'SecurityFocus Microsoft Newsletter #173'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       focus-ms
Subject:    SecurityFocus Microsoft Newsletter #173
From:       Marc Fossi <mfossi () securityfocus ! com>
Date:       2004-01-26 22:14:43
Message-ID: Pine.LNX.4.58.0401261514240.27862 () mail ! securityfocus ! com
[Download RAW message or body]

SecurityFocus Microsoft Newsletter #173
----------------------------------------
This Issue Sponsored by: Qualys

Test the Security of Your Perimeter! Scan Your Network for
the SANS Top 20 Vulnerabilities - FREE.

http://www.securityfocus.com/sponsor/Qualys_ms-secnews_040126

Qualys FreeScan enables the enterprise to immediately identify the
prevalent and critical security vulnerabilities most likely to be
exploited on the network perimeter. With the largest vulnerability testing
database in the industry, QualysGuard enables you to assess, prioritize,
and remediate the vulnerabilities in heterogeneous networks of any size.
Our Web service provides you with the ability to run immediate assessments
without installation of hardware or software.

Click on the link below to scan your network perimeter.
http://www.securityfocus.com/sponsor/Qualys_ms-secnews_040126
------------------------------------------------------------------------

I. FRONT AND CENTER
     1. A Visit from the FBI
     2. The Giant Wooden Horse Did It!
II. MICROSOFT VULNERABILITY SUMMARY
     1. Rit Research Labs The Bat! PGP Message Memory Writing Vulner...
     2. XtremeASP PhotoGallery Adminlogin.ASP SQL Injection Vulnerab...
     3. Legato NetWorker NSR_Shutdown Script Temporary File Symlink ...
     4. Invision Power Board Index.php Cross-Site Scripting Vulnerab...
     5. YABB SE SSI.PHP ID_MEMBER SQL Injection Vulnerability
     6. GoAhead WebServer Directory Management Policy Bypass Vulnera...
     7. GoAhead WebServer Post Content-Length Remote Resource Consum...
     8. WebTrends Reporting Center Management Interface Path Disclos...
     9. 2Wire HomePortal Series Directory Traversal Vulnerability
     10. Microsoft Windows Samba File Sharing Resource Exhaustion Vul...
     11. Netbus Directory Listings Disclosure and File Upload Vulnera...
     12. McAfee ePolicy Orchestrator Agent HTTP POST Buffer Mismanage...
III. MICROSOFT FOCUS LIST SUMMARY
     1. Encrypt data - SQL Server 2000 (Thread)
     2. Microsoft Security (...how to reassure customers of) (Thread)
     3. Local Account Vs Domain Account (Thread)
     4. SecurityFocus Microsoft Newsletter #172 (Thread)
     5. About MS-Networking security. (Thread)
IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
     1. AccessMaster
     2. SafeKit
     3. SecurDataStor
     4. Proactive Windows Security Explorer
     5. Outpost Personal Firewall Pro 2.0
     6. Dekart Logon
V. NEW TOOLS FOR MICROSOFT PLATFORMS
     1. MUTE File Sharing  v0.2.1
     2. GNU Generic Security Service Library   v0.0.10
     3. OSIRIS v3.0.0
     4. mrtg v2.10.13
     5. Enigmail v0.83.0
     6. MyPasswordSafe  v1.1
VI. UNSUBSCRIBE INSTRUCTIONS
VII. SPONSOR INFORMATION


I. FRONT AND CENTER
-------------------
1. A Visit from the FBI
By Scott Granneman

I had a little visit from the FBI recently,
in response to one of my SecurityFocus columns.

http://www.securityfocus.com/columnists/215

2. The Giant Wooden Horse Did It!
By Mark Rasch

Introducing a new legal defense to computer crime
charges -- one that's all the more frightening because it could be true.

http://www.securityfocus.com/columnists/208


II. MICROSOFT VULNERABILITY SUMMARY
-----------------------------------
1. Rit Research Labs The Bat! PGP Message Memory Writing Vulner...
BugTraq ID: 9433
Remote: Yes
Date Published: Jan 16 2004
Relevant URL: http://www.securityfocus.com/bid/9433
Summary:
The Bat! is a commercially-available mail user agent, distributed and
maintained by Rit Research Labs. It is available for the Microsoft Windows
platform.

It has been reported that there is an issue with the way The Bat! handles
certain malformed PGP signed messages.  PGP support is configured by
default.

The issue exists when The Bat! processes email messages containing PGP
signatures with multiple recursively included parts.  Specially
constructed malformed signatures could allow The Bat! to read and write to
unallocated regions of memory.  This could potentially allow for execution
of arbitrary attacker-supplied code.

It is important to note that since The Bat! contains its own exception
handler, the application will not crash when processing messages
containing these malformed PGP signatures.

This issue was reported to affect The Bat! 2.01.  The vendor has reported
that the issue could not be reproduced on The Bat! 2.03 beta and that 2.02
CE is probably not vulnerable.  The Bat! versions 1.x are not vulnerable
to this issue.

2. XtremeASP PhotoGallery Adminlogin.ASP SQL Injection Vulnerab...
BugTraq ID: 9438
Remote: Yes
Date Published: Jan 16 2004
Relevant URL: http://www.securityfocus.com/bid/9438
Summary:
XtremeASP PhotoGallery is a web-based picture gallery script. It is
implemented in ASP and available for Microsoft Windows platforms.
XtremeASP PhotoGallery is back-ended by a MySQL database.

XtremeASP PhotoGallery is prone to an SQL injection vulnerability. The
issue is reported to exist in 'adminlogin.asp', which does not
sufficiently sanitize user-supplied input for username and password values
before including it in SQL queries. This could permit remote attackers to
pass malicious input to database queries, resulting in modification of
query logic or other attacks.

Successful exploitation could result in compromise of the photo gallery,
disclosure or modification of data or may permit an attacker to exploit
vulnerabilities in the underlying database implementation.

3. Legato NetWorker NSR_Shutdown Script Temporary File Symlink ...
BugTraq ID: 9446
Remote: No
Date Published: Jan 19 2004
Relevant URL: http://www.securityfocus.com/bid/9446
Summary:
Legato NetWorker is a server package designed to help share data, media
and backup processes across a heterogeneous network. The Legato NetWorker
server will run on a number of Unix variants, as well as Microsoft Windows
NT/2000 systems.

Legato NetWorker has been reported prone to a Symbolic link vulnerability.
The issue presents itself, because the NetWorker script "nsr_shutdown"
creates temporary files in an insecure manner. Specifically, when the
"nsr_shutdown" script is invoked a temporary file "nsrsh$$" is created,
where "$$" represents the current ID of the running process. To exploit
this issue, a local attacker may create many symbolic links in the "tmp"
directory with incremental values representing the "$$" part of the
filename, each of these links will point to an arbitrary file that the
attacker wishes to target. When the vulnerable script is invoked,
operations that were supposed for the temporary file will be carried out
on the file that is linked by the malicious symbolic link.

An attacker may exploit this issue to corrupt arbitrary files. This
corruption may potentially result in the elevation of privileges, or in a
system wide denial of service.

It has been reported that a user will require root privileges to invoke
the affected script; this may magnify the impact of this vulnerability.

It should be noted that although this vulnerability has been reported to
affect NetWorker version 6.0, other versions might also be affected.

4. Invision Power Board Index.php Cross-Site Scripting Vulnerab...
BugTraq ID: 9447
Remote: Yes
Date Published: Jan 19 2004
Relevant URL: http://www.securityfocus.com/bid/9447
Summary:
Invision Power Board is web forum software. It is implemented in PHP and
is available for Unix and Linux variants and Microsoft Windows operating
systems.

A vulnerability has been reported to exist in Invision Power Board that
may allow a remote user to launch cross-site scripting attacks.

The issue is reported to exist due to improper sanitizing of user-supplied
data. It has been reported that HTML and script code may be parsed via the
'act' URI parameter of 'Index.php' script. This vulnerability makes it
possible for an attacker to construct a malicious link containing HTML or
script code that may be rendered in a user's browser upon visiting that
link. This attack would occur in the security context of the site.

Successful exploitation of this attack may allow an attacker to steal
cookie-based authentication credentials. Other attacks are also possible.

All versions of Invision Power Board have been reported to be vulnerable
to this issue.

5. YABB SE SSI.PHP ID_MEMBER SQL Injection Vulnerability
BugTraq ID: 9449
Remote: Yes
Date Published: Jan 19 2004
Relevant URL: http://www.securityfocus.com/bid/9449
Summary:
YaBB SE is a freely available, open source port of Yet Another Bulletin
Board (YaBB). It is available for Unix, Linux, and Microsoft Operating
Systems.

A problem with YaBB SE could make it possible for a remote user to launch
SQL injection attacks.

It has been reported that a problem exists in the SSI.php script
distributed as part of YaBB SE. Due to insufficient sanitizing of the
user-supplied ID_MEMBER URI parameter, it is possible for a remote user to
inject arbitrary SQL queries into the database used by YaBB SE. This could
permit remote attackers to pass malicious input to database queries,
resulting in modification of query logic or other attacks.

Successful exploitation could result in compromise of the YaBB SE,
disclosure or modification of data or may permit an attacker to exploit
vulnerabilities in the underlying database implementation.

6. GoAhead WebServer Directory Management Policy Bypass Vulnera...
BugTraq ID: 9450
Remote: Yes
Date Published: Jan 19 2004
Relevant URL: http://www.securityfocus.com/bid/9450
Summary:
GoAhead WebServer is an embedded web server implementation that is
available for a number of operating systems, including Microsoft Windows
and Unix/Linux derivatives.

GoAhead WebServer allows users to configure a policy for how requests for
resources in certain directories are handled, such as defining default
actions for resources in cgi-bin or other directories.  This is handled
internally via the websUrlHandlerRequest() server function.  GoAhead
WebServer is prone to a vulnerability that may permit remote attackers to
bypass directory management policy.

It is reported that certain syntax may be used in HTTP GET requests to
bypass the policy for how certain requests should be handled, for example,
a script that should be interpreted may be downloaded by the attacker
instead.  The following example requests are reported to reproduce this
behavior:

GET cgi-bin/cgitest.c HTTP/1.0
GET \cgi-bin/cgitest.c HTTP/1.0
GET %5ccgi-bin/cgitest.c HTTP/1.0

By omitting the initial forward-slash (/) or substituting a back-slash (/)
for the initial forward-slash, it is possible to bypass directory
management policy.  A URL-encoded back-slash (%5c) at the beginning of the
request may also bypass the policy.  Other variations also exist.

This could allow for unauthorized access to resources hosted on the
server, likely resulting in disclosure of sensitive information such as
script source code.  The exact consequences will depend on what sort of
directory management policy is in place and also the nature of information
included in scripts or other sensitive resources hosted on the server.

7. GoAhead WebServer Post Content-Length Remote Resource Consum...
BugTraq ID: 9452
Remote: Yes
Date Published: Jan 19 2004
Relevant URL: http://www.securityfocus.com/bid/9452
Summary:
GoAhead WebServer is an embedded web server implementation that is
available for a number of operating systems, including Microsoft Windows
and Unix/Linux derivatives.

A vulnerability in the handling of unusual HTTP requests and
content-length sizes may cause a vulnerable GoAhead WebServer to become
unstable.  Because of this, a remote attacker may be able consume
excessive resources on the underlying host, resulting in a denial of
service condition.

The problem is in the handling of remote POST requests.  By specifying a
content-length of a specific size in a POST request, and sending data of a
lesser size then breaking the connection, it is possible to send the
service into an infinite loop.  The program does not sufficiently handle
the condition of a broken connection, and can consume excessive system
resources, potentially taking down the system with the service.

8. WebTrends Reporting Center Management Interface Path Disclos...
BugTraq ID: 9460
Remote: Yes
Date Published: Jan 20 2004
Relevant URL: http://www.securityfocus.com/bid/9460
Summary:
WebTrends Reporting Center is used to organize and present usage
information for multiple server web environments. Reporting Center is
available for Microsoft Windows, Linux and Solaris.

The WebTrends Reporting Center management interface discloses installation
path information when a non-existent resource is requested.  The
management interface is accessible via HTTP on TCP port 1099.  This issue
exists in the 'viewreport.pl' script included with the interface and may
be triggering by specifying a non-existent ID for the 'profileid'
parameter.  The absolute physical path of the software installation will
be disclosed in the error response to such a request.  This information
may permit an attacker to enumerate the layout of the underlying file
system of the host.

This issue was reported for version 6.1a of the software running on
Microsoft Windows.  Other platforms and versions may also be affected.

9. 2Wire HomePortal Series Directory Traversal Vulnerability
BugTraq ID: 9463
Remote: Yes
Date Published: Jan 20 2004
Relevant URL: http://www.securityfocus.com/bid/9463
Summary:
2Wire HomePortal Series is a set of gateway servers designed for home
users.  HomePortal Series supports Microsoft Windows and Apple Mac OS
operating systems.

A vulnerability has been alleged to exist in the software that may allow a
remote attacker to access information outside the server root directory.
The problem exists due to insufficient sanitization of user-supplied data
through the 'return' parameter in the 'wralogin' authentication form that
is accessed through the HTTPS (SSL) interface.  The issue may allow a
remote attacker to traverse outside the server root directory by using
'../' character sequences.

Successful exploitation of this vulnerability may allow a remote attacker
to gain access to sensitive information that may be used to launch further
attacks against a vulnerable system.

All versions of 2Wire HomePortal Series have been reported to be
vulnerable to this issue.

10. Microsoft Windows Samba File Sharing Resource Exhaustion Vul...
BugTraq ID: 9467
Remote: Yes
Date Published: Jan 21 2004
Relevant URL: http://www.securityfocus.com/bid/9467
Summary:
A vulnerability has been identified in Microsoft Windows when file Sharing
with a Unix client is enabled.  It has been reported that this issue
presents itself if a system has enabled file sharing with a Unix client
running Samba.  An attacker on a Unix client with write/create permissions
to the mounted share can cause a resource exhaustion condition in the
Windows system.  This attack may lead to a denial of service condition,
preventing Windows from sharing files.

The issue may be exploited by creating and deleting up to 1000 directories
on a share.  Reportedly, every time a directory is created, Windows
allocates paged pool memory for the directory.  Paged pool memory is
limited to 343MB on a Windows System.  The allocated memory is not freed
when the directory is deleted.  The resource exhaustion occurs when a
large number of directories (from 3.5 million to 5.8 million) have been
deleted and created.  Successful exploitation of this attack may cause a
Windows system to discontinue file sharing due to memory exhaustion.  A
system reboot is reported to restart the services in a working order.

Microsoft Windows XP Professional Service Pack 1 and Microsoft Windows
Server 2003 are reported to be vulnerable to this issue.  This issue does
not affect Microsoft Windows 2000 Professional and prior.

11. Netbus Directory Listings Disclosure and File Upload Vulnera...
BugTraq ID: 9475
Remote: Yes
Date Published: Jan 22 2004
Relevant URL: http://www.securityfocus.com/bid/9475
Summary:
Netbus is a backdoor program that allows remote administration of a
compromised system. It is available for Microsoft Windows operating
systems.  Netbus can be configured to require a password for backdoor
server access.  The software is also shipped with a built in web server.

A vulnerability has been reported in the web server software that may
allow a remote user to the disclose root directory listings.  Furthermore,
it has been reported that a remote attacker may upload a malicious file to
an attacker-specified location via a URI parameter.  Successful
exploitation may provide for possible disclosure of sensitive information
and the possibility of corrupting files by uploading malicious files onto
the affected system.

Netbus Pro has been reported to be vulnerable to this issue.

12. McAfee ePolicy Orchestrator Agent HTTP POST Buffer Mismanage...
BugTraq ID: 9476
Remote: Yes
Date Published: Jan 22 2004
Relevant URL: http://www.securityfocus.com/bid/9476
Summary:
McAfee ePolicy Orchestrator (ePO) is a product designed to remotely manage
various policies and antivirus products. It is available for the Microsoft
Windows operating system.

The McAfee ePolicy agent has been reported to a buffer management
vulnerability that may be exploited to crash the affected agent. Although
unconfirmed, it has been reported that the issue may also allow a remote
attacker to trigger a buffer overflow vulnerability, ultimately providing
for the execution of arbitrary code.

The issue reportedly presents itself, because the "Content-Length" values
in HTTP POST headers processed by the ePolicy Orchestrator are not
sufficiently sanitized. A remote attacker may exploit this issue to
trigger the allocation of 4GB of data, causing the agent to crash. It has
also been reported that the attacker may create a buffer overflow
condition, by specifying a content length size that is not sufficient to
store attacker-supplied data.


III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
1. Encrypt data - SQL Server 2000 (Thread)
Relevant URL:

http://www.securityfocus.com/archive/88/351203

2. Microsoft Security (...how to reassure customers of) (Thread)
Relevant URL:

http://www.securityfocus.com/archive/88/350847

3. Local Account Vs Domain Account (Thread)
Relevant URL:

http://www.securityfocus.com/archive/88/350534

4. SecurityFocus Microsoft Newsletter #172 (Thread)
Relevant URL:

http://www.securityfocus.com/archive/88/350513

5. About MS-Networking security. (Thread)
Relevant URL:

http://www.securityfocus.com/archive/88/350383


IV. NEW PRODUCTS FOR MICROSOFT PLATFORMS
----------------------------------------
1. AccessMaster
By: Evidian Inc.
Platforms: IRIX, Solaris, Windows 2000, Windows 95/98, Windows NT
Relevant URL: http://www.evidian.com/accessmaster/about/index.htm
Summary:

Extending onto a networked world means embracing the unknown. Piracy,
vandalism, industrial espionage... - attacks on companies are doubling
each year. With uniquely integrated security software, AccessMaster
manages and safeguards access to your data, end-to-end, from portals to
legacy, and lets you enforce a single, unified security policy across the
enterprise and beyond.

AccessMaster ensures high security level by federating your existing
security solutions, while ensuring at the same time user's convenience
with Single Sign-On and security officer's ease of administration with
centralized, Ldap-compliant, user and PKI management. In this way,
AccessMaster reduces IT security cost of ownership, with rapid return on
investment.

AccessMaster is recognized by analysts as a leading security suite for
large enterprises today. It was awarded "best access control" software by
Secure Computing Magazine three years running, in 2000, 2001, and 2002.

2. SafeKit
By: Evidian Inc.
Platforms: AIX, HP-UX, Linux, Solaris, Windows 2000
Relevant URL: http://www.evidian.com/safekit/index.htm
Summary:

Evidian's SafeKit technology makes it possible to render any application
available 24 hours per day. With no extra hardware: just use your existing
servers and install this software-only solution.

This provides ultimate scalability. As your needs grow, all you need to do
is add more standard servers into the cluster. With the load balancing
features of SafeKit, you can distribute applications over multiple
servers. If one system fails completely, the others will continue to serve
your users.

3. SecurDataStor
By: encryptX Corporation
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.encryptx.com/products/securdatastor.asp
Summary:

The SecurDataStor product line is designed to provide a comprehensive
software security solution that manages and controls access to sensitive
information that you need to share internally and externally.
SecurDataStor is available in three versions: Basic, Premium, and
Platinum. Depending on the level of security that you need, you can choose
the SecurDataStor product that suits your needs.

With its end-to-end protection of sensitive business information,
SecurDataStor products protect sensitive information when used by the
originator, stored locally on a hard drive or file server, and when
shared. Users can safely share sensitive information across different
Microsoft Windows operating systems, over different network and firewall
technologies, and across different forms of removable media.

4. Proactive Windows Security Explorer
By: Elcomsoft Co. Ltd.
Platforms: Windows 2000, Windows NT, Windows XP
Relevant URL: http://www.elcomsoft.com/pwsex.html#
Summary:

Proactive Windows Security Explorer (PWSEX) is a password security test
tool that's designed to allow Windows NT, Windows 2000, and Windows
XP-based systems administrators to identify and close security holes in
their networks. Proactive Windows Security Explorer helps secure networks
by executing an audit of account passwords, and exposing insecure account
passwords. If it is possible to recover the password within a reasonable
time, the password is considered insecure.

An administrator can also use it to recover any lost password and access a
user's Windows account. Proactive Windows Security Explorer works by
analyzing user password hashes and recovering plain-text passwords.

5. Outpost Personal Firewall Pro 2.0
By: Agnitum
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.outpost.uk.com
Summary:

New Outpost Personal Firewall Pro 2.0 outdistances the award-winning
Outpost Personal Firewall Pro 1.0 on multiple levels, from enhanced
privacy features to ease-of-use. As the foremost security application for
personal computers, Outpost Personal Firewall Pro 2.0 gives you the latest
in personal firewall technology, making version 2.0 the clear security
choice for your system.

6. Dekart Logon
By:
Platforms: Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.dekart.com/products/authentication_access/logon/
Summary:

Dekart Logon is a solution designed to provide an additional level of
security for the Microsoft Windows operating system. Access to the Windows
environment can only be gained after inserting a USB key or smart card
into the appropriate slot and by entering the correct PIN code.

Dekart Logon offers a number of security options: you can select to have
Windows access blocked once the key is removed, during a screen saver
timeout or other user assigned prompts. This flexibility automatically
reduces the possibility of human error by maintaining predefined security
levels even if the user leaves their PC unattended.


V. NEW TOOLS FOR MICROSOFT PLATFORMS
------------------------------------
1. MUTE File Sharing  v0.2.1
By: Jason Rohrer
Relevant URL: http://mute-net.sourceforge.net/
Platforms: Linux, MacOS, Os Independent, Windows 2000, Windows 95/98
Summary:

MUTE File Sharing is an anonymous, decentralized search-and-download file
sharing system. Several people have described MUTE as the "third
generation file sharing network" (From Napster to Gnutella to MUTE, with
each generation getting less centralized and more anonymous). MUTE uses
algorithms inspired by ant behavior to route all messages, include file
transfers, through a mesh network of neighbor connections.

2. GNU Generic Security Service Library   v0.0.10
By: Simon Josefsson
Relevant URL: http://www.gnu.org/software/gss/
Platforms: UNIX, Windows 2000, Windows 95/98, Windows NT, Windows XP
Summary:

Generic Security Service (GSS) is an implementation of the Generic
Security Service API (GSSAPI). It is used by network applications to
provide security services, such as authenticating SMTP/IMAP, via the
GSSAPI SASL mechanism. It consists of a library and a manual, and a
Kerberos 5 mechanism that supports mutual authentication and the DES and
3DES ciphers.

3. OSIRIS v3.0.0
By: The Shmoo Group
Relevant URL: http://osiris.shmoo.com
Platforms: BSDI, FreeBSD, Linux, MacOS, OpenBSD, UNIX, Windows 2000,
Windows NT, Windows XP
Summary:

Osiris is a host integrity management system that can be used to monitor
changes to a network of hosts over time and report those changes back to
the administrator(s). Currently, this includes monitoring any changes to
the filesystems. Osiris takes periodic snapshots of the filesystem and
stores them in a database. These databases, as well as the
configurations and logs, are all stored on a central management host.
When changes are detected, Osiris will log these events to the system
log and optionally send email to an administrator. In addition to files,
Osiris has preliminary support for the monitoring of other system
information including user lists, file system details, kernel modules,
and network interface configurations (not included with in this beta
release).

4. mrtg v2.10.13
By: Tobias Oetiker
Relevant URL: http://people.ee.ethz.ch/~oetiker/webtools/mrtg/
Platforms: POSIX, Windows 2000, Windows NT
Summary:

The Multi Router Traffic Grapher (MRTG) is a tool to monitor the traffic
load on network-links. MRTG generates HTML pages containing GIF/PNG images
which provide a live visual representation of this traffic.

5. Enigmail v0.83.0
By: Patrick
Relevant URL: http://enigmail.mozdev.org/thunderbird.html
Platforms: Linux, MacOS, POSIX, UNIX, Windows 2000, Windows 3.x, Windows
95/98, Windows CE, Windows NT, Windows XP
Summary:

Enigmail is a "plugin" for the mail client of Mozilla and Netscape 7.x
which allows users to access the authentication and encryption features
provided by the popular GnuPG software. Enigmail can encrypt/sign mail
when sending, and can decrypt/authenticate received mail. It can also
import/export public keys. Enigmail supports both the inline PGP format
and the PGP/MIME format, which can be used to encrypt attachments.
Enigmail is cross-platform, although binaries are supplied only for a
limited number of platforms. Enigmail uses inter-process communication to
execute GPG to carry out encryption/authentication.

6. MyPasswordSafe  v1.1
By: Nolan
Relevant URL: http://www.semanticgap.com/myps/
Platforms: Linux, Os Independent, POSIX, UNIX, Windows 2000, Windows
95/98, Windows NT, Windows XP
Summary:

MyPasswordSafe is a straightforward, easy-to-use password manager that
uses the Blowfish algorithm to store encrypt passwords. It uses the same
file format as Password Safe.


VI. UNSUBSCRIBE INSTRUCTIONS
----------------------------
To unsubscribe send an e-mail message to
ms-secnews-unsubscribe@securityfocus.com from the subscribed address. The
contents of the subject or message body do not matter. You will receive a
confirmation request message to which you will have to answer.
Alternatively you can also visit http://www.securityfocus.com/newsletters
and unsubscribe via the website.

If your email address has changed email listadmin@securityfocus.com and
ask to be manually removed.


VII. SPONSOR INFORMATION
-----------------------
This Issue Sponsored by: Qualys

Test the Security of Your Perimeter! Scan Your Network for
the SANS Top 20 Vulnerabilities - FREE.

http://www.securityfocus.com/sponsor/Qualys_ms-secnews_040126

Qualys FreeScan enables the enterprise to immediately identify the
prevalent and critical security vulnerabilities most likely to be
exploited on the network perimeter. With the largest vulnerability testing
database in the industry, QualysGuard enables you to assess, prioritize,
and remediate the vulnerabilities in heterogeneous networks of any size.
Our Web service provides you with the ability to run immediate assessments
without installation of hardware or software.

Click on the link below to scan your network perimeter.
http://www.securityfocus.com/sponsor/Qualys_ms-secnews_040126
------------------------------------------------------------------------


---------------------------------------------------------------------------
---------------------------------------------------------------------------

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic