Office Update Inventory Tool

January 30, 2004

0 comments  

Office Update Inventory Tool: "From a central location, administrators can run the Office Update Inventory Tool on client computers to find out which Office updates have been applied, which Office updates are available to be applied, and which Office updates can be applied only to an administrative installation point."

Microsoft to issue security patch for IE | CNET News.com

January 29, 2004

0 comments  

Microsoft to issue security patch for IE : "This is how it works. The actual URL syntax in the link--which appears in the IE address bar when the link is clicked, and also at the bottom of the IE window when someone rolls over the link with the cursor--looks like this: http(s)://username:password@server/resource.ext. The browser uses whatever is to the right of the @ symbol to locate the Web page. Everything to the left of the @ is used to authenticate the user. If there is no authentication mechanism available on the targeted page, the beginning part of the URL is ignored.
Attackers, then, can use the area to the left of the @ symbol to create a fake Web address and fool victims into going to a different page or site. For instance, the URL http://www.cnet.com@example.com looks like it will go to the Web site www.cnet.com, but it actually goes to http://example.com. "

US-CERT: National Cyber Alert System

January 28, 2004

0 comments  

US-CERT: "US-CERT has created the National Cyber Alert System, which is America's first cohesive national cyber security system for identifying, analyzing, and prioritizing emerging vulnerabilities and threats. The system provides credible and timely information on cyber security issues for both technical and non-technical users."

Secunia - Advisories - Internet Explorer File Download Extension Spoofing

0 comments  

Now this one is interesting:
Secunia - Advisories - Internet Explorer File Download Extension Spoofing

Description:
http-equiv has identified a vulnerability in Internet Explorer, allowing malicious web sites to spoof the file extension of downloadable files.

The problem is that Internet Explorer can be tricked into opening a file, with a different application than indicated by the file extension. This can be done by embedding a CLSID in the file name. This could be exploited to trick users into opening "trusted" file types which are in fact malicious files.

VBScript Fundamentals for Windows Scripting

January 27, 2004

0 comments  

2000Trainers.com: Using Windows 2000: VBScript Fundamentals for Windows Scripting (Part 1) The Basics

2000Trainers.com: Using Windows 2000: VBScript Fundamentals for Windows Scripting (Part 2) ADSI

2000Trainers.com: Using Windows 2000: VBScript Fundamentals for Windows Scripting (Part 3) WMI

Techdirt:Clearing Out From Under MyDoom

0 comments  

Techdirt:Clearing Out From Under MyDoom - one of the better MyDoom/Novarg postings.

For more information: Symantec Security Response - W32.Novarg.A@mm

Update your AV. Another suggestion: break the fingers of every one of your users. No fingers = can't idiotically open attachments. :-)

Windows Memory Diagnostic

January 23, 2004

0 comments  

Microsoft Online Crash Analysis - windiag: "The Windows Memory Diagnostic tests the Random Access Memory (RAM) on your computer for errors. The diagnostic includes a comprehensive set of memory tests. If you are experiencing problems while running Windows, you can use the diagnostic to determine whether the problems are caused by failing hardware, such as RAM or the memory system of your motherboard. Windows Memory Diagnostic is designed to be easy and fast. On most configurations, you can download the diagnostic, read the documentation, run the test and complete the first test pass in less than 30 minutes.
To run Windows Memory Diagnostic, you must reboot your computer with the disk or CD-ROM on which you installed Windows Memory Diagnostic in the drive. After the reboot, Windows Memory Diagnostic will load and its interface will appear. After loading, the first test pass will begin, using the default standard test suite, and continue until complete, unless Windows Memory Diagnostic is either paused or exited. Once the first test pass is complete, Windows Memory Diagnostic will begin a second test pass using the same settings as before. Windows Memory Diagnostic will continue to run test passes until you exit."

Mark Minasi's Windows Networking Tech Page: Newsletter #38 January 2004

0 comments  

Mark Minasi's Windows Networking Tech Page
: Newsletter #38 January 2004
: "Feature Article: Software Update Service: Patch Management From A to Z "

ZDNet UK - Insight - What can you learn from a hacker site?

January 22, 2004

0 comments  

What can you learn from a hacker site?: "Finding up what the other side is up to can help keep your network secure - but make sure you don't get rumbled"

NewsIsFree: Technology Feeds

January 21, 2004

0 comments  

NewsIsFree: Technology Feeds

Here's some more RSS feeds:

http://msdn.microsoft.com/security/rss.xml - MSDN Security

http://www.wired.com/news/feeds/rss2/0,2610,24,00.xml - Wired News: IT/IS Important

http://www.netstumbler.org/backend.php - net stumbler dot com

http://www.geekwisdom.com/dyn/module.php?mod=node&op=feed - Geek(Wisdom).com

http://www.geeknewscentral.com/index.xml - Geek News Central

http://www.geeknik.net/?rss - Geeknik

http://xml.newsisfree.com/feeds/85/3785.xml - 2600.com

http://xml.newsisfree.com/feeds/62/4662.xml - Secunia

http://www.hackinthebox.org/backend.php - hackinthebox.org

http://cultdeadcow.blogspot.com/rss/cultdeadcow.xml - CULT OF THE DEAD COW

http://www.computerworld.com/news/xml/0,5000,73,00.xml - ComputerWorld: Security Knowledge Center

Computer Security Incident Handling Guide

0 comments  

Computer Security Incident Handling Guide - by the National Institute of Standards and Technology (NIST). Good background info.

Windows 2000 Security Hardening Guide

0 comments  

Windows 2000 Security Hardening Guide: "This document provides administrator guidance for how to set up and configure secure Windows 2000 systems in several scenarios. This document is a baseline for other hardening guides published by Microsoft, such as the Microsoft Solutions for Security."

Microsoft Baseline Security Analyzer v1.2 is Released!

0 comments  

Microsoft Baseline Security Analyzer v1.2 (for IT Professionals): "Version 1.2 of MBSA includes a graphical and command line interface that can perform local or remote scans of Windows systems. MBSA runs on Windows Server 2003, Windows 2000, and Windows XP systems and will scan for common security misconfigurations in the following products: Windows NT 4.0, Windows 2000, Windows XP, Windows Server 2003, Internet Information Server (IIS) 4.0, 5.0, and 6.0, SQL Server 7.0 and 2000, Internet Explorer (IE) 5.01 and later, and Office 2000, 2002 and 2003. MBSA also scans for missing security updates for Windows NT 4.0, Windows 2000, Windows XP, Windows Server 2003, IIS, SQL, Exchange, IE, Windows Media Player, MDAC, MSXML, Microsoft VM, Office, Content Management Server, Commerce Server, Host Integration Server, and BizTalk Server."

Tips & Newsletters-SearchNetworking.com: Getting DNS statistics and information

January 19, 2004

0 comments  

Getting DNS statistics and informationDNSCMD utility is a Windows command line tool that you can install and use on either a client or server to troubleshoot and configure DNS.

823659 - Client, Service, and Program Incompatibilities That May Occur When You Modify Security Settings and User Rights Assignments

0 comments  

823659 - Client, Service, and Program Incompatibilities That May Occur When You Modify Security Settings and User Rights Assignments - Lists all of the settings and the possible affects they may have.. nice!

Another View: Restoring an AD DC on dissimilar hardware

January 17, 2004

0 comments  

Restoring an AD DC on dissimilar hardware: "This procedure is detailed in Microsoft Knowledge Base Article - 263532. But here is the 10,000 foot view of the operation."

Star-Telegram.com

January 14, 2004

0 comments  

Hey! Where's the problem? - Dave Lieber IN MY OPINION --Middle School Student Suspended for Using DOS Messaging System
(6 January 2004)

A thirteen-year-old Texas middle school student was suspended for three
days because he sent a message saying "Hey" to every computer in the
school using an old messaging system his father taught him while
tutoring him about DOS (the operating system). The columnist feels that
the punishment was far too harsh for the student's actions, particularly
because his actions were not forbidden by any written school policy.

The 10 Laws of Patch Management

0 comments  

Law # 1: Security patches are a fact of life.
Law # 2: It does no good to patch a system that was never secure to begin with.
Law # 3: There is no patch for bad judgment.
Law # 4: You cannot patch what you do not know you have.
Law # 5: The most effective patch is the one you do not have to apply.
Law # 6: A service pack covers a multitude of patches.
Law # 7: All patches are not created equal.
Law # 8: Never base your patching decision on whether you have seen an exploit code … Unless you have seen an exploit code.
Law # 9: Everyone has a patch management strategy, whether they know it or not.
Law #10: Patch management is really Risk Management.

As posted on the
Patch Management Mailing List. Join here.

January Security Bulletins

January 13, 2004

0 comments  

Microsoft Security Bulletin MS04-001 - Vulnerability in Microsoft Internet Security and Acceleration Server 2000 H.323 Filter Could Allow Remote Code Execution (816458)

Microsoft Security Bulletin MS04-002 - Vulnerability in Exchange Server 2003 Could Lead to Privilege Escalation (832759)

Microsoft Security Bulletin MS04-003 - Buffer Overrun in MDAC Function Could Allow Code Execution (832483)

Vulnerabilities afflict multiple antivirus products

0 comments  

SearchSecurity.com | Vulnerabilities afflict multiple antivirus products Serious vulnerabilities in several antivirus products could result in denial-of-service conditions, local privilege escalation and other negative consequences. Fixes are available for some of the problems.

A team of researchers from Aerasec Network Services and Security GmbH, based in Hohenbrunn, Germany, discovered that these products have trouble with so-called bzip2 bombs.

Intrusion detection for Windows 2000

January 08, 2004

0 comments  

Intrusion detection for Windows 2000: "What is GFI LANguard System Integrity Monitor?
GFI LANguard System Integrity Monitor (S.I.M.) is a utility that provides intrusion detection by checking whether files have been changed, added or deleted on a Windows 2000/XP system. If this happens, it alerts the administrator by email. Because hackers need to change certain system files to gain access, this FREEWARE utility provides a great means to identify any servers that are open to attack."

I heard some rave reviews on this from Lockergnome in their IT newsletter.

Google Search: VIEW ACTIVE DIRECTORY ROLES

0 comments  

Google Search: VIEW ACTIVE DIRECTORY ROLES: " a.. Active Directory Schema for the schema master.
b.. Active Directory Domains and Trusts for the domain naming master.
c.. Active Directory Users and Computers for per-domain roles."


Additionally, you can use the Active Directory snap-ins to view the actual
roles that a domain controller owns. To accomplish this, you would choose
one of the Active Directory snap-ins, right-click the root node of the
snap-in in the consoler tree, and select Operations Master. The Operations
dialog box displays the name of the domain controller that is the current
focus and its status.

Quick Links: Operations master roles

0 comments  

Operations master roles

255504 - Using Ntdsutil.exe to Seize or Transfer FSMO Roles to a Domain Controller

255690 - HOW TO: View and Transfer FSMO Roles in the Graphical User Interface

Resources - Exchange - FAQ - Appendix F - Why PSTs are bad, by Ed Crowley.

January 06, 2004

0 comments  

Why PSTs are bad, by Ed Crowley. - 15 great reasons why PST's are straight from hell. Sucks to be me, if I only had Exchange.....

RSA: Hacker hiring session morphs into Mitnick melee

January 05, 2004

0 comments  

SearchSecurity.com | RSA: Hacker hiring session morphs into Mitnick melee: "The contentious sparring between Hewlett-Packard Co. chief security strategist Ira Winkler and convicted hacker Kevin Mitnick came to a head Tuesday afternoon at RSA Conference 2003. "

Some Useful Microsoft DR-style Links

January 02, 2004

0 comments  

249694 - How to Move a Windows 2000 Installation to Different Hardware

237556 - How to Troubleshoot Windows 2000 Hardware Abstraction Layer Issues

216498 - HOW TO: Remove Data in Active Directory After an Unsuccessful Domain Controller Demotion

555012 - How to move a certificate authority to a new server running on a domain controller.

216364 - Domain Controller Server Object Not Removed After Demotion

Even More DR links

0 comments  

Windows 2000 Server Disaster Recovery Guidelines - From Microsoft.

Disaster Recovery Planning Process Part 1 of 3 - from the Disaster Recovery Journal.

Disaster Recovery Planning Process Part 2 of 3 - from the Disaster Recovery Journal.

Disaster Recovery Planning Process Part 3 of 3 - from the Disaster Recovery Journal.

Resource Information - Planning Overview