Sunbelt W2Knews Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Mon, Nov 12, 2001 (Vol. 6, #87 - Issue #322)
Which One Is Faster?
This issue of W2Knews contains:
- EDITORS CORNER
- WinXPNews Subscription Bug / Most Popular Categories /
New SunPoll: Which One Is Faster?
- TECH BRIEFING
- High Risk IE Cookie Hole Discovered
- NT/2000 RELATED NEWS
- The SANS/FBI Top 20 Security Vulnerabilities
- NT/2000 THIRD PARTY NEWS
- New Update 8 of STAT Version 4.0 Is Out
- W2Knews 'FAVE' LINKS
- This Week's Links We Like. Tips, Hints And Fun Stuff
- PRODUCT OF THE WEEK
- Hack Proofing Windows 2000 Server
FREE WINDOWS MIGRATION eBOOK
Assessing your Windows 2000 readiness? Get the step-by-step
tools you need to determine whether to migrate in-place or
incrementally. Register today for "The Definitive Guide to
Windows 2000 and Exchange 2000 Migration" -- a FREE eBook
by NetIQ and Realtimepublishers.com. Let us help you master the
fundamentals of Windows 2000 migration. To Register:
Visit NetIQ for more information.
WinXPNews Subscription Bug / Most Popular Categories /
New SunPoll: Which One Is Faster?
Quite a few of you ran into a bug in the subscription code for
WinXPnews. We sent an HTML form to your email client but sitting in
the Outlook preview pane that form did not work properly. More over,
a bunch of companies do not allow HTML into the domain all together
so our cool idea did not work too well. [grin] We fixed the routines
for WinXPnews subscription and it's all working now. Please retry if
you did not get through the first time?
Last issue we listed the 2001 Best Sellers, and since we count the
click thrus automatically, here are the categories you and your
colleagues actually checked out, sorted in descending order. It was
interesting to see that Active Directory is in the Top Spot. That
means you are now actually deploying it, and found you need the
additional tools to make it actually work in your environment.
Active Directory : FAZAM 2000 - 28%
Exchange : CAMEO - 22%
Network Admin : Sunbelt Remote Admin - 14%
High Availability: Double-Take - 13%
System Management: SCRIPTLOGIC - 8%
Security : ELM/SecureIIS/UpdateExpert - 6%
Performance Mgmt : Diskeeper - 6%
Storage Mgmt : StorageCentral - 3%
Here are the results from the last SunPoll
Q: Would you like Microsoft to extend the deadline for exam 70-240?
A: Out of 1854 unique votes, the results were:
So, Microsoft, are you listening?
- Yes, I'd like it pushed back a year: 49.29% - 914 votes
- Yes, I'd like it pushed back 6 months: 29.23% - 542 votes
- Not really necessary: 11.11% - 206 votes
- Already passed it!: 9.92% - 184 votes
- Already flunked it! 0.43% - 8 votes
And here is the new SunPoll:
In my environment, I have compared W2K with WinXP and installed on the same hardware, looking at the speed, WinXP is:
Vote here: Left Column
- Slower than W2K
- Faster than W2K
- About the same speed
- Frankly, I don't really care too much
(email me with feedback: [email protected])
SPONSOR: First Line Of Defense!
LOW COST INTRUSION DETECTION
Companies are implementing Intrusion Detection at a rapid clip. It
comes in many flavors and prices. But the best and by far the most
economic first line of defense is to have a tool that monitors your
Security Event Log. ELM is just the ticket. Password Cracks attempts
and many other security related events will be reported to you
instantly. ELM is only $345 per server. This is one tool you cannot
afford not to run. Get your 30-day eval here:
Visit First Line Of Defense! for more information.
High Risk IE Cookie Hole Discovered
Microsoft just sent me this "High Risk Rating Alert" that I think you
should have a look at and assess if you need to fix it with priority.
I normally do not forward these, as I expect most of you to get these
yourself from MS. But in this case you may have overlooked it, and
it's a little nasty, this one. There is no patch yet, for the moment
just a workaround. Check out:
Title: Cookie Data in IE Can Be Exposed or Altered
Through Script Injection
Date: 08 November 2001
Software: Internet Explorer
Impact: Exposure and altering of data in cookies
Max Risk: High
Microsoft encourages customers to review the Security Bulletin at:
local system. Most often, this information is used for customizing
and retaining a site's setting for a user across multiple sessions.
By design each site should maintain its own cookies on a user's
machine and be able to access only those cookies.
A vulnerability exists because it is possible to craft a URL that
can allow sites to gain unauthorized access to user's cookies and
potentially modify the values contained in them. Because some web
sites store sensitive information in a user's cookies, it is also
possible that personal information could be exposed.
Microsoft is preparing a patch for this issue, but in the meantime
customers can protect their systems by disabling active
scripting. (The FAQ provides step-by-step instructions for doing
this). This will protect against both the web-hosted and the
mail-borne variants discussed above. When the patch is complete,
Microsoft will re-release this bulletin and provide details on
obtaining and using it.
- A user must first be enticed to a malicious web site or to
open an HTML e-mail containing the malformed URL.
- Users who have applied the Outlook Email Security Update
are not affected by the HTML mail exploit of this
- Users who have set Outlook Express to use the "Restricted
Sites" Zone are not affected by the HTML mail exploit of this
vulnerability because the "Restricted Sites" zone sets Active
Scripting to disabled. Note that this is the default setting
for Outlook Express 6.0. Users of Outlook Express 6.0 should
verify that Active Scripting is still disabled in the Restricted
NT/2000 RELATED NEWS
The SANS/FBI Top 20 Security Vulnerabilities
A little over a year ago, the SANS Institute and the National
Infrastructure Protection Center (NIPC) released a document
summarizing the Ten Most Critical Internet Security Vulnerabilities.
Thousands of organizations used that list to prioritize their
efforts so they could close the most dangerous holes first. This
new list, released on October 1, 2001, updates and expands the
Top Ten list.
With this new release, SANS have increased the list to the Top
Twenty vulnerabilities, and we have segmented it into three
categories: General Vulnerabilities, Windows Vulnerabilities,
and Unix Vulnerabilities.
The SANS/FBI Top Twenty list is valuable because the majority of
successful attacks on computer systems via the Internet can be
traced to exploitation of security flaws on this list. For
instance, system compromises in the Solar Sunrise Pentagon
hacking incident and the easy and rapid spread of the Code Red
and NIMDA worms can be traced to exploitation of unpatched
vulnerabilities on this list.
These few software vulnerabilities account for the majority of
successful attacks, simply because attackers are opportunistic -
taking the easiest and most convenient route. They exploit the
best-known flaws with the most effective and widely available
attack tools. They count on organizations not fixing the problems,
and they often attack indiscriminately, scanning the Internet
for any vulnerable systems.
In the past, system administrators reported that they had not
corrected many of these flaws because they simply did not know
which vulnerabilities were most dangerous, and they were too busy
to correct them all. Some vulnerability scanners search for 300
or 500 or even 800 vulnerabilities, thus blunting the focus your
system administrators need to ensure that all systems are protected
against the most common attacks.
The Top Twenty list is designed to help alleviate that problem
by combining the knowledge of dozens of leading security experts
from the most security-conscious federal agencies, the leading
security software vendors and consulting firms, the top university-
based security programs, and CERT/CC and the SANS Institute.
Click here for the actual list on the SANS Site, and check this
list regularly, as they update it all the time:
THIRD PARTY NEWS
New Update 8 of STAT Version 4.0 Is Out
Here are the highlights of STAT Scanner, Version 4.0, Update 8
(released November 8, 2001). It is now scanning the newly released
Windows XP Pro. Version 4, Update 8 to STAT Scanner contains a total
of 1282, 13 new Windows NT/2000/XP-Pro vulnerability checks and 14
new Unix vulnerabilities.
Update 8 tests for the latest patches for Windows NT 4.0, W2K,
WinXP Professional, Red Hat Linux, and Sun Solaris. These patches
prevent denial of service attacks or unauthorized access or
Update 8 checks for new vulnerabilities in Microsoft Excel, PowerPoint,
Terminal Services, and Internet Explorer 5.01, 5.5, and 6. It also
checks for the critical update patch for the new Windows XP Pro OS
New features include scanning for Windows XP Pro vulnerabilities,
new configuration files (QuickScan, Patch, CIAC, and XP), more
detailed information on share permissions, and sorting by categories
for available vulnerability checks. STAT Scanner uses the latest
Mitre Common Vulnerabilities and Exposures (CVE) list of computer
This product update can be downloaded from the STAT website:
Full product specs and limited eval can be downloaded:
This Week's Links We Like. Tips, Hints And Fun Stuff
Interesting article in InfoWorld about how to cost justify security tools
If you just cannot contain yourself after the last stupid end-user question
It's only something like 40 days to Christmas. Here's an ultimate paintball
PRODUCT OF THE WEEK
Hack Proofing Windows 2000 Server
This book is a complete guide to securely configure a W2K network.
There is a lot of coverage of IIS 5.0, hundreds of configuring and
implementing hints, tips and FAQ's. It also goes into depth re. Kerberos,
Distributed Security Services, Public Key Infrastructure and how to
build a long-term security plan for your organization.