- Sign-up Now!
 - Current Issue
 - Edit Your Profile/Unsubscribe

Subscribe | Media Kit | About Us | All Issues | Subscriber Feedback | Contact Us | Privacy Statement
Sunbelt W2Knews™ Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Thu, Dec 20, 2001 (Vol. 6, #96 - Issue #331)
Wireless Server Control
  This issue of W2Knews™ contains:
    • Last 2001 Issue
    • Routers Are The New Cracker Target
    • Triple Fix for IE
    • Told You So, Holiday Virus Wreaks Havoc
    • WinXP Sales Not That Fast
    • Wireless Server Control
    • Special Year End Price: Get Password Bouncer SE For 50% Off
    • pcAnywhere Security Hole?
    • Sunbelt Reseller Has Special
  5. W2Knews 'FAVE' LINKS
    • This Week's Links We Like. Tips, Hints And Fun Stuff
    • Building Lego Mindstorm Robots
  SPONSOR: Marimba
Let Marimba transform you into an IT Super Hero by helping to
reduce your IT support costs!
Discover how Marimba's solutions
can reduce Help Desk call volume, simplify the delivery of anti-
virus updates, and effectively manage software license auditing and
W2K/XP Migrations. Attend our free seminar, "Reducing IT Support
Costs" and hear how our solutions are helping customers like
Charles Schwab and Herman Miller manage more with less.
Visit Marimba for more information.

Last 2001 Issue

Hi Everyone,

To begin with, thanks for your referrals. This campaign started out great. Please keep on going? We want more techie subscribers. And here is this week's XBOX winner: Laura Barnes in Cincinnati, Ohio. She was thrilled to bits. Want to play? Go all the way down this newsletter. Click on your profile link. Complete the profile and propose three colleagues. They will be sent an INVITATION, and not automatically be subscribed. They will need to opt into W2Knews and complete their own profiles. When they do, both you and them become eligible for an XBOX -- every week!

Second, this is the last issue of the year. Your next full W2Knews will arrive Thursday, Jan 3rd, 2002. And that will be the "Crystal Ball" issue. You should have received our Season's Greeting by now, but if you have not, have a wonderful time and a great 2002.

And now, I suggest you have a look at TWO brand new Wireless Server Control products we are introducing in this issue. Keep on reading!

Warm regards,

Stu Sjouwerman (email me with feedback: [email protected])

  SPONSOR: NovaStor - Santa's Choice for Backup Software
Backup & Disaster Recovery for one server or an entire network.
  Backup to HARD DISK as well as most Tape Devices? YES!
  Windows XP, 2000, NT, ME & 9x support? YES!
  NetWare 4.x, 5.x and 6.x support? YES!
  Linux support? YES!
  Plug-ins for Open Files, Exchange, SQL and others? YES!
Save 20% - 50% on our web store and enter to win an XBOX today!

Visit NovaStor - Santa's Choice for Backup Software for more information.

Routers Are The New Cracker Target

Internet Week Mag has a very good article about the next cracker target: Routers. They are getting bored with denial of service attacks and are now digging deeper in your infrastructure. This kind of thing allows them to divert large amounts of traffic into black holes. Not fun.

The vulnerability lies in the Border Gateway Protocol, which translates routing tables from different vendors' equipment. BGP has been used in commercial routers since 1994, and the security problems have been known for at least two years, but experts say they're seeing more router break- in kits being shared on Internet Relay Chat networks frequented by hackers. The first and most important thing is to not to use default passwords to administer your routers, a practice that's far too common. The full article is on their website and recommended reading for this week!


Triple Fix for IE

It may be overkill to tell you, but this latest IE patch is a MUST. It was labeled "critical" label on Microsoft's new security rating system. This cumulative patch repairs three new holes and all previous issues that affect both IE versions 5.5 and 6.0. Read the bulletin and GET that patch:

Told You So, Holiday Virus Wreaks Havoc

Two weeks ago I predicted that this would happen. Not so difficult of course [grin]. Well here it is: A mass-mailer worm that appears to offer New Year's greetings and a Christmas-related animation actually deletes portions of the Windows operating system and is spreading. The story over at ComputerWorld Mag.

WinXP Sales Not That Fast

The Wall Street Journal reported today that WinXP sales are lagging behind the numbers for W98 when they came out. Up to now NPD TechWorld (which tracks retail software sales) estimates that 250K WinXP copies were sold retail in November, down from 400,000 in October. When you compare that to W98 sales, the first and second month were 580K and 350K.

The obvious reason is that only at the most one third (but more likely less than 25%) of the existing home PC's out there have the hardware to run WinXP, so the sales to OEM-ers like Compaq, Dell and HP are way more important. Microsoft said that retail sales are only 10% of their total numbers. More sales will come through new PC's, but you're not really going to buy one when you are worried about your job, are you now?

Anyway, WinXP is here to stay, and MS is still pretty upbeat about it with good reason. Finally they can get rid of the old W9x code base which was an incredible pain in the you know what from a support perspective.


Wireless Server Control

We are introducing 2 new tools in this space. Why two? They overlap but also cover areas the other doesn't. That way you can choose which fits best with your needs. They are called StarAdmin and SonicAdmin. Here they come:

StarAdmin ? Wireless Microsoft Enterprise Manager

StarAdmin is a Wireless Microsoft Enterprise Management suite which gives you the ability to administer enterprise servers and networks remotely, using a web-enabled wireless phone, PDA (PocketPC/Palm) or RIM Wireless handheld. Simply put, StarAdmin puts the Microsoft Management Console (MMC) and other networking tools where you need them most ? in the palm of your hand, wherever you are. StarAdmin is loaded with powerful features; here are just a few highlights:

  • Server Administration: View Event Logs, Start/Stop Services, View/Kill Processes, View/Move/Email Files, Launch Scripts and Executables, Restart/Shutdown Servers, Windows Command Line Access
  • User Account Management: Add Users, Change/Expire Passwords, Enable/Disable Accounts
  • SQL Server Administration: Create and administer all SQL Server databases, objects, logins, users, and permissions. Configure, define and execute all SQL Server administrative tasks.
  • Network Administration: Ping, DNS Lookup, WhoIs, Traceroute
  • Printer Administration: Restart or Reset Printers, Resubmit or Remove Queued Print Jobs
  • Multiple Domain Access ? A Single Installation of StarAdmin manages your entire network
  • Telnet Management / SSH ? Manage any Device Supporting Telnet/SSH, Including Routers, Switches, Unix-OS Servers, and More
Moreover, StarAdmin satisfies the following Corporate/Federal IT criteria for remote control software:
  • Systems Administration: Using StarAdmin, you can monitor servers and correct problems at any time of the day from any location. StarAdmin?s features give you a high level of mobility, independence and control.
  • Help Desk: StarAdmin lets helpdesk staffs troubleshoot problems without having to run all over the building.
  • Managed Hosting Environment: StarAdmin is ideal for clients that want to touch and feel their servers, even in a managed hosting environment. For minor configuration changes or trouble resolution, customers of hosting facilities can use StarAdmin to remotely manage their own systems, without the time-consuming process of calling a hosting facility support technician.
  • Security: StarAdmin works with all commercially available encryption and VPN clients.
Try StarAdmin for yourself. Then imagine having this much control from your phone or PDA while on the road or in your favorite restaurant. Asking for a budget? Here are reasons you can use:
  • Improve customer service but cut cost at the same time
  • Extend support to mobile Administrators = Significant savings on travel
  • Faster problem resolution = Increased productivity

SonicAdmin - Never Go To Work Again

Managing servers and networks is vital to your job. It involves ongoing vigilance, and fast response to problems - but it doesn't have to chain you to any desk.

Wireless Network Management from the Palm of Your Hand

It's simple. When your systems are down, you are losing money. SonicAdmin is a complete network and server administration utility that allows you as a system admin or support workers to diagnose and repair mission critical server and network problems 24 hours a day, 7 days a week, from handheld wireless devices. SonicAdmin lets you keep your systems up and productive.

Product Features:

  • True RIM client - currently in beta: Release Date - January 21, 2001
  • Does not require MS Internet Information Server
  • Power management - cycle power to unresponsive hardware
  • Out-of-Band wireless access via wireless or wired modem and RAS
  • Secure Telnet to control Unix, Linux, Routers, & other devices
  • Handheld software = better usability; no WAP performance/security issues(no charge for handheld software)
  • No agent software required on controlled servers/devices
  • Highly secure
  • Full Command Prompt/Shell interface for low level control, including database, file, print server, e-mail management and more.
  • Easy install and setup
Selected Features:
  • Services and Server Processes: Monitor, start/stop, Kill, etc.
  • Manage Network Users: Edit properties, passwords, add, delete, boot, power cycle, run custom scripts and batch files
  • Secure Telnet access to any telnet device including Unix, Linux and VMS servers, or routers, switches, hubs, and more
  • Control power to any external device including servers, switches, routers, hubs, modems, lights and more
  • Execute any command line instruction with full echo
  • Control routers, hubs, print servers, Unix, Linux, other network devices
  • Statistics: view uptime, CPU, disk usage, process count, SP versions etc.
Installation, scalability and setup
  • A single installation of SonicAdmin can control all your servers, even across multiple domains
  • No need for MS Internet Information Server
  • No need for third party VPN software
  • No software agents to be installed on any of the managed servers
  • No additional hardware is required. SonicAdmin is a low-overhead program which can easily run on one of your existing servers
  • Easy self-installing routine, GUI setup and configuration
  • Supports NT 4.0 (WS + SV) W2K Pro + SV, and can control Linux, Unix, routers, etc.
  • Supports Pocket PC devices (The RIM Blackberry client is currently in beta and is scheduled for release January 2002.)
SonicAdmin does not rely on inadequate WAP security but uses a multilayer security model to ensure that your data and your network remains secure. See the white paper. This tools is great for network and system administrators. Having the ability to diagnose and fix network issues as they arise from wherever you are is more than a convenience it is a business requirement. If you have ever had to make an after hours mad dash to the office to reboot a server you know how significant (and how great) it would be to be able to do the same thing using a device that you can keep in your jacket pocket.

Here is the eval!

Special Year End Price: Get Password Bouncer SE For 50% Off

Password Bouncer Standard Edition for 50% off the first year. Reference the special pricing code PGSE-YE50A when contacting your Sunbelt Software representative or reseller.

Password Bouncer delivers stronger password enforcement than Win2K/NT, by preventing users from selecting vulnerable passwords that can be easily guessed or cracked by hackers. Passwords are screened and validated against a 300,000-word English wordlist and a 4,000-word proper noun wordlist in addition to highly configurable password rules.

Allowing lax network logon password policies on your network is the number one cause of network security violations. Simply put, user passwords are the weakest link that hackers prey upon and the most often neglected security hole. With the ever-increased focus on Security issues now is the time to take proactive steps to protect your company. Start defeating hackers today, and down- load the free trial today, but get your orders in soon as possible as this offer is for a limited time only.

pcAnywhere Security Hole?

A French Computer Magazine called Pirates Mag reported that Symantec, the self-proclaimed "security expert" claims pcAnywhere is the # 1 remote-control package in sales. I would think that is true, if you look at the market figures.

The mag made a bold claim though: "We doubt that Symantec clients know that each time they use pcAnywhere anybody can get their password: the second IP packet sent over the wire after the authentication process contains the user name and password (each string starts with a '06' byte followed by the number of characters and the 'encrypted' string itself)! This encryption scheme, the default when you install the product, is so sloppy that 10 lines of BASIC can break it in less than a second:

  1. PRINT "Enter the pcAnywhere string to decrypt (username or password, in hex bytes): "
  2. INPUT code$
  3. length = LEN(code$) / 2
  4. nb = VAL("&h") + LEFT$(code$, 2)) XOR &HAB
  5. plaintext$ = CHR$(nb)
  6. FOR count = 1 to length - 1
  7. nb = (VAL(&h" + MID$(code$, count*2+1, 2)) XOR VAL("&h" + MID$(code$, (count-1)*2+1, 2)) XOR (count-1) OR &H40
  8. plaintext$ = plaintext$ + CHR$(nb)
  9. NEXT
  10. PRINT "The secret word is: "; plaintext$
Companies which trust Symantec may wonder why such a backdoor exists since version 2.0 in all the versions of pcAnywhere. If they don't, we do. BTW, the second encryption method available has been coded by a recognized security expert: Microsoft. We wish good luck to Symantec clients." End quote.

Our Comment: Whoa Nellie! I'd like some comment from Symantec about this. We ran this code in house to try out the exploit, and there actually are a few bugs in it that would need to be fixed. We ran this against pcAnywhere V9.2, and conceptually it seems that this works. Link to the Pirates Site is here:

Sunbelt Reseller Has Special

IT'S THE SEASON FOR GIVING!! And we're giving away a free X-Box or 1 server license of Event Log Monitor software (your choice) with any purchase of Update Expert over $5,000.00

UpdateEXPERT is a Windows® administration program that helps you secure your systems by remotely managing service packs and hotfixes. For those of you who may not need that much Update Expert, just email us to find out which other products qualify. [email protected]


This Week's Links We Like. Tips, Hints And Fun Stuff

  • User calls and asks: "I think I clicked something wrong...?" Wait for ten seconds and an error message appears
  • Great link for those looking for project tracking software
  • Tweakers Asylum is a fun site for techies. Check out the Scott e-vest

    Building Lego Mindstorm Robots

    Some Christmas fun this time around. This book is about building robots using Lego bricks and components. In the first section of the book they discuss why Lego is an ideal system to build them The second section is about how to build a robot. Here they provide a set of tools you need to explore the world of robotics. Some basic knowledge about mechanics, motors, sensors, pneumatics, navigation, and many tips and tricks. In Part III they start to face the tough question, the one we actually would try to answer with this book: "I got a Mindstorms kit, I have learnt how to use it, what do I build now?".