Experts Exchange Newsletter

You are receiving this because you are an Experts-Exchange.com member
who has opt-in to receive newsletters

Experts-Exchange.com Focus on Security February 18, 2003

===================================================================
Message from our Sponsor
An attacker need only detect one weakness to breach your network.
http://www.eeye.com/ctrack.asp?ref=EENewsletterR1
===================================================================
What's in Focus on Security

- Keeping up with Microsoft's Security Alerts
- Hot Security Answers
- Member Profile
- Hot Security Questions

-------------------------------------------------------------------------
****************>>> Sponsored by eEye Digital Security<<<****************
Retina can scan every machine on your network, including a variety of operating system platforms (e.g. Windows, Unix, Linux), networked devices (e.g. firewalls, routers, etc.), databases and third-party or custom applications, all in record time.
http://www.eeye.com/ctrack.asp?ref=EENewsletterR1
****************>>> Sponsored by eEye Digital Security<<<****************
-------------------------------------------------------------------------
Keeping up with Microsoft's Security Alerts
There have four important security alerts that reveal vulnerabilities within the Microsoft family that we as IT professionals need to be aware of:

Risk: Critical
Bulletin: MS02-061
Title: Elevation of Privilege in SQL Server Web Tasks (Q316333)
Software: Microsoft(r) SQL Server(tm) 7.0, SQL Server 2000, Microsoft Data Engine (MSDE) 1.0, and Microsoft Desktop Engine (MSDE) 2000.
Impact: Elevation of Privileges
More Info: http://www.microsoft.com/technet/security/bulletin/MS02-061.asp

Risk: Important
Bulletin: MS03-005
Title: Unchecked Buffer in Windows Redirector Could Allow Privilege Elevation (810577)
Software: Microsoft Windows XP
Impact: Privilege elevation
More Info: http://www.microsoft.com/technet/security/bulletin/ms03-005.asp

Risk: Critical
Bulletin: MS03-004
Title: Cumulative Patch for Internet Explorer (810847)
Date: 05 February 2003
Software: Microsoft Internet Explorer
Impact: Allow an attacker to execute commands on a user's system.
More Info: http://www.microsoft.com/technet/security/bulletin/ms03-004.asp

Risk: Important
Bulletin: MS02-071
Title: Flaw in Windows WM_TIMER Message Handling Could Enable Privilege Elevation (328310)
Software: Microsoft Windows NT 4.0 Microsoft Windows NT 4.0, Terminal
Server Edition Microsoft Windows 2000 Microsoft Windows XP
Impact: Privilege elevation
More Info: http://www.microsoft.com/technet/security/bulletin/MS02-071.asp

-------------------------------------------------------------------------
Hot Security Answers

There has been quite a few relevant EE Answers added to the knowledge base
over the last couple of weeks. Check them out to see if they apply to your
IT needs:

Question Title: Help! I've been Hacked
Question Summary: This member's web server was hacked and the hacker placed movies on their hard drive that they couldn't remove
Graded: A
Answered by: TooKoolKris
Go to Answered by: http://www.experts-exchange.com/Security/Q_20492075.html

Question Title: Storing Customer Credit Cards - Security Concerns
Question Summary: This member is building an commerce site and has questions about storing credit card information
Graded: B
Answered by: nouellette
Go to Answer: http://www.experts-exchange.com/Security/Q_20491116.html

Question Title: Removing Spyware
Question Summary: This member is wants to remove spyware that just can be deleted
Graded: A
Answered by: kims83
Go to Answer: http://www.experts-exchange.com/Security/Q_20485798.html

Question Title: I keep getting hacked, how are they getting in?
Question Summary: This member is continually getting hacked and wants to know where are all the security holes are.
Graded: A
Answered by: spreston
Go to Answer: http://www.experts-exchange.com/Security/Q_20480394.html

-------------------------------------------------------------------------
Member Profile

There are nearly one million members using Experts Exchange to get their IT information, but the heart and soul of Experts Exchange are the Experts that spend countless hours answering questions. Here's a profile of one:

User Name: SunBow
Member since: 11/16/99
Expert points: 142833
Question asked: 109
Question answered: 448

SunBow is the number 1 expert in the Network Security topic area.
-------------------------------------------------------------------------
Hot Security Questions
Here are a few hot security questions looking for answers. Check them out, you might have the answer!

Question Title: DES Encryption / Decryption
Question Summary: Member wants to write programs in java and VC that can encrypt/decrypt String. e.g both will encrypt "clear Text" same
Go to Question: http://www.experts-exchange.com/Security/Q_20506318.html

Question Title: Cannot set ftp server to be public
Question Summary: Member is having FTP problems
Go to Question: http://www.experts-exchange.com/Security/Win_Security/Q_20509375.html

Question Title: OpenSSH Passwordless on Unix AIX
Question Summary: Member wants to use OpenSSH on two AIX 4.3 Unix boxes.... I need to be able to use scp w/o prompting for a password
Go to Question: http://www.experts-exchange.com/Security/Unix_Security/Q_20502131.html

Question Title: SSH for a Solaris 7 system
Question Summary: Member wants to make his connections more secure
Go to Question: http://www.experts-exchange.com/Security/Unix_Security/Q_20448263.html

*** To unsubscribe and not receive EE notices in the future please follow this link
http://www.experts-exchange.com/jsp/memberNewsletter.jsp
Please note, you must be logged in to be able to unsubscribe.
If you've forgotten your password or login name please follow this link
http://www.experts-exchange.com/jsp/memberForgotPassword.jsp ***