Sunbelt W2Knews Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Mon, Sep 10, 2001 (Vol. 6, #69 - Issue #304)
This issue of W2Knews contains:
- EDITORS CORNER
- US Govt Puts Down The Axe
- TECH BRIEFING
- NT/2000 RELATED NEWS
- Top 10 Myths About Product Activation
- Bypassing WPA all together
- NT/2000 THIRD PARTY NEWS
- Sunbelt Security Consulting
- WQuinn Gets Acquired By Precise Software
- W2Knews 'FAVE' LINKS
- This Week's Links We Like. Tips, Hints And Fun Stuff
- PRODUCT OF THE WEEK
- Hacking Exposed - Windows 2000!
FREE WINDOWS MANAGEMENT WHITE PAPER -- Sign up now to receive your
free white paper, "Managing Your Windows Environments with Ease" from
NetIQ. Learn how to ensure the security and integrity of your Windows
NT 4 and Windows 2000 systems, enforce automated business policies and
organize your directories the way you like to view them. Register now!
Visit NETIQ for more information.
US Govt Puts Down The Axe
Sure, it was all over the news again. The media jumped on it like
vultures. Headers like "DOJ backs out of demands for MS split-up"
and more of the same. Most people see this as a victory for MS, and
about 70% of people polled on CNN today agreed with the DOJ change
of strategy. It's a DOJ attempt to get this resolved "in our
lifetime", probably as a result of the new government's general
focus to stop the waste of government resources.
Essentially the DOJ did not have a strong case for a split up. MS
will be slapped on the wrist and forbidden certain business practices
that were too aggressive. Like I have said for the last 3 years, it's
basically business as usual. We'll still have MS there, bugs and all
for good and for bad.
So, that means for us business techies a relatively simple choice.
You go by the two golden rules of 1) the best tool for the job,
plus 2) the long term cost involved for that solution. It has become
a two-horse race: Windows or Linux. For the Unix veterans among us
that's an obvious nobrainer, as Linux is rapidly eating up all the
proprietary Unix flavors with Sun the only holdout.
And Microsoft sees Linux as its only serious competitor on the server
as well. (The desktop war is over, and MS has won) I see many companies
in the future running both OS server platforms. Probably a good idea
to get certified in both areas, and become a "WinUx" specialist.
PS: Thanks for all your suggestions for Public Service Announcements!
PPS: There is a very exciting new book out that you really do not
want to miss: Hacking Exposed - Windows 2000! Scroll down to Book
Of The Week. Actually it's better described as Book Of the Quarter.
(email me with feedback: [email protected])
Typical backup systems usually run once a night. This leaves as much
as a full day of your data at risk if a server or disk should crash.
Making it worse is the length of time (many hours) required to restore
a server from offline backup media. And with your "shrinking backup
window", a responsive process for backup and restore of your remote
sites gets harder and harder. This lack of data availability could
cause you some major headaches. Check Out And Try PowerSync!
Visit PowerSync for more information.
The hacker spectrum can be more or less described via a scale that
goes from not so serious to almost deadly:
And the "enemies" are everywhere. There is at least one in each company
that is somewhat of a liability. And everyone at the moment is fortifying
internal computer systems. Security and High Availability are the two
areas where the headache-ratio is high, and budgets are able to be
extracted (like pulling teeth) out of corporate coffers.
The problem is that corporate security ultimately comes down to a
management issue. How much money are they willing to spend for which
level of security. If you look at how much money was lost ($2.6Billion)
due to the recent Code Red worm, it's not difficult to decide to invest
in battening down the hatches.
But at the same time, belt-tightening in the corporate budget process
is putting the breaks on IT investment. However, the fear factor should
motivate budget holders not to try to save on security investments. The
Net is still a relatively fragile environment regarding security. Just
look at the increased trend of viruses with a destructive payload.
The two first categories (Experimentation and Vandalism) are also called
"Script Kiddies". They are the largest group but can be your highest risk.
These guys know just enough to break into systems and merely get a kick
out of defacing your site and get the credit.
Hacktivism goes one step further and can launch Denial of Service attacks
like we saw last year on a slew of really major sites. These are obviously
criminal and the FBI gets in the game. Cybercrime is next. Here we're
talking cracking sites for credit cards, combined with possible extortion
attempts like a recent Russian ring that was rounded up.
InfoWarfare is a thing that governments are mostly concerned about, and
is outside your scope unless you are the Sysadmin of a major infrastructure
or government site. Protecting against infowarfare is a job just by itself,
but uses the disciplines of the earlier 4 levels for protection.
It's time to get your management more Security aware. The Book Of The Week
will help in getting the ammo together.
NT/2000 RELATED NEWS
Top 10 Myths About Product Activation
I just got a question from a subscriber: If I have a laptop with more
than one docking station, will I be hit with the problem of product
activation all the time? We asked Paul Thurrott from the Wininformant
site, and he got a very fast answer back from Microsoft:
"Dockable PCs are treated slightly more leniently. In a dockable PC,
if a network adapter exists and is not changed, 9 or more of the other
above values would have to change before reactivation was required.
If no network adapter exists or the existing one is changed, 7 or more
changes (including the network adapter) will result in a requirement
So, in this scenario, given that the NICs are changing when docking
stations are switched, 7 changes would have to occur. The components
that will for certain remain unchanged:
These add up to a maximum possible number of changes of 4, which is
well under the bar needed for the hardware to remain within tolerance.
(Note that the Display Adapter is also likely to remain the same.)
Here are all the details about Product activation:
- IDE Adapter
- Processor Type
- Processor Serial Number
- Hard Drive Device
- Hard Drive Volume Serial Number
Bypassing WPA all together
Some one sent me this piece of information that is quite remarkable.
I have not tested it but it's from a reliable source. I quote:
"Did you know that by replacing 11 files on a retail Windows XP
CD for an existing corporate edition CD, you can turn it into an
unactivated corporate version? This has been tested and it does
successfully work! It is important to note that this does NOT hack
Windows XP in any way, it merely bypasses WPA. You do, however,
need a valid 25-character PLK. It will be interesting to see if
Microsoft fixes this loophole in the first service pack release.
I have not monitored my traffic logs through our checkpoint firewall
to see what was communicated yet... I really am surprised Microsoft
would leave such an obvious and easily exploitable method to get
around WPA. The files you need to replace are:
- i386\eula.txt *** cosmetic only
LEGAL NOTICE - This is what my lawyers made me say [grin]. Do not
try this at home, and do not violate any existing license agreements
you have with any of your software vendors.
THIRD PARTY NEWS
Sunbelt Security Consulting
Sunbelt now provides cutting-edge professional security consulting and
technologies to take your systems out of harms way. Sunbelt is a computer
security source that System Administrators trust and use when their
systems fall victim to computer attacks. Why wait for your networks to
become a target? Identify system weaknesses now and prevent the
substantial financial losses and systems downtime associated with
You told us in many surveys that Security is your #1 Headache. One of
the biggest challenges facing you as a system- or network administrator
and security auditor is protecting your companies' networks against
intrusions from both inside and outside hackers. It is simply impossible
to stay up-to-date with the latest exploits, apply all the fixes, and
monitor your networks as well. This is more than a full time job, and
who has the time to do that?
Sunbelt has formed a strategic alliance with the nation's most advanced
security consulting firm (Sytex) and together we will provide you with
top class Security Consultants trained to do very comprehensive security
audits and services. Why did we choose Sytex to partner with?
So, to check out to see when you want to plan your 3-day on-site Security
Assessment, check out the brand new webpage we just created for this:
- Sytex are the people that trained a 1,000 FBI specialists in Cybercrime
- Sytex are the anti-hackers working for the DOD, NSA, CIA and the Secret
- Sytex created and runs the Information Warfare Center
- Sytex is a recognized leader in electronic warfare and cyber-terrorism
- If the Sunbelt/Sytex alliance cannot protect your networks, nobody else
WQuinn Gets Acquired By Precise Software
The Developer of StorageCentral called me and invited me on a conference
call where they announced that they were acquired by Precise Software
Solutions for $20 million in cash and $15M stock.
Both companies claimed it was a marriage in heaven, and will make both
of them more effective. Precise gets Microsoft as an OEM partner, and
a bunch of Quinn channel partners like Dell, EDS, and Sunbelt Software.
WQuinn is the developer that created the storage resource management
code that is included in Microsoft's Server Appliance Kit (SAK)
The Precise quarterly numbers look better with Quinn included, as Quinn
is profitable. Their product lines don't actually overlap. You all know
StorageCentral. But Precise markets application performance management
solutions for higher-end systems and platforms like Oracle. In short,
they told me: Business As Usual, but more capital to expand even more.
I think this is a good deal for all StorageCentral users. Evals here:
This Week's Links We Like. Tips, Hints And Fun Stuff
Security related sites. Those most recently modified are toward the top.
T-Shirt with a BSOD and text: "NT SYSADMIN, a job with a view". Only $10.
Public Service Announcement: Students Need a Technologically Advanced
Education Today To Compete in the Workforce of Tomorrow: TechCorps.
PRODUCT OF THE WEEK
Hacking Exposed - Windows 2000!
Now here is one of these books that you just GOTTA have. If you only
buy one or two books a year, this is one of them. Remember how enthused
I was about the original "Hacking Exposed"? Well, they have done it
again, but now with an all-Windows 2000 focus. This is the end-all of
hacking into your W2K servers. A must-read if you want to secure your
networks and a 'Stu's Warmly Recommended!' I'm holding a fresh copy
just off the presses in my hot little hands. I know what I'm going to
do this weekend! It?s a treasure trove of information no W2K sysadmin
should be without.