- Sign-up Now!
 - Current Issue
 - Edit Your Profile/Unsubscribe

Subscribe | Media Kit | About Us | All Issues | Subscriber Feedback | Contact Us | Privacy Statement
Sunbelt W2Knews™ Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Thu, Apr 12, 2001 (Vol. 6, #25 - Issue #260)
Please Check Your Profile!
  This issue of W2Knews™ contains:
    • Please Check Your Profile!
    • Fiduciary Responsibility. Whazzat??
    • NT 4 Service Pack 7 Expected Late Q3 2001
    • WPA in Windows XP resolved?
    • RemotelyAnywhere v3.5 Released
    • STAT Version 4.0 Available
  5. W2Knews 'FAVE' LINKS
    • This Week's Links We Like. Tips, Hints And Fun Stuff
    • The Practical Intrusion Detection Handbook.
  SPONSOR: Guarantee Your Business Continuity
Everyone in IT knew that the Y2K problem could cause them two major
problems: Downtime and Lawsuits
. But since then, apathy has set in.
Senior Execs and IT Managers often do not have Business Continuity
as a top priority. But the impact of system outage is greater than
ever before. Example: eBay's 22-hour downtime cost them $3-5 Million
revenues and a 20% drop in stock. Find out how to keep bizz afloat:
Visit Guarantee Your Business Continuity for more information.

Please Check Your Profile!

Hi NT/W2K-ers,

Well, we are finally here. You can now indicate via our web interface if you want TXT or HTML from here on out, (for both Monday and Thursday). Keep in mind that the Monday TXT version (the old nt-list) will go away, and that you need to TELL us if you want TXT or HTML. In other words, you need to opt-in for the TXT version. Please check the profile we have for you now, and make sure it is the way you want it to be. There is a personalized link at the bottom of each newsletter we send you, or you can use this following link:


Warm regards,
Stu Sjouwerman
(email me with feedback: [email protected])

A high school network administrator installed Event Log Monitor on
classroom servers to evaluate system performance. The next day, ELM
alerted him that a student was trying to break into the system.
Within 15 minutes, the would-be hacker was in the Principal's office
waiting for his parents to arrive. Use Event Log Monitor to keep tabs
on your security perimeter. Because school boxes aren't the only
computers teenagers like to hack into. Your 30-day eval is here:
Visit SWEET SECURITY SOLUTION for more information.

Fiduciary Responsibility. Whazzat??

And why am I even mentioning it? Well, last week I was handed a recent white paper written by the Consulting arm of the Gartner Group. It was commissioned by NSI Software (the makers of Double-Take), and is for NSI's use so I cannot quote it. But it made me aware of an issue that I had not fully realized before.

The Barron's Dictionary of Finance and Investment Terms defines the word 'fiduciary' as the person charged with the responsibility to wisely invest money for the benefit of others (the beneficiary). Most US States have laws about what a fiduciary may or may not do. You would think that in companies this is only applicable to the Chief Financial Officer. Not so. All Officers of the Corporation share this responsibility, and not just for the wise investment of company money.

This so called 'Fiduciary Responsibility' goes a lot further than that. It boils down to something like this. "If it's your job to make sure the company keeps on going, and you fail to do what it takes, you are liable and can get sued. So, CxO's (this is a shortcut for a whole gaggle of abbreviations like CEO, CIO, COO, CSO and the like) can legally be made responsible for major downtime. And in their fall, (not even intending to do this) they can easily drag down the MIS director as well.

Especially CxO's in public companies are vulnerable for this. There is a certain brand of lawyer that looks for sudden drops in stock price, and then files class-action lawsuits 'on behalf of' the shareholders. Often that is caused by companies not making the numbers they promised, but not performing up to snuff is often caused by increasing operational expenses and unexpected downturns. I'm sure you see where I'm getting at.

I think you would do your management a big favor by giving them a heads- up about this issue. The two areas that need a lot more awareness at the Top Exec level are IT Security and Business Continuity. CxO's level of necessity to solve problems in these two areas needs to come way up. Higher priority needs to be given, and budgets need to be made available. It's up to you to fight for that. Hope the ammo above helps you get it!


NT 4 Service Pack 7 Expected Late Q3 2001

MS told everyone in Nov '99 when SP6 came out, that they would continue to support NT with a new Service pack. But they apparently have been so busy with W2K that his has been backburnered. Everyone hopes it has not fallen off the stove since it's now more than 18 months later, and we're still waiting. Not that this is anything strange. MS took as long as this with SP5 for NT 3.51, which came out after 4.0.

Some of us would like the features that SP7 should bring, like AD support, but also a whole slew of security hotfixes that are VERY necessary. If these can all be rolled into one SP that would save time, instead of having to pull them from here and there like IE5.5 and separate AD clients.

WPA in Windows XP resolved?

Several people sent me information that might indicate the Windows Product Activation is less of a headache than expected. But this is not conclusive so I'm going to dig in this issue a little further until I have proven evidence it will not be the incredible pain in the neck I'm afraid it will be. I'll keep you in the loop!


RemotelyAnywhere v3.5 Released

RemotelyAnywhere v3.5 has been released and includes some very useful improvements you NT'ers should like. This remote administration and control utility works over the web, provides secure connections and does not require any special client software. The new version includes a full-featured FTP Server, Secure Telnet Server and a Port Forwarding Server, which gives secure access to computers located behind your firewall. More information and a trial are available at

STAT Version 4.0 Available

The very successful STAT Scanner 4.0 Professional Edition has a bunch of nice new goodies in it, apart from the ever increasing list of tests for new vulnerabilities. STAT is an NT/W2K network defense system, that allows you to quickly identify and eliminate security deficiencies.

STAT Scanner 4.0 now features a Command Line Interface (CLI) that lets you run the STAT from a simple prompt. The CLI makes it possible to conduct automated, unattended vulnerability scanning using administrative scripts or batch files. In addition, enhanced icons make it easy to recognize high-, medium-, and low-warning risks. A new report now available sorts the risk listing by vulnerability name, enabling you to quickly identify and react to threats.

"We are constantly seeking ways to make network security management easier to accomplish and comprehend, so that customers can continuously protect their organizations from ever-increasing threats," said Lilo X. Newberry, director, STAT Operations. "STAT Scanner 4.0 delivers the highest number of NT/2000 vulnerability checks with an easy-to-use interface which maximizes the efficiency of network administrators."

STAT Scanner 4.0 now assesses and automatically repairs 1,050 different types of Windows NT/2000 security vulnerabilities - the largest number of such vulnerabilities detected and fixed by a single software product, industry-wide. All STAT Scanner vulnerability checks are mapped to MITRE's Common Vulnerabilities and Exposures (CVE) dictionary.

STAT Scanner 4.0 also tests for the presence of the very latest software patches for Windows NT 4.0 and Windows 2000; Internet Information Server (IIS) 4 and IIS 5; and Media Player, Outlook and Event Viewer. These patches are key to preventing denial of service attacks, unauthorized access or privilege elevation.

The STAT product family arms you with the ability to eliminate network security risks before they can be exploited, providing design, analysis, and test solutions that address the security life-cycle requirements of computer networks. You should really think about licensing this tool as one of those: Cannot-Afford-Not-To-Use-It type tools. Download here:


This Week's Links We Like. Tips, Hints And Fun Stuff

  • If you have a lost password on an Outlook PST File, here's a tool:
  • Good Open Letter to Microsoft about Service Packs, patches & more
  • Pretty cool Natural Language Interface for the MS-KB. Good results!

    The Practical Intrusion Detection Handbook.

    A pretty good book that goes into the details of product selection, planning and operations of Intrusion Detection (ID). It's filled with a bunch of real-life cases and stories of ID systems in action. It covers both host-based and network-based intrusion detection. The author Paul Proctor is Director of Technology with Cybersafe.com and has been active in Security for over 15 years. This is a useful one. ISBN 0-13-025960-8 - over at