Here I am at the AICPA Tech conf in Las Vegas at the Venetian hotel.
News this week... I'm passing along an email from the MS listserve....
If you have port 443 open on your SBS 2k system ... watch out as we're
seeing exploits.
How do I know if port 443 is open?
Go to https://grc.com/x/ne.dll?bh0bkyd2 and click on proceed, then on
"common ports". If port 443 is closed or stealth, you are in good
shape. If you have open port 443, then you need to patch NOW.
------------------
Hello all~
With Brett?s permission, I wanted to take a brief moment to reach as
many IIS 5.0 administrators as possible to warn them against not having
the MS04-011 fix. Microsoft is currently seeing an increase in
customers who are being hit by the exploits released within the past two
weeks which creates a Denial of Service (DoS) against servers who are
using SSL. It is important to note that this exploit does not impact
your servers which are ONLY using HTTP (non-secure).
With that said, I would like to personally ask all IIS administrators to
take the time to test and install MS04-011. The critical update is
located here:
MS04-011 Information:
http://www.microsoft.com/technet/security/bulletin/MS04-011.mspx
Critical Update:
http://www.microsoft.com/downloads/details.aspx?FamilyId=0692C27E-F63A-414C-B3EB-D2342FBB6C00&displaylang=en
Considerations:
If you are using SSL on your IIS 5.0 servers and have not patched your
systems you will be vulnerable to the DoS against exploits. The
symptoms are easily recognized by the following in your System event viewer:
Source: LsaSrv
Event ID: 5000
Description: The security package Microsoft Unified Security Protocol
Package generated an exception. The package is now disabled. The
exception information is the data.
The method to correct this problem is the following:
a). Rebooting the server will recycle the SSL components and allow
your site to resume service (but unpatched)
b). Install MS04-011 which mitigates the exploit
Current Investigations:
Microsoft is currently investigating problems related to installations
of IIS 5.0 and SSL with Client Certificates.
In short, IIS 5.0 installations which use large Certificate Revocation
Lists (CRL) might lead to client certificates failing. However, it is
still recommended that you install the hotfix if at all possible to
avoid not having important fixes above and beyond the SSL fix.
Situations where Microsoft has seen Client Certificates fail:
a). Certificate Trust List?s failures ? Resolve this by disabling
use of CTL?s
(http://support.microsoft.com/default.aspx?scid=kb;en-us;216485)
b). CA?s are getting restricted to no longer accept Client Certs ?
No Documentation, but using the Certificates Snap-In and editing the
Usage can mitigate - contact me if you need more details.
c). CRL lookup problems: Occurs with large CRL files. Disable CRL
Checking on your IIS 5.0 Server
((http://support.microsoft.com/default.aspx?scid=kb;en-us;295070)
At this time, we have not currently released a update that addresses all
of the issues which are listed in this mail. There are also other
random issues which we have not confirmed as being related to MS04-011
but lack confirmation. It is suggested that you monitor the Technet
security center at www.microsoft.com/technet/security to watch for
updates to resolve these problems.
In conclusion, most IIS installations will not be effected by the few
considerations listed in this email. This is the reason we are
requesting that all customers test and install MS04-011 on their Windows
2000 SP 2, 3, or 4 machines.
Thanks in advance for your time,
~Chris Adams
Web Platform Supportability Lead
IIS: www.microsoft.com/iis
------------------------
Two Arrested in First Test of Anti-Spam Law
Federal authorities said Thursday that they had
arrested two e-mail marketers and were searching
for two others in the government's first use of
a new law designed to crack down on "spam" e-mail.
A raid was conducted on a Detroit-area operation
accused of sending out millions of e-mail
advertisements for a fraudulent weight-loss
patch, the Federal Trade Commission said.
http://www.siliconvalley.com/mld/siliconvalley/news/editorial/8543317.htm
http://www.latimes.com/technology/la-fi-spam30apr30,1,5104872.story
http://www.newsfactor.com/story.xhtml?story_title=Can_Spam_Law_Meets_Its_First_Test&story_id=23901
http://www.cnn.com/2004/LAW/04/29/internet.spam.ap/index.html
http://www.vnunet.com/News/1154843
Survey: Spam will beat Bill Gates
http://zdnet.com.com/2100-1105_2-5202203.html
Spam Report Card: 2004
http://zdnet.com.com/2100-1105_2-5202236.html
- - - - - - - - - -
- - - - - - - - - -
Alarm growing over bot software
While many network administrators worry about
the next worm, security experts are warning that
a quieter but equally damaging threat is slowly
gaining control of large networks of computers.
Known as bot software, the remote attack tools
can seek out and place themselves on vulnerable
computers, then run silently in the background,
letting an attacker send commands to the system
while its owner works away, oblivious. The latest
versions of the software created by the security
underground let attackers control compromised
computers through chat servers and peer-to-peer
networks, command the software to attack other
computers and steal information from infected
systems.
http://zdnet.com.com/2100-1105_2-5202236.html
House probes spyware
http://www.cnn.com/2004/TECH/internet/04/30/spyware.ap/index.html
http://www.usatoday.com/tech/news/techpolicy/2004-04-30-spyware_x.htm
- - - - - - - - - -
Nasty Malware Fouls PCs With Porn
Last Sunday, Maria DelGiorno gave up. She unplugged
her laptop PC and carefully placed it underneath
a statue of the Virgin Mary. "It was the only thing
I could think of doing," said the 67-year-old
great-grandmother. "The computer was filled with
filthy things. It was embarrassing. My grandchildren
kept asking me why I was looking at so much
pornography."
http://www.wired.com/news/infostructure/0,1377,63280,00.html
- - - - - - - - - -
Experts warn of Bluetooth security hole
Thieves have acquired new weapons to exploit
Bluetooth-enabled phones and computers to steal
valuable data, experts warn. Though Bluetooth
integrates certain security measures, security
expert Adam Laurie has shown reporters at the
BBC how he can 'bluesnarf' into other Bluetooth-
enabled devices without permission using some
software and a Bluetooth-capable computer.
http://www.macworld.co.uk/news/main_news.cfm?NewsID=8568
- - - - - - - - - -
- - - - - - - - - -
Lawmakers vow to pass new law against spyware
U.S. lawmakers vowed today to pass legislation
to stop deceptive software even though regulators
advised against any new laws. Both Republicans
and Democrats on the House Energy and Commerce
Committee said new laws were needed to stop the
proliferation of so-called spyware, which hides
in users' computers and secretly monitors their
activities.
http://computerworld.com/governmenttopics/government/legislation/story/0,10801,92762,00.html
http://news.com.com/2100-1023_3-5202016.html
http://msnbc.msn.com/id/4865172/
FTC officials blast spyware measures
Two Federal Trade Commission officials ignited
a political firestorm on Thursday by criticizing
proposed laws targeting spyware and suggesting
that the measures might harm legitimate software
products, too. During an appearance before a
House of Representatives panel, FTC Commissioner
Mozelle Thompson said the measures were the
wrong approach to spyware and adware. "I do not
believe legislation is the answer at this time,"
he said. "Instead, we should give industry the
time to respond...Self-regulation combined with
enforcement of existing laws might be the best
way to go."
http://zdnet.com.com/2100-1104_2-5202016.html
- - - - - - - - - -
Hidden 'backdoors' worry security firms
The recent spate of Netsky and Bagle worms is
not just a problem now: it may compromise thousands
of PCs for the foreseeable future, say security
experts Software "back doors" that can give hackers
full control over an infected PC are becoming more
difficult to detect because of the sheer number of
viruses and worms that can now distribute this type
of malware, say security experts.
http://news.zdnet.co.uk/internet/security/0,39020375,39153343,00.htm
- - - - - - - - - -
Microsoft SSL patch creating SSLowdowns
Microsoft Corp. said yesterday that a recently
released software patch for its Windows operating
system is causing some Windows 2000 machines to
stop responding after it is installed. Some systems
that use security update MS04-011 stop responding
when they start up, prevent users from logging onto
Windows or bog down, Microsoft said in an article
in its Knowledge Base online help database.
http://computerworld.com/securitytopics/security/story/0,10801,92757,00.html
- - - - - - - - - -