Marc Fossi | 3 Aug 23:56 2004
Picon

SecurityFocus Microsoft Newsletter #200

SecurityFocus Microsoft Newsletter #200
----------------------------------------

This Issue is Sponsored By: SecurityFocus

Want to keep up on the latest security vulnerabilities? Don't have time to
visit a myriad of mailing lists and websites to read the news? Just add the
new SecurityFocus RSS feeds to your freeware RSS reader, and see all the
latest posts for Bugtraq and the SF Vulnernability database in one
convenient place. Or, pull in the latest news, columnists and feature
articles in the SecurityFocus aggregated news feed, and stay on top of
what's happening in the community!

http://www.securityfocus.com/rss/index.shtml

------------------------------------------------------------------------
I. FRONT AND CENTER
     1. Data Driven Attacks Using HTTP Tunneling
     2. Email Privacy is Lost
II. MICROSOFT VULNERABILITY SUMMARY
     1. PostNuke Install Script Administrator Password Disclosure Vu...
     2. Mozilla Firefox Refresh Security Property Spoofing Vulnerabi...
     3. Subversion 'mod_authz_svn' Access Control Bypass Vulnerabili...
     4. PostNuke Reviews Module Cross-Site Scripting Vulnerability
     5. Invision Power Board Index.php Query String Cross-Site Scrip...
     6. Microsoft Internet Explorer Style Tag Comment Memory Corrupt...
     7. Hitachi Web Page Generator Unspecified Denial Of Service Vul...
     8. Verylost LostBook Message Entry HTML Injection Vulnerability
     9. MyServer Multiple Remote math_sum.mscgi Example Script Vulne...
     10. Mozilla Firefox XML User Interface Language Browser Interfac...
(Continue reading)

first last | 9 Aug 13:53 2004
Picon

most avtive attack type

Hello everyone,

I was wondering what the most common type of attack to expect to get hit 
with over a network is.
I will be protecting a MS based network.

The other thing i was thinking is in this senerao what type of attacks 
should you be watching out for?

senerao: Small TCP/IP network (sub 6 pcs) All have the latest MS client or 
server OSes fully patched.
IPSec running as a firewall, all trafic monitered/logged, services 
configured (and disabled)  1 Software router, 1 Hardware router (firewall 
running on each) im thinking thats about it.

Thanks for the help it is greatly apricated

_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today - it's FREE! 
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/

---------------------------------------------------------------------------
---------------------------------------------------------------------------

Haseeb Chaudhary | 10 Aug 10:33 2004
Picon

RE: most avtive attack type

Hi,

The most common attack types and worms exploit known vulnerabilities are
listed on http://www.sans.org/top20/ - also there is a section at the bottom
detailing which ports to block on the firewall. Although it is far better to
deny all which is not specifically allowed by the firewall as opposed to
individually blocking specific ports.

Hope this helps.

-Haseeb

-----Original Message-----
From: first last [mailto:in5ecure24 <at> hotmail.com]
Sent: 09 August 2004 12:54
To: focus-ms <at> securityfocus.com
Subject: most avtive attack type

Hello everyone,

I was wondering what the most common type of attack to expect to get hit 
with over a network is.
I will be protecting a MS based network.

The other thing i was thinking is in this senerao what type of attacks 
should you be watching out for?

senerao: Small TCP/IP network (sub 6 pcs) All have the latest MS client or 
server OSes fully patched.
IPSec running as a firewall, all trafic monitered/logged, services 
(Continue reading)

Marc Fossi | 11 Aug 16:13 2004
Picon

SecurityFocus Microsoft Newsletter #201

SecurityFocus Microsoft Newsletter #201
----------------------------------------

This issue sponsored by: Qualys

ELIMINATE SASSER & OTHER THREATS - Free Network Security Audit
Stop waiting for anti-virus solutions to catch up with the latest worms.
Run a free security check today to detect and eliminate security risks in
your network BEFORE they can be compromised.

http://www.securityfocus.com/sponsor/Qualys_ms-secnews_040810

------------------------------------------------------------------------
I. FRONT AND CENTER
     1. Deploying Network Access Quarantine Control (part 1 of 2)
     2. Data Driven Attacks Using HTTP Tunneling
II. MICROSOFT VULNERABILITY SUMMARY
     1. Mozilla and Netscape SOAPParameter Integer Overflow Vulnerab...
     2. Horde IMP HTML+TIME HTML Injection Vulnerability
     3. StackDefender ObjectAttributes Invalid Pointer Dereference D...
     4. PuTTY Modpow Integer Handling Memory Corruption Vulnerabilit...
     5. StackDefender BaseAddress Invalid Pointer Dereference Denial...
     6. PHP-Nuke Delete God Admin Access Control Bypass Vulnerabilit...
     7. Acme thttpd Directory Traversal Vulnerability
     8. Gaim Multiple Unspecified MSN Protocol Buffer Overflow Vulne...
     9. Neon WebDAV Client Library Unspecified Vulnerability
     10. PSCP Modpow Base Integer Handling Buffer Overrun Vulnerabili...
     11. Opera Remote Location Object Cross-Domain Scripting Vulnerab...
     12. Mozilla Browser Input Type HTML Tag Unauthorized Access Vuln...
     13. Mozilla Browser/Thunderbird SendUIDL POP3 Message Handling R...
(Continue reading)

Marc Fossi | 11 Aug 19:30 2004
Picon

Article Announcement: Redmond's Salvation

Redmond's Salvation
By Tim Mullen  Aug 11 2004

Service Pack 2 for XP represents a sea change in Microsoft's security
posture. Here's why you should ignore the naysayers and start planning
your upgrade.

http://www.securityfocus.com/columnists/259

Marc Fossi
Symantec Corp.
www.symantec.com

---------------------------------------------------------------------------
---------------------------------------------------------------------------

MacLeonard Starkey | 12 Aug 09:49 2004
Picon
Picon

Re: most avtive attack type

Much of what I am currently seeing are email based vectors,

as such, they rely either on holes in the client software which allows 
immediate execution of attachments, or the human factor.

Make sure you educate your users, or all the firewalling and patching in 
the world won't help you

regards,

Macca

first last wrote:

> Hello everyone,
> 
> I was wondering what the most common type of attack to expect to get hit 
> with over a network is.
> I will be protecting a MS based network.
> 
> 
> The other thing i was thinking is in this senerao what type of attacks 
> should you be watching out for?
> 
> senerao: Small TCP/IP network (sub 6 pcs) All have the latest MS client 
> or server OSes fully patched.
> IPSec running as a firewall, all trafic monitered/logged, services 
> configured (and disabled)  1 Software router, 1 Hardware router 
> (firewall running on each) im thinking thats about it.
> 
(Continue reading)

Aaron Lewis | 13 Aug 17:28 2004
Picon

RE: most avtive attack type

Agreed. I would say most email viruses / worms enter a system due to a user
who is so curious they have to open it. Educating the users and having them
understand the problem and the solutions is very key in maintaining a sound
environment. Blocking some outgoing traffic of well known threats at the
border device can help too.

I know Admins at the local government level who don't run AV or patch their
systems because they have a firewall and they think nothing can get to them.
The worst part is the Admin doesn't know anything about networking and the
firewall setup was outsourced and hasn't been touched since install.

Yes I said government
ADL

-----Original Message-----
From: MacLeonard Starkey [mailto:macleonard <at> softhome.net]
Sent: Thursday, August 12, 2004 3:49 AM
To: focus-ms <at> securityfocus.com
Subject: Re: most avtive attack type

Much of what I am currently seeing are email based vectors,

as such, they rely either on holes in the client software which allows
immediate execution of attachments, or the human factor.

Make sure you educate your users, or all the firewalling and patching in
the world won't help you

regards,

(Continue reading)

Jason Gregson | 13 Aug 17:45 2004

RE: most avtive attack type

Whilst I agree that education is the most aspect, every one has a bad day at some point.

As most of the attack's/exploits we are seeing are email based, there is a very simple solution to email
based virus which involves a 3rd party to receive all your mail and then forward the email to the recipient
when the email is 100% guaranteed virus free. An other bonus of this system is that port 25 only has to open
the 3rd party in order to receive the email. If no other inbound services are needed, this will tighten the
network you have even further as there will be no visible ports open to the outside world. 

I don't think this is the place to advertising but if you email me directly I will gladly help out with the
specifics (I don't work for them - I am a happy customer)

Also from the logs on our firewalls, the most common attempts are on ports:
137/135/139/445 - Windows sharing and the like
IPSEC replays
IP Spoofing
Port 6129 - Dameware remote control
Port 1025 - RPC service

Kinds regards

Jason

-----Original Message-----
From: MacLeonard Starkey [mailto:macleonard <at> softhome.net]
Sent: 12 August 2004 08:49
To: focus-ms <at> securityfocus.com
Subject: Re: most avtive attack type

Much of what I am currently seeing are email based vectors,

(Continue reading)

Bourque Daniel | 13 Aug 22:14 2004

RE : most avtive attack type


I think educated users are even more dangerous because they think they have
it all cover, the admin being the worse ones...

I don't trust users, I don't trust AV (I run 4 different one from different
companies), I don't trust firewall (I run 2 from different companies), I
don't trust IDS (I run 2 from you guess what) and over all, I certaintly
don't trust myself...  There is so much to learn that the more I learn, the
less I know.

Good week-end all and good sleep, it could be the last for some days...  :o)

-----Message d'origine-----
De : Aaron Lewis [mailto:aaron <at> adldatacomm.net] 
Envoyé : 13 août, 2004 11:28
À : focus-ms <at> securityfocus.com
Cc : macleonard <at> softhome.net
Objet : RE: most avtive attack type

Agreed. I would say most email viruses / worms enter a system due to a user
who is so curious they have to open it. Educating the users and having them
understand the problem and the solutions is very key in maintaining a sound
environment. Blocking some outgoing traffic of well known threats at the
border device can help too.

I know Admins at the local government level who don't run AV or patch their
systems because they have a firewall and they think nothing can get to them.
The worst part is the Admin doesn't know anything about networking and the
firewall setup was outsourced and hasn't been touched since install.

(Continue reading)

first last | 14 Aug 10:41 2004
Picon

RE: most avtive attack type

Thank you to everyone who replyed, it was very much apricated. I didnt know 
bout the sans top 20 but ill be keeping an eye on that site. Thanks again 
everyone

>From: "Aaron Lewis" <aaron <at> adldatacomm.net>
>Reply-To: <aaron <at> adldatacomm.net>
>To: <focus-ms <at> securityfocus.com>
>CC: <macleonard <at> softhome.net>
>Subject: RE: most avtive attack type
>Date: Fri, 13 Aug 2004 11:28:18 -0400
>
>Agreed. I would say most email viruses / worms enter a system due to a user
>who is so curious they have to open it. Educating the users and having them
>understand the problem and the solutions is very key in maintaining a sound
>environment. Blocking some outgoing traffic of well known threats at the
>border device can help too.
>
>I know Admins at the local government level who don't run AV or patch their
>systems because they have a firewall and they think nothing can get to 
>them.
>The worst part is the Admin doesn't know anything about networking and the
>firewall setup was outsourced and hasn't been touched since install.
>
>Yes I said government
>ADL
>
>-----Original Message-----
>From: MacLeonard Starkey [mailto:macleonard <at> softhome.net]
>Sent: Thursday, August 12, 2004 3:49 AM
>To: focus-ms <at> securityfocus.com
(Continue reading)


Gmane