Threat Level: green Handler on Duty: Renato Marinho

SANS ISC: Homeland Security Level Raised to Orange, increase in DameWare (port 6129) scans and exploit, Microsoft Retires Products (Including Windows 98), And Earthlink Users Being Targeted by Scam Using IE bug - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Homeland Security Level Raised to Orange, increase in DameWare (port 6129) scans and exploit, Microsoft Retires Products (Including Windows 98), And Earthlink Users Being Targeted by Scam Using IE bug
DHS raises security level

The Department of Homeland Security raised the alert level to Orange (High)
today[1]. No CyberSecurity threats were mentioned, but, it's worth mentioning on here as a heads-up.

Scans for DameWare exploit

There's been an increase in DameWare (port 6129)[6] scans due to semi-recent vulnerabilities discovered in DameWare Mini-RC[7]. There's also an exploit floating around that was released the 16th that could be a factor[8]. If you are running DameWare, be sure to get patched up to current.

MSFT retiring olders Software

Microsoft is retiring[2] (and removing support for) quite a few items:

- Office XP Developer

- Visio 2000

- BackOffice Server 2000

- Office 2000 Developer, Tools, Multilingual, Premium SR-1, and Service Pack 2

- Outlook 2000

- Project 2000

- SQL Server 7, and Service Pack 3

- Embedded Visual Tools 3.0

- Visual Studio 6 MSDE

- IE 5.5

- MapPoint 2002

- Visual Studio 6.0 SP3 and SP5

- Windows 98, 98 Y2K, 98 Resource Kit, 98 SP1 (all win98 except SE)

- Windows NT 4.0

- ISA Server 2000

- Visual Basic for (Alpha Systems)[3]

This came into affect Dec 15th, 2003. Windows 98 and Windows NT 4.0 were already retired from OEM shipping in June 2002[4]

Unluckily, according to a survey by eWeek, 80% of the companies they surveyed still were making use of Windows 98 and Windows 95[5]. Microsoft will be considering these products obsolete after January 16th, 2004 and no longer continue support for the entire Windows 98 line (including SE). Windows NT was already removed from support in 2002.

From a security standpoint, it's time to move away from the product versions listed above. Without support, these are a security threat that continues to increase over time - the longer they are on your network, the more exploits that
will be found for these products that will never have a Service Pack, Patch, Or Hot Fix to cure the vulnerabilities. Putting a firewall between your existing Windows 98 / NT 4.0 machine pool and the Internet is also not enough in many cases.

While as the Handler On Duty I will not make recommendation as to what products to upgrade to, I can recommend upgrading as soon as possible. Examine the existing alternatives (Windows 2000 Pro, XP Pro, Mac OSX, the various Linux desktop oriented distributions, *BSD's), and find which one best fits your security and end user requirements best.

Earthlink users targeted by phishing e-mail

In the last two days, two separate messages have been forwarded to the Handlers to look at. These show that there is a current scam running against Earthlink customers using the new %01 bug in Internet Explorer[9]. The message states that the user's credit card was unabled to be billed, and that new information needs to be entered. By using the %01 exploit, it looks fairly legitimate to Internet Explorer users.

Handler On Duty, Davis Ray Sickmon, Jr - Midnight Ryder Technologies (http://www.midnightryder.com)

[1] http://www.cnn.com/2003/US/12/21/threat.level/index.html

[2] http://msnbc.msn.com/id/3660516/

[3] Taken from: http://communities.microsoft.com/newsgroups/previewFrame.asp? -
ICP=msdn&;sLCID=us&;sgroupURL=microsoft.public.msdn.general&;s -
MessageID=%253C%2523G%2524kYOpuDHA.2464@TK2MSFTNGP12.phx.gbl%253E
(Note: Link broken into parts. Sorry, word wrap messes up badly here!)

[4] http://h18001.www1.hp.com/partners/microsoft/98-n-nt-retire.html

[5] http://www.eweek.com/article2/0,4149,1410084,00.asp

[6] http://isc.sans.org/port_details.html?port=6129

[7] http://www.securiteam.com/windowsntfocus/6N00B1P95I.html

[8] http://seclists.org/lists/fulldisclosure/2003/Dec/0617.html

[9] http://www.secunia.com/advisories/10395/
Davis

10 Posts

Sign Up for Free or Log In to start participating in the conversation!