--- Begin Message ---
SecurityFocus Microsoft Newsletter #198
----------------------------------------
This issue sponsored by: FaceTime
Free Webinar! Enterprise IM: How IT Managers Can Survive. Featured Speaker:
Nate Root, Senior Analyst, Forrester Research. IT directors and security
managers will gain new insights to balance compliance and security risks.
Highlights an integrated solution from FaceTime Communications and MSN
Messenger Connect for Enterprises. Ideal for financial services,
healthcare, energy companies and other regulated organizations.
View the webinar now!
http://www.securityfocus.com/sponsor/FaceTime_ms-secnews_040720
------------------------------------------------------------------------
I. FRONT AND CENTER
1. Metasploit Framework (Part 2 of 3)
2. Packet Crafting for Firewall & IDS Audits (Part 2 of 2)
3. The Pied Piper Syndrome
II. MICROSOFT VULNERABILITY SUMMARY
1. Microsoft JVM Cross-Domain Applet Unauthorized Communication...
2. Microsoft Internet Explorer JavaScript Method Assignment Cro...
3. Microsoft Internet Explorer Popup.show Mouse Event Hijacking...
4. Microsoft Outlook Express Message Window Script Execution Vu...
5. Microsoft Windows 2000 Media Player Control Media Preview Sc...
6. Microsoft Internet Explorer JavaScript Null Pointer Exceptio...
7. Adobe Acrobat/Reader File Name Handler Buffer Overflow Vulne...
8. Multiple Mozilla Bugzilla Vulnerabilities
9. wvWare Library Field.c WVHANDLEDATETIMEPICTURE Function Remo...
10. Microsoft Windows HTML Help Heap Overflow Vulnerability
11. Microsoft IIS 4 Redirect Remote Buffer Overflow Vulnerabilit...
12. Microsoft Windows Utility Manager Local Privilege Escalation...
13. Microsoft Windows Task Scheduler Remote Buffer Overflow Vuln...
14. Microsoft Windows POSIX Subsystem Buffer Overflow Local Priv...
15. Microsoft Outlook Express Malformed Email Header Denial Of S...
16. INweb Mail Server Remote Denial Of Service Vulnerability
17. PHPBB Multiple Unspecified SQL Injection Vulnerabilities
18. PHP Strip_Tags() Function Bypass Vulnerability
19. Microsoft Systems Management Server Remote Denial Of Service...
20. Novell BorderManager Remote Denial Of Service Vulnerability
21. Gattaca Server 2003 Multiple Denial Of Service Vulnerabiliti...
22. Gattaca Server 2003 Multiple Path Disclosure Vulnerabilities
23. Gattaca Server 2003 Cross-Site Scripting Vulnerability
24. PHPBB Multiple Cross-Site Scripting Vulnerabilities
25. Multiple PHPNuke SQL Injection And Cross-Site Scripting Vuln...
III. MICROSOFT FOCUS LIST SUMMARY
1. Windows Update v5 and XPSP2RC2 (Thread)
2. Browser Vulns (Thread)
3. Microsoft Audit Collection System (Thread)
4. Article Announcement: The Pied Piper Syndrome (Thread)
5. security M$ exchange2003 imap4 (Thread)
6. Tool to view effective AD settings (Thread)
7. MS to dump NT 4.0 Wkstn. Patches (Thread)
8. [security] Tool to view effective AD settings (Thread)
9. SecurityFocus Microsoft Newsletter #197 (Thread)
IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
1. Network Time System
2. Anon-Encrypt
3. RSI
4. WiSSH
5. Firewall RuleMaker
6. CAT Cellular Authentication Token and eAuthentication Servic...
V. NEW TOOLS FOR MICROSOFT PLATFORMS
1. CryptoHeaven v2.4.1
2. Hardening TCP/IP 1.0
3. Xintegrity 1.4
4. Anti-Cracker Shield 1.10
5. cenfw 0.2 beta
6. SiVuS, The VoIP Vulnerability Scanner 1.03
VI. UNSUBSCRIBE INSTRUCTIONS
VII. SPONSOR INFORMATION
I. FRONT AND CENTER
-------------------
1. Metasploit Framework (Part 2 of 3)
By Pukhraj Singh and K.K. Mookhey
This article provides an elaborate insight into the Open Source exploit
framework, the Metasploit Framework, which is meant to change the future of
penetration testing once and for all. Part two of three.
http://www.securityfocus.com/infocus/1790
2. Packet Crafting for Firewall & IDS Audits (Part 2 of 2)
By Don Parker
This article is the second of a two-part series that will discuss various
methods to test the integrity of your firewall and IDS using low-level
TCP/IP packet crafting tools and techniques.
http://www.securityfocus.com/infocus/1791
3. The Pied Piper Syndrome
By Tim Mullen
Making electronic voting terminals more like slot machines won't keep
elections secure from tampering.
http://www.securityfocus.com/columnists/255
II. MICROSOFT VULNERABILITY SUMMARY
-----------------------------------
1. Microsoft JVM Cross-Domain Applet Unauthorized Communication...
BugTraq ID: 10688
Remote: Yes
Date Published: Jul 10 2004
Relevant URL: http://www.securityfocus.com/bid/10688
Summary:
It has been reported that applets running in the Microsoft JVM share a common
data structure that can be both written to and read from by any applet,
regardless of domain association. This is in violation of the above security
policy.
2. Microsoft Internet Explorer JavaScript Method Assignment Cro...
BugTraq ID: 10689
Remote: Yes
Date Published: Jul 12 2004
Relevant URL: http://www.securityfocus.com/bid/10689
Summary:
A vulnerability exists in Microsoft Internet Explorer that may allow
cross-domain scripting.
It is reported that the vulnerability presents itself due to a failure to
properly validate trust relationships between method calls that are made in
separate Internet Explorer windows. This may make it possible for script code
to access properties of a foreign domain.
This issue may also potentially be exploited to cross Security Zone boundaries,
though this has not been confirmed.
3. Microsoft Internet Explorer Popup.show Mouse Event Hijacking...
BugTraq ID: 10690
Remote: Yes
Date Published: Jul 12 2004
Relevant URL: http://www.securityfocus.com/bid/10690
Summary:
A vulnerability exists in Microsoft Internet Explorer that may permit a
malicious Web page to hijack mouse events. This could potentially be exploited
to trick an unsuspecting user into performing unintended actions such as
approving pop-up dialogs.
The method caching variant of this attack is also reported to work.
This is similar to the vulnerability described in BID 9108.
4. Microsoft Outlook Express Message Window Script Execution Vu...
BugTraq ID: 10692
Remote: Yes
Date Published: Jul 12 2004
Relevant URL: http://www.securityfocus.com/bid/10692
Summary:
Microsoft Outlook Express is reported prone to a vulnerability that may allow
unauthorized execution of script code.
It is reported that Outlook Express filters user-supplied input such as script
code in the in the 'window.document' object, however, fails to filter script
code in any other components of the window object. This may aid in attacks
that occur through HTML email.
Microsoft Outlook Express version 6.0 is currently known to be vulnerable to
this issue, however, it is possible that other versions are affected as well.
5. Microsoft Windows 2000 Media Player Control Media Preview Sc...
BugTraq ID: 10693
Remote: Yes
Date Published: Jul 12 2004
Relevant URL: http://www.securityfocus.com/bid/10693
Summary:
Microsoft Windows 2000 is reported prone to a script code execution
vulnerability. Specifically, this issue arises when a user previews media in
Windows Explorer.
It is reported that malicious script code can be executed in the local zone
when files in a specially crafted play list are previewed. This can be
exploited by specifying the 'javascript:' protocol for one or more of the files.
This issue can be leveraged to carry out various attacks.
6. Microsoft Internet Explorer JavaScript Null Pointer Exceptio...
BugTraq ID: 10694
Remote: Yes
Date Published: Jul 12 2004
Relevant URL: http://www.securityfocus.com/bid/10694
Summary:
A denial of service vulnerability is reported to affect Internet Explorer. The
issue is reported to present itself when Internet Explorer attempts to render
JavaScript that contains an invalid for statement.
A remote attacker may exploit this vulnerability to cause the running instance
of Internet Explorer to crash.
This vulnerability is reported to affect Internet Explorer version 6.0 (SP1),
other versions might also be affected.
7. Adobe Acrobat/Reader File Name Handler Buffer Overflow Vulne...
BugTraq ID: 10696
Remote: Yes
Date Published: Jul 12 2004
Relevant URL: http://www.securityfocus.com/bid/10696
Summary:
Adobe Acrobat and Reader are prone to a stack-based buffer overflow
vulnerability.
This issue exists in routines that parse document filenames. A malformed file
name may trigger this condition when the file is opened.
If a user could be enticed to open an appropriately named document, this could
potentially allow for remote code execution.
This issue appears to affect Adobe Acrobat and Reader 6.x releases on Microsoft
Windows platforms.
8. Multiple Mozilla Bugzilla Vulnerabilities
BugTraq ID: 10698
Remote: Yes
Date Published: Jul 12 2004
Relevant URL: http://www.securityfocus.com/bid/10698
Summary:
Multiple vulnerabilities are reported to exist in the Bugzilla software. The
issues include cross-site scripting, SQL injection, privilege escalation, and
information disclosure.
An information disclosure vulnerability is reported to affect Bugzilla
installations under certain circumstances. It is reported that when the SQL
server is halted, and the HTTP server continues to run, a remote attacker may
disclosure the database password.
An attacker, may employ the harvested password information to authenticate to
the SQL database.
A privilege escalation vulnerability is reported to affect Bugzilla.
A privileged attacker may exploit this vulnerability to gain membership to
other Bugzilla groups.
An additional information disclosure vulnerability is reported to affect
Bugzilla. It is reported that hidden products may be revealed using vulnerable
CGI scripts.
An attacker may employ the vulnerable scripts in order to disclose product
listings that are marked as confidential.
Bugzilla is reported prone to multiple cross-site scripting vulnerabilities.
These issues exist due to a lack of sanitization performed on user supplied URI
data before this data is incorporated into dynamically generated error messages.
These cross-site scripting issues could permit a remote attacker to create a
malicious URI link that includes hostile HTML and script code. If a user
follows the malicious link, the attacker-supplied code executes in the web
browser of the victim computer.
An additional information disclosure vulnerability is reported to affect
Bugzilla. It is reported that a Bugzilla user's password may be embedded as a
part of an image URI, the password may be saved into and be visible in web
server or web proxy logs.
An attacker who has access to the web server logs may harvest credentials.
Finally, Bugzilla is reported prone to an SQL injection vulnerability. The
issue is due to a failure of the application to properly sanitize user-supplied
input.
As a result of this issue a privileged attacker could modify the logic and
structure of database queries.
9. wvWare Library Field.c WVHANDLEDATETIMEPICTURE Function Remo...
BugTraq ID: 10699
Remote: Yes
Date Published: Jul 09 2004
Relevant URL: http://www.securityfocus.com/bid/10699
Summary:
wvWare is reported prone to a remote buffer overflow vulnerability that may
allow attackers to execute arbitrary code on a vulnerable system in order to
gain unauthorized access.
Successful exploit of this issue can allow a remote attacker to execute
arbitrary code in the context of a vulnerable application.
This issue affects wvWare 0.7.4. Versions 0.7.5, 0.7.6 and 1.0.0 are also
affected by a variant of this issue.
10. Microsoft Windows HTML Help Heap Overflow Vulnerability
BugTraq ID: 10705
Remote: Yes
Date Published: Jul 13 2004
Relevant URL: http://www.securityfocus.com/bid/10705
Summary:
The Microsoft Windows HTML Help facility is prone to a remotely exploitable
heap overflow vulnerability. This vulnerability could be exploited from a
malicious Web page or through HTML email to execute arbitrary code with the
privileges of the currently logged in user.
11. Microsoft IIS 4 Redirect Remote Buffer Overflow Vulnerabilit...
BugTraq ID: 10706
Remote: Yes
Date Published: Jul 13 2004
Relevant URL: http://www.securityfocus.com/bid/10706
Summary:
Microsoft IIS 4.0 is reported prone to a buffer overflow vulnerability when
handling redirects.
It is reported that an attacker may exploit this vulnerability by issuing a
large request to an affected IIS Web server. An attacker may exploit this issue
to execute arbitrary code in the context of IIS. This could lead to complete
compromise of an affected computer.
12. Microsoft Windows Utility Manager Local Privilege Escalation...
BugTraq ID: 10707
Remote: No
Date Published: Jul 13 2004
Relevant URL: http://www.securityfocus.com/bid/10707
Summary:
Microsoft Utility Manager is prone to a local privilege escalation
vulnerability. It is reported that a local user may influence the Utility
Manager into executing an attacker-supplied application with elevated
privileges. The cause of this issue is that the Utility Manager will attempt
to load context sensitive help without dropping privileges.
A local attacker may exploit this vulnerability to gain SYSTEM level privileges
on the computer.
This vulnerability is similar to the issue reported in BID 10124. The vendor
fixes for BID 10124 addressed the issue by removing access to context sensitive
help from the Utility Manager GUI. However, the functionality to access
context sensitive help is still present in the Utility Manager application
itself.
13. Microsoft Windows Task Scheduler Remote Buffer Overflow Vuln...
BugTraq ID: 10708
Remote: Yes
Date Published: Jul 13 2004
Relevant URL: http://www.securityfocus.com/bid/10708
Summary:
Microsoft Task Scheduler is reported prone to a remote stack-based buffer
overflow vulnerability. The source of the vulnerability is that data in '.job'
files is copied into an internal buffer without sufficient bounds checking.
It is reported that a remote attacker may exploit this vulnerability through
Internet Explorer or Windows Explorer when the '.job' file is opened or a
directory containing the file is rendered. The file could also be hosted on a
share. Other attack vectors may also exist.
It should be noted that while this issue does not affect Windows NT 4.0 SP6a,
it may affect this platform if Internet Explorer 6 SP1 is installed.
14. Microsoft Windows POSIX Subsystem Buffer Overflow Local Priv...
BugTraq ID: 10710
Remote: No
Date Published: Jul 13 2004
Relevant URL: http://www.securityfocus.com/bid/10710
Summary:
The Microsoft POSIX subsystem implementation is prone to a local buffer
overflow vulnerability.
A local attacker may exploit this vulnerability in order to run code with
elevated privileges, fully compromising the vulnerable computer.
15. Microsoft Outlook Express Malformed Email Header Denial Of S...
BugTraq ID: 10711
Remote: Yes
Date Published: Jul 13 2004
Relevant URL: http://www.securityfocus.com/bid/10711
Summary:
Microsoft Outlook Express is prone to a security vulnerability when processing
emails with malformed header data. A remote attacker may potentially exploit
this issue to cause a persistent denial of service in the email client.
This issue is only reported to affect Outlook Express 6.0 on Windows XP
platforms.
16. INweb Mail Server Remote Denial Of Service Vulnerability
BugTraq ID: 10719
Remote: Yes
Date Published: Jul 13 2004
Relevant URL: http://www.securityfocus.com/bid/10719
Summary:
It is reported that INweb Mail Server contains a denial of service
vulnerability in its connection handling code.
A remote attacker is able to crash the application, denying service to
legitimate users.
Version 2.40 is reported vulnerable to this issue. Other versions may also be
vulnerable.
17. PHPBB Multiple Unspecified SQL Injection Vulnerabilities
BugTraq ID: 10722
Remote: Yes
Date Published: Jul 13 2004
Relevant URL: http://www.securityfocus.com/bid/10722
Summary:
It is reported that phpBB contains multiple unspecified SQL injection
vulnerabilities.
One vulnerability is reported to exist in 'admin_board.php'. The other pertains
to improper characters in the session id variable.
These issues are due to a failure of the application to properly sanitize
user-supplied URI parameters before using them to construct SQL queries to be
issued to the underlying database.
Version 2.0.9 has been released addressing these, and other issues. This BID
will be updated when further information is known.
18. PHP Strip_Tags() Function Bypass Vulnerability
BugTraq ID: 10724
Remote: Yes
Date Published: Jul 14 2004
Relevant URL: http://www.securityfocus.com/bid/10724
Summary:
It is reported that it is possible to bypass PHPs strip_tags() function.
It is reported that under certain circumstances, PHPs strip_tags() function
will improperly leave malformed tags in place.
This vulnerability may mean that previously presumed-safe web applications
could contain multiple cross-site scripting and HTML injection vulnerabilities
when viewed by Microsoft Internet Explorer or Apple Safari web browsers.
It is reported that 'magic_quotes_gpc' must be off for PHP to be vulnerable to
this issue.
19. Microsoft Systems Management Server Remote Denial Of Service...
BugTraq ID: 10726
Remote: Yes
Date Published: Jul 14 2004
Relevant URL: http://www.securityfocus.com/bid/10726
Summary:
Reportedly Microsoft Systems Management Server is vulnerable to a remote denial
of service vulnerability. This issue is due to a failure of the affected
server to handle exceptional conditions.
Successful exploitation of this issue will allow an attacker to trigger a
denial of service condition in the affected server. Code execution might be
possible but is unlikely and unconfirmed.
20. Novell BorderManager Remote Denial Of Service Vulnerability
BugTraq ID: 10727
Remote: Yes
Date Published: Jul 15 2004
Relevant URL: http://www.securityfocus.com/bid/10727
Summary:
It has been reported that Novell BorderManager is affected by a remote denial
of service vulnerability. This issue is due to a failure of the application to
properly handle exceptional network input.
This issue will allow an attacker to cause the affected client computer hang,
denying service to legitimate users. It has been reported that the computer
must be restarted to return to a usable state.
21. Gattaca Server 2003 Multiple Denial Of Service Vulnerabiliti...
BugTraq ID: 10728
Remote: Yes
Date Published: Jul 15 2004
Relevant URL: http://www.securityfocus.com/bid/10728
Summary:
It is reported that Gattaca Server 2003 contains multiple denial of service
vulnerabilities.
These vulnerabilities allow a remote attacker to crash the application, denying
service to legitimate users.
Version 1.1.10.0 is reported vulnerable. Prior versions may also contain these
vulnerabilities as well.
22. Gattaca Server 2003 Multiple Path Disclosure Vulnerabilities
BugTraq ID: 10729
Remote: Yes
Date Published: Jul 15 2004
Relevant URL: http://www.securityfocus.com/bid/10729
Summary:
It is reported that Gattaca Server 2003 contains multiple path disclosure
vulnerabilities.
By sending HTTP requests to Gattaca's web server, it is reportedly possible to
cause the application to return error pages that contain the full installation
path of the application and the web document root path.
These vulnerabilities could be used by an attacker to aid them in further
attacks against the server.
Version 1.1.10.0 is reported vulnerable. Prior versions may also contain these
vulnerabilities as well.
23. Gattaca Server 2003 Cross-Site Scripting Vulnerability
BugTraq ID: 10731
Remote: Yes
Date Published: Jul 15 2004
Relevant URL: http://www.securityfocus.com/bid/10731
Summary:
Gattaca Server 2003 is reported prone to a cross-site scripting vulnerability.
This issue presents itself due to insufficient sanitization of user-supplied
data.
A remote attacker can exploit this issue by creating a malicious link to the
vulnerable application that includes hostile HTML and script code. If a user
follows this link, the hostile code renders in the web browser of the victim
user. This would occur in the security context of the web server and may allow
for theft of cookie-based authentication credentials or other attacks.
Cattaca Server 2003 version 1.1.10.0 is reported prone to this issue. Other
versions may also be vulnerable.
24. PHPBB Multiple Cross-Site Scripting Vulnerabilities
BugTraq ID: 10738
Remote: Yes
Date Published: Jul 16 2004
Relevant URL: http://www.securityfocus.com/bid/10738
Summary:
It is reported that phpBB is affected by multiple cross-site scripting
vulnerabilities. These issues are due to a failure of the application to
properly sanitize user-supplied URI input.
The problems present themselves in the 'index.php' and 'faq.php' scripts.
These issues could permit a remote attacker to create a malicious URI link that
includes hostile HTML and script code. If this link were followed, the hostile
code may be rendered in the web browser of the victim user.
25. Multiple PHPNuke SQL Injection And Cross-Site Scripting Vuln...
BugTraq ID: 10741
Remote: Yes
Date Published: Jul 16 2004
Relevant URL: http://www.securityfocus.com/bid/10741
Summary:
It is reported that PHPNuke is susceptible to a cross-site scripting
vulnerability and an SQL injection vulnerability.
Both of these vulnerabilities are due to improper sanitization of user-supplied
data.
Attackers may supply malicious parameters to manipulate the structure and logic
of SQL queries. This may result in unauthorized operations being performed on
the underlying database. This issue may be exploited to cause sensitive
information to be disclosed to a remote attacker.
The cross-site scripting vulnerability is reported to exist in the same script.
As a result of this deficiency, it is possible for a remote attacker to create
a malicious link containing script code that will be executed in the browser of
a legitimate user.
This may allow for theft of cookie-based authentication credentials and other
attacks.
These vulnerabilities were reported in version 7.3 of PHPNuke. Other versions
may also be affected.
III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. Windows Update v5 and XPSP2RC2 (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/369386
2. Browser Vulns (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/369383
3. Microsoft Audit Collection System (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/369382
4. Article Announcement: The Pied Piper Syndrome (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/369347
5. security M$ exchange2003 imap4 (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/369305
6. Tool to view effective AD settings (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/369238
7. MS to dump NT 4.0 Wkstn. Patches (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/369107
8. [security] Tool to view effective AD settings (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/369103
9. SecurityFocus Microsoft Newsletter #197 (Thread)
Relevant URL:
http://www.securityfocus.com/archive/88/368878
IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
----------------------------------------
1. Network Time System
By: Softros Systems Inc.
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://nts.softros.com/
Summary:
Network Time System - Secure, fast and accurate time sync software across
entire network.
2. Anon-Encrypt
By: RiserSoft Corporation
Platforms: Windows 2000, Windows NT, Windows XP
Relevant URL: http://risersoft.com/anon-encrypt.php
Summary:
Surf the Internet Totally Anonymous, and Fully Encrypted with our Internet
Explorer Pluging!
3. RSI
By: Digital Labs, LLC
Platforms: Windows 2000, Windows NT, Windows XP
Relevant URL: http://www.digitallabs.net/rsi/
Summary:
Remote System Information audits your network for critical hardware and
software information and displays the results in a clear, exportable
spreadsheet view.
Remote Registry technology provides the ability to dynamically scan your
network without the need to install client software.
4. WiSSH
By: Digital Labs, LLC
Platforms: Windows 2000, Windows NT, Windows XP
Relevant URL: http://www.wissh.com
Summary:
WiSSH (Windows over SSH) utilizes SSH tunneling technology to secure
Microsoft's RDP protocol. Allows access to multiple hosts behind your network
perimeter with only a single host's SSH port open to the Internet
5. Firewall RuleMaker
By: The Net Memetic Pte Ltd
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://firewall.rulemaker.net
Summary:
Firewall RuleMaker is a Windows-based firewall configuration version control
software product for managers of Cisco PIX and Netscreen firewalls.
6. CAT Cellular Authentication Token and eAuthentication Servic...
By: Mega AS Consulting Ltd
Platforms: Java, Linux, OpenBSD, Os Independent, SecureBSD, Solaris, UNIX,
Windows 2000, Windows NT
Relevant URL: http://www.megaas.co.nz
Summary:
Low cost, easy to use Two Factor Authentication One Time Password token using
the Cellular. Does not use SMS or communication, manages multiple OTP accounts
- new technology. For any business that want a safer access to its Internet
Services. More information at our site.
We also provide eAuthentication service for businesses that will not buy an
Authentication product but would prefer to pay a monthly charge for
authentication services from our our CAT Server.
V. NEW TOOLS FOR MICROSOFT PLATFORMS
------------------------------------
1. CryptoHeaven v2.4.1
By: Marcin Kurzawa <[EMAIL PROTECTED]>
Relevant URL: http://www.cryptoheaven.com/
Platforms: UNIX, Windows 2000, Windows 95/98, Windows NT, Windows XP
Summary:
CryptoHeaven offers secure email and online file sharing/storage. Its main
features are secure and highly encrypted services such as group collaboration,
file sharing, email, online storage, and instant messaging. It integrates
multi-user based security into email, instant messaging, and file storage and
sharing in one unique package. It provides real time communication for text and
data transfers in a multi-user secure environment. The security and usability
of CryptoHeaven is well-balanced; even the no-so-technically oriented computer
users can enjoy this crypto product with very high level of encryption.
2. Hardening TCP/IP 1.0
By: D'Amato Luigi
Relevant URL: http://www.securitywireless.info/download/hardtcp.exe
Platforms: Windows 2000, Windows XP
Summary:
Hardening stack TCP/IP tool for Windows. It is designed for all versions of
Windows XP, and all version of Windows 2000. The tool supplies a simple GUI for
Hardening Stack Tcp/ip os Windows againg many Dos attack.
3. Xintegrity 1.4
By: Global Data Integrity
Relevant URL: http://www.xintegrity.com
Platforms: Windows 2000, Windows 95/98, Windows XP
Summary:
Xintegrity makes it virtually impossible for anybody or anything to modify your
files without being detected. When Xintegrity detects a modified file it will
show exactly how and when the file was modified and display the contents of the
modified file in comparison with an optionally backed up copy of the file. All
your files [including operating system files] can be protected. Xintegrity can
automatically create protected backup files [optionally encrypted with 256 bit]
4. Anti-Cracker Shield 1.10
By: SoftSphere
Relevant URL: http://www.softsphere.com/cgi-bin/redirect.pl?Name=ACSHIELD
Platforms: Windows 2000, Windows NT, Windows XP
Summary:
Protect your computer from Internet worms and hackers' attacks, which become
possible due to the operational system and software vulnerabilities
("exploits"). Neither antiviruses, nor firewalls can protect from exploits.
Only Anti-Cracker Shield, a multilevel security system is able to cope with all
known and unknown versions of "exploits". It is possible and is necessary to
protect from hackers!
5. cenfw 0.2 beta
By: Peter Robinson
Relevant URL: http://www.securegateway.org
Platforms: Linux, Windows 2000, Windows 95/98, Windows CE, Windows NT, Windows
XP
Summary:
The Centron IPTables Firewall Gui is an object oriented, database driven,
windows interface to linux IPtables firewall rules.
6. SiVuS, The VoIP Vulnerability Scanner 1.03
By: vopsecurity.org
Relevant URL: http://www.vopsecurity.org/html/downloads.html
Platforms: AIX, FreeBSD, HP-UX, IRIX, Java, MacOS, NetBSD, SecureBSD, SINIX,
Solaris, SunOS, True64 UN, True64 UNIX, Ultrix, UNICOS, UNIX, Windows 2000,
Windows 3.x, Windows 95/98, Windows NT, Windows XP
Summary:
VoIP vulnerability scanner.
VI. UNSUBSCRIBE INSTRUCTIONS
----------------------------
To unsubscribe send an e-mail message to [EMAIL PROTECTED] from the subscribed
address. The contents of the subject or message body do not matter. You will
receive a confirmation request message to which you will have to answer.
Alternatively you can also visit http://www.securityfocus.com/newsletters and
unsubscribe via the website.
If your email address has changed email [EMAIL PROTECTED] and ask to be
manually removed.
VII. SPONSOR INFORMATION
-----------------------
This issue sponsored by: FaceTime
Free Webinar! Enterprise IM: How IT Managers Can Survive. Featured Speaker:
Nate Root, Senior Analyst, Forrester Research. IT directors and security
managers will gain new insights to balance compliance and security risks.
Highlights an integrated solution from FaceTime Communications and MSN
Messenger Connect for Enterprises. Ideal for financial services,
healthcare, energy companies and other regulated organizations.
View the webinar now!
http://www.securityfocus.com/sponsor/FaceTime_ms-secnews_040720
------------------------------------------------------------------------
---------------------------------------------------------------------------
---------------------------------------------------------------------------
--- End Message ---
