Windows & .NET Magazine Security UPDATE--July 9, 2003

===============

==== This Issue Sponsored By ====

HP & Microsoft Network Storage Solutions Road Show http://list.winnetmag.com/cgi-bin3/DM/y/eA0D74Eh0CCB07cD0AM

==========

1. In Focus: Antispam Movement: Going in Opposite Directions

2. Security Risks - DoS in Opera Web Browser

3. Announcements - Attend the Black Hat Briefings & Training, July 28-31 in Las Vegas - Active Directory eBook Chapter 2 Published!

4. Security Roundup - News: Exclusive: Microsoft's Plan to End the Patch Management Nightmare - News: Catastrophic Risk Index - News: Microsoft Plugs Another Passport Security Hole - News: Department of the Interior Kicked Off the Internet 5. Instant Poll - Results of Previous Poll: Fighting Software Piracy - New Instant Poll: Handling Spam

6. Security Toolkit - Virus Center - FAQ: What Automated Procedure Can I Use to Disconnect All Users from My Server at a Certain Time Each Day?

7. Event - New--Mobile & Wireless Road Show! 8. New and Improved - Conduct Network Security Audits - Submit Top Product Ideas

9. Hot Thread - Windows & .NET Magazine Online Forums - Featured Thread: Using Subinacl to Change Ownership on All Files in a Directory Tree

10. Contact Us See this section for a list of ways to contact us.

==========

==== Sponsor: ====

==== Sponsor: HP & Microsoft Network Storage Solutions Road Show ====

Missed the Network Storage Solutions Road Show? If you couldn't make the HP & Microsoft Network Storage Solutions Road Show, you missed Mark Smith talking about Windows-Powered NAS, file server consolidation, and more. The good news is that you can now view the Webcast event in its entirety at: http://list.winnetmag.com/cgi-bin3/DM/y/eA0D74Eh0CCB07cD0AM

==========

==== 1. In Focus: Antispam Movement: Going in Opposite Directions ==== by Mark Joseph Edwards, News Editor, mark@ntsecurity.net

As you know, spam is causing an uproar, and many are mounting a considerable effort to put a damper on it. That effort recently delivered a significant blow, when the British Broadcasting Corporation (BBC) revealed that it had uncovered what it believes to be the source of tens of millions of spam items sent out each day.

During a special journalistic investigation, the BBC found evidence that the computers of thousands of companies around the world are being hijacked to deliver spam and to host questionable Web sites. Obviously, spammers use hijacked computers to help cover their tracks. One of the hijacked companies was British Airways, whose network attackers used to host a Web site for mail-order brides.

By further tracking clues such as IP addresses and domain-registry information, the BBC followed the trail first to South America, then to the Netherlands. In the Netherlands, the BBC discovered that Dutch ISP MegaProvider is connected to a known group of spammers. The BBC investigation team confronted the operator of MegaProvider, and you can read the details in a news story at the BBC News Web site. http://news.bbc.co.uk/1/hi/technology/3036092.stm

The fallout against MegaProvider is significant so far: The company lost peering contracts and customers, and other ISPs entirely blocked its networks. The complete outcome remains to be seen. The BBC story points out that we can prevent spam by nipping it in the bud.

As you know, corporate giants have taken a more public stance against spammers. Some of their endeavors have gained the spotlight in various US publications. You might be surprised to learn what's been reported.

The "Washington Post" reports that Missouri Attorney General Jay Nixon has accused Microsoft of trying to run a protection racket through which Microsoft would earn money from companies that want to send bulk mail. In addition, The "Washington Post" reports that Microsoft opposes a do-not-spam registry because such registries might be attacked to reveal millions of email addresses. http://www.bayarea.com/mld/cctimes/news/6244003.htm

The "Washington Times" also reports that Microsoft opposes a do-not-spam registry--because it would be technologically impractical and unenforceable. But if a registry works to curb telemarketers, why can't it work to curb spammers too? http://washingtontimes.com/business/20030629-103835-5128r.htm

ZDNet UK and CNET report that critics of Microsoft's push against spam say the company's stated opposition to spam is hypocritical--and that the company should "get its own house in order" first. Microsoft has defended itself against the criticism, which cites MSN and Hotmail as contributors to the spam problem. http://news.zdnet.co.uk/story/0,,t269-s2136652,00.html "The Sacramento Bee" reports that Microsoft "has fought legislation in Missouri, Michigan, and California that would make it illegal to send commercial email to anyone who doesn't want it. Microsoft instead has supported laws that allow companies to send unsolicited email, provided that they do not use deceptive or fraudulent practices and offer consumers the chance to opt out of future solicitations." http://www.sacbee.com/content/politics/story/6960914p-7910017c.html

The bottom line is that spam is a huge money-maker for companies that deliver it (whether the spam is legitimate advertising or not), companies that advertise through spam, and companies that sell products that help filter spam. At the same time, spam costs businesses a lot of money because they have to buy and administer filtering products--and bear the expense of the associated bandwidth.

Spam represents the opportunity to make big money fast--for software and service companies and for entities involved in advertising. Even so, people are for the most part tired of unwanted email messages. I think the most cost-effective ways to curb unwanted email involve a combination of efforts that include a law that requires people to opt-in to receive advertising, do-not-spam lists, and filtering technologies. (I realize that I might be shortsighted about this matter. Email me your ideas.) We might even see significant changes to the underlying technology of email itself, such as digital postage or mandatory identity management to ensure that email messages arrive at their destination.

Laws do help curb spam (large companies are successfully suing spammers), but they don't always address the challenges that international spammers present. Digital postage might help, but it won't be well received. Identity management seems like the most potentially effective course. In any case, I think we'll all probably spend more time and more money on technology to keep unwanted email at bay in the future. Keep an eye on the spam debates because you might have to adjust your budgets and network topology accordingly.

==========

==== 2. Security Risks ==== contributed by Ken Pfeil, ken@winnetmag.com

DoS in Opera Web Browser A person using the alias "Operash" discovered five new bugs in Opera 7 for Windows Web browser, each of which can result in a Denial of Service (DoS) condition. Opera was notified on June 24, 2003, but hasn't yet responded to these problems. http://www.secadministrator.com/articles/index.cfm?articleid=39456

==== 3. Announcements ==== (from Windows & .NET Magazine and its partners)

Attend the Black Hat Briefings & Training, July 28-31 in Las Vegas This is the world's premier technical IT security event, with lots of Windows sessions! 10 tracks, 15 training sessions, 1800 delegates from 30 nations including all of the top experts from CSOs to "underground" security specialists. See for yourself what the buzz is all about! This event will sell out, so register now. http://www.blackhat.com

Active Directory eBook Chapter 2 Published! The second chapter of Windows & .NET Magazine's popular eBook "Windows 2003: Active Directory Administration Essentials" is now available at no charge! Chapter 2 looks at what's new and improved with Active Directory (AD). Download it now! http://www.windowsitlibrary.com/ebooks/administeringad/index.cfm?pc=adupd

==== 4. Security Roundup ====

News: Exclusive: Microsoft's Plan to End the Patch Management Nightmare One of the biggest challenges facing Microsoft's enterprise customers today is patch management, primarily because the company's many products all have their own tools and methods for providing software updates. http://www.secadministrator.com/articles/index.cfm?articleid=39451

News: Catastrophic Risk Index Internet Security Systems (ISS) has released its Catastrophic Risk Index (CRI), which the company says is "a list of the most serious, high-risk vulnerabilities and attacks currently affecting computer networks." To be included in the CRI, a vulnerability had to meet several criteria, such as being pervasive across all industries. http://www.secadministrator.com/articles/index.cfm?articleid=39464

News: Microsoft Plugs Another Passport Security Hole Microsoft has plugged another security hole in its .NET Passport solution a few days after Victor Manuel Alvarez Castro posted a message to a vulnerability discussion mailing list that discussed details of the problem. http://www.secadministrator.com/articles/index.cfm?articleid=39465

News: Department of the Interior Kicked Off the Internet According to a report by Jupitermedia, the US Department of the Interior has been ordered to disconnect from the Internet because the department refused to cooperate with security auditors. http://www.secadministrator.com/articles/index.cfm?articleid=39463

===========

==== Hot Release ====

Research in Motion * BlackBerry Security White Paper for Microsoft Exchange Download this free technical white paper now from Windows & .NET Magazine's White Paper Central. Brought to you courtesy of Research in Motion. http://ad.doubleclick.net/clk;5580710;7402808;g?http://www.blackberry.com/select/server_wp/index.shtml?CPID=AF22037

==== 5. Instant Poll ====

Results of Previous Poll: Fighting Software Piracy The voting has closed in Windows & .NET Magazine's Security Administrator Channel nonscientific Instant Poll for the question, "Do you think legalizing the destruction of software pirates' computers is a reasonable course of action?" Here are the results from the 287 votes. - 7% Yes - 93% No

New Instant Poll: Handling Spam The next Instant Poll question is, "Which is the best approach to handling spam?" Go to the Security Administrator Channel home page and submit your vote for a) Networks should operate their own filtering technology, b) Users should have to "opt-in" to receive spam from a given source, c) Users should have to "opt-out" to not receive spam from a given source, or d) Other (email your idea to security@winnetmag.com). http://www.secadministrator.com

==== 6. Security Toolkit ====

Virus Center Panda Software and the Windows & .NET Magazine Network have teamed to bring you the Center for Virus Control. Visit the site often to remain informed about the latest threats to your system security. http://www.secadministrator.com/panda

FAQ: What Automated Procedure Can I Use to Disconnect All Users from My Server at a Certain Time Each Day? (contributed by Randy Franklin Smith, rsmith@montereytechgroup.com)

Run the Net Session command to receive a list of all remote users and computer names connected to your computer. To log those users off of your server, type

net session /delete /y

The /y parameter instructs Windows 2000 not to ask for confirmation before disconnecting these users, which means that you can use Task Scheduler to configure the command to run without your intervention or oversight. Note that this command logs off all remote users, even those who have files open.

==== 7. Event ====

New--Mobile & Wireless Road Show! Learn more about the wireless and mobility solutions that are available today! Register now for this free event! http://www.winnetmag.com/roadshows/wireless

==== 8. New and Improved ==== by Sue Cooper, products@winnetmag.com

Conduct Network Security Audits GFI released GFI LANguard Network Security Scanner (NSS) 3.2, a tool for conducting network security audits of Windows machines and remotely deploying patches and service packs. GFI LANguard NSS detects network vulnerabilities, generates vulnerability reports, and remotely installs security patches without user intervention. Prices start at $249 for 50 IPs and $895 for unlimited IPs. Contact GFI at 800-243-4329. http://www.gfi.com/lannetscan

Submit Top Product Ideas Have you used a product that changed your IT experience by saving you time or easing your daily burden? Do you know of a terrific product that others should know about? Tell us! We want to write about the product in a future What's Hot column. Send your product suggestions to whatshot@winnetmag.com.

==== 9. Hot Thread ====

Windows & .NET Magazine Online Forums http://www.winnetmag.com/forums

Featured Thread: Using Subinacl to Change Ownership on All Files in a Directory Tree (One message in this thread)

A user writes that he's been trying to use Subinacl from the "Microsoft Windows NT 4.0 Resource Kit" to change all the file and directory ownership details on 500+ disk drives before a migration. However, using the tool with the documented syntax (subinacl /subdirectories g:\users\\*.* /setowner=\username) lets the changes go down only one directory level. (Using the tool from the "Microsoft Windows 2000 Resource Kit" on a Win2K Server with the same command structure does change permissions all the way down a directory tree.) Does anyone know a way to make the needed changes on NT 4.0? Lend a hand or read the responses: http://www.winnetmag.com/forums/rd.cfm?cid=42&tid=60536

==== Sponsored Links ====

AutoProf Jerry Honeycutt Desktop Deployment Whitepaper http://ad.doubleclick.net/clk;5790077;8214395;s?http://www.AutoProf.com/Update_TextLinks_2003_06_23.html

=========

==== 10. Contact Us ====

About the newsletter -- letters@winnetmag.com About technical questions -- http://www.winnetmag.com/forums About product news -- products@winnetmag.com About your subscription -- securityupdate@winnetmag.com About sponsoring Security UPDATE -- emedia_opps@winnetmag.com

=============== This email newsletter is brought to you by Security Administrator, the print newsletter with independent, impartial advice for IT administrators securing Windows and related technologies. Subscribe today. http://www.secadministrator.com/sub.cfm?code=saei25xxup

Thank you! __________________________________________________________ Copyright 2003, Penton Media, Inc.