier New"><A =
HREF=3D"http://www.ntsecurity.net/go/load.asp?iD=3D/security/ie56.htm" =
TARGET=3D"_blank">http://www.ntsecurity.net/go/load.asp?iD=3D/security/i=
e56.htm</A></FONT></U>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">&nbsp;&nbsp;</FONT><U> <FONT =
COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Courier New"><A =
HREF=3D"http://www.microsoft.com/security/bulletins/MS99-054faq.asp" =
TARGET=3D"_blank">http://www.microsoft.com/security/bulletins/MS99-054fa=
q.asp</A></FONT></U>
</P>
<BR>

<P><FONT SIZE=3D2 FACE=3D"Courier New">* IIS ISAPI FILTER PLAIN TEXT =
LEAK</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">Microsoft reported a =
vulnerability in the Secure Sockets Layer (SSL) </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">ISAPI filter shipped with =
Internet Information Server (IIS) 4.0 and </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">Site Server 3.0. Other =
Microsoft products also use the filter. </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">According to Microsoft's =
report, "If called by a multi-threaded </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">application under very =
specific, and fairly rare, circumstances, a </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">synchronization error in the =
filter could allow a single buffer of </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">plain text to be transmitted =
back to the data's owner."</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">&nbsp;&nbsp; Microsoft has =
issued a patch for Intel and Alpha and a FAQ regarding</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">this matter. </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">&nbsp;&nbsp;</FONT><U> <FONT =
COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Courier New"><A =
HREF=3D"http://www.ntsecurity.net/go/load.asp?iD=3D/security/iis2.htm" =
TARGET=3D"_blank">http://www.ntsecurity.net/go/load.asp?iD=3D/security/i=
is2.htm</A></FONT></U>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">&nbsp;&nbsp;</FONT><U> <FONT =
COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Courier New"><A =
HREF=3D"http://www.microsoft.com/security/bulletins/MS99-053faq.asp" =
TARGET=3D"_blank">http://www.microsoft.com/security/bulletins/MS99-053fa=
q.asp</A></FONT></U>
</P>

<P><FONT SIZE=3D2 FACE=3D"Courier New">* FTP SERV-U SUBJECT TO DENIAL =
OF SERVICE</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">UssrLabs reported a possible =
denial of service (DoS) attack against </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">Deerfield.com's FTP Serv-U 2.5a =
caused by a buffer overflow condition. </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">A malformed SITE command causes =
the buffer overflow condition.</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">&nbsp;&nbsp; Deerfield.com is =
aware of the problem and has issued a patched </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">version of the software in FTP =
Serv-U 2.5b.</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">&nbsp;&nbsp;</FONT><U> <FONT =
COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Courier New"><A =
HREF=3D"http://www.ntsecurity.net/go/load.asp?iD=3D/security/servu1.htm"=
=
TARGET=3D"_blank">http://www.ntsecurity.net/go/load.asp?iD=3D/security/s=
ervu1.htm</A></FONT></U>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">&nbsp;&nbsp;</FONT><U> <FONT =
COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Courier New"><A =
HREF=3D"http://ftpserv-u.deerfield.com/download.cfm" =
TARGET=3D"_blank">http://ftpserv-u.deerfield.com/download.cfm</A></FONT>=
</U>
</P>

<P><FONT SIZE=3D2 FACE=3D"Courier New">* IE 5.0 SUBJECT TO FRAME =
SPOOFING</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">Georgio Guninski reported a =
problem with Internet Explorer (IE) 5.0 </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">that lets frame spoofing take =
place. The problem can let an intruder </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">fool unsuspecting users into =
thinking they are visiting a trusted site, </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">when in fact, they are not. =
</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">&nbsp;&nbsp; Microsoft has =
issued no comment regarding this matter. To protect </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">yourself against such attacks, =
be sure to read the instructions at the </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">Web page listed below.</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">&nbsp;&nbsp;</FONT><U> <FONT =
COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Courier New"><A =
HREF=3D"http://www.ntsecurity.net/go/load.asp?iD=3D/security/ie55.htm" =
TARGET=3D"_blank">http://www.ntsecurity.net/go/load.asp?iD=3D/security/i=
e55.htm</A></FONT></U>
</P>

<P><FONT SIZE=3D2 FACE=3D"Courier New">3. =
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D ANNOUNCEMENTS =
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D</FONT>
</P>

<P><FONT SIZE=3D2 FACE=3D"Courier New">* WINDOWS NT MAGAZINE LAUNCHES =
ASP EMAIL NEWSLETTER</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">Stay current with the latest =
industry news and trends of the exciting</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">new application service =
provider (ASP) marketplace with ASP Review </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">UPDATE, a free bi-weekly email =
newsletter. With coverage of industry </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">players, available and emerging =
technologies, and tips on how to </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">evaluate service providers, ASP =
Review UPDATE is a must-read for IT and </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">business professionals who want =
to stay at the forefront of their </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">business. Enter your FREE =
subscription now at</FONT>
<BR><U><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Courier New"><A =
HREF=3D"http://www.winntmag.com/sub.cfm?code=3DUP99INLUP" =
TARGET=3D"_blank">http://www.winntmag.com/sub.cfm?code=3DUP99INLUP</A></=
FONT></U><FONT SIZE=3D2 FACE=3D"Courier New">.</FONT>
</P>

<P><FONT SIZE=3D2 FACE=3D"Courier New">* THE BEAN COUNTER, THE TECHIE, =
AND THE FUTURE OF BUSINESS INTELLIGENCE</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">Everybody knows what business =
intelligence can do for a company. We </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">know what hidden information it =
can bring to light, what surprising </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">opportunities it can uncover, =
what competition-squashing power it can </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">unleash. But what are =
businesses really doing with it? </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">&nbsp;&nbsp; Readers of Windows =
NT Magazine and Business Finance Magazine told us </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">how they're applying business =
intelligence now and what they're </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">planning in the future, and =
their answers don't always jibe. What does </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">MIS know that Accounting =
doesn't? Find out at </FONT>
<BR><U><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Courier New"><A =
HREF=3D"http://www.businessfinancemag.com/busint99.html" =
TARGET=3D"_blank">http://www.businessfinancemag.com/busint99.html</A></F=
ONT></U><FONT SIZE=3D2 FACE=3D"Courier New">.</FONT>
</P>

<P><FONT SIZE=3D2 FACE=3D"Courier New">* SECURITY POLL: WHICH =
SECURITY-RELATED MANAGEMENT SKILLS DO YOU DESIRE </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">MOST?</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">Security training is a hot =
market right now. You might even have plans </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">to take some classes. If you do =
have such plans, what type of security </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">management skills do you desire =
most? Place your vote, and view the </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">survey results at the URL =
below.</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">&nbsp;&nbsp;</FONT><U> <FONT =
COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Courier New"><A =
HREF=3D"http://www.ntsecurity.net/go/2c.asp?f=3D/polls.asp?idf=3D109&tb=3D=
p" =
TARGET=3D"_blank">http://www.ntsecurity.net/go/2c.asp?f=3D/polls.asp?idf=
=3D109&tb=3Dp</A></FONT></U>
</P>

<P><FONT SIZE=3D2 FACE=3D"Courier New">4. =
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D SECURITY ROUNDUP =
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D</FONT>
</P>

<P><FONT SIZE=3D2 FACE=3D"Courier New">* NEWS: MINIZIP VIRUS ON THE =
LOOSE</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">The ExplorerZip Worm is back in =
the news again. Researchers have </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">discovered a new rendition of =
the dangerous virus in the wild. The new </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">version is compressed, letting =
it bypass detection routines that would </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">capture and contain =
ExplorerZip. The new virus, ExplorerZipPack (or </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">MiniZip), is very dangerous and =
spreading rapidly; therefore, you need </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">to guard against it =
immediately.</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">&nbsp;&nbsp;</FONT><U> <FONT =
COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Courier New"><A =
HREF=3D"http://www.ntsecurity.net/go/2c.asp?f=3D/news.asp?IDF=3D188&TB=3D=
news" =
TARGET=3D"_blank">http://www.ntsecurity.net/go/2c.asp?f=3D/news.asp?IDF=3D=
188&TB=3Dnews</A></FONT></U>
</P>

<P><FONT SIZE=3D2 FACE=3D"Courier New">* NEWS: SYMANTEC DETECTS =
BABYLONIA COMPUTER VIRUS</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">Symantec discovered a new Y2K =
virus on December 6 that disguises itself </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">as a Y2K fix. The virus is =
unique because it can download its viral </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">components from the Internet. =
When the virus executes, it will wait for </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">an Internet connection. After =
detecting a connection, the virus </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">downloads several files from a =
Web server in Japan. This capability </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">lets the virus writer update =
the virus centrally. </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">&nbsp;&nbsp;</FONT><U> <FONT =
COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Courier New"><A =
HREF=3D"http://www.ntsecurity.net/go/2c.asp?f=3D/news.asp?IDF=3D190&TB=3D=
news" =
TARGET=3D"_blank">http://www.ntsecurity.net/go/2c.asp?f=3D/news.asp?IDF=3D=
190&TB=3Dnews</A></FONT></U>
</P>

<P><FONT SIZE=3D2 FACE=3D"Courier New">* NEWS: Y2K-SPECIFIC WORM</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">Computer Associates warns of a =
new virus named W32.Mypics.Worm (Mypics) </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">that can cause extensive damage =
in the Year 2000. The worm spreads on </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">Windows and Windows NT =
platforms through email and has a highly </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">dangerous payload that triggers =
in 2000. The worm's payload can cause </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">users to lose all the data on =
their hard disks. </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">&nbsp;&nbsp;</FONT><U> <FONT =
COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Courier New"><A =
HREF=3D"http://www.ntsecurity.net/go/2c.asp?f=3D/news.asp?IDF=3D189&TB=3D=
news" =
TARGET=3D"_blank">http://www.ntsecurity.net/go/2c.asp?f=3D/news.asp?IDF=3D=
189&TB=3Dnews</A></FONT></U>
</P>

<P><FONT SIZE=3D2 FACE=3D"Courier New">~~~~ SPONSOR: STAC ANNOUNCES =
REPLICA NDM V2.0 ~~~~</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">Recover your CEO's crashed PC =
while you enjoy a cup of coffee! Replica </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">NDM is the first to offer =
centrally managed backup and bare-metal </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">disaster recovery for all your =
desktop, mobile and remote PCs. </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">For more information and a FREE =
white paper on mobile PC backup by </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">Gartner Group, simply visit us =
at</FONT>
<BR><U><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Courier New"><A =
HREF=3D"http://www.stac.com/laptop" =
TARGET=3D"_blank">http://www.stac.com/laptop</A></FONT></U>
</P>

<P><FONT SIZE=3D2 FACE=3D"Courier New">5. =
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D NEW AND IMPROVED =
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">(contributed by Carolyn =
Mascarenas,</FONT><U> <FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Courier =
New">products@winntmag.com</FONT></U><FONT SIZE=3D2 FACE=3D"Courier =
New">)</FONT>
</P>

<P><FONT SIZE=3D2 FACE=3D"Courier New">* DESKTOP VIRUS =
PROTECTION</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">Trend Micro announced =
OfficeScan Corporate Edition 3.5, antivirus </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">software for the corporate =
desktop. New features include mobile and </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">remote user support, improved =
interoperability and manageability, </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">incremental pattern file =
updates, new ActiveUpdate technology, and </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">additional antivirus client =
deployment methods. You can manage virus </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">prevention on the desktop =
without requiring involvement from the end </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">user. You can remotely install =
client software on the network to </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">perform virus scanning on the =
workstation. You can also configure and </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">update clients from a central =
Windows or Web-based management console. </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">&nbsp;&nbsp; OfficeScan =
Corporate Edition 3.5 runs on Windows NT. Pricing starts </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">at $300 for a 25-seat license. =
Contact Trend Micro, 408-867-6404.</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">&nbsp;&nbsp;</FONT><U> <FONT =
COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Courier New"><A =
HREF=3D"http://www.antivirus.com" =
TARGET=3D"_blank">http://www.antivirus.com</A></FONT></U>
</P>

<P><FONT SIZE=3D2 FACE=3D"Courier New">* AUTHENTICATION TOKENS </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">CRYPTOCard announced the KF-1 =
and the PT-1, new authentication tokens </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">in the company's CRYPTOAdmin =
4.1 administration platform. Unlike other </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">key chain-based authentication =
tokens, the KF-1 is a steel-cased unit </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">with PIN entry for activation. =
Only on activation does the KF-1 display </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">the password, eliminating the =
risks presented by systems that send the </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">PIN in the clear across the =
network. The PT-1 provides authentication </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">for accessing corporate =
networks with Palm handheld devices and </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">provides one-time password =
authentication without requiring the Palm </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">user to carry an additional =
hardware device. PT-1 has no predetermined </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">expiration date and is a =
one-time purchase for network security </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">officers. </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">&nbsp;&nbsp; CRYPTOAdmin 4.1 =
runs on Window NT, Linux, Sun Solaris, AIX, and </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">FreeBSD systems. For pricing, =
contact CRYPTOCard, 800-307-7042.</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">&nbsp;&nbsp;</FONT><U> <FONT =
COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Courier New"><A =
HREF=3D"http://www.cryptocard.com" =
TARGET=3D"_blank">http://www.cryptocard.com</A></FONT></U>
</P>

<P><FONT SIZE=3D2 FACE=3D"Courier New">6. =
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D HOT RELEASE (ADVERTISEMENT) =
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D</FONT>
</P>

<P><FONT SIZE=3D2 FACE=3D"Courier New">* </FONT><FONT COLOR=3D"#000000" =
SIZE=3D2 FACE=3D"Courier New">K-FORCE</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">Afraid of getting lost on =
another job board? Real results by real </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">people at kforce.com. Resumes =
read by 2,300 Career Specialists, </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">Confidential Searching, and a =
Career Development Coach! Click on </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">***kforce.com*** where =
opportunity has a new address.</FONT>
<BR><U><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Courier New"><A =
HREF=3D"http://ad.doubleclick.net/clk;629716;3578931;w?http://www.kforce=
.com" =
TARGET=3D"_blank">http://ad.doubleclick.net/clk;629716;3578931;w?http://=
www.kforce.com</A></FONT></U>
</P>

<P><FONT SIZE=3D2 FACE=3D"Courier New">* VERISIGN - THE INTERNET TRUST =
COMPANY </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">Protect your servers with =
128-bit SSL encryption!&nbsp; Get a FREE Guide </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">from VeriSign, "Securing =
Your Web Site for Business."&nbsp; Click Here!&nbsp; </FONT>
<BR><U><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Courier New"><A =
HREF=3D"http://www.verisign.com/cgi-bin/go.cgi?a=3Dn016004150008000" =
TARGET=3D"_blank">http://www.verisign.com/cgi-bin/go.cgi?a=3Dn0160041500=
08000</A></FONT></U>
</P>

<P><FONT SIZE=3D2 FACE=3D"Courier New">7. =
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D SECURITY TOOLKIT =
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D</FONT>
</P>

<P><FONT SIZE=3D2 FACE=3D"Courier New">* BOOK HIGHLIGHT: NETWORK =
SECURITY: IN A MIXED ENVIRONMENT</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">By Dan Blacharski</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">Online Price: $31.95 </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">Softcover; 408 pages</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">Published by IDG Books =
Worldwide, March 1998</FONT>
</P>

<P><FONT SIZE=3D2 FACE=3D"Courier New">Protect your network with the =
help of Network Security: In a Mixed </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">Environment. Industry expert =
Dan Blacharski combines technical insight </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">and real-world experience to =
produce a solid how-to manual designed to </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">reduce the dangers inherent in =
mixed environment computing.</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">&nbsp;&nbsp; Network Security: =
In a Mixed Environment covers all the basics in </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">establishing a protected =
network, from determining security needs to </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">acquiring the right hardware =
and software. You'll get detailed </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">information on NetWare, Windows =
NT, and UNIX security features; </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">safeguarding your network =
against various threats; hardware and </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">software; security monitors; =
and more.</FONT>
</P>

<P><FONT SIZE=3D2 FACE=3D"Courier New">For Windows NT Magazine Security =
UPDATE readers only--Receive an </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">additional 10 PERCENT off the =
online price by typing in WINNTMAG in the </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">referral field on the Shopping =
Basket Checkout page. To order this </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">book, go to</FONT><U> <FONT =
COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Courier New"><A =
HREF=3D"http://www.fatbrain.com/shop/info/0764531522?from=3DSUT864" =
TARGET=3D"_blank">http://www.fatbrain.com/shop/info/0764531522?from=3DSU=
T864</A></FONT></U><FONT SIZE=3D2 FACE=3D"Courier New">.</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">&nbsp;</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">* TIP: LISTING ADMINISTRATIVE =
USERS<BR>
(contributed by Mark Joseph Edwards,</FONT><U> <FONT COLOR=3D"#0000FF" =
SIZE=3D2 FACE=3D"Courier New"><A HREF=3D"http://www.ntsecurity.net" =
TARGET=3D"_blank">http://www.ntsecurity.net</A></FONT></U><FONT =
SIZE=3D2 FACE=3D"Courier New">)</FONT>
</P>

<P><FONT SIZE=3D2 FACE=3D"Courier New">Rick Mitchell posted a message =
on the "HowTo for Security" mailing list </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">asking readers if they know of =
a utility that will remotely dump a list </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">of users in a particular group =
on a Windows NT 4.0 server. Rick says he </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">has more than 250 NT servers in =
his domain, and he needs a tool that </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">will provide a list of all =
users who have administrative rights on each </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">machine. </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">&nbsp;&nbsp; The Microsoft =
Windows NT Server 4.0 Resource Kit is the most obvious </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">place to seek such utilities. =
Within the resource kit, you can find two </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">utilities: local.exe and =
global.exe. Each tool lists users and groups </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">by domain or server.</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">&nbsp;&nbsp; In addition, =
SomarSoft's DumpACL utility can identify users and </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">groups and identify NTFS and =
share permissions. Frank Ramos' tools at </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">SomarSoft are all free.</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">&nbsp;&nbsp; Adkins Resource =
also produces a nifty tool to get the job done. Head </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">over to its Web site and =
download Hyena 2.2. Pricing for the tool </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">starts at $269, and it's =
available as a 30-day evaluation.</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">&nbsp;&nbsp;</FONT><U> <FONT =
COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Courier New"><A =
HREF=3D"http://mspress.microsoft.com/reslink" =
TARGET=3D"_blank">http://mspress.microsoft.com/reslink</A></FONT></U><FO=
NT SIZE=3D2 FACE=3D"Courier New">&nbsp;&nbsp; </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">&nbsp;&nbsp;</FONT><U> <FONT =
COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Courier New"><A =
HREF=3D"http://www.somarsoft.com" =
TARGET=3D"_blank">http://www.somarsoft.com</A></FONT></U><FONT SIZE=3D2 =
FACE=3D"Courier New">&nbsp;&nbsp; </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">&nbsp;&nbsp;</FONT><U> <FONT =
COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Courier New"><A =
HREF=3D"http://www.adkins-resource.com" =
TARGET=3D"_blank">http://www.adkins-resource.com</A></FONT></U><FONT =
SIZE=3D2 FACE=3D"Courier New"> </FONT>
</P>

<P><FONT SIZE=3D2 FACE=3D"Courier New">* HOWTO: MORE WINDOWS 2000 =
TOPICS, ACRONYMS, AND CONCEPTS</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">Zubair Ahmad presents his third =
column in an occasional series of </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">Windows 2000 Ready Web =
exclusive features that define new Windows 2000 </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">(Win2K) terms and concepts. =
</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">&nbsp;&nbsp;</FONT><U> <FONT =
COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Courier New"><A =
HREF=3D"http://www.ntsecurity.net/go/2c.asp?f=3D/howto.asp?IDF=3D115&TB=3D=
howto" =
TARGET=3D"_blank">http://www.ntsecurity.net/go/2c.asp?f=3D/howto.asp?IDF=
=3D115&TB=3Dhowto</A></FONT></U><B></B>
</P>

<P><FONT SIZE=3D2 FACE=3D"Courier New">8. =
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D HOT THREADS =
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D</FONT>
</P>

<P><FONT SIZE=3D2 FACE=3D"Courier New">* WINDOWS NT MAGAZINE ONLINE =
FORUMS</FONT>
</P>

<P><FONT SIZE=3D2 FACE=3D"Courier New">The following text is from a =
recent threaded discussion on the Windows </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">NT Magazine online forums =
(</FONT><U><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Courier New"><A =
HREF=3D"http://www.winntmag.com/support" =
TARGET=3D"_blank">http://www.winntmag.com/support</A></FONT></U><FONT =
SIZE=3D2 FACE=3D"Courier New">). </FONT>
</P>

<P><FONT SIZE=3D2 FACE=3D"Courier New">December 02, 1999, 01:33 =
P.M.&nbsp;<BR>
Hacker - What Can I Do? </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">I'm hoping someone can help me. =
I have what I believe to be a hacker </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">attempting to access my mail =
server. I'm showing entries in my Security </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">Event Log with an outside SMTP =
attempt to access my server. It then </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">says "LogonUser()call =
failed with error. Logon failure: unknown user </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">name or bad password." I'm =
assuming this means someone is trying to </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">enter but is unsuccessful. If I =
am incorrect, or if anyone has any </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">ideas as to how I can track =
this person down or scare them off, let me </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">know. Any help would be =
appreciated. Thanks in advance. </FONT>
</P>

<P><FONT SIZE=3D2 FACE=3D"Courier New">Thread continues at</FONT>
<BR><U><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Courier New"><A =
HREF=3D"http://www.winntmag.com/support/Forums/Application/Index.cfm?CFA=
pp=3D69&Message_ID=3D80519" =
TARGET=3D"_blank">http://www.winntmag.com/support/Forums/Application/Ind=
ex.cfm?CFApp=3D69&Message_ID=3D80519</A></FONT></U>
</P>

<P><FONT SIZE=3D2 FACE=3D"Courier New">* WIN2KSECADVICE MAILING =
LIST</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">Each week, we offer a quick =
recap of some of the highlights from the </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">Win2KSecAdvice mailing list. =
The following threads are in the spotlight </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">this week:</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">1. SP6A INCLUDED SECURITY =
FIXES?</FONT>
<BR><U><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Courier New"><A =
HREF=3D"http://www.ntsecurity.net/go/w.asp?A2=3DIND9912A&L=3DWIN2KSECADV=
ICE&P=3D307" =
TARGET=3D"_blank">http://www.ntsecurity.net/go/w.asp?A2=3DIND9912A&L=3DW=
IN2KSECADVICE&P=3D307</A></FONT></U>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">2. SQL 7 MAGIC PACKET DENIAL OF =
SERVICE</FONT>
<BR><U><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Courier New"><A =
HREF=3D"http://www.ntsecurity.net/go/w.asp?A2=3DIND9912A&L=3DWIN2KSECADV=
ICE&P=3D792" =
TARGET=3D"_blank">http://www.ntsecurity.net/go/w.asp?A2=3DIND9912A&L=3DW=
IN2KSECADVICE&P=3D792</A></FONT></U>
</P>

<P><FONT SIZE=3D2 FACE=3D"Courier New">Follow this link to read all =
threads for Dec. Week 1: </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">&nbsp;&nbsp;</FONT><U> <FONT =
COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Courier New"><A =
HREF=3D"http://www.ntsecurity.net/go/win2ks-l.asp?s=3Dwin2ksec" =
TARGET=3D"_blank">http://www.ntsecurity.net/go/win2ks-l.asp?s=3Dwin2ksec=
</A></FONT></U>
</P>

<P><FONT SIZE=3D2 FACE=3D"Courier New">* HOWTO MAILING LIST</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">Each week we offer a quick =
recap of some of the highlights from the </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">"HowTo for Security" =
mailing list. The following threads are in the </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">spotlight this week:</FONT>
</P>

<P><FONT SIZE=3D2 FACE=3D"Courier New">1. PDC MULTI-HOMED</FONT>
<BR><U><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Courier New"><A =
HREF=3D"http://www.ntsecurity.net/go/L.asp?A2=3DIND9912A&L=3DHOWTO&P=3D2=
986" =
TARGET=3D"_blank">http://www.ntsecurity.net/go/L.asp?A2=3DIND9912A&L=3DH=
OWTO&P=3D2986</A></FONT></U>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">2. LOCAL GROUP LISTING =
UTILITY</FONT>
<BR><U><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Courier New"><A =
HREF=3D"http://www.ntsecurity.net/go/L.asp?A2=3DIND9912A&L=3DHOWTO&P=3D2=
00" =
TARGET=3D"_blank">http://www.ntsecurity.net/go/L.asp?A2=3DIND9912A&L=3DH=
OWTO&P=3D200</A></FONT></U>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">3. SYNC TIME ON DOMAIN =
COMPUTERS</FONT>
<BR><U><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Courier New"><A =
HREF=3D"http://www.ntsecurity.net/go/L.asp?A2=3DIND9912A&L=3DHOWTO&P=3D2=
886" =
TARGET=3D"_blank">http://www.ntsecurity.net/go/L.asp?A2=3DIND9912A&L=3DH=
OWTO&P=3D2886</A></FONT></U>
</P>

<P><FONT SIZE=3D2 FACE=3D"Courier New">Follow this link to read all =
threads for Dec. Week 1: </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">&nbsp;&nbsp;</FONT><U> <FONT =
COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Courier New"><A =
HREF=3D"http://www.ntsecurity.net/go/l.asp?s=3Dhowto" =
TARGET=3D"_blank">http://www.ntsecurity.net/go/l.asp?s=3Dhowto</A></FONT=
></U>
</P>

<P><FONT SIZE=3D2 FACE=3D"Courier =
New">|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-</FONT>=

</P>

<P><FONT SIZE=3D2 FACE=3D"Courier New">WINDOWS NT MAGAZINE SECURITY =
UPDATE STAFF</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">News Editor - Mark Joseph =
Edwards (mje@winntmag.com)</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">Ad Sales Manager (Western and =
International) - Vicki Peterson </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">(vpeterson@winntmag.com)</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">Ad Sales Manager (Eastern) - =
Tanya T. TateWik (ttatewik@winntmag.com)</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">Editor - Gayle Rodcay =
(gayle@winntmag.com)</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">New and Improved - Carolyn =
Mascarenas (products@winntmag.com)</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">Editor-at-Large - Jane Morrill =
(jane@winntmag.com)</FONT>
</P>

<P><FONT SIZE=3D2 FACE=3D"Courier =
New">|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-</FONT>=

</P>

<P><FONT SIZE=3D2 FACE=3D"Courier New">Thank you for reading Windows NT =
Magazine Security UPDATE.</FONT>
</P>

<P><FONT SIZE=3D2 FACE=3D"Courier New">To subscribe, go to</FONT><U> =
<FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Courier New"><A =
HREF=3D"http://www.winntmag.com/update" =
TARGET=3D"_blank">http://www.winntmag.com/update</A></FONT></U> <FONT =
SIZE=3D2 FACE=3D"Courier New">or send email to </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier =
New">listserv@listserv.ntsecurity.net with the words "subscribe =
</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">securityupdate anonymous" =
in the body of the message without the </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">quotes.</FONT>
</P>

<P><FONT SIZE=3D2 FACE=3D"Courier New">To unsubscribe, send email to =
listserv@listserv.ntsecurity.net with the </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">words "unsubscribe =
securityupdate" in the body of the message without </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">the quotes.</FONT>
</P>

<P><FONT SIZE=3D2 FACE=3D"Courier New">To change your email address, =
you must first unsubscribe by sending </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">email to =
listserv@listserv.ntsecurity.net with the words "unsubscribe =
</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">securityupdate" in the =
body of the message without the quotes. Then, </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">resubscribe by going =
to</FONT><U> <FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Courier New"><A =
HREF=3D"http://www.winntmag.com/update" =
TARGET=3D"_blank">http://www.winntmag.com/update</A></FONT></U><FONT =
SIZE=3D2 FACE=3D"Courier New"> and entering </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">your current contact =
information or by sending email to </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier =
New">listserv@listserv.ntsecurity.net with the words "subscribe =
</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">securityupdate anonymous" =
in the body of the message without the </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">quotes.</FONT>
</P>

<P><FONT SIZE=3D2 FACE=3D"Courier New">=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =
GET UPDATED! =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">Receive the latest information =
on the NT topics of your choice. </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">Subscribe to these other FREE =
email newsletters at </FONT>
<BR><U><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Courier New"><A =
HREF=3D"http://www.winntmag.com/sub.cfm?code=3Dup99inxsup" =
TARGET=3D"_blank">http://www.winntmag.com/sub.cfm?code=3Dup99inxsup</A><=
/FONT></U><FONT SIZE=3D2 FACE=3D"Courier New">.</FONT>
</P>

<P><FONT SIZE=3D2 FACE=3D"Courier New">Windows NT Magazine =
UPDATE</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">Windows NT Magazine Thin-Client =
UPDATE </FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">Windows NT Exchange Server =
UPDATE</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">Windows 2000 Pro UPDATE</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">ASP Review UPDATE</FONT>
<BR><FONT SIZE=3D2 FACE=3D"Courier New">SQL Server Magazine =
UPDATE</FONT>
</P>

<P><FONT SIZE=3D2 FACE=3D"Courier =
New">|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-|-+-</FONT>=

<BR><FONT SIZE=3D2 FACE=3D"Courier New">Copyright 1999, Windows NT =
Magazine</FONT>
</P>

<P><FONT SIZE=3D2 FACE=3D"Courier New">Security UPDATE Newsletter is =
powered by LISTSERV software</FONT>
<BR><U><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Courier New"><A =
HREF=3D"http://www.lsoft.com/LISTSERV-powered.html" =
TARGET=3D"_blank">http://www.lsoft.com/LISTSERV-powered.html</A></FONT><=
/U>
</P>
<BR>
<BR>
<BR>
<BR>

</BODY>
</HTML>
------_=_NextPart_001_01BF41C7.39CEBA50--

Login or Register to add favorites

File Archive:

September 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    261 Files
  • 2
    Sep 2nd
    17 Files
  • 3
    Sep 3rd
    38 Files
  • 4
    Sep 4th
    52 Files
  • 5
    Sep 5th
    23 Files
  • 6
    Sep 6th
    27 Files
  • 7
    Sep 7th
    0 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    16 Files
  • 10
    Sep 10th
    38 Files
  • 11
    Sep 11th
    21 Files
  • 12
    Sep 12th
    40 Files
  • 13
    Sep 13th
    18 Files
  • 14
    Sep 14th
    0 Files
  • 15
    Sep 15th
    0 Files
  • 16
    Sep 16th
    0 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close