- Sign-up Now!
 - Current Issue
 - Edit Your Profile/Unsubscribe

Subscribe | Media Kit | About Us | All Issues | Subscriber Feedback | Contact Us | Privacy Statement
Sunbelt W2Knews™ Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Sun, Aug 1, 1999
NT SECURITY SPECIAL
  This issue of W2Knews™ contains:
This 'SECURITY SPECIAL' ISSUE of NTools E-News contains:

1. EDITORS CORNER 
* WHY ARE SO MANY NT SECURITY HOLES FOUND?
2. TECH BRIEFING
* WHAT NT SECURITY TOOL CATEGORIES EXIST - WHAT DO THEY DO?
3. NT RELATED NEWS
* SANS NETWORK SECURITY CONFERENCE OCT 3-10 NEW ORLEANS
* I'VE BEEN HACKED, WHAT DO I DO NOW?
* THE 9 ELEMENTS OF A GOOD NT SECURITY INFRASTRUCTURE 
* WHAT ARE THE COMMON NT SECURITY PROBLEMS?
4. NT THIRD PARTY NEWS
* STAT SNIFFS OUT ANOTHER 24 NEW HOLES IN NT!
* TRUSTED ENTERPRISE MANAGER 3.0 BETA 2 READY.
5. HINTS AND TIPS - TIME SAVERS AND OTHER GOODIES...
6. THE NT STOCK WATCH - July 30, 1999
7. Y2K-WATCH - Y2K COULD KNOCK OUT SOME MAJOR CITIES
8. HOW TO USE THE MAILING LIST
Instructions on how to subscribe, sign off or change your address.

***************************SPONSOR*********************************

MOBILE NT SOLUTIONS AVAILABLE - Over 6,000,000 Installed!
SystemSoft provides solutions for NT mobile users that
extend the usability of NT notebooks. Products include
CardWizard for PC Card plug-and-play for over 630 PC Cards
& 100 platforms and PowerProfiler/SE for suspend/resume
and battery management. Purchase before October 31, 1999
and receive 10% off on your purchase.
www.systemsoft.com/special/sunbelt

****************WHAT IS NTOOLS E-NEWS?******************************
Sunbelt Windows NTools E-News is the World's first and largest 
E-Newsletter designed for NT System Managers that have the job to 
get and keep NT up & running in a production environment. Sunbelt 
launched this electronic newsletter early 1996. Every two weeks we
keep the Windows NT community informed and aware of new developments
of NT and 3-rd party NT System Management Tools. You get hints and
tips that will enable you to better utilize and understand Windows 
NT, now renamed to Windows 2000 (abbreviated to Win2K).

You'll find general Windows NT related and third party news, tech
information, and 3-rd party beta and release information. As a
subscriber to NTools E-News[tm], you will receive instant notifi-
cation of important NT related events and you are also a charter 
member of the Sunbelt Field Test Bonus Program. Sunbelt Software is 
the first and largest distributor worldwide of Third Party System
Management Tools for Windows NT with 6 subsidiaries in the US and 
Europe.
-------------------------------------------------------------------

1. "EDITORS CORNER" 

Hi NT-ers,

WHY ARE SO MANY NT SECURITY HOLES FOUND?

It's pretty much daily now that we are alerted via either Microsoft,
the NTBUGTRAQ or other NT security lists that yet another hole in NT
is found. How come all these vulnerabilities are being dug up?

Well, just like any young Operating System, NT is going through its
own 'trial by fire'. Unix is now about 30 years old and went through
the same thing in its own infancy. University students had years of
(very useful) fun trying to hack Unix. Many of its holes have been
closed over the years but you would be surprised how many are still
found right up to yesterday.

People digging up these holes are of very different kinds. On the one 
hand are the (white hat) professional security experts that get paid 
to keep the company safe, on the other hands we have the (black hat)
hackers and crackers. You could loosely define hackers as people with
malicious intent, and crackers one level down, having criminal intent.

Hackers mainly want to point out security vulnerabilities and show
they could break in and leave graffity. Crackers are looking to 
steal your customer's credit card information files for instance.
Both white hats and black hats burn the midnight oil trying to find
security exploits and publish them. Microsoft usually responds with
a hotfix that gets posted a few days later.

And we are all supposed to keep up with all that: Major Headache!
In this newsletter I'm taking the "helicopter viewpoint" and I'll
show you what are the most important measures you have to take do
keep your NT Security 'in', as opposed to 'out' and keep your NT
domains from being broken in to.

What Sunbelt has done last week is after doing our homework for a
few months, install an Intergraph machine with CONCLAVE firewall, 
VPN and virus scanning software from Trend Micro. And guess what,
the day after we installed it, one of our Reps was sent the recent
worm virus (he opened it!) but it was neatly stopped from going out
to any of our customers. It already paid off the very first day.

I suggest you read all of the articles in this newsletter, even
print it out and take a bit of time to get the big picture.

Warm regards,

Stu Sjouwerman

PS: All the back issues of NTools E-News are available with just 
your email address as the key to get in, searchable by keyword at:
http://lyris.sunbelt-software.com/scripts/lyris.pl?enter=nt-list&text_mode=0
BOOKMARK THIS URL - YOU MAY NEED IT SOME TIME.

********************************************************************

2. "TECH BRIEFING"

* WHAT NT SECURITY TOOL CATEGORIES EXIST - WHAT DO THEY DO?

You will be surprised. There is a whole industry out there and a
wealth of tools that all are specialized in certain areas. Obviously
there are two major ways intrusions can happen: attacks from the
inside and attacks from the outside. This means that there are two
product families, one that wards off outside attacks, and one that
prevents inside intrusions. 

But life is not always that simple. Many tools to one, both or are
hybrids that do a bit of each. It is difficult to find something
that does most of this stuff. We have found one though and I will
tell you at the end what we chose for our own environment.

CATEGORIES:

1) FIREWALLS:
A firewall is a dedicated NT box that enforces the access control 
policy (you set) between two networks. They filter all the packets
that are coming through using two NIC's: One in and one out. If they
find something bad it gets put in quarantine. Firewalls are mainly 
used to stop network attacks and creates log for audit purposes. 
Example: We prefer CONCLAVE: http://www.conclave.com/

2) VULNERABILITY SCANNERS
There are two flavors here: Host-based and Network-based. 
A) Host-based means that these tools scan all machines in the domain
to find out if the security settings are consistent with policy.
You used them to pass your security audit as these same tools are 
often used by auditors too. A new bestseller at the security firmament 
is STAT: http://www.sunbelt-software.com/stat.htm
B) Network-based scanners simulate the behavior of attackers to 
find out which of as many as 600 possible weaknesses are present
on the system being tested. A great one that is free is SATAN:
Check out http://www.swtech.com/net/security/satan/

3) INTRUSION DETECTION:
We also find two flavors here: Host-based and Network-based.
A) Host-based is software that monitors your event logs and/or
application log files in real-time and responds with alarms or
countermeasures at attempts go gain unauthorized access to
any object. Check http://www.sunbelt-software.com/ksm.htm
B) Network-based are packages that monitor network traffic 
and alert you when it sees a traffic pattern that indicates
an attack or a scanning attempt. Example: REALSECURE from ISS
http://www.iss.net/

4) REAL-TIME CONTENT MONITORING:
The moment you are hooked up to the Net, you are at risk from
a host of nasty things: viruses, Malicious java or active-x code
and a lot of other things. These kinds of tools check out what
gets in your system and compare them to a library of known
problems and quarantine or simply disarm them. Extremely useful.
We like Trend Micro's SCANMAIL: http://www.antivirus.com/

5) VPN's OR VIRTUAL PRIVATE NETWORKS

VPN's allow you to expand your LAN by hooking up other offices
via the Internet in a secure way. They save money when you have
satellite offices because they do not require dedicated leased
lines. Sunbelt is in the process of implementing the CONCLAVE
VPN from http://www.conclave.com/

6) CERTIFICATE AUTHORITIES

A CA is an outfit that issues and manages security credentials
and public keys for message encryption and decryption. This
is used to grant people access to other systems in a secure way.
The benefit? You can sleep at night knowing you have a secure 
server. We like Verisign at: http://www.verisign.com/

7) AUTHENTICATION

This is a process that determines if something or somebody is
who or what they say they are. NT does this via passwords but
this is a known Achilles' heel. Other ways to do this is via
tokens that offer a more stringent way to authenticate. This
is sometimes called 2-way authentication as users need two
things to get it, a token and a PIN or password. Have a look
at SecureID from Security Dynamics if you want an example.
http://www.securitydynamics.com/fg_html/ie.html

8) ENTERPRISE SECURITY ADMINISTRATION

These are tools that allow you to implement policy and procedures
to ensure your NT domains are more secure. It can be done in a
variety of ways but one of them is to make sure that nobody
has more administrative rights than they should have. These
tools also allow you to find out what users need to be removed.
One of the NT Best Sellers is Trusted Enterprise Manager at:
http://www.sunbelt-software.com/tem.htm

9) NT SPECIFIC SECURITY TOOLS:

- SPQuery that automates the hotfix scanning and instant download
plus install of the regular new security fixes coming down the
pike from Microsoft: http://www.sunbelt-software.com/spquery.htm

- Security Explorer which allows you to search and modify NT
security on NTFS drives, the Registry, and Shares. You can
Grant, revoke, and clone permissions across subdirectories 
without affecting any other user's permissions. You should
really check out the features that are certainly impressive.
http://www.sunbelt-software.com/secuexpl.htm

- Fortress-NT that implements your organizations logon policy
in a much more secure way than the screen blanker. It is an
NT Workstation security utility that limits workstation access,
guarantees that unattended workstations get locked and logs off
idle users. Used by a few very large companies that need 
secure environments like banks, airplane manufacturers, and
government. http://www.sunbelt-software.com/fortress.htm

- And IF a hacker got in and deleted files, and IF your Disaster
Recovery was not in place, and IF your backup was not done or
failed... you can always try to undelete files with File Rescue.
This utility does a few things some other undelete tools don't: 
* Undelete NT Compressed files.
* Undelete Very Small and Super Large files.
* Undelete HEAVILY fragmented files.
You can get it on the online shop for less than 70 bucks with
immediate delivery http://www.sunbelt-software.com/Filerescue.htm

Then there are a bunch of various security type devices and
services like 'black-box security machines', Services that you
can hire for penetration testing, policy development, or total
outsourcing of your security. As you see, this is big business
as the need to protect your corporate IS infrastructure is more
and more important.

********************************************************************
3. "NT RELATED NEWS" 

* SANS NETWORK SECURITY CONFERENCE OCT 3-10 NEW ORLEANS

The SANS (System Administration, Networking, and Security) Institute 
is a cooperative research and education organization through which 
more than 62,000 system administrators, security professionals, and 
network administrators share the lessons they are learning and find 
solutions for challenges they face. 

As a part of this effort, SANS offers a series of educational 
conferences featuring up to eight days of in-depth courses and multi-
track technical conferences focusing on user experiences and problem 
solving. SANS also produces a series of cooperative research reports, 
electronic digests, posters of authoritative answers to current 
questions, and cooperatively-created software. 

These reports and other services are available for purchase, but 
attendees at SANS educational events receive all of them, for a year, 
at no cost so that they may extend the educational benefits of the 
educational conferences through the entire year and share those 
benefits with their co-workers. So if you are the 'NT-Security-Guy'
in your organization, check this! http://www.sans.org/ns99/ns99.htm
-------------------------------

* I'VE BEEN HACKED, WHAT DO I DO NOW?

Most companies are not willing to report break-ins simply for the
fact that the fallout could cause major PR problems. It is also 
tricky to report this kind of incident and gather the evidence.
Here are the 6 important things to do when handling an intrusion.

0) S T A Y C A L M - But start thinking at hyperspeed.

1) Grab your organization's procedures for an incident like this and 
notify other people/agencies using the appropriate chain of command. 
Do not use email to notify others, as this may be monitored by the 
intruders. No such procedures exist? Now is the time to create them. 

2) Make sure that your Disaster Recovery software has done its job
and backup all the data off the (remote) target server and secure it.
If you do not have a Disaster Recovery Plan in place, you now know 
what to start with tomorrow morning.

3) Start documenting what you are doing right from the get go. Locate
and save any evidence you can find, including event logs, what files
were modified or deleted, malicious code, what services were stopped,
and save them offline (tape drive ideally) and note 'time and date' it 
happened as much as possible. See if you can identify how they came in.

4) If you are not sure how to handle the problem, ask for help before
you delete files or shut down services you suspect. Make sure that
your organization contacts law enforcement officials for assistance
as soon as possible, but do not do this before consulting your seniors.

5) When the first emergency is behind you, determine the cost of this
break-in and remember to include the damage to data, the invoices you
will get from security experts that were hired, and the new software
and/or hardware that will need to be put in place to prevent future
intrusions. Last but not least, calculate the cost of the downtime to 
your organization. That will show that putting security measures in 
place BEFORE an intrusion happens is MUCH cheaper. Keep on reading.

Here are a few security incident response centers (there are more)

CERT: 
http://www.cert.org

Federal Computer Incident Response Capability
http://www.fedcirc.gov/

NASA Incident Response Center:
http://www-nasirc.nasa.gov/nasa/index.html

FBI:
http://www.fbi.gov/

All European CERT's are here:
http://www.cert.dfn.de/eng/csir/europe/certs.html
-------------------------------

* THE 9 ELEMENTS OF A GOOD NT SECURITY INFRASTRUCTURE 

Keep in mind that this is a conceptual overview, a short article
like this can never include the many books that are already written
about NT security. But there are definitely a few major points that
need to be 'in' as opposed to 'out'. Grateful Acknowledgement to the 
SANS institute for these points. (You should go to that conference!)

1) Your company's Top management needs to be committed to provide
MIS sufficient resources to get your security work done. They also
need to provide air cover for security procedures and policies that
MIS needs to enforce on all staff.

2) A staff dedicated to NT security.

3) A well defined security mission statement.

4) A well developed security awareness training program that will
keep all staff dedicated to keeping the LAN secure, despite the
hassle of having to choose difficult to remember passwords .

5) Clearly defined, implemented and documented security policies
and procedures which are supplied to everyone in your organization.

6) A strong flow of information to and from the appropriate groups.

7) A security incident response team.

8) External and internal security perimeter controls (firewalls).

9) A suite of host and network based security auditing and 
improvement utilities, being utilized consistently.

As you see, it is like I said in an earlier article about security.
You have to have corporate policy and procedures FIRST, and when
those are in place, get the tools to IMPLEMENT that policy. 
-------------------------------

* WHAT ARE THE COMMON NT SECURITY PROBLEMS?

Quite a few Security experts are complaining about the fact that
despite a lot of work is being done, the same old problems seem
never to be solved. From an Internet perspective, there is little
news regarding security. If a company would have had good policies 
in place, the Net does not make a big difference. The biggest 
problems Security experts lament are really nothing new: 

1) A horrible lack of security expertise in the growing NT market.
2) Weak passwords that are a true Achilles heel. (Sunbelt techs just
ran L0phtcrack on its LAN of 55 machines in Clearwater. A whopping
50% of the passwords were cracked in less than 5 minutes. We now
require the highest level of NT enforced passwords including upper
and lowercase, a number and another ASCII character and 8 characters
or more).
3) Thousands of commercial software packages with vulnerabilities
that are humanly impossible to fix.
4) Sites do not even install the NT hotfixes to clamp down on holes.
5) No management support for Security Policy and/or resources.
6) Way too many untrained domain administrators that can cause havoc.
7) No host and network based auditing and intrusion detection tools.

It seems to be an unfortunate trueism that most companies have to
feel the pain first before they are willing to spend the money. The
old story of closing the barn door after the horse has bolted.
Still, you may be able to cover your behind by at least demanding a 
few tools that will help you plug holes.


********************************************************************
4. NT THIRD PARTY NEWS

* STAT SNIFFS OUT ANOTHER 24 NEW HOLES IN NT!

It's a daily routine. More holes are found. And you need to get them
patched because a hacker might use the new found hole to get into 
your domains. A never ending story. And then you also need to pass
your corporate security audits. Will it ever end? No. But you CAN
do something about it. STAT was an instant Bestseller when it hit
the market. Here are another 24 new vulnerabilities is scans for and 
alerts you against. Heard about the latest version of BackOrifice
that now runs on NT? STAT scans for it. If you would have to buy just 
ONE tool to cover NT security, I would strongly recommend STAT. 
Download demo at: http://www.sunbelt-software.com/stat.htm

For existing STAT customers, update your vulnerability database by getting
this latest download at http://www.statonline.com

Here are the new holes, the numbering indicates the running total.

561 If a user has access to a file which has the same 8 characters 
and extension as a file the user does not have access to, access is 
possible to the other file by requesting it in 8.3 (DOS) format.

562 The AppEvent.Evt Application Event Log file permissions should 
only allow Administrators and system access. If this log is not 
secured, evidence of unauthorized activity can be erased.

563 The SecEvent.Evt Security Event Log file permissions should only 
allow Administrators and system access. If this log is not secured, 
evidence of unauthorized activity can be erased.

564 The SysEvent.Evt Security Event Log file permissions should only 
allow Administrators and system access. If this log is not secured, 
evidence of unauthorized activity can be erased.

565 If an executable file with a malformed image header is executed, 
a Windows NT server or workstation could crash, causing a denial of 
service. The affected machine will need to be rebooted in order to 
place it back in service.

566 Microsoft has rolled up several post-Service Pack 4 hotfixes into 
one Hotfix that addresses several security vulnerabilities. Without 
this Hotfix, a Windows NT 4.0 machine is vulnerable to denial of 
service attacks caused by malformed GET requests and applications 
using RPC over Named Pipes.

567 There is a screen saver vulnerability that elevates user privileges.
Windows NT starts a screen saver (logon.scr) in the local system context.
The screen saver can run in a privileged state which permits a specially
programmed screen saver to use these privileges to elevate the security
of the logged on user. The logon.scr program can be replaced with another
program and have it launched with system privileges.

568 Core operating system DLLs are kept in virtual memory and shared
between the programs running on the system. A base system object data
structure called the KnownDLLs is referenced to determine the location 
on the DLL in virtual memory. By default, any user can read from and 
write to the KnownDLLs list. A user can load a malicious DLL to increase
privileges, including Administrative privileges. The Windows NT security
architecture protects in-memory DLLs against modification, but allows 
users to read/write access to the KnownDLLs list.

569 An unprivileged program that contains an Input Output Control 
(IOCTL) function call can disable the mouse, causing a denial of 
service.

570 An unprivileged program that contains an Input Output Control
(IOCTL) function call can disable the keyboard, causing a denial 
of service.

571 Back Orifice 2000 (BO2K) is a back door program that can perform
unauthorized actions without the user's knowledge on a Windows NT
platform. Some of these actions include keystroke monitoring, data
loss, data compromise, and denial of service.

572 DeepThroat is a back door program that can perform unauthorized 
actions without the user's knowledge on a Windows NT platform. Some 
of these actions include password gathering, starting and stopping 
an FTP server, and opening a web browser.

573 NetSphere is a back door program that can perform unauthorized 
actions without the user's knowledge on a Windows NT platform. Some 
of these actions include logging keystrokes, capturing screenshots, 
and setting up a port redirector.

574 GateCrasher is a back door program that can perform unauthorized 
actions without the user's knowledge on a Windows NT platform. Some 
of these actions include rebooting the machine and starting and 
stopping an FTP server.

575 Portal of Doom is a back door program that can perform unauthorized 
actions without the user's knowledge on a Windows NT platform. Some of 
these actions include reading files, grabbing dialup passwords, and 
gaining full access to a system drive.

576 EvilFTP is a back door program that can perform an unauthorized 
action without the user's knowledge on a Windows NT platform. EvilFTP 
sets up an FTP server on a Windows NT platform.

577 Phaze Zero is a back door program that can perform unauthorized 
actions without the user's knowledge on a Windows NT platform. Some 
of these actions include executing programs, deleting files, and 
writing to the registry.

578 If certain characters are present at the end of a URL, the contents 
of the page pointed to by the URL are returned to the browser. If the 
URL points to an Active Service Page (ASP), the contents of the ASP 
script file are returned to the browser instead of the processed 
results of the ASP page.

579 If certain characters are present at the end of a URL, the contents 
of the page pointed to by the URL are returned to the browser. If the 
URL points to an Active Service Page (ASP), the contents of the ASP 
script file are returned to the browser instead of the processed 
results of the ASP page.

580 The FTP service in Internet Information Server (IIS) has an 
unchecked buffer in a component that processes "list" commands. A 
malformed "list" request could overflow the buffer, causing the server 
to crash. Under certain circumstances, a carefully-constructed "list" 
request could allow arbitrary code to be executed on the server.

581 NTFS supports multiple data streams within a file. The main data 
stream is stored in an attribute called $DATA. Accessing this stream 
via IIS from a browser by appending ::$DATA may display the contents 
of a file. Anyone can read the contents of any file in an IIS root 
directory.

582 The IIS FTP service processes passive FTP connection requests 
incorrectly via the PASV FTP command. Using multiple passive FTP 
connections may cause a denial of service for both the FTP service 
and the WWW service.

583 Specially-malformed GET requests can create a denial of service 
in web servers that use Internet Information Server (IIS) 3.0 or 4.0. 
A GET request in the form 'GET /AAAAAAAAAAAA&' will cause IIS to 
allocate up all of the available memory.

584 By default, the permission of the Msadc directory created with 
Internet Information Server (IIS) is set to Full Control for Everyone. 
This gives the ability for malicious users to execute JavaScript and 
DOS Command shell scripts against a Windows NT machine using only a 
web browser.

585 A utility "Sechole.exe" grants normal users administrative rights 
and adds users to the "Administrator" group. This program allows local 
users, no matter what their current privileges are, to gain Admin 
privileges.

STAT scans for these domain wide, reports to you which machines are
vulnerable and has an online expert system that tells you how to 
fix the holes. You cannot afford to NOT RUN STAT on a regular basis.
http://www.sunbelt-software.com/stat.htm
-------------------------------

* TRUSTED ENTERPRISE MANAGER 3.0 BETA 2 READY.

As you have seen above, the marketplace is full of security products
designed to protect enterprise networks from external threats. Many
organizations spend tens of thousands of dollars on firewalls, network
scanners and other technologies to thwart attacks by hackers on the
Internet. Surprisingly, however, studies have shown that over 50% of
all network security breaches come from inside the organization. Yet
there are few products available that protect the network from the 
inside. 

To address this need, Sunbelt is proud to introduce Trusted Enterprise
Manager 3.0 (TEM), now in BETA 2. This product, developed by MDD Inc.,
allows you to delegate specific Windows NT management permissions to 
users without giving them complete Domain Administrator or Account 
Operator access. With TEM 3.0, you can delegate up to 25 individual
administration permissions, alone or in any combination, to "Trusted 
Managers" across the organization. 

Additionally, TEM 3.0 provides detailed audit logs that allow you to 
quickly and easily pinpoint changes in the network and identify the 
manager responsible for them. These and many other features are included 
in a product that's easy to install and even easier to use. TEM is one 
of our best selling NT administration solutions because the folks at MDD 
are committed to making network management simpler and more secure. 
Download the eval and see that TEM can do to strengthen your internal 
Windows NT security infrastructure. Download 30-day eval at:
http://www.sunbelt-software.com/tem.htm
-------------------------------

********************************************************************

5. "HINTS AND TIPS - TIME SAVERS AND OTHER GOODIES...

Some good NT security websites:

- http://www.ntbugtraq.com
- http://www.l0pht.com/index.html
- http://www.blackhat.com/


********************************************************************
6. "THE NT STOCK WATCH" Closing Friday June 30, 1999
SYMBL SECURITY CLOSE CHANGE VOL 
---------------------------------------------------------------------
AMD Advanced Micro Devices............. 17 3/8 - 1/8 18086
BMCS BMC Software....................... 53 7/8 +5 1/2 133354
CTXS Citrix Systems Inc................. 52 1/16 + 1/16 9159
CPQ Compaq Computer.................... 24 1/16 - 11/16 113966
CA Computer Associates................ 45 7/8 -1 3/8 9096
DGN Data General Corp.................. 13 15/16 - 3/8 2783
DELL Dell Computer...................... 40 7/8 - 3/8 124004
EDS Electronic Data Systems Corp....... 60 5/16 -1 13/16 16952
GTW Gateway Inc........................ 76 1/8 -1 1/4 9354
HWP Hewlett Packard Co................. 104 11/16 -1 13/16 23679
INGR Intergraph Corp.................... 4 9/16 - 1/8 4811
IBM International Business Machines.... 125 11/16 + 5/16 43249
LGTO Legato Systems Inc................. 71 1/2 -1 15/16 6980
MUEI Micron Electronics Inc............. 10 5/16 unch 1961
MSFT Microsoft Corp..................... 85 13/16 -1 1/8 255616
NCR NCR Corp........................... 46 7/8 - 1/16 1929
NETA Network Associates Inc............. 17 1/2 + 1/2 35191
NOVL Novell Inc......................... 25 3/4 + 1/2 24715
ORCL Oracle Corp........................ 38 1/16 unch 73743
QCOM Qualcomm Incorporated.............. 156 - 3/8 24821
SEG Seagate Technology................. 26 7/8 - 1/8 15565
SGI Silicon Graphics................... 17 11/16 - 13/16 25466
SUNW Sun Microsystems Inc............... 67 7/8 - 1/4 48312
SYBS Sybase Inc......................... 10 1/4 - 1/2 4253
SYMC Symantec Corp...................... 30 1/4 + 13/16 9813
UIS Unisys Corp........................ 40 13/16 - 3/16 12732
VRTS Veritas Software Corp.............. 56 1/8 +3 7/16 10557
DJIA Dow Jones 30 Industrials........... 10,655.15 -136.14 


********************************************************************

7. Y2K-WATCH - Y2K COULD KNOCK OUT SOME MAJOR CITIES

In their July 19 issue, ComputerWorld reported that 10 of the largest
cities in the USA do not expect to complete their Y2K repairs testing
until the fourth quarter. Only Dallas and Boston have completed their
Y2K work. But Los Angeles, Chicago and Washington are among the cities
that won't be finished with their projects until the last minute, the 
General Accounting Office said in a study released two weeks ago.

US Senator Christopher Dodd (the Vice Chairman of the U.S. Senate
Special committee on Y2K problems) said that any city that has set
the fourth quarter as its Y2K completion data "is travelling in a
fantasy world - you're not just going to get it done". One city far
behind in its Y2K work is Washington. They did not start until June
1998 with their Y2K work. 

Cities that plan to be Y2K ready between Oct 1 and Dec 31 are: Los 
Angeles, Chicago, Phoenix, San Antonio, Detroit, San Francisco,
Baltimore, Washington DC, El Paso and Columbus OH. If I was in one of 
those cities, I'd certainly be starting to get 1) my contingency plans 
up to date and 2) my Disaster Recovery in place and the data out of
town in real time. (http://www.sunbelt-software.com/dtake.htm)

There is much more about this in a very complete and useful (but
somewhat hidden) section at the ComputerWorld Magazine's website.
http://www.computerworld.com/news/year_2000/index.html

********************************************************************

8. "HOW TO USE THE MAILING LIST"Instructions on how to subscribe, 
sign off or change your email address


TO SUBSCRIBE TO THE LIST (Tell your friends!) 

http://lyris.sunbelt-software.com/scripts/lyris.pl?join=nt-list

and fill out the form, simple & easy: 1 minute work.
Or by email, send a blank message to the following address:
[email protected]

_____________________________________________________

TO QUIT THE LIST

1) The Web Way:
http://lyris.sunbelt-software.com/scripts/lyris.pl?
choose the NT-List, use your email address that is at 
the bottom of each newsletter and leave the list via 
the web interface.

2) The Email Way: Simply follow the personalized 
instructions at the very end of this newsletter.
_____________________________________________________

TO CHANGE YOUR ADDRESS

First unsubscribe and then resubscribe as per the
procedure above.

********************************************************************

FOR MORE INFORMATION

On the World Wide Web point your browser to:

For the newsletter and our website:
USA: http://www.sunbelt-software.com

For Tech Support on Sunbelt products mentioned:
http://www.sunbelt-software.com/scripts/rightnow.exe

Email for US sales information to:
[email protected]
Email for US Tech support to:
[email protected]
Email to the US Editor:
[email protected]

Email for European Sales to:
[email protected]
Email for European Tech support to:
[email protected]

At the time of this newsletter's release, all links were checked 
to verify their accuracy and validity. However, due to the ever-
changing pages of various sites, some links may later prove to be 
invalid. We regret any inconvenience should you be unable to open 
any of these links.
********************************************************************

Things Our Lawyers Make Us Say:

This document is provided for informational purposes only. 
The information contained in this document represents the

current view of Sunbelt Software Distribution on the issues
discussed as of the date of publication. Because Sunbelt
must respond to changes in market conditions, it should not
be interpreted to be a commitment on the part of Sunbelt
and Sunbelt cannot guarantee the accuracy of any informa-
tion presented after the date of publication.

INFORMATION PROVIDED IN THIS DOCUMENT IS PROVIDED "AS IS"
WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
FREEDOM FROM INFRINGEMENT.

The user assumes the entire risk as to the accuracy and the
use of this document. This document may be copied and
distributed subject to the following conditions: 1) All text
must be copied without modification and all pages must be
included; 2) All copies must contain Sunbelt's copyright
notice and any other notices provided therein; and 3) This
document may not be distributed for profit. All trademarks
acknowledged. Copyright Sunbelt Software Distribution, Inc.
1996-1999.

(email me with feedback: [email protected])