- Sign-up Now!
 - Current Issue
 - Edit Your Profile/Unsubscribe

Subscribe | Media Kit | About Us | All Issues | Subscriber Feedback | Contact Us | Privacy Statement
Sunbelt W2Knews™ Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Mon, Sep 10, 2001 (Vol. 6, #69 - Issue #304)
Hacking Hierarchy
  This issue of W2Knews™ contains:
  1. EDITORS CORNER
    • US Govt Puts Down The Axe
  2. TECH BRIEFING
    • Hacking Hierarchy
  3. NT/2000 RELATED NEWS
    • Top 10 Myths About Product Activation
    • Bypassing WPA all together
  4. NT/2000 THIRD PARTY NEWS
    • Sunbelt Security Consulting
    • WQuinn Gets Acquired By Precise Software
  5. W2Knews 'FAVE' LINKS
    • This Week's Links We Like. Tips, Hints And Fun Stuff
  6. PRODUCT OF THE WEEK
    • Hacking Exposed - Windows 2000!
  SPONSOR: NETIQ
FREE WINDOWS MANAGEMENT WHITE PAPER -- Sign up now to receive your
free white paper, "Managing Your Windows Environments with Ease" from
NetIQ. Learn how to ensure the security and integrity of your Windows
NT 4 and Windows 2000 systems, enforce automated business policies and
organize your directories the way you like to view them. Register now!
Visit NETIQ for more information.
  EDITORS CORNER

US Govt Puts Down The Axe

Sure, it was all over the news again. The media jumped on it like vultures. Headers like "DOJ backs out of demands for MS split-up" and more of the same. Most people see this as a victory for MS, and about 70% of people polled on CNN today agreed with the DOJ change of strategy. It's a DOJ attempt to get this resolved "in our lifetime", probably as a result of the new government's general focus to stop the waste of government resources.

Essentially the DOJ did not have a strong case for a split up. MS will be slapped on the wrist and forbidden certain business practices that were too aggressive. Like I have said for the last 3 years, it's basically business as usual. We'll still have MS there, bugs and all for good and for bad.

So, that means for us business techies a relatively simple choice. You go by the two golden rules of 1) the best tool for the job, plus 2) the long term cost involved for that solution. It has become a two-horse race: Windows or Linux. For the Unix veterans among us that's an obvious nobrainer, as Linux is rapidly eating up all the proprietary Unix flavors with Sun the only holdout.

And Microsoft sees Linux as its only serious competitor on the server as well. (The desktop war is over, and MS has won) I see many companies in the future running both OS server platforms. Probably a good idea to get certified in both areas, and become a "WinUx" specialist.

PS: Thanks for all your suggestions for Public Service Announcements!

PPS: There is a very exciting new book out that you really do not want to miss: Hacking Exposed - Windows 2000! Scroll down to Book Of The Week. Actually it's better described as Book Of the Quarter. Warm regards,

Stu Sjouwerman
(email me with feedback: [email protected])

  SPONSOR: PowerSync
Typical backup systems usually run once a night. This leaves as much
as a full day of your data at risk if a server or disk should crash.
Making it worse is the length of time (many hours) required to restore
a server from offline backup media. And with your "shrinking backup
window", a responsive process for backup and restore of your remote
sites gets harder and harder. This lack of data availability could
cause you some major headaches. Check Out And Try PowerSync!
Visit PowerSync for more information.
  TECH BRIEFING

Hacking Hierarchy

The hacker spectrum can be more or less described via a scale that goes from not so serious to almost deadly:

  • Experimentation
  • Vandalism
  • Hacktivism
  • Cybercrime
  • InfoWarfare
And the "enemies" are everywhere. There is at least one in each company that is somewhat of a liability. And everyone at the moment is fortifying internal computer systems. Security and High Availability are the two areas where the headache-ratio is high, and budgets are able to be extracted (like pulling teeth) out of corporate coffers.

The problem is that corporate security ultimately comes down to a management issue. How much money are they willing to spend for which level of security. If you look at how much money was lost ($2.6Billion) due to the recent Code Red worm, it's not difficult to decide to invest in battening down the hatches.

But at the same time, belt-tightening in the corporate budget process is putting the breaks on IT investment. However, the fear factor should motivate budget holders not to try to save on security investments. The Net is still a relatively fragile environment regarding security. Just look at the increased trend of viruses with a destructive payload.

The two first categories (Experimentation and Vandalism) are also called "Script Kiddies". They are the largest group but can be your highest risk. These guys know just enough to break into systems and merely get a kick out of defacing your site and get the credit.

Hacktivism goes one step further and can launch Denial of Service attacks like we saw last year on a slew of really major sites. These are obviously criminal and the FBI gets in the game. Cybercrime is next. Here we're talking cracking sites for credit cards, combined with possible extortion attempts like a recent Russian ring that was rounded up.

InfoWarfare is a thing that governments are mostly concerned about, and is outside your scope unless you are the Sysadmin of a major infrastructure or government site. Protecting against infowarfare is a job just by itself, but uses the disciplines of the earlier 4 levels for protection.

It's time to get your management more Security aware. The Book Of The Week will help in getting the ammo together.

  NT/2000 RELATED NEWS

Top 10 Myths About Product Activation

I just got a question from a subscriber: If I have a laptop with more than one docking station, will I be hit with the problem of product activation all the time? We asked Paul Thurrott from the Wininformant site, and he got a very fast answer back from Microsoft:

"Dockable PCs are treated slightly more leniently. In a dockable PC, if a network adapter exists and is not changed, 9 or more of the other above values would have to change before reactivation was required. If no network adapter exists or the existing one is changed, 7 or more changes (including the network adapter) will result in a requirement to reactivate."

So, in this scenario, given that the NICs are changing when docking stations are switched, 7 changes would have to occur. The components that will for certain remain unchanged:

  • IDE Adapter
  • RAM
  • Processor Type
  • Processor Serial Number
  • Hard Drive Device
  • Hard Drive Volume Serial Number
These add up to a maximum possible number of changes of 4, which is well under the bar needed for the hardware to remain within tolerance. (Note that the Display Adapter is also likely to remain the same.) Here are all the details about Product activation:
http://www.w2knews.com/rd/rd.cfm?id=091001-Top10Myths

Bypassing WPA all together

Some one sent me this piece of information that is quite remarkable. I have not tested it but it's from a reliable source. I quote:

"Did you know that by replacing 11 files on a retail Windows XP CD for an existing corporate edition CD, you can turn it into an unactivated corporate version? This has been tested and it does successfully work! It is important to note that this does NOT hack Windows XP in any way, it merely bypasses WPA. You do, however, need a valid 25-character PLK. It will be interesting to see if Microsoft fixes this loophole in the first service pack release. I have not monitored my traffic logs through our checkpoint firewall to see what was communicated yet... I really am surprised Microsoft would leave such an obvious and easily exploitable method to get around WPA. The files you need to replace are:

  • i386\dpcdll.dl_
  • i386\eula.txt        *** cosmetic only
  • i386\nt5inf.ca_
  • i386\oembios.bi_
  • i386\oembios.ca_
  • i386\oembios.da_
  • i386\oembios.si_
  • i386\pidgen.dll
  • i386\setupp.ini
  • i386\setupreg.hiv
  • i386\win9xupg\win95upg.inf
End quote.

LEGAL NOTICE - This is what my lawyers made me say [grin]. Do not try this at home, and do not violate any existing license agreements you have with any of your software vendors.

  THIRD PARTY NEWS

Sunbelt Security Consulting

Sunbelt now provides cutting-edge professional security consulting and technologies to take your systems out of harms way. Sunbelt is a computer security source that System Administrators trust and use when their systems fall victim to computer attacks. Why wait for your networks to become a target? Identify system weaknesses now and prevent the substantial financial losses and systems downtime associated with network attacks.

You told us in many surveys that Security is your #1 Headache. One of the biggest challenges facing you as a system- or network administrator and security auditor is protecting your companies' networks against intrusions from both inside and outside hackers. It is simply impossible to stay up-to-date with the latest exploits, apply all the fixes, and monitor your networks as well. This is more than a full time job, and who has the time to do that?

Sunbelt has formed a strategic alliance with the nation's most advanced security consulting firm (Sytex) and together we will provide you with top class Security Consultants trained to do very comprehensive security audits and services. Why did we choose Sytex to partner with?

  • Sytex are the people that trained a 1,000 FBI specialists in Cybercrime
  • Sytex are the anti-hackers working for the DOD, NSA, CIA and the Secret Service
  • Sytex created and runs the Information Warfare Center
  • Sytex is a recognized leader in electronic warfare and cyber-terrorism consulting
  • If the Sunbelt/Sytex alliance cannot protect your networks, nobody else can...
So, to check out to see when you want to plan your 3-day on-site Security Assessment, check out the brand new webpage we just created for this:
http://www.w2knews.com/rd/rd.cfm?id=091001-SecurityConsulting

WQuinn Gets Acquired By Precise Software

The Developer of StorageCentral called me and invited me on a conference call where they announced that they were acquired by Precise Software Solutions for $20 million in cash and $15M stock.

Both companies claimed it was a marriage in heaven, and will make both of them more effective. Precise gets Microsoft as an OEM partner, and a bunch of Quinn channel partners like Dell, EDS, and Sunbelt Software. WQuinn is the developer that created the storage resource management code that is included in Microsoft's Server Appliance Kit (SAK)

The Precise quarterly numbers look better with Quinn included, as Quinn is profitable. Their product lines don't actually overlap. You all know StorageCentral. But Precise markets application performance management solutions for higher-end systems and platforms like Oracle. In short, they told me: Business As Usual, but more capital to expand even more. I think this is a good deal for all StorageCentral users. Evals here:
http://www.w2knews.com/rd/rd.cfm?id=091001-StorageCentral

  FAVE LINKS

This Week's Links We Like. Tips, Hints And Fun Stuff

  • Security related sites. Those most recently modified are toward the top.
    http://www.w2knews.com/rd/rd.cfm?id=091001FL-HackerWhacker
  • T-Shirt with a BSOD and text: "NT SYSADMIN, a job with a view". Only $10.
    http://www.w2knews.com/rd/rd.cfm?id=091001FL-BSODtshirt
  • Public Service Announcement: Students Need a Technologically Advanced Education Today To Compete in the Workforce of Tomorrow: TechCorps.
    http://www.w2knews.com/rd/rd.cfm?id=091001PSA-TechCorps
  •   PRODUCT OF THE WEEK

    Hacking Exposed - Windows 2000!

    Now here is one of these books that you just GOTTA have. If you only buy one or two books a year, this is one of them. Remember how enthused I was about the original "Hacking Exposed"? Well, they have done it again, but now with an all-Windows 2000 focus. This is the end-all of hacking into your W2K servers. A must-read if you want to secure your networks and a 'Stu's Warmly Recommended!' I'm holding a fresh copy just off the presses in my hot little hands. I know what I'm going to do this weekend! It?s a treasure trove of information no W2K sysadmin should be without.

    http://www.w2knews.com/rd/rd.cfm?id=091001BOW-HackingExposedW2K