SecurityFocus Microsoft Newsletter #207
----------------------------------------
This issue sponsored by: BindView
Webinar: COMPLIANCE - DOES ACCESS CONTROL MATTER?
Who's authorized to see your data? Compliance with Sarbanes-Oxley, GLBA and
HIPAA mandates user documentation and "need-to-know" access policies. Learn
about key components of identity management (IDM), how to manage access
control for compliance and other critical information to apply strict
access policies across the IT infrastructure.
Register here & receive an IDM White Paper
http://www.securityfocus.com/sponsor/BindView_ms-secnews_040921
------------------------------------------------------------------------
I. FRONT AND CENTER
1. Examining a Public Exploit, Part 2
2. Academia Headaches
3. Metasploit Framework, Part 3
II. MICROSOFT VULNERABILITY SUMMARY
1. RhinoSoft Serv-U FTP Server Remote Denial Of Service Vulnera...
2. Samba Multiple ASN.1 and MailSlot Parsing Remote Denial Of S...
3. Gadu-Gadu Image Send Feature Remote Heap Overflow Vulnerabil...
4. Jigunet TwinFTP Server Directory Traversal Vulnerability
5. Mozilla Firefox Default Installation File Permission Vulnera...
6. Mozilla Browser Non-ASCII Hostname Heap Overflow Vulnerabili...
7. Mozilla Multiple URI Processing Heap Based Buffer Overflow V...
8. Mozilla Browser BMP Image Decoding Multiple Integer Overflow...
9. Microsoft WordPerfect Converter Remote Buffer Overflow Vulne...
10. Microsoft GDI+ Library JPEG Segment Length Integer Underflow...
11. Mozilla Browser Vcard Handling Remote Buffer Overflow Vulner...
12. Mozilla/Firefox Browsers URI Drag And Drop Cross-Domain Scri...
13. Mozilla/Firefox Browsers Unauthorized Clipboard Contents Dis...
14. McAfee VirusScan System Scan Local Privilege Escalation Vuln...
15. Multiple Browser Cross-Domain Cookie Injection Vulnerability
16. HP Web Jetadmin Unspecified Arbitrary Command Execution Vuln...
17. MyServer Directory Traversal Vulnerability
18. Mozilla/Firefox Browsers Tar.GZ Archive Weak Permissions Vul...
19. vBulletin SQL Injection Vulnerability
20. Mozilla/Firefox Browsers PrivilegeManager EnablePrivilege Di...
21. IBM OEM Microsoft Windows XP And Windows XP SP1 Default Admi...
22. Microsoft Internet Explorer User Security Confirmation Bypas...
23. Snitz Forums Down.ASP HTTP Response Splitting Vulnerability
24. Microsoft Windows XP Explorer.EXE TIFF Image Denial of Servi...
25. Business Objects WebIntelligence Access Control Bypass File ...
26. Business Objects WebIntelligence Remote File Name HTML Injec...
27. Google Toolbar About.HTML HTML Injection Vulnerability
28. Samba Samba-VScan Undisclosed Denial Of Service Vulnerabilit...
III. MICROSOFT FOCUS LIST SUMMARY
1. Restrict Clinet IP address on Terminal Service (Thread)
2. VBScript to audit shares and share permissions (Thread)
3. How to Enforce Complex Password Policy for Selected ... (Thread)
4. Hardening Desktop (Thread)
5. tool for user disk quota (Thread)
6. Windows2000 Security events (Thread)
7. AW: tool for user disk quota (Thread)
8. RES: How to Recovering files encrypted with Microsof... (Thread)
9. RKDetect - behaviour based rootkit detection (update... (Thread)
10. XP-SP2 "Feature" (Thread)
IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
1. Firewall RuleMaker
2. CAT Cellular Authentication Token and eAuthentication Servic...
3. KeyCaptor Keylogger
4. SpyBuster
5. FreezeX
6. NeoExec for Active Directory
V. NEW TOOLS FOR MICROSOFT PLATFORMS
1. EPX Crypting Software 2.1
2. Hacme Bank 1.0
3. ID-Synch 3.1
4. IP Firewall Hook ATL/COM 1.2
5. IP Firewall Lite ATL/COM 1.2
6. Password Generator 2004 1.2.1628
VI. UNSUBSCRIBE INSTRUCTIONS
VII. SPONSOR INFORMATION
I. FRONT AND CENTER
-------------------
1. Examining a Public Exploit, Part 2
By Don Parker
The purpose of this article is to analyze a public exploit in a lab
environment, see the alerts generated by an intrusion detection system, and
then do some packet analysis of the malicious binary in order to better
understand what it does and how you may have been compromised. Part 2 of 2.
http://www.securityfocus.com/infocus/1801
2. Academia Headaches
By Scott Granneman
Academic institutions who have to add, manage, and secure thousands of new
users within a period of just a few days face political and social issues
on top of the immense technical ones.
http://www.securityfocus.com/columnists/267
3. Metasploit Framework, Part 3
By Pukhraj Singh and K.K. Mookhey
This third and final article in the Metasploit series covers the msfcli
scripting interface as well as the intuitive web interface to the
Framework. The article also discusses what's new with version 2.2, and then
introduces the exploit development process through an example.
http://www.securityfocus.com/infocus/1800
II. MICROSOFT VULNERABILITY SUMMARY
-----------------------------------
1. RhinoSoft Serv-U FTP Server Remote Denial Of Service Vulnera...
BugTraq ID: 11155
Remote: Yes
Date Published: Sep 11 2004
Relevant URL: http://www.securityfocus.com/bid/11155
Summary:
Serv-U FTP Server is reported prone to a denial of service vulnerability. This
issue presents itself because the application fails to handle exceptional
conditions.
The vulnerability is a result of Serv-U FTP Server processing certain 'STOU'
commands. All versions of Serv-U are reportedly affected by this vulnerability.
2. Samba Multiple ASN.1 and MailSlot Parsing Remote Denial Of S...
BugTraq ID: 11156
Remote: Yes
Date Published: Sep 13 2004
Relevant URL: http://www.securityfocus.com/bid/11156
Summary:
Samba is reportedly affected by multiple remote denial of service
vulnerabilities. These issues are due to a failure to properly parse ASN.1 and
MailSlot packets.
An attacker may leverage these issues to cause the affected Samba server to
become inaccessible, and to crash the NetBIOS name server, effectively denying
service to legitimate users.
3. Gadu-Gadu Image Send Feature Remote Heap Overflow Vulnerabil...
BugTraq ID: 11158
Remote: Yes
Date Published: Sep 12 2004
Relevant URL: http://www.securityfocus.com/bid/11158
Summary:
Gadu-Gadu is reported prone to a remote heap overflow vulnerability in the
image sending feature. This issue results due to insufficient boundary checks
performed by the application. Successful exploitation of this vulnerability
may allow a remote attacker to execute arbitrary code to gain unauthorized
access to a vulnerable computer.
Gadu-Gadu version 6.0 build 149 is reported prone to this issue, however, prior
versions are likely to be affected as well.
4. Jigunet TwinFTP Server Directory Traversal Vulnerability
BugTraq ID: 11159
Remote: Yes
Date Published: Sep 13 2004
Relevant URL: http://www.securityfocus.com/bid/11159
Summary:
It is reported that TwinFTP Server is susceptible to a directory traversal
vulnerability.
This vulnerability presents itself when certain arguments for FTP commands
passed to the FTP server contain '../' directory traversal characters.
This vulnerability allows a remote attacker to read and write files outside of
the FTP document root directory.
5. Mozilla Firefox Default Installation File Permission Vulnera...
BugTraq ID: 11166
Remote: No
Date Published: Sep 13 2004
Relevant URL: http://www.securityfocus.com/bid/11166
Summary:
Mozilla Firefox is reported susceptible to an improper file permission
vulnerability. This vulnerability is reported to exist only in the Linux
archive as published by the Mozilla Foundation. If the browser is installed by
package management software contained in many distributions of Linux, this
vulnerability is likely not present.
This allows attackers with local interactive access to computers hosting
installations of Firefox to overwrite binaries and scripts used by Firefox.
This allows script, or code execution in the context of the user running the
affected package.
If this method of installation is used to install a system-wide version of the
browser by the superuser, then root-owned files are world writable, allowing
for code execution in the context of any user utilizing the affected package.
The installation package from Mozilla.org for versions 0.9.x of Firefox for
Linux is reported to contain this vulnerability.
6. Mozilla Browser Non-ASCII Hostname Heap Overflow Vulnerabili...
BugTraq ID: 11169
Remote: Yes
Date Published: Sep 14 2004
Relevant URL: http://www.securityfocus.com/bid/11169
Summary:
Mozilla is prone to a remotely exploitable heap overflow that is exposed when
the browser handles non-ASCII characters in URIs.
This issue could be exploited by enticing a user to open a hyperlink that
references a malicious URI. Successful exploitation will allow execution of
arbitrary code in the context of the client user.
7. Mozilla Multiple URI Processing Heap Based Buffer Overflow V...
BugTraq ID: 11170
Remote: Yes
Date Published: Sep 14 2004
Relevant URL: http://www.securityfocus.com/bid/11170
Summary:
Mozilla is reportedly affected by multiple heap based buffer overflow
vulnerabilities when processing URIs in emails. These issues are due to a
failure of the affected application to validate user-supplied string lengths
before copying them into finite process buffers.
An attacker might leverage these issues to have arbitrary code executed in the
context of the user running the vulnerable application.
8. Mozilla Browser BMP Image Decoding Multiple Integer Overflow...
BugTraq ID: 11171
Remote: Yes
Date Published: Sep 14 2004
Relevant URL: http://www.securityfocus.com/bid/11171
Summary:
Mozilla Browser is reportedly prone to multiple integer overflow
vulnerabilities in the image parsing routines. These issues exist due to
insufficient boundary checks performed by the application. A remote attacker
may cause denial of service conditions in the client or execute arbitrary code
to gain unauthorized access to a vulnerable computer.
These vulnerabilities were researched on Mozilla 1.7, however, other versions
may be affected as well. Thunderbird 0.7 was also tested.
9. Microsoft WordPerfect Converter Remote Buffer Overflow Vulne...
BugTraq ID: 11172
Remote: Yes
Date Published: Sep 14 2004
Relevant URL: http://www.securityfocus.com/bid/11172
Summary:
Microsoft WordPerfect Converter is reported prone to a remote buffer overflow
vulnerability when handling malformed files. This vulnerability may allow a
remote attacker to execute arbitrary code on a vulnerable computer to gain
unauthorized access. To carry out an attack, the attacker may create a
malicious file and entice a user to open the file through an application that
employs WordPerfect Converter.
Microsoft WordPerfect Converter is installed by default in various versions of
Microsoft Office, Microsoft Word, Microsoft FrontPage, Microsoft Publisher, and
Microsoft Works Suite. Microsoft Office 2003 Service Pack 1 is not affected by
this vulnerability.
This issue may be similar in nature to BID 8538 (Microsoft WordPerfect
Converter Buffer Overrun Vulnerability).
10. Microsoft GDI+ Library JPEG Segment Length Integer Underflow...
BugTraq ID: 11173
Remote: Yes
Date Published: Sep 14 2004
Relevant URL: http://www.securityfocus.com/bid/11173
Summary:
Microsoft (Graphics Device Interface) GDI+ JPEG handler is reported prone to an
integer underflow vulnerability when handling JPEG format images. This issue
presents itself due to a lack of sufficient sanity checks performed on certain
JPEG data before this data employed as a bounds value for a memory copy
operation.
A specially crafted JPEG image may trigger this vulnerability and result in the
execution of arbitrary attacker-supplied code. Code execution would occur in
the context of the user who is running the vulnerable software.
**Update: This issue is similar in nature to BID 1503, discovered by Solar
Designer.
11. Mozilla Browser Vcard Handling Remote Buffer Overflow Vulner...
BugTraq ID: 11174
Remote: Yes
Date Published: Sep 14 2004
Relevant URL: http://www.securityfocus.com/bid/11174
Summary:
Mozilla Browser is reported prone to a remote buffer overflow vulnerability
when processing malicious vcard files. This issue presents itself due to
insufficient boundary checks performed by the application and may allow a
remote attacker to gain unauthorized access to a vulnerable computer.
It is reported that the issue originates in the 'nsVCardObj.cpp' file and may
allow an attacker to overflow a finite buffer by creating a malformed vcard
(vcf) file and sending the file to a vulnerable user in email. Reportedly,
this issue occurs when the mail is previewed in the browser.
These vulnerabilities were researched on Mozilla 1.7, however, other versions
may be affected as well. Thunderbird 0.7 was tested as well.
12. Mozilla/Firefox Browsers URI Drag And Drop Cross-Domain Scri...
BugTraq ID: 11177
Remote: Yes
Date Published: Sep 14 2004
Relevant URL: http://www.securityfocus.com/bid/11177
Summary:
Both Mozilla and Firefox are reported to be prone to a cross-domain scripting
vulnerability. It is reported that URI links that are dragged from one browser
window and dropped into another browser window will bypass the browser
same-origin policy security checks.
Certain URI types may be employed by a malicious website in order to trigger
this vulnerability. If successful, this attack will result in the execution of
arbitrary script code in the context of a target domain.
13. Mozilla/Firefox Browsers Unauthorized Clipboard Contents Dis...
BugTraq ID: 11179
Remote: Yes
Date Published: Sep 14 2004
Relevant URL: http://www.securityfocus.com/bid/11179
Summary:
A vulnerability is reported in Mozilla and Firefox browsers that could permit a
remote site to gain access to contents of the client user's clipboard.
This vulnerability exists because certain unsafe scripting operations are
permitted on TextAreas. This can lead to the disclosure of clipboard contents
and malicious Web sites having the ability to write to a users clipboard.
14. McAfee VirusScan System Scan Local Privilege Escalation Vuln...
BugTraq ID: 11181
Remote: No
Date Published: Sep 15 2004
Relevant URL: http://www.securityfocus.com/bid/11181
Summary:
Reportedly McAfee VirusScan is affected by a local privilege escalation
vulnerability. This issue is caused by a design error that causes the
application to fail to drop SYSTEM privileges after acquiring them.
A local attacker may leverage this issue to escalate their privileges to SYSTEM
on an affected Microsoft Windows computer.
** UPDATE: Additional versions later than 4.5.1 were added to this BID due to a
report that a similar attack was possible against those versions. These
versions have since been removed from the BID due to subsequent reports that
indicated this attack was not possible against the reported versions.
15. Multiple Browser Cross-Domain Cookie Injection Vulnerability
BugTraq ID: 11186
Remote: Yes
Date Published: Sep 15 2004
Relevant URL: http://www.securityfocus.com/bid/11186
Summary:
Multiple Browsers are reported prone to a cross-domain cookie injection
vulnerability. This issue is identified in Microsoft Internet Explorer, KDE
Konqueror, and Mozilla and may allow an attacker to carry out session hijacking
attacks.
The issue presents itself due to a design error in multiple browsers that
allows cookies to be incorrectly sent to other domains.
This BID will be divided and updated as more information becomes available.
16. HP Web Jetadmin Unspecified Arbitrary Command Execution Vuln...
BugTraq ID: 11188
Remote: Yes
Date Published: Sep 15 2004
Relevant URL: http://www.securityfocus.com/bid/11188
Summary:
HP Web Jetadmin is prone to an unspecified arbitrary arbitrary command
execution vulnerability. This issue was reported by the vendor and it may
allow a remote attacker to execute arbitrary commands on a vulnerable computer
running Web Jetadmin. This may allow the attacker to gain unauthorized access
to the computer.
HP Web Jetadmin version 7.5 is reported prone to this issue.
Due to a lack of details, further information is not available at the moment.
This BID will be updated as more information becomes available.
17. MyServer Directory Traversal Vulnerability
BugTraq ID: 11189
Remote: Yes
Date Published: Sep 15 2004
Relevant URL: http://www.securityfocus.com/bid/11189
Summary:
MyServer is reported prone to a remote directory traversal vulnerability. This
issue presents itself due to insufficient sanitization of user-supplied data.
This vulnerability results in improper access to potentially sensitive files
located outside of the document root of the web server.
MyServer version 0.7 is reportedly affected by this issue, however, other
versions may be vulnerable as well.
18. Mozilla/Firefox Browsers Tar.GZ Archive Weak Permissions Vul...
BugTraq ID: 11192
Remote: No
Date Published: Sep 15 2004
Relevant URL: http://www.securityfocus.com/bid/11192
Summary:
Mozilla and Mozilla Firefox browsers tar.gz archive that contains the
installation files is reported susceptible to an improper file permissions
vulnerability. It is reported that if the archive is extracted in a certain
manner, then the archive is extracted with world read/writeable permissions on
its contents.
This allows attackers with local interactive access to overwrite or modify
installation files used during the installation of the browser.
19. vBulletin SQL Injection Vulnerability
BugTraq ID: 11193
Remote: Yes
Date Published: Sep 15 2004
Relevant URL: http://www.securityfocus.com/bid/11193
Summary:
vBulletin is reported vulnerable to a remote SQL injection vulnerability. This
issue is due to a failure of the application to properly validate user-supplied
input prior to including it in an SQL query.
An attacker may exploit this issue to manipulate and inject SQL queries onto
the underlying database. It will be possible to leverage this issue to steal
database contents including administrator password hashes and user credentials
as well as to make attacks against the underlying database.
Versions 3.0 through to 3.0.3 are reportedly affected by this issue.
20. Mozilla/Firefox Browsers PrivilegeManager EnablePrivilege Di...
BugTraq ID: 11194
Remote: Yes
Date Published: Sep 15 2004
Relevant URL: http://www.securityfocus.com/bid/11194
Summary:
A vulnerability is reported in the Mozilla 'enablePrivilege' method. Because
the argument data of a 'enablePrivilege' method is used as text in a prompt
dialog if the user has not accessed the principal previously, it is possible to
manipulate dialog contents.
A remote attacker may exploit this condition to influence a victim user into
permitting a malicious script to run.
21. IBM OEM Microsoft Windows XP And Windows XP SP1 Default Admi...
BugTraq ID: 11199
Remote: No
Date Published: Sep 15 2004
Relevant URL: http://www.securityfocus.com/bid/11199
Summary:
IBM OEM Microsoft Windows XP And Windows XP SP1 are both reported to contain a
default passwordless administrative account.
Reportedly, during the installation process of IBMs OEM version of Windows XP
and Windows XP SP1, the process automatically creates an administrator account
and fails to set a password for it. The user is not made aware of the account
during installation.
Users installing this version of Microsoft Windows may fail to properly secure
this account, allowing for local attackers to gain administrative privileges.
Network access to accounts without passwords is denied, so this is only a local
vulnerability.
This vulnerability reportedly only affects IBMs OEM version of Microsoft
Windows XP and Windows XP Service Pack 1.
22. Microsoft Internet Explorer User Security Confirmation Bypas...
BugTraq ID: 11200
Remote: Yes
Date Published: Sep 16 2004
Relevant URL: http://www.securityfocus.com/bid/11200
Summary:
Reportedly, Microsoft Internet Explorer is affected by a user security
confirmation bypass vulnerability. This issue is due to a design error that
allows malicious users to trivially bypass the requirement for user
confirmation.
An attacker may leverage this issue by hosting a web page or pages designed to
bypass the required user confirmation; this would facilitate the execution of
arbitrary client side scripts such as JavaScript and ActiveX objects in the
browsers of unsuspecting users that visit the site.
23. Snitz Forums Down.ASP HTTP Response Splitting Vulnerability
BugTraq ID: 11201
Remote: Yes
Date Published: Sep 16 2004
Relevant URL: http://www.securityfocus.com/bid/11201
Summary:
Snitz Forums is reported prone to a HTTP response splitting vulnerability. The
issue exists in a parameter of the 'down.asp' script. The issue presents
itself due to a flaw in the affected script that allows an attacker to
manipulate how GET requests are handled.
A remote attacker may exploit this vulnerability to influence or misrepresent
how web content is served, cached or interpreted.
24. Microsoft Windows XP Explorer.EXE TIFF Image Denial of Servi...
BugTraq ID: 11202
Remote: Yes
Date Published: Sep 16 2004
Relevant URL: http://www.securityfocus.com/bid/11202
Summary:
Explorer.exe that ships with Microsoft Windows XP prior to Windows XP SP2 is
reported prone to a denial of service vulnerability.
The vulnerability is reported to exist when Explorer.exe handles certain TIFF
format images.
A remote attacker may exploit this vulnerability by presenting a malicious
image to a victim user. When this image is processed in a sufficient manner,
system resources will be consumed. This will impact the performance of the
computer, effectively denying service to legitimate users.
25. Business Objects WebIntelligence Access Control Bypass File ...
BugTraq ID: 11208
Remote: Yes
Date Published: Sep 17 2004
Relevant URL: http://www.securityfocus.com/bid/11208
Summary:
It is reported that WebIntelligence is susceptible to an access control bypass
vulnerability allowing for the deletion of files from the application.
This vulnerability is reported to exist as access controls are only enforced on
the client. The server fails to enforce access control restriction and allows
delete requests to succeed when they are not authorized.
Only authenticated users are able to exploit this vulnerability.
26. Business Objects WebIntelligence Remote File Name HTML Injec...
BugTraq ID: 11209
Remote: Yes
Date Published: Sep 17 2004
Relevant URL: http://www.securityfocus.com/bid/11209
Summary:
Reportedly Business Objects WebIntelligence is affected by a remote file name
HTML injection vulnerability. This issue is due to a failure to sanitize file
names prior to including them in dynamic web page content.
An attacker may leverage this issue to execute arbitrary HTML and script code
in the browser of an unsuspecting user, facilitating theft of cookie based
authentication credentials. Other attacks are also possible.
27. Google Toolbar About.HTML HTML Injection Vulnerability
BugTraq ID: 11210
Remote: Yes
Date Published: Sep 17 2004
Relevant URL: http://www.securityfocus.com/bid/11210
Summary:
Google Toolbar is reported prone to a HTML injection vulnerability. It is
reported that the Google Toolbar 'ABOUT.HTML' page allows the injection of HTML
and JavaScript code.
This vulnerability may allow an attacker to inject malicious HTML and script
code into the about page of the vulnerable application.
28. Samba Samba-VScan Undisclosed Denial Of Service Vulnerabilit...
BugTraq ID: 11216
Remote: Yes
Date Published: Sep 17 2004
Relevant URL: http://www.securityfocus.com/bid/11216
Summary:
An undisclosed denial of service vulnerability is reported to exist that may
result in a denial of service for both the smbd and nmbd daemons. It is
reported that the counter and pointer-handling present in 'samba-vscan' may
provide an exploit vector for this vulnerability.
This BID will be updated when further information regarding this vulnerability
is made available.
III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. Restrict Clinet IP address on Terminal Service (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/375878
2. VBScript to audit shares and share permissions (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/375864
3. How to Enforce Complex Password Policy for Selected ... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/375862
4. Hardening Desktop (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/375858
5. tool for user disk quota (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/375718
6. Windows2000 Security events (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/375504
7. AW: tool for user disk quota (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/375390
8. RES: How to Recovering files encrypted with Microsof... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/375326
9. RKDetect - behaviour based rootkit detection (update... (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/375304
10. XP-SP2 "Feature" (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/375148
IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
----------------------------------------
1. Firewall RuleMaker
By: The Net Memetic Pte Ltd
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://firewall.rulemaker.net
Summary:
Firewall RuleMaker is a Windows-based firewall configuration version control
software product for managers of Cisco PIX and Netscreen firewalls.
2. CAT Cellular Authentication Token and eAuthentication Servic...
By: Mega AS Consulting Ltd
Platforms: Java, Linux, OpenBSD, Os Independent, SecureBSD, Solaris, UNIX,
Windows 2000, Windows NT
Relevant URL: http://www.megaas.co.nz
Summary:
Low cost, easy to use Two Factor Authentication One Time Password token using
the Cellular. Does not use SMS or communication, manages multiple OTP accounts
- new technology. For any business that want a safer access to its Internet
Services. More information at our site.
We also provide eAuthentication service for businesses that will not buy an
Authentication product but would prefer to pay a monthly charge for
authentication services from our our CAT Server.
3. KeyCaptor Keylogger
By: Keylogger Software
Platforms: MacOS, Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.keylogger-software.com/keylogger/keylogger.htm
Summary:
KeyCaptor is your solution for recording ALL keystrokes of ALL users on your
computer! Now you have the power to record emails, websites, documents, chats,
instant messages, usernames, passwords, and MUCH MORE!
With our advanced stealth technology, KeyCaptor will not show in your processes
list and cannot be stopped from running unless you say so!
4. SpyBuster
By: Remove Spyware
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.remove-spyware.com/spybuster.htm
Summary:
Our award winning spyware / adware scanner and removal software, SpyBuster will
scan your computer for over 4,000 known spyware and adware applications.
SpyBuster protects your computer from data stealing programs that can expose
your personal information.
SpyBuster scanning technology allows for a quick and easy sweep, so you can
resume your work in minutes.
5. FreezeX
By: Faronics Technologies USA Inc
Platforms: Windows 2000, Windows 95/98, Windows XP
Relevant URL: http://www.faronics.com/html/Freezex.asp
Summary:
FreezeX prevents all unauthorized programs, including viruses, keyloggers and
spy ware from executing. Powerful and secure, FreezeX ensures that any new
executable, program, or application that is downloaded, introduced via
removable media or the network will never install
6. NeoExec for Active Directory
By: NeoValens
Platforms: Windows 2000, Windows XP
Relevant URL: http://www.neovalens.com
Summary:
NeoExec® is an operating system extension for Windows 2000/XP that allows the
setting of privileges at the application level rather than at the user level.
NeoExec® is the ideal solution for applications that require elevated
privileges to run as the privileges are granted to the application, not the
user.
NeoExec® is the only solution on the market capable of modifying at runtime the
processes' security context -- without requiring a second account as with RunAs
and RunAs-derived products.
V. NEW TOOLS FOR MICROSOFT PLATFORMS
------------------------------------
1. EPX Crypting Software 2.1
By: EdronSoft
Relevant URL: http://www.edronsoft.com/epx_pro.php
Platforms: Windows XP
Summary:
Protect your documents from others by encrypting them with DES and Triple DES
strong algorithms. No need to remember passwords because you keep the key used
for the decryption in a removable media device such as usb pen-drive (or floppy
disk).
Wipe function to destroy data and full Drag'N Drop support.
2. Hacme Bank 1.0
By: Mark Curphey / Rudolph Araujo
Relevant URL: http://www.foundstone.com/s3i
Platforms: Windows XP
Summary:
A web application security training application
3. ID-Synch 3.1
By: M-Tech Information Technology, Inc.
Relevant URL: http://idsynch.com/
Platforms: AIX, AS/400, DG-UX, Digital UNIX/Alpha, HP-UX, IRIX, Linux, MacOS,
MPE/iX, Netware, OpenBSD, OpenVMS, OS/2, OS/390, RACF, Solaris, SunOS, True64
UNIX, Ultrix, VM, VMS, VSE, Windows 2000, Windows NT
Summary:
ID-Synch is enterprise user provisioning software. It reduces the cost of user
administration, helps new and reassigned users get to work more quickly, and
ensures prompt and reliable access termination. This is accomplished through
automatic propagation of changes to user profiles from systems of record to
managed systems, with self service workflow for security change requests,
through consolidated and delegated user administration, and with federation.
4. IP Firewall Hook ATL/COM 1.2
By: Egemen Tas
Relevant URL: http://www.modemwall.com/tipfwhook.htm
Platforms: Windows 2000, Windows XP
Summary:
IP Firewall Hook is a *FREE and open source* ATL/COM component based on
"Windows Firewall-Hook Driver" technology. It is a powerful packet filtering
component for Windows 2000/XP. A sample application firewall is also provided
with it.
5. IP Firewall Lite ATL/COM 1.2
By: Egemen Tas
Relevant URL: http://www.modemwall.com/tipfwlite.htm
Platforms: Windows 2000, Windows XP
Summary:
IP Firewall Lite is a *FREE and open source* ATL/COM component based on
"Windows IP Filter Driver" technology. It is a powerful packet filtering
component for Windows 2000/XP. A sample application firewall is also provided
along with it.
6. Password Generator 2004 1.2.1628
By: Diplodock
Relevant URL: http://www.diplodock.com/Products/PasswordGenerator/default.aspx
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Summary:
Diplodock Password Generator 2004 is a professional, random password generator
that can produce 100,000 passwords, serial numbers, registration codes, masked
strings, and usernames of any length and character content in seconds. With
features such as built-in dictionaries, customizable character groups, password
options module, randomization settings module, word-choice, and character
density controls, it is extremely flexible, and allows you to create passwords
that wil
VI. UNSUBSCRIBE INSTRUCTIONS
----------------------------
To unsubscribe send an e-mail message to
ms-secnews-unsubscribe@securityfocus.com from the subscribed address. The
contents of the subject or message body do not matter. You will receive a
confirmation request message to which you will have to answer. Alternatively
you can also visit http://www.securityfocus.com/newsletters and unsubscribe via
the website.
If your email address has changed email listadmin@securityfocus.com and ask to
be manually removed.
VII. SPONSOR INFORMATION
-----------------------
This issue sponsored by: BindView
Webinar: COMPLIANCE - DOES ACCESS CONTROL MATTER?
Who's authorized to see your data? Compliance with Sarbanes-Oxley, GLBA and
HIPAA mandates user documentation and "need-to-know" access policies. Learn
about key components of identity management (IDM), how to manage access
control for compliance and other critical information to apply strict
access policies across the IT infrastructure.
Register here & receive an IDM White Paper
http://www.securityfocus.com/sponsor/BindView_ms-secnews_040921
------------------------------------------------------------------------
---------------------------------------------------------------------------
---------------------------------------------------------------------------
