Today's ISN Sponsor: Repent Security Incorporated
[Moderator: For those of you poor souls that are cursed with keeping up to
date on NT security, the NT Security list is the place to do it. Better?
They offer it in digest format, which helps you weed out the useless info.
Mail majordomo@iss.net with 'lists' or 'help' for more info..]
---------- Forwarded message ----------
From: ntsecurity-digest <owner-ntsecurity-digest@iss.net>
To: ntsecurity-digest@iss.net
Date: 15 Mar 1998 06:02:02 -0000
Reply-To: ntsecurity@iss.net
Subject: ntsecurity-digest V3 #162
ntsecurity-digest Sunday, March 15 1998 Volume 03 : Number 162
[To unsubscribe from this list send the message "unsubscribe ntsecurity-digest"
in the BODY of a mail message to majordomo@iss.net. Do NOT send majordomo
requests to the mailing list.]
In this issue:
[NTSEC] Password protecting backups
RE: [NTSEC] WIN98
RE: [NTSEC] WIN98
Re: [NTSEC] Password protecting backups
Re: [NTSEC] WIN98
[NTSEC] FREE DEMO of Software that Puts Your Site at The Top of 450 Search Engines!
[NTSEC] Get Gas Free and Make Money Doing It
RE: [NTSEC] Spam and the such. Not a complaint...
----------------------------------------------------------------------
Date: Fri, 13 Mar 1998 21:15:02 -0800
From: "Goldstein, Don" <Goldstein@OPTIMATRIX.com>
Subject: [NTSEC] Password protecting backups
TO UNSUBSCRIBE: email "unsubscribe ntsecurity" to majordomo@iss.net
Contact ntsecurity-owner@iss.net for help with any problems!
- ---------------------------------------------------------------------------
As a security measure, how do people feel about password protecting
backups? One of the concerns my management has about this is keeping
track of the password changes over a long period of time.
------------------------------
Date: Fri, 13 Mar 1998 21:28:34 -0800
From: Tony Bearman <Tony@TLD.com>
Subject: RE: [NTSEC] WIN98
TO UNSUBSCRIBE: email "unsubscribe ntsecurity" to majordomo@iss.net
Contact ntsecurity-owner@iss.net for help with any problems!
- ---------------------------------------------------------------------------
Oops. Wishful thinking. The OS/2 IFS is for VFAT, not Fat32.
> I believe there's an Installable File System for OS/2 as well.
------------------------------
Date: Fri, 13 Mar 1998 22:31:54 -0700
From: "Kevin Fries" <kevin.fries@usa.net>
Subject: RE: [NTSEC] WIN98
TO UNSUBSCRIBE: email "unsubscribe ntsecurity" to majordomo@iss.net
Contact ntsecurity-owner@iss.net for help with any problems!
- ---------------------------------------------------------------------------
No NT4 will not read Fat32, but NT disk services are so much cleaner than
you will never miss it. NT5 is "rumored" to support this, I assume for dual
boot machines. Also, since the name of this group is security, there is a
much bigger issue with NTWS that NTFS solves.
No, Win98 does not fix its blaring security problem. It is still best only
on systems where
1) All data is stored on the NT or UNIX server; or
2) No sensitive data is being stored period (i.e. print servers)
BTW, MS released RC0 of Win98, if you are part of the Beta and did not
receive it, contact MS. I received mine some time ago.
> -----Original Message-----
> From: owner-ntsecurity@iss.net [mailto:owner-ntsecurity@iss.net]On
> Behalf Of Tony Bearman
> Sent: Friday, March 13, 1998 8:27 PM
> To: 'Peter.V.Schaeffer@fpc.com'; 'ntsecurity@iss.net'
> Subject: RE: [NTSEC] WIN98
>
>
>
> TO UNSUBSCRIBE: email "unsubscribe ntsecurity" to majordomo@iss.net
> Contact ntsecurity-owner@iss.net for help with any problems!
> --------------------------------------------------------------------------
- -
>
>
> I believe there's an Installable File System for OS/2 as well.
>
> > -----Original Message-----
> > From: Peter.V.Schaeffer@fpc.com [SMTP:Peter.V.Schaeffer@fpc.com]
> > Sent: Friday, March 13, 1998 11:16 AM
> > To: MEspinola@Rational.Com
> > Cc: ntsecurity@iss.net; Russ.Cooper@rc.on.ca
> > Subject: RE: [NTSEC] WIN98
> >
> >
> > TO UNSUBSCRIBE: email "unsubscribe ntsecurity" to majordomo@iss.net
> > Contact ntsecurity-owner@iss.net for help with any problems!
>
> --------------------------------------------------------------------------
> > -
> >
> > AFAIK Linux can also read and write fat32. Somebody correct me,
> > please, if I'm mistaken.
> >
> >
> > ______________________________ Reply Separator
> > _________________________________
> > Subject: RE: [NTSEC] WIN98
> > Author: MEspinola (MEspinola@Rational.Com) at internet
> > Date: 3/13/98 11:22
> >
> >
> >
> > TO UNSUBSCRIBE: email "unsubscribe ntsecurity" to majordomo@iss.net
> > Contact ntsecurity-owner@iss.net for help with any problems!
>
> --------------------------------------------------------------------------
> > -
> >
> > Russ,
> >
> > Is it still the case that there are currently no other OS's capable of
> > reading a FAT32 partition (besides Win95/98)?
> >
> > If so, it should be warned that NT will not be able to read it either.
If
> >
> > the user wanted to upgrade later to NT, the CONVERT.EXE utility will
only
> > convert a standard FAT (16bit) partition to NTFS.
> >
>
> --------------------------------------------------------------------------
> > --
> > ----
> > Micheal Espinola Jr
> > NT Network Administrator
> >
> > RATIONAL SOFTWARE CORPORATION
> > 20 Maguire Rd
> > Lexington, MA 02173
> >
> > email1 : mespinola@rational.com (business)
> > email2 : micheale@ix.netcom.com (private)
> > pmail : pagemespinola@rational.com (alphanumeric page)
> > voice : (781) 676-7675
> > fax : (781) 229-3632
> > pager : (888) 629-6067
> > www : http://www.rational.com
> >
> > On Friday, March 13, 1998 9:27 AM, Russ [SMTP:Russ.Cooper@rc.on.ca]
wrote:
> >
> > >
> > > TO UNSUBSCRIBE: email "unsubscribe ntsecurity" to majordomo@iss.net
> > > Contact ntsecurity-owner@iss.net for help with any problems!
> > >
>
> --------------------------------------------------------------------------
> > -
> > >
> > > Rodrigo said...
> > > >I intend to install Win98beta on my personal machine here at work...
> > > does
> > > >anyone of you know anything I should do to be shure it'll be secure?
> > >
> > > Yes, install NT 4.0 Workstation instead.
> > >
> > > Windows '98 does not significantly alter the security that was in
> > > Windows '95. There are some minor differences, but nothing that you
can
> > > enable to protect the box or the files.
> > >
> > > Treat Windows '98 as an update, not upgrade, of Windows '95 with
> > > significant improvements in Plug-n-Play, Power Management, Multimedia,
> > > and speed (i.e. Fat32). Most of the interface improvements are
> > > alterations on nuances, not major changes, although I like them.
> > >
> > > Windows '98 still does LanMan hashes, uses Share-level security
(unless,
> >
> > > like in '95, you are connected to a domain), and does not include
> > > NT-like IP Advanced Security.
> > >
> > > So IOWs, its Windows '95 with a better sounding, better looking,
> > > interface that better interacts with modern hardware.
> > >
> > > Probably most important is the ability to view DVD movies while
running
> > > your own personal web server, sharing up files via NetMeeting, and
> > > sharing up files via Outlook '98. At least you'll have something cool
to
> >
> > > look at while you get hacked to death...;-]
> > >
> > > I've been running it on my P2-300/128MB RAM with ATI All-in-Wonder 8MB
> > > AGP with UDMA 5GB EIDE drive and 100x CD. I'm anxiously awaiting the
> > > version of the code that doesn't contain all this debug code that
seems
> > > to be bogging down the machine. But hey, it'll shut down in about 2
> > > seconds and if it weren't for the damn ATI Logo screen, would probably
> > > boot in about 30 (too many system tray services I assume).
> > >
> > > NT 5 WS he's our man, do da, do da, he'll be secure on a LAN, all the
do
> >
> > > da day...;-]
> > >
> > > Cheers,
> > > Russ
>
------------------------------
Date: Sat, 14 Mar 1998 14:46:27 +0100 (CET)
From: Chris Larsen <vader@vader.dk>
Subject: Re: [NTSEC] Password protecting backups
TO UNSUBSCRIBE: email "unsubscribe ntsecurity" to majordomo@iss.net
Contact ntsecurity-owner@iss.net for help with any problems!
- ---------------------------------------------------------------------------
On Fri, 13 Mar 1998, Goldstein, Don wrote:
> As a security measure, how do people feel about password protecting
> backups? One of the concerns my management has about this is keeping
> track of the password changes over a long period of time.
AFAIK the password is not used for encryption (if we are talking NT
backup program), so any tool that makes you able to read the raw data of
the tape circumvents your password entered.
Given the portability and capacity of backup tapes, you require strong
encryption of the data, since it is easy to take with you. ie. steal it.
This again makes you able to take the data 'off-site' and begin cracking
it, and since you most likely already know some patterns in the datastream
this will make it easier for you.
So, putting your tapes in a safe storage facility (ie. fireproof
(DS-120) safe or deposit for datastorage in bank) is IMHO a much better
security measurement, as well as protection against loss of backup media.
And dont forget to store your RDISK the same place, since this also
contains the entire userbase w. passwords (ie. 'RDISK.EXE /S')
Cheers.
darth@vader.dk | Internet Caf=E9 : Babel
vader@babel.dk | Frederiksborggade 33
Chris Larsen | Phone # +45 33 33 93 38
System Manager | Open: 14-24 Mon - Sat
PGP-key id: 0x137993A5
------------------------------
Date: Sat, 14 Mar 1998 11:55:06 -0300
From: "Romulo Moacyr Cholewa" <rmcholewa@bigfoot.com>
Subject: Re: [NTSEC] WIN98
TO UNSUBSCRIBE: email "unsubscribe ntsecurity" to majordomo@iss.net
Contact ntsecurity-owner@iss.net for help with any problems!
- ---------------------------------------------------------------------------
Indeed, WIndows NT 5 WILL support:
FAT12 (FAT for less than 127 MB)
FAT16 (FAT for 128 MB up to 2 GB)
FAT32 (FAT for 512 MB up to 2 TB)
NTFS4 (The NTFS we have today)
NTFS5 (NTFS that will come with NT5, supporting Encryption and other
enhancements)
CDFS (CD File System)
Romulo Moacyr Cholewa
- -----Original Message-----
From: Kevin Fries <kevin.fries@usa.net>
To: 'ntsecurity mail list' <ntsecurity@iss.net>
Date: Sábado, 14 de Março de 1998 04:26
Subject: RE: [NTSEC] WIN98
>
>TO UNSUBSCRIBE: email "unsubscribe ntsecurity" to majordomo@iss.net
>Contact ntsecurity-owner@iss.net for help with any problems!
>---------------------------------------------------------------------------
>
>No NT4 will not read Fat32, but NT disk services are so much cleaner than
>you will never miss it. NT5 is "rumored" to support this, I assume for
dual
>boot machines. Also, since the name of this group is security, there is a
>much bigger issue with NTWS that NTFS solves.
>
>No, Win98 does not fix its blaring security problem. It is still best only
>on systems where
>
>1) All data is stored on the NT or UNIX server; or
>2) No sensitive data is being stored period (i.e. print servers)
>
>BTW, MS released RC0 of Win98, if you are part of the Beta and did not
>receive it, contact MS. I received mine some time ago.
>
>> -----Original Message-----
>> From: owner-ntsecurity@iss.net [mailto:owner-ntsecurity@iss.net]On
>> Behalf Of Tony Bearman
>> Sent: Friday, March 13, 1998 8:27 PM
>> To: 'Peter.V.Schaeffer@fpc.com'; 'ntsecurity@iss.net'
>> Subject: RE: [NTSEC] WIN98
>>
>>
>>
>> TO UNSUBSCRIBE: email "unsubscribe ntsecurity" to majordomo@iss.net
>> Contact ntsecurity-owner@iss.net for help with any problems!
>> -------------------------------------------------------------------------
- -
>-
>>
>>
>> I believe there's an Installable File System for OS/2 as well.
>>
>> > -----Original Message-----
>> > From: Peter.V.Schaeffer@fpc.com [SMTP:Peter.V.Schaeffer@fpc.com]
>> > Sent: Friday, March 13, 1998 11:16 AM
>> > To: MEspinola@Rational.Com
>> > Cc: ntsecurity@iss.net; Russ.Cooper@rc.on.ca
>> > Subject: RE: [NTSEC] WIN98
>> >
>> >
>> > TO UNSUBSCRIBE: email "unsubscribe ntsecurity" to majordomo@iss.net
>> > Contact ntsecurity-owner@iss.net for help with any problems!
>>
>> -------------------------------------------------------------------------
- -
>> > -
>> >
>> > AFAIK Linux can also read and write fat32. Somebody correct me,
>> > please, if I'm mistaken.
>> >
>> >
>> > ______________________________ Reply Separator
>> > _________________________________
>> > Subject: RE: [NTSEC] WIN98
>> > Author: MEspinola (MEspinola@Rational.Com) at internet
>> > Date: 3/13/98 11:22
>> >
>> >
>> >
>> > TO UNSUBSCRIBE: email "unsubscribe ntsecurity" to majordomo@iss.net
>> > Contact ntsecurity-owner@iss.net for help with any problems!
>>
>> -------------------------------------------------------------------------
- -
>> > -
>> >
>> > Russ,
>> >
>> > Is it still the case that there are currently no other OS's capable of
>> > reading a FAT32 partition (besides Win95/98)?
>> >
>> > If so, it should be warned that NT will not be able to read it either.
>If
>> >
>> > the user wanted to upgrade later to NT, the CONVERT.EXE utility will
>only
>> > convert a standard FAT (16bit) partition to NTFS.
>> >
>>
>> -------------------------------------------------------------------------
- -
>> > --
>> > ----
>> > Micheal Espinola Jr
>> > NT Network Administrator
>> >
>> > RATIONAL SOFTWARE CORPORATION
>> > 20 Maguire Rd
>> > Lexington, MA 02173
>> >
>> > email1 : mespinola@rational.com (business)
>> > email2 : micheale@ix.netcom.com (private)
>> > pmail : pagemespinola@rational.com (alphanumeric page)
>> > voice : (781) 676-7675
>> > fax : (781) 229-3632
>> > pager : (888) 629-6067
>> > www : http://www.rational.com
>> >
>> > On Friday, March 13, 1998 9:27 AM, Russ [SMTP:Russ.Cooper@rc.on.ca]
>wrote:
>> >
>> > >
>> > > TO UNSUBSCRIBE: email "unsubscribe ntsecurity" to majordomo@iss.net
>> > > Contact ntsecurity-owner@iss.net for help with any problems!
>> > >
>>
>> -------------------------------------------------------------------------
- -
>> > -
>> > >
>> > > Rodrigo said...
>> > > >I intend to install Win98beta on my personal machine here at work...
>> > > does
>> > > >anyone of you know anything I should do to be shure it'll be secure?
>> > >
>> > > Yes, install NT 4.0 Workstation instead.
>> > >
>> > > Windows '98 does not significantly alter the security that was in
>> > > Windows '95. There are some minor differences, but nothing that you
>can
>> > > enable to protect the box or the files.
>> > >
>> > > Treat Windows '98 as an update, not upgrade, of Windows '95 with
>> > > significant improvements in Plug-n-Play, Power Management,
Multimedia,
>> > > and speed (i.e. Fat32). Most of the interface improvements are
>> > > alterations on nuances, not major changes, although I like them.
>> > >
>> > > Windows '98 still does LanMan hashes, uses Share-level security
>(unless,
>> >
>> > > like in '95, you are connected to a domain), and does not include
>> > > NT-like IP Advanced Security.
>> > >
>> > > So IOWs, its Windows '95 with a better sounding, better looking,
>> > > interface that better interacts with modern hardware.
>> > >
>> > > Probably most important is the ability to view DVD movies while
>running
>> > > your own personal web server, sharing up files via NetMeeting, and
>> > > sharing up files via Outlook '98. At least you'll have something cool
>to
>> >
>> > > look at while you get hacked to death...;-]
>> > >
>> > > I've been running it on my P2-300/128MB RAM with ATI All-in-Wonder
8MB
>> > > AGP with UDMA 5GB EIDE drive and 100x CD. I'm anxiously awaiting the
>> > > version of the code that doesn't contain all this debug code that
>seems
>> > > to be bogging down the machine. But hey, it'll shut down in about 2
>> > > seconds and if it weren't for the damn ATI Logo screen, would
probably
>> > > boot in about 30 (too many system tray services I assume).
>> > >
>> > > NT 5 WS he's our man, do da, do da, he'll be secure on a LAN, all the
>do
>> >
>> > > da day...;-]
>> > >
>> > > Cheers,
>> > > Russ
>>
>
>
>
------------------------------
Date: Sat, 14 Mar 1998 17:02:22 -0500
From: promo311@iddqd.org
Subject: [NTSEC] FREE DEMO of Software that Puts Your Site at The Top of 450 Search Engines!
TO UNSUBSCRIBE: email "unsubscribe ntsecurity" to majordomo@iss.net
Contact ntsecurity-owner@iss.net for help with any problems!
- ---------------------------------------------------------------------------
FREE DEMO OF SOFTWARE THAT SUBMITS YOUR SITE TO OVER 450 SEARCH ENGINES!
I thought I would drop you a line today to let you know about the revolutionary new "Search Engine Spider"
which will allow you to submit your web page to over 450 different search engines and directories, in the
categories YOU CHOOSE!
I have a FREE DEMO COPY of the software waiting here for you. If you decide you like it because it's
SAVING YOU TONS OF TIME and GETTING YOU TO THE TOP OF THE SEARCH ENGINES, then register and
pay only $49.95!
How can you go wrong? You get to try it first for free, and only pay if you want to unlock all of its
features. Think about how much you paid for your last "submission service" to run just once! You can run
this over and over to KEEP YOUR RANK ON THE SEARCH ENGINES!
All you have to do to get your FREE DOWNLOAD is visit:
http://www.masterpromote.com/
or, if busy, try:
http://www.e-bizness.com/masterpromote/
Just for stopping by, you will have access to our HUGE LIST of FREE CLASSIFIED ADS!
Thanks again for your time. I look forward to hearing from you.
Best Regards,
Joe Halinsdorf
President
MasterPromote
P.S. Reseller opportunities are available!
***************************
To be removed, please visit http://www.masterpromote.com and enter your address in the box marked
"Remove Me!" By doing this, you will be ensured that you are removed from the databases of
MasterPromote and many other online marketers. Sorry for any inconveinence.
------------------------------
Date: Sat, 14 Mar 1998 22:39:34 +0100
From: getgasfree@aol.com
Subject: [NTSEC] Get Gas Free and Make Money Doing It
TO UNSUBSCRIBE: email "unsubscribe ntsecurity" to majordomo@iss.net
Contact ntsecurity-owner@iss.net for help with any problems!
- ---------------------------------------------------------------------------
Get Gas Free & Make Money Doing It.
Visit My Website at http://www.getgasfree.com/ereisch
------------------------------
Date: Sat, 14 Mar 1998 15:04:42 -0800
From: Chance Whaley <chance@dreamscope.com>
Subject: RE: [NTSEC] Spam and the such. Not a complaint...
TO UNSUBSCRIBE: email "unsubscribe ntsecurity" to majordomo@iss.net
Contact ntsecurity-owner@iss.net for help with any problems!
- ---------------------------------------------------------------------------
Its amazing to me the number of people who put unpatched NT boxes up on the Internet. They make it WAY to easy..
Is anyone else out there having fun with these people besides me?
- -- Chance
chance@dreamscope.com
Pinging www.masterpromote.com [207.227.18.19] with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 207.227.18.19:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
- -----Original Message-----
From: promo311@iddqd.org [SMTP:promo311@iddqd.org]
Sent: Saturday, March 14, 1998 2:02 PM
Subject: [NTSEC] FREE DEMO of Software that Puts Your Site at The Top of 450 Search Engines!
FREE DEMO OF SOFTWARE THAT SUBMITS YOUR SITE TO OVER 450 SEARCH ENGINES!
I thought I would drop you a line today to let you know about the revolutionary new "Search Engine Spider"
which will allow you to submit your web page to over 450 different search engines and directories, in the
categories YOU CHOOSE!
<SNIP>
------------------------------
End of ntsecurity-digest V3 #162
********************************
If you wish to receive ISN directly, mail majordomo@sekurity.org with "subscribe isn".
ISN is a non-profit list designed to keep Security Professionals aware.
Received on Mon Mar 16 02:58:27 1998