If you noticed, last week I sort of missed news of the week as we were
in Seattle for SMBnation
SMBNation NEXT YEAR WILL BE SEPTEMBER 9-11, 2005
Put it down on your calendar now and for those who attended look for a
survey in the near future.
Blog posts about SMBnation
--------------------------
http://www.taznetworks.com/rss/2004/09/smbnation-top-10.html
http://www.taznetworks.com/rss/2004/09/smbnation-2005.html
More here: http://www.feedster.com/search.php?q=smb+nation&hl=en&ie=UTF-8
--------------------------
What did you "take away" from SMBnation?
What "pixie dust" did you have left on you as you went home?
Post your pixie dust here:
http://msmvps.com/bradley/archive/2004/09/19/13818.aspx
-----------------------------
We got a new community page!
Welcome to the Windows Small Business Server Community:
http://www.microsoft.com/windowsserver2003/sbs/community/default.mspx
----------------------------
Security bulletins this week
Bulletin Summaries:
September Summary
http://www.microsoft.com/technet/security/Bulletin/ms04-sep.mspx
Critical Bulletins:
MS04-028 - Buffer Overrun in JPEG Processing (GDI+) Could Allow Code
Execution (833987)
http://www.microsoft.com/technet/security/Bulletin/MS04-028.mspx
If a user is logged on with administrator privileges, an attacker who
successfully exploited this vulnerability could take complete control of
an affected system, including installing programs; viewing, changing, or
deleting data; or creating new accounts with full privileges. Users
whose accounts are configured to have fewer privileges on the system
would be at less risk than users who operate with administrative privileges.
<MBSA will NOT scan for ALL affected software on this>
Yes. MBSA does detect if the update for this vulnerability is required
for Office XP, Office 2003, Project 2002, Project 2003, Visio 2002, and
Visio 2003. However, MBSA does not currently support the detection of
several of the programs that are listed in the Affected Software and
Affected Components section of this security bulletin. For detailed
information about the programs that MBSA currently does not detect, see
Microsoft Knowledge Base Article 306460. If you have installed any of
the programs that are listed in the Affected Software and Affected
Components section of this security bulletin you may have to manually
determine if you have to install the required update. For example, a
Windows 2000 or Windows NT 4.0 system that has installed Internet
Explorer 6 Service Pack 1 will need to install the Internet Explorer 6
Service Pack 1 security update and MBSA will not detect the missing
update in these configurations. Also, MBSA cannot use the Office
Detection Tool to scan remote systems, it will only use this tool to
scan a system locally for required security updates. For more
information about MBSA, visit the MBSA Web site.
Important Bulletins:
MS04-027 - Vulnerability in WordPerfect Converter Could Allow Code
Execution (884933)
http://www.microsoft.com/technet/security/Bulletin/MS04-027.mspx
<MBSA will scan for this>
If a user is logged on with administrative privileges, an attacker who
successfully exploited this vulnerability could take complete control of
an affected system, including installing programs; viewing, changing, or
deleting data; or creating new accounts with full privileges. Users
whose accounts are configured to have fewer privileges on the system
would be at less risk than users who operate with administrative
privileges. However, user interaction is required to exploit this
vulnerability.
-------------------------------------
04-028 is a bit messy......
Batten down the hatches folks
From incidents.org
http://isc.sans.org//diary.php?date=2004-09-17
1. Set your gateway devices (routers, firewalls, etc.) to a "deny all"
setting as the default for inbound traffic, then explicitly allow the
ports needed to support your business or operational processes.
2. Use egress filtering to block all outbound traffic not sourced from
the subnet behind a particular edge router. This is just good common
sense, but so many network administrators do not take this simple step.
2. Disable HTML rendering in your email clients. Some email clients have
a feature that blocks inline images. If so, turn it on. (Blocking .jpg
or .jpeg file attachments is a waste of time. Don't do it.)
3. Likewise, disable the preview panel in Outlook and Outlook Express.
4. Do not use Word as your email editor. Use Outlook's built-in editor.
Once you do start patching for MS04-028, do not forget to patch twice -
once for Microsoft Windows and once for Microsoft Office. Microsoft's
statement about WindowsXP SP2 being not vulnerable is a bit misleading.
If you are running Office products, you need to patch them too
regardless of your SP level.
--------------------------------------------------
KB's of interest
875421 - "An error occurred while configuring a component" error message
when you run the Configure E-mail and Internet Connection Wizard in
Windows Small Business Server 2003:
http://support.microsoft.com/?kbid=875421
875432 - Third-party fax program cannot send faxes in Microsoft Small
Business Server 2003:
http://support.microsoft.com/?kbid=875432
885191 - Small Business Server 2003 installation starts automatically
when you try to start the Recovery Console from the Dell OEM version of
the Small Business Server 2003 CD:
http://support.microsoft.com/?kbid=885191
867457 - The View Usage Report tool may report many e-mail messages in
Windows Small Business Server 2003:
http://support.microsoft.com/?kbid=867457
842466 - You may receive an error message or the Setup program may stop
responding when you install Microsoft Windows Small Business Server 2003:
http://support.microsoft.com/?kbid=842466
884004 - "You must install Internet Security and Acceleration Server
2000 Service Pack 1 and:
http://support.microsoft.com/?kbid=884004
842469 - The Windows Small Business Server 2003 Setup program stops
after the "Loading component 19 of 40" message is displayed:
http://support.microsoft.com/?kbid=842469
842694 - "You must be a member of the Domain Admins, Schema Admins, and
Enterprise Admins" error when you run the Windows Small Business Server
2003 Setup program:
http://support.microsoft.com/?kbid=842694
870679 - Your Windows Server 2003-based multiprocessor computer with an
AMD chipset may occasionally stop responding:
http://support.microsoft.com/?kbid=870679
873434 - The Exchange Intelligent Message Filter does not scan e-mail
messages on your Exchange Server 2003 computer:
http://support.microsoft.com/?kbid=873434
836982 - You receive a "0x8007045A ERROR_DLL_INIT_FAILED" error message
when you use the Windows Update Web site:
http://support.microsoft.com/?kbid=836982
-------------------------------
In other news:
- - - - - - - - - -
Small businesses crying out for help with security
SMEs are tech buyers too - and according to
analysts, when they get their credit cards out,
they're most likely to spend their cash on web
hosting and consulting on networks and security.
According to analyst IDC, it's particularly those
in the medium-sized bracket - between 100 and 999 -
that are eyeing up IT services with increasing
interest. The analysts also found that while they
have less money to spend than their corporate
counterparts, the SME segment tends to have big
plans for IT services and a budget set aside
to pay for them.
http://management.silicon.com/smedirector/0,39024679,39124021,00.htm
----------------------
British police arrest suspect in Cisco code theft
British authorities have arrested a man suspected
of stealing source code from Cisco Systems in May,
a spokeswoman for Scotland Yard confirmed Friday.
The 20-year-old man, who has not been identified,
was arrested Sept. 3, after the Metropolitan Police
Computer Crime Unit searched two residences in
Manchester and Darbyshire. The man is suspected
of committing "hacking offenses" under that country's
Computer Misuse Act of 1990, said Julie Prinsep,
a spokeswoman for Scotland Yard.
http://news.zdnet.com/2100-1009_22-5371807.html
- - - - - - - - - -
11 Indicted in Bootlegged Software Case
A federal grand jury in Los Angeles has indicted
11 people on charges of conspiring to distribute
nearly $31 million worth of bootlegged software
programs. The indictments, handed up Wednesday,
stem from a two-year investigation that uncovered
a network that replicated more than 10,000 illicit
software CDs, licenses and manuals. The defendants
allegedly distributed them to warehouses and then
processed payments when the counterfeit products
were sold, according to the U.S. attorney's office
in Los Angeles.
http://www.newsfactor.com/story.xhtml?story_title=Software-Sting-Leads-to-Arrests--Seizures-of-Pirated-Goods&story_id=27022
http://www.latimes.com/technology/la-fi-software17sep17,1,5345364.story
http://www.theregister.co.uk/2004/09/17/digital_marauder_charges/
- - - - - - - - - -
AOL Rejects Spam Plan by Microsoft
Add America Online to the growing list of companies
and organizations shunning a spam-fighting proposal
from Microsoft. AOL cited "tepid support" for
Microsoft's so-called Sender ID technology, which
seeks to cut down on junk e-mail by making it
difficult for spammers to forge e-mail headers
and addresses, a common technique for hiding their
origins. Thursday's announcement came on the heels
of a recent decision by internet engineers to reject
a preliminary proposal from Microsoft because of its
patent claims.
http://www.wired.com/news/technology/0,1282,64989,00.html
http://www.latimes.com/technology/la-fi-rup17.2sep17,1,7807916.story
http://www.vnunet.com/news/1158166
http://www.newsfactor.com/story.xhtml?story_title=AOL-Rejects-SenderID&story_id=27023
http://www.usatoday.com/tech/techinvestor/industry/2004-09-17-aol-shuns-ms-spam-tech_x.htm
http://www.computerworld.com/softwaretopics/software/groupware/story/0,10801,96022,00.html
- - - - - - - - - -
Cybercrime summit urges international cooperation
Pressure is growing on more nations to implement
the Council of Europe's anti-cybercrime treaty.
European officials met on Friday in a high-level
push to persuade more countries to sign up to
an international effort combating cybercrime.
http://news.zdnet.co.uk/internet/security/0,39020375,39166977,00.htm
http://www.theregister.co.uk/2004/09/17/euro_cybercrime_conference/
- - - - - - - - - -
Hackers Jump On Windows Vulnerability
Hackers are drooling at the thought of exploiting
Microsoft's most recent vulnerabilities, security
analysts said Thursday. Less than 24 hours after
Microsoft released details of the latest vulnerability
in Windows, hackers were sharing details and eager
to get their hands on exploit code, said Ken Dunham,
the director of malicious code research for Reston,
Va.-based security intelligence provider iDefense.
http://www.crn.com/sections/breakingnews/dailyarchives.jhtml%3Bjsessionid=TCQEJD0Z1V224QSNDBGCKHQ?articleId=47900062
- - - - - - - - - -
Security alerts recorded at Olympic Games
More than five million security alerts were recorded
during 16 days of Olympic competition, according
to Atos Origin, the company managing the Games' IT.
While there were no proven attacks on the network
during the event, Atos Origin did observe some
abnormal behaviour. Just over 400 alerts were
classed as serious - and 20 of these alerts were
viewed as critical. Some of the IT infrastructure
was set in an open environment.
http://www.vnunet.com/news/1158160
- - - - - - - - - -
Symantec to offer Web-based Norton AntiVirus console
Symantec Corp. yesterday announced plans to release
a Web-based console to help system managers and
network administrators centrally administer Mac
clients using Norton AntiVirus for Macintosh 9.0.
The Web console -- to be made available specifically
to corporate and enterprise licensees of Norton
AntiVirus software -- will allow administrators
to distribute virus definitions and product updates
on demand, install the Norton AntiVirus software
itself, lock-down settings, push configuration
changes and maintain client data in a MySQL database.
http://www.computerworld.com/securitytopics/security/story/0,10801,96025,00.html
- - - - - - - - - -
Symantec to acquire security consultants @Stake
Symantec Corp. has agreed to acquire @Stake Inc.,
a Cambridge, Mass.-based provider of IT security
consulting services. After closing the deal,
expected in October, Symantec plans to integrate
@Stake's services and applications into its global
professional services offerings, the company said
in a statement.
http://www.computerworld.com/securitytopics/security/story/0,10801,96021,00.html
- - - - - - - - - -
Cisco, Microsoft in security showdown
Cisco Systems and Microsoft are headed for a
collision over network security, with customers
caught in the middle. The two companies have
each proposed competing "end to end" security
architectures, marking the latest evolution in
network defense--an approach concerned not only
with scanning for viruses but also with policing
networks to deny connections to machines that
don't conform with security policies.
http://news.com.com/Cisco%2C+Microsoft+in+security+showdown/2100-7355_3-5370427.html
------------------
Feds say Lamo inspired other hackers
The final act in the saga of Adrian Lamo's hacking
adventures ended with a contrite message from the
once brash cyber outlaw, and a grim denunciation
from his prosecutor, who blamed the hacker for
inspiring other computer intruders. In a hearing
in New York last July, Lamo, 23, was sentenced
to six months of house arrest followed by two
years probation, and ordered to pay $65 thousand
in restitution, for intruding into the New York
Times' internal network and conducting thousands
of database searches using the newspaper's
Lexis-Nexis account.
- - - - - - - - - -
New MyDoom offers 'how to' details
A new version of the Internet worm MyDoom includes
a photo of suspected Netsky worm writer Sven Jaschan
and a description of the worm itself. In the latest
bizarre twist in the worm's development, authors
included a detailed account of what MyDoom.Y does
and how it works. This particular tactic has left
antivirus vendors baffled.
http://news.com.com/New+MyDoom+offers+%27how+to%27+details/2100-7349_3-5369473.html
http://news.zdnet.com/2100-1009_22-5369473.html
MyDoom.Y baffles antivirus firms
http://news.zdnet.co.uk/internet/security/0,39020375,39166836,00.htm
- - - - - - - - - -
Freegate is not Trojan horse, says Symantec
Symantec is to stop classifying a software utility
that enables Chinese surfers to view blocked websites
as a Trojan horse. The reassessment follows stories
earlier this week questioning the designation of the
widely-used Freegate programas malicious code. Freegate
has 200,000 users, Dynamic Internet Technology (DIT),
its developer, estimates.
http://www.theregister.co.uk/2004/09/16/symantec_relabels_freegate/
- - - - - - - - - -
http://www.securityfocus.com/news/9520
--
http://www.sbslinks.com/really.htm
http://www.msmvps.com/bradley
https://www.ecora.com/ecora/jump/pm99.asp