News in Brief
Passport and Cisco vulnerabilities; improving MS Server protection
Vulnerability: Microsoft Passport
After a public release of a Microsoft Passport vulnerability, Microsoft copped to the problem and reported that it had immediately fixed it.
Muhammad Faisal Rauf Danka, chief technology officer of Gem Internet Services Ltd. in Karachi, Pakistan, discovered the vulnerability when his Passport account was stolen. After a little research, he quickly discovered that the phrase “emailpwdreset,” injected into a specific Microsoft Passport Web site address could reset a password and let him take over any Passport account.
Microsoft says there are over 200 million Passport users. Passport is a single sign-on method that can authenticate users across a range of Web sites and services, including Microsoft Windows Messenger instant messaging, and eBay. It can also store personal information, including credit card numbers.
As with all single-sign on authentication approaches—as opposed to having multiple, distinct authentication schemes—if an attacker cracks a username and password, the attacker gets access to everything that username and password can access. In this case, that meant any related, Passport-enabled service.
eEye Releases Microsoft Windows Server Protection
eEye Digital Security released enterprise Web server protection for Microsoft Windows Server 2000 and 2003. The solution provides proactive Web server security and centralized events management for every Web server in an organization.
“Worms like CodeRed and Nimda revealed that firewalls and intrusion detection systems are powerless in protecting unpatched Microsoft Web servers from attack, particularly attacks targeting undiscovered and ‘zeroday’ vulnerabilities," says Firas Raouf, chief operating officer of eEye Digital Security.
eEye’s SecureIIS software runs on each server to be protected, then its REM software acts as a centralized, administrative console. SecureIIS actively inspects all incoming requests at each stage of data processing to help prevent potentially dangerous network traffic from penetrating servers even on unpatched servers. From the REM console, administrators can implement security policies for all servers, or just on a case-by-case basis.
For more information, see http://www.eeye.com.
Vulnerability: Cisco ONS
Several Cisco ONS products are vulnerable to a denial of service attack that can be launched from the free vulnerability scanner tool Nessus. Affected systems are typically not exposed to the network, however. A successful attack, sent by a Nessus scan, could reboot the control cards that manage the ONS hardware. If continually repeated, such action would prevent access to the ONS hardware.
Cisco released a fix for all but one of the affected products and urges customers to upgrade immediately. In a statement, the company also recommended that customers use “Unicast Reverse Path Forwarding and access control lists on routers and firewalls to allow only valid network management workstations gain FTP and Telnet access” to the control cards.
Cisco Security Advisory can be found at http://www.cisco.com/warp/public/707/cisco-sa-20030501-ons.shtml.
Mathew Schwartz is a Contributing Editor for Enterprise Systems and is its Security Strategies column, as well as being a long-time contributor to the company's print publications. Mr. Schwartz is also a security and technology freelance writer.