[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <4b6ee931041122151311bc1f5f@mail.gmail.com>
From: xploitable at gmail.com (n3td3v)
Subject: Fwd: Security Watch: Source Code Dealer Arrested
---------- Forwarded message ----------
From: SecurityWatch <securitywatch@...sletters.101com.com>
Date: Mon, 22 Nov 2004 17:07:13 -0500
Subject: Security Watch: Source Code Dealer Arrested
To: Crew-x Security <xploitable@...il.com>
November 22, 2004
Security Watch
http://mcpmag.com/security/
http://ENTmag.com
=================================================================
THIS ISSUE SPONSORED BY:
- ONLY FROM CISCO: THE INTEGRATED SECURITY DEMO
http://info.101com.com/default.asp?id=10527
- TechMentor is Back in Orlando with 6 New Tracks
http://info.101com.com/default.asp?id=10975
- Free Paper: Simple, Affordable Fault Tolerant Windows
http://info.101com.com/default.asp?id=10976
=================================================================
-----------------------------------------------------------------
In This Issue:
1) Ill News for Illwill
2) Reader Feedback: USB Security
3) Security News and Other Information
-----------------------------------------------------------------
=================================================================
SPONSOR: ONLY FROM CISCO: THE INTEGRATED SECURITY DEMO
=================================================================
This brief executive level demonstration outlines the substantial
security challenges facing business of all sizes and types today,
and how the powerful Cisco Integrated Security approach can
effectively protect your business.
http://info.101com.com/default.asp?id=10527
=================================================================
-----------------------------------------------------------------
Ill News for Illwill
**By Roberta Bragg
Last week William Genovese, a.k.a. "illwill," was arrested and charged
with selling Windows 2000 and Windows NT 4.0 source code. The source
code was purportedly stolen from the drives of a computer owned by
longtime Microsoft partner Mainsoft Corp. The arrest was the result of
the work of an online security investigator hired by Microsoft, the
U.S. Attorney's office and the FBI. Genovese has a previous conviction,
in March of 2003, for eavesdropping when he wrote a virus used to hack
into computers.
Genovese, 27, of Meriden, Connecticut, faces a maximum sentence of 10
years in prison and a fine of $250,000 if convicted.
The arrest is good, and welcome, news. It's been disheartening of late
to witness the criminal activity concerning computers and computer
information. In spite of all we know, in spite of all we do, it seems
we're deluged daily with, or beaten down with, the news of new
vulnerabilities, new malware, new incidents of data theft, denial of
service attacks and increasing evidence of criminal and malicious
intent behind them.
Just when I was ready to succumb to my paranoia and retire to my
fortress, two good things happened. First, the arrest shows that
organizations are working together to "do something" about it. A single
arrest won't stop the attempts or successful attacks on our information
systems, but it does indicate progress.
Second, you, the readers, continue to write me with not just questions,
but information on how you're engaged in the battle. Keep those letters
coming. I answer as many questions as I can, and I like hearing about
your successes in keeping the boogey man at bay.
Meanwhile, Microsoft has a slew of tools that may help in your efforts.
These tools, all part of the ALTools package, focus on Netlogon and the
Windows event log. They can be downloaded from http://snipurl.com/2vic.
Included in the package:
- LockoutStatus.exe. Displays information about a locked-out account.
- ALockout.dll. Helps determine the program or process sending the
incorrect credentials in a scenario.
- AcctInfo.dll. Isolates and troubleshoots account lockouts.
- ALoInfo.exe. Displays user account names and their password age.
- EnableKerbLog.vbs. Startup script that enables Kerberos logging.
- EventCombMT.exe. Gathers events for event logs at many locations for
a centralized view.
- NLParse.exe. Extracts and displays desired entries from Netlogon
files.
But before you rush out and start using the tools, read the
disclaimers. For example, Microsoft warns that you shouldn't run
ALockout.dll on servers that host network programs such as Exchange,
because the tool may make it impossible for those programs to start.
Also check out the Microsoft document "Account Passwords and Policies,"
http://snipurl.com/at8y, which fully describes the tools, points to
more information on running them, and sternly warns against their
frivolous use. (The tools can be used with Windows Server 2003, Win2K
and, in some cases, NT 4.0.) As usual, before running any new tool, you
should back up a copy of the operating system and your valuable data.
-- Roberta Bragg, MCSE: Security, CISSP, Security+, and contributing
editor for MCP Magazine, owns Have Computer Will Travel, Inc., an
independent firm specializing in information security and operating
systems. She's series editor for McGraw-Hill/Osborne's Hardening
series--books that instruct you on how to secure your networks before
you are hacked, and author of the first book in the series, "Hardening
Windows Systems". Contact her at roberta.bragg@...mag.com.
-----------------------------------------------------------------
=================================================================
SPONSOR: Super Early Bird Savings Through December 31
=================================================================
TechMentor has changed! Our new vision happens in Orlando
April 4-8, 2005, with six tracks on networking and certification
training for Windows professionals. We now offer three tracks
on Microsoft's administrative certs: MCDST, MCSA, MCSE. PLUS
three tracks to help time-challenged administrators do their
jobs better, faster and more efficiently: Windows System Automation,
System and Network Troubleshooting, and Small/Medium Business
Operations. Register by December 31 and save $300.
http://info.101com.com/default.asp?id=10975
=================================================================
-----------------------------------------------------------------
**Reader Feedback: USB Security
Roberta,
Question: Using policies, can I disable selected computers from using
USB external memory devices without preventing the use of such things
as USB mice?
--Name Withheld
Roberta answers:
No. However, there are some ways to manage USB ports. I recently
devoted a Security Watch column to that topic, which you can
find here:
http://redmondmag.com/columns/article.asp?EditorialsID=811
-----------------------------------------------------------------
=================================================================
SPONSOR: Free Paper: Simple, Affordable Fault Tolerant Windows
=================================================================
Is Windows server downtime costing you money? Learn simple,
affordable ways to make unmodified Windows servers fault
tolerant. Get continuous application availability through
faults and failures with no need for cluster-aware apps,
no failover scripting, and no data loss.
Marathon Delivers Simple, Affordable, Continuous Uptime.
http://info.101com.com/default.asp?id=10976
=================================================================
-----------------------------------------------------------------
**Security News and Other Information
-- Rand Proposes Analysis Method
Connecting disparate pieces of information to prevent terrorist attacks
has taken on greater importance for the intelligence and homeland
security communities since the Sept. 11, 2001, terrorist attacks. But
the going since then hasn't been easy.
http://fcw.com/fcw/articles/2004/1115/web-rand-11-19-04.asp
-- TSA advances TWIC program
Transportation Security Administration officials have entered a new
phase of the Transportation Worker Identity Credential (TWIC) program,
with testing under way at the Port of Long Beach Container Terminal in
California.
http://fcw.com/fcw/articles/2004/1122/news-tsa-11-22-04.asp
-- Groups Urge 911 Improvements
Advocates for the emergency 911 service said the nation's communication
infrastructure is so woefully outdated that it cannot adapt to the
increasing public usage of new and emerging communication devices, such
as voice over IP.
http://fcw.com/fcw/articles/2004/1115/web-nena-11-17-04.asp
-- NetIQ Ties Its System Management and Security Tools
NetIQ this month will begin shipping a "connector" tool to enable
systems management and security information to be displayed on the same
console.
http://entmag.com/news/article.asp?EditorialsID=6460
-----------------------------------------------------------------
=================================================================
To find out how you can sponsor this newsletter, contact Matt Morollo
at mailto:mmorollo@...com.com.
=================================================================
UNSUBSCRIBE:
http://newsletters.101com.com/red/form.asp?e=XPLOITABLE@GMAIL.COM&nl=40
CHANGE EMAIL ADDRESS:
http://newsletters.101com.com/red/form.asp?e=XPLOITABLE@GMAIL.COM&nl=40
====================================================================
Encourage your peers to excel! Please forward this e-mail to your
interested associates.
If this e-mail was forwarded to you and you'd like to subscribe, please
http://newsletters.101com.com/red/n.asp?pc=HWEB28&nl=37,27,26,43,22,40,7 1
FREE Subscription to Redmond magazine.
http://subscribe.101com.com/red/magazine/NewFreeUS/?p=enews4
Got Windows? Get Redmond magazine, The Independent Voice Of The
Microsoft IT Community. Each monthly issue brings you hands-on problem
solving, tactical hard-core tech info, real-world reviews, expert
columnists, news analysis and strategic insights into all things
Microsoft. This invaluable, solution-oriented magazine comes in both
print and a digital edition, created in Adobe Acrobat PDF format. Do
not miss an issue. Already receive it? Keep it coming!
Get it Now. Get it Free. Get it Fast. Click here to start or continue
your subscription!
http://subscribe.101com.com/red/magazine/NewFreeUS/?p=enews4
Customer Service:
-----------------
- Print Issue: 866-293-3194 (U.S.) or 402-293-3194 (international),
8 a.m. to 5 p.m. Central time Monday through Friday.
- Newsletter problems: mailto:RED@...ts.101com.com
Copyright 2004 101communications LLC. Security Watch may only be
redistributed in its unedited form. Written permission from the editor
must be obtained to reprint the information contained within this
newsletter. Contact kward@...mondmag.com.
Powered by blists - more mailing lists