- Sign-up Now!
 - Current Issue
 - Edit Your Profile/Unsubscribe

Subscribe | Media Kit | About Us | All Issues | Subscriber Feedback | Contact Us | Privacy Statement
Sunbelt W2Knews™ Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Mon, Nov 12, 2001 (Vol. 6, #87 - Issue #322)
Which One Is Faster?
  This issue of W2Knews™ contains:
    • WinXPNews Subscription Bug / Most Popular Categories / New SunPoll: Which One Is Faster?
    • High Risk IE Cookie Hole Discovered
    • The SANS/FBI Top 20 Security Vulnerabilities
    • New Update 8 of STAT Version 4.0 Is Out
  5. W2Knews 'FAVE' LINKS
    • This Week's Links We Like. Tips, Hints And Fun Stuff
    • Hack Proofing Windows 2000 Server
Assessing your Windows 2000 readiness? Get the step-by-step
tools you need to determine whether to migrate in-place or
incrementally. Register today for "The Definitive Guide to
Windows 2000 and Exchange 2000 Migration" -- a FREE eBook
by NetIQ and Realtimepublishers.com. Let us help you master the
fundamentals of Windows 2000 migration. To Register:
Visit NetIQ for more information.

WinXPNews Subscription Bug / Most Popular Categories / New SunPoll: Which One Is Faster?

Hi All,

Quite a few of you ran into a bug in the subscription code for WinXPnews. We sent an HTML form to your email client but sitting in the Outlook preview pane that form did not work properly. More over, a bunch of companies do not allow HTML into the domain all together so our cool idea did not work too well. [grin] We fixed the routines for WinXPnews subscription and it's all working now. Please retry if you did not get through the first time?

Last issue we listed the 2001 Best Sellers, and since we count the click thrus automatically, here are the categories you and your colleagues actually checked out, sorted in descending order. It was interesting to see that Active Directory is in the Top Spot. That means you are now actually deploying it, and found you need the additional tools to make it actually work in your environment.

Active Directory : FAZAM 2000 - 28%
Exchange : CAMEO - 22%
Network Admin : Sunbelt Remote Admin - 14%
High Availability: Double-Take - 13%
System Management: SCRIPTLOGIC - 8%
Security : ELM/SecureIIS/UpdateExpert - 6%
Performance Mgmt : Diskeeper - 6%
Storage Mgmt : StorageCentral - 3%

Here are the results from the last SunPoll
Q: Would you like Microsoft to extend the deadline for exam 70-240?
A: Out of 1854 unique votes, the results were:

  • Yes, I'd like it pushed back a year: 49.29% - 914 votes
  • Yes, I'd like it pushed back 6 months: 29.23% - 542 votes
  • Not really necessary: 11.11% - 206 votes
  • Already passed it!: 9.92% - 184 votes
  • Already flunked it! 0.43% - 8 votes
So, Microsoft, are you listening?

And here is the new SunPoll:
In my environment, I have compared W2K with WinXP and installed on the same hardware, looking at the speed, WinXP is:

  • Slower than W2K
  • Faster than W2K
  • About the same speed
  • Frankly, I don't really care too much
Vote here: Left Column

Warm regards,

Stu Sjouwerman (email me with feedback: [email protected])

  SPONSOR: First Line Of Defense!
Companies are implementing Intrusion Detection at a rapid clip. It
comes in many flavors and prices. But the best and by far the most
economic first line of defense is to have a tool that monitors your
Security Event Log. ELM is just the ticket. Password Cracks attempts
and many other security related events will be reported to you
instantly. ELM is only $345 per server. This is one tool you cannot
afford not to run. Get your 30-day eval here:
Visit First Line Of Defense! for more information.

High Risk IE Cookie Hole Discovered

Microsoft just sent me this "High Risk Rating Alert" that I think you should have a look at and assess if you need to fix it with priority. I normally do not forward these, as I expect most of you to get these yourself from MS. But in this case you may have overlooked it, and it's a little nasty, this one. There is no patch yet, for the moment just a workaround. Check out:

Title:      Cookie Data in IE Can Be Exposed or Altered
            Through Script Injection
Date:       08 November 2001
Software:   Internet Explorer
Impact:     Exposure and altering of data in cookies
Max Risk:   High
Bulletin:   MS01-055
Microsoft encourages customers to review the Security Bulletin at:

Web sites use cookies as a way to store information on a user's local system. Most often, this information is used for customizing and retaining a site's setting for a user across multiple sessions. By design each site should maintain its own cookies on a user's machine and be able to access only those cookies.

A vulnerability exists because it is possible to craft a URL that can allow sites to gain unauthorized access to user's cookies and potentially modify the values contained in them. Because some web sites store sensitive information in a user's cookies, it is also possible that personal information could be exposed.

Microsoft is preparing a patch for this issue, but in the meantime customers can protect their systems by disabling active scripting. (The FAQ provides step-by-step instructions for doing this). This will protect against both the web-hosted and the mail-borne variants discussed above. When the patch is complete, Microsoft will re-release this bulletin and provide details on obtaining and using it.

Mitigating Factors:

  • A user must first be enticed to a malicious web site or to open an HTML e-mail containing the malformed URL.
  • Users who have applied the Outlook Email Security Update are not affected by the HTML mail exploit of this vulnerability.
  • Users who have set Outlook Express to use the "Restricted Sites" Zone are not affected by the HTML mail exploit of this vulnerability because the "Restricted Sites" zone sets Active Scripting to disabled. Note that this is the default setting for Outlook Express 6.0. Users of Outlook Express 6.0 should verify that Active Scripting is still disabled in the Restricted Sites Zone.

The SANS/FBI Top 20 Security Vulnerabilities

A little over a year ago, the SANS Institute and the National Infrastructure Protection Center (NIPC) released a document summarizing the Ten Most Critical Internet Security Vulnerabilities. Thousands of organizations used that list to prioritize their efforts so they could close the most dangerous holes first. This new list, released on October 1, 2001, updates and expands the Top Ten list.

With this new release, SANS have increased the list to the Top Twenty vulnerabilities, and we have segmented it into three categories: General Vulnerabilities, Windows Vulnerabilities, and Unix Vulnerabilities.

The SANS/FBI Top Twenty list is valuable because the majority of successful attacks on computer systems via the Internet can be traced to exploitation of security flaws on this list. For instance, system compromises in the Solar Sunrise Pentagon hacking incident and the easy and rapid spread of the Code Red and NIMDA worms can be traced to exploitation of unpatched vulnerabilities on this list.

These few software vulnerabilities account for the majority of successful attacks, simply because attackers are opportunistic - taking the easiest and most convenient route. They exploit the best-known flaws with the most effective and widely available attack tools. They count on organizations not fixing the problems, and they often attack indiscriminately, scanning the Internet for any vulnerable systems.

In the past, system administrators reported that they had not corrected many of these flaws because they simply did not know which vulnerabilities were most dangerous, and they were too busy to correct them all. Some vulnerability scanners search for 300 or 500 or even 800 vulnerabilities, thus blunting the focus your system administrators need to ensure that all systems are protected against the most common attacks.

The Top Twenty list is designed to help alleviate that problem by combining the knowledge of dozens of leading security experts from the most security-conscious federal agencies, the leading security software vendors and consulting firms, the top university- based security programs, and CERT/CC and the SANS Institute. Click here for the actual list on the SANS Site, and check this list regularly, as they update it all the time:


New Update 8 of STAT Version 4.0 Is Out

Here are the highlights of STAT Scanner, Version 4.0, Update 8 (released November 8, 2001). It is now scanning the newly released Windows XP Pro. Version 4, Update 8 to STAT Scanner contains a total of 1282, 13 new Windows NT/2000/XP-Pro vulnerability checks and 14 new Unix vulnerabilities.

Update 8 tests for the latest patches for Windows NT 4.0, W2K, WinXP Professional, Red Hat Linux, and Sun Solaris. These patches prevent denial of service attacks or unauthorized access or privilege elevation.

Update 8 checks for new vulnerabilities in Microsoft Excel, PowerPoint, Terminal Services, and Internet Explorer 5.01, 5.5, and 6. It also checks for the critical update patch for the new Windows XP Pro OS

New features include scanning for Windows XP Pro vulnerabilities, new configuration files (QuickScan, Patch, CIAC, and XP), more detailed information on share permissions, and sorting by categories for available vulnerability checks. STAT Scanner uses the latest Mitre Common Vulnerabilities and Exposures (CVE) list of computer vulnerabilities.

This product update can be downloaded from the STAT website:

Full product specs and limited eval can be downloaded:


This Week's Links We Like. Tips, Hints And Fun Stuff

  • Interesting article in InfoWorld about how to cost justify security tools
  • If you just cannot contain yourself after the last stupid end-user question
  • It's only something like 40 days to Christmas. Here's an ultimate paintball toy.

    Hack Proofing Windows 2000 Server

    This book is a complete guide to securely configure a W2K network. There is a lot of coverage of IIS 5.0, hundreds of configuring and implementing hints, tips and FAQ's. It also goes into depth re. Kerberos, Distributed Security Services, Public Key Infrastructure and how to build a long-term security plan for your organization.