Office Update Inventory Tool: "From a central location, administrators can run the Office Update Inventory Tool on client computers to find out which Office updates have been applied, which Office updates are available to be applied, and which Office updates can be applied only to an administrative installation point."
January 29, 2004
Microsoft to issue security patch for IE : "This is how it works. The actual URL syntax in the link--which appears in the IE address bar when the link is clicked, and also at the bottom of the IE window when someone rolls over the link with the cursor--looks like this: http(s)://username:password@server/resource.ext. The browser uses whatever is to the right of the @ symbol to locate the Web page. Everything to the left of the @ is used to authenticate the user. If there is no authentication mechanism available on the targeted page, the beginning part of the URL is ignored.
Attackers, then, can use the area to the left of the @ symbol to create a fake Web address and fool victims into going to a different page or site. For instance, the URL http://www.cnet.com@example.com looks like it will go to the Web site www.cnet.com, but it actually goes to http://example.com. "
January 28, 2004
US-CERT: "US-CERT has created the National Cyber Alert System, which is America's first cohesive national cyber security system for identifying, analyzing, and prioritizing emerging vulnerabilities and threats. The system provides credible and timely information on cyber security issues for both technical and non-technical users."
Now this one is interesting:
Secunia - Advisories - Internet Explorer File Download Extension Spoofing
Description:
http-equiv has identified a vulnerability in Internet Explorer, allowing malicious web sites to spoof the file extension of downloadable files.
The problem is that Internet Explorer can be tricked into opening a file, with a different application than indicated by the file extension. This can be done by embedding a CLSID in the file name. This could be exploited to trick users into opening "trusted" file types which are in fact malicious files.
January 27, 2004
2000Trainers.com: Using Windows 2000: VBScript Fundamentals for Windows Scripting (Part 1) The Basics
2000Trainers.com: Using Windows 2000: VBScript Fundamentals for Windows Scripting (Part 2) ADSI
2000Trainers.com: Using Windows 2000: VBScript Fundamentals for Windows Scripting (Part 3) WMI
Techdirt:Clearing Out From Under MyDoom - one of the better MyDoom/Novarg postings.
For more information: Symantec Security Response - W32.Novarg.A@mm
Update your AV. Another suggestion: break the fingers of every one of your users. No fingers = can't idiotically open attachments. :-)
January 23, 2004
Microsoft Online Crash Analysis - windiag: "The Windows Memory Diagnostic tests the Random Access Memory (RAM) on your computer for errors. The diagnostic includes a comprehensive set of memory tests. If you are experiencing problems while running Windows, you can use the diagnostic to determine whether the problems are caused by failing hardware, such as RAM or the memory system of your motherboard. Windows Memory Diagnostic is designed to be easy and fast. On most configurations, you can download the diagnostic, read the documentation, run the test and complete the first test pass in less than 30 minutes.
To run Windows Memory Diagnostic, you must reboot your computer with the disk or CD-ROM on which you installed Windows Memory Diagnostic in the drive. After the reboot, Windows Memory Diagnostic will load and its interface will appear. After loading, the first test pass will begin, using the default standard test suite, and continue until complete, unless Windows Memory Diagnostic is either paused or exited. Once the first test pass is complete, Windows Memory Diagnostic will begin a second test pass using the same settings as before. Windows Memory Diagnostic will continue to run test passes until you exit."
Mark Minasi's Windows Networking Tech Page
: Newsletter #38 January 2004: "Feature Article: Software Update Service: Patch Management From A to Z "
January 22, 2004
What can you learn from a hacker site?: "Finding up what the other side is up to can help keep your network secure - but make sure you don't get rumbled"
January 21, 2004
NewsIsFree: Technology Feeds
Here's some more RSS feeds:
http://msdn.microsoft.com/security/rss.xml - MSDN Security
http://www.wired.com/news/feeds/rss2/0,2610,24,00.xml - Wired News: IT/IS Important
http://www.netstumbler.org/backend.php - net stumbler dot com
http://www.geekwisdom.com/dyn/module.php?mod=node&op=feed - Geek(Wisdom).com
http://www.geeknewscentral.com/index.xml - Geek News Central
http://www.geeknik.net/?rss - Geeknik
http://xml.newsisfree.com/feeds/85/3785.xml - 2600.com
http://xml.newsisfree.com/feeds/62/4662.xml - Secunia
http://www.hackinthebox.org/backend.php - hackinthebox.org
http://cultdeadcow.blogspot.com/rss/cultdeadcow.xml - CULT OF THE DEAD COW
http://www.computerworld.com/news/xml/0,5000,73,00.xml - ComputerWorld: Security Knowledge Center
Computer Security Incident Handling Guide - by the National Institute of Standards and Technology (NIST). Good background info.
Windows 2000 Security Hardening Guide: "This document provides administrator guidance for how to set up and configure secure Windows 2000 systems in several scenarios. This document is a baseline for other hardening guides published by Microsoft, such as the Microsoft Solutions for Security."
Microsoft Baseline Security Analyzer v1.2 (for IT Professionals): "Version 1.2 of MBSA includes a graphical and command line interface that can perform local or remote scans of Windows systems. MBSA runs on Windows Server 2003, Windows 2000, and Windows XP systems and will scan for common security misconfigurations in the following products: Windows NT 4.0, Windows 2000, Windows XP, Windows Server 2003, Internet Information Server (IIS) 4.0, 5.0, and 6.0, SQL Server 7.0 and 2000, Internet Explorer (IE) 5.01 and later, and Office 2000, 2002 and 2003. MBSA also scans for missing security updates for Windows NT 4.0, Windows 2000, Windows XP, Windows Server 2003, IIS, SQL, Exchange, IE, Windows Media Player, MDAC, MSXML, Microsoft VM, Office, Content Management Server, Commerce Server, Host Integration Server, and BizTalk Server."
January 19, 2004
Getting DNS statistics and informationDNSCMD utility is a Windows command line tool that you can install and use on either a client or server to troubleshoot and configure DNS.
823659 - Client, Service, and Program Incompatibilities That May Occur When You Modify Security Settings and User Rights Assignments - Lists all of the settings and the possible affects they may have.. nice!
January 17, 2004
Restoring an AD DC on dissimilar hardware: "This procedure is detailed in Microsoft Knowledge Base Article - 263532. But here is the 10,000 foot view of the operation."
January 14, 2004
Hey! Where's the problem? - Dave Lieber IN MY OPINION --Middle School Student Suspended for Using DOS Messaging System
(6 January 2004)
A thirteen-year-old Texas middle school student was suspended for three
days because he sent a message saying "Hey" to every computer in the
school using an old messaging system his father taught him while
tutoring him about DOS (the operating system). The columnist feels that
the punishment was far too harsh for the student's actions, particularly
because his actions were not forbidden by any written school policy.
Law # 1: Security patches are a fact of life.
Law # 2: It does no good to patch a system that was never secure to begin with.
Law # 3: There is no patch for bad judgment.
Law # 4: You cannot patch what you do not know you have.
Law # 5: The most effective patch is the one you do not have to apply.
Law # 6: A service pack covers a multitude of patches.
Law # 7: All patches are not created equal.
Law # 8: Never base your patching decision on whether you have seen an exploit code … Unless you have seen an exploit code.
Law # 9: Everyone has a patch management strategy, whether they know it or not.
Law #10: Patch management is really Risk Management.
As posted on the
Patch Management Mailing List. Join here.
January 13, 2004
Microsoft Security Bulletin MS04-001 - Vulnerability in Microsoft Internet Security and Acceleration Server 2000 H.323 Filter Could Allow Remote Code Execution (816458)
Microsoft Security Bulletin MS04-002 - Vulnerability in Exchange Server 2003 Could Lead to Privilege Escalation (832759)
Microsoft Security Bulletin MS04-003 - Buffer Overrun in MDAC Function Could Allow Code Execution (832483)
SearchSecurity.com | Vulnerabilities afflict multiple antivirus products Serious vulnerabilities in several antivirus products could result in denial-of-service conditions, local privilege escalation and other negative consequences. Fixes are available for some of the problems.
A team of researchers from Aerasec Network Services and Security GmbH, based in Hohenbrunn, Germany, discovered that these products have trouble with so-called bzip2 bombs.
January 08, 2004
Intrusion detection for Windows 2000: "What is GFI LANguard System Integrity Monitor?
GFI LANguard System Integrity Monitor (S.I.M.) is a utility that provides intrusion detection by checking whether files have been changed, added or deleted on a Windows 2000/XP system. If this happens, it alerts the administrator by email. Because hackers need to change certain system files to gain access, this FREEWARE utility provides a great means to identify any servers that are open to attack."
I heard some rave reviews on this from Lockergnome in their IT newsletter.
Google Search: VIEW ACTIVE DIRECTORY ROLES: " a.. Active Directory Schema for the schema master.
b.. Active Directory Domains and Trusts for the domain naming master.
c.. Active Directory Users and Computers for per-domain roles."
Additionally, you can use the Active Directory snap-ins to view the actual
roles that a domain controller owns. To accomplish this, you would choose
one of the Active Directory snap-ins, right-click the root node of the
snap-in in the consoler tree, and select Operations Master. The Operations
dialog box displays the name of the domain controller that is the current
focus and its status.
Operations master roles
255504 - Using Ntdsutil.exe to Seize or Transfer FSMO Roles to a Domain Controller
255690 - HOW TO: View and Transfer FSMO Roles in the Graphical User Interface
January 06, 2004
Why PSTs are bad, by Ed Crowley. - 15 great reasons why PST's are straight from hell. Sucks to be me, if I only had Exchange.....
January 05, 2004
SearchSecurity.com | RSA: Hacker hiring session morphs into Mitnick melee: "The contentious sparring between Hewlett-Packard Co. chief security strategist Ira Winkler and convicted hacker Kevin Mitnick came to a head Tuesday afternoon at RSA Conference 2003. "
January 02, 2004
249694 - How to Move a Windows 2000 Installation to Different Hardware
237556 - How to Troubleshoot Windows 2000 Hardware Abstraction Layer Issues
216498 - HOW TO: Remove Data in Active Directory After an Unsuccessful Domain Controller Demotion
555012 - How to move a certificate authority to a new server running on a domain controller.
216364 - Domain Controller Server Object Not Removed After Demotion
Windows 2000 Server Disaster Recovery Guidelines - From Microsoft.
Disaster Recovery Planning Process Part 1 of 3 - from the Disaster Recovery Journal.
Disaster Recovery Planning Process Part 2 of 3 - from the Disaster Recovery Journal.
Disaster Recovery Planning Process Part 3 of 3 - from the Disaster Recovery Journal.
Resource Information - Planning Overview