- Sign-up Now!
 - Current Issue
 - Edit Your Profile/Unsubscribe

Subscribe | Media Kit | About Us | All Issues | Subscriber Feedback | Contact Us | Privacy Statement
Sunbelt W2Knews™ Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Mon, Mar 11, 2002 (Vol. 7, #20 - Issue #351)
More About Telephone Hacking
  This issue of W2Knews™ contains:
    • More About Telephone Hacking
    • W2K GPO's on XP Box: Just One Little Problem
    • Three More Fave W2K/AD Gotchas
    • New Important Microsoft Licensing Program 6.0 Survey
    • Microsoft Management Summit 2002: Gotta See This One
    • MS Releases NT Patch Available for SNMP Vulnerability
    • Users Violating Company Policies, The Law And Common Sense?
  5. W2Knews 'FAVE' LINKS
    • This Week's Links We Like. Tips, Hints And Fun Stuff
    • Hacking Exposed Version 3
  SPONSOR: Microsoft Management Summit
THE management event of the year! If you are into management, you
cannot miss the Microsoft Management Summit to be held April 29-
May 3 in Las Vegas. Get the latest on SMS, MOM, App. Center, Altiris,
Net IQ, Garter and more. Hands-on labs, breakout sessions on numerous
technologies and keynotes from the industry leaders including Microsoft
and Gartner. Early bird ends March 15.
Visit Microsoft Management Summit for more information.

More About Telephone Hacking

In the mean time I got a lot of feedback about our phone hacking "event" and also learned a lot more. Thank you all for your feedback. I have combined some of it in the section below.

There are systems designed to stop this kind of hacking. They are called TIDS (Telephone Intrusion Detection Systems.) They not only will stop this kind of activity (and track it including information like the dialing number) but can also detect rogue modems configured on potentially networked systems. Some systems can even track any dial-up or VPN accounts you may have. An example of this is:

Even worse is that many companies still have analog lines that they have long forgotten about, with modems on the other end, and some of these systems are networked. So why try to come in through a firewall? This article is a little old but still relevant and explains more technical detail how cracking phone systems works:

One of the authors of Hacking Exposed reminded me that in both HE2 and HE3 the entire phone hacking process is documented complete with ProComm Plus Aspect scripts that automate this "attended" voicemail hack for penetration testing purposes. The best offense is a strong defense they say. He said that his website details the fact that phone systems and dial up systems are constantly a source of entry for them, primarily because they have gone the way of the dinosaur in the eyes of many, but I ask you at this point have they? Hacking Exposed 3 here:

Bottom line, Low tech is in these days. Regardless of whether it is War Dialing, Voice Mailbox (VMB) hacking, PBX hacking, X.25 hacking, or simply installing KeyGhost. This is a neat little hardware-based keystroke logger that you can get in NZ for 99 bucks. (Warning, it can cause major damage on a KVM switch).

On his website he documents the fact that existing old school tech like ProComm Plus, QBASIC and programs like ToneLoc still reign in many White and Black Hat tool boxes.

And the XBOX this week goes to: Alfred Rieger from Marathon, FL
To make a chance in winning yours, refer up to three friends here:

Keep Secure! Warm regards,
Stu Sjouwerman (email me with feedback: [email protected])

Failure to protect your mission critical data can sink your business.
Double-Take delivers real-time protection for your NT/W2K Servers. A
whole department sitting on their hands is extremely expensive. With
Double-Take you can mirror critical data to a target server, and
Double-Take will fail over if your source server goes down. 2001 Editor's
Choice of both Windows 2000 and Network Magazine. Download a
30-day eval copy now and start protecting your data and apps.
Visit DOUBLE-TAKE for more information.

W2K GPO's on XP Box: Just One Little Problem

Derek Melber at Braincore wrote this, thanks for your contribution Derek.

"I think the IT community agrees that your newsletter is very good and contributes excellent information to the IT community.

"In your latest W2K News, you mention that updating you Windows 2000 GPOs with an XP box is a great thing and refer to a Microsoft article to back that up. I don't deny that doing this is a great thing, but something extremely important is left out of your recommendation and their article. These ADM templates are actually copied from the computer that edits the GPO. So, if you import the ADM from an XP/.NET system or just open it with a XP Pro system, the new ADMs come to life.

"However, if someone modifies the GPO with a non XP client, the XP/.NET ADMs are overwritten and bad things could happen. Of course, Microsoft would never mention this, since someone could look at it as a flaw. However, you might want to do some investigation on this (or I could help you write it) "Watch Out" portion of the article. Regardless, I just wanted to point this out to you, since I got bit with this exact thing while working with a client moving to AD and XP Pro".

Three More Fave W2K/AD Gotchas

Gotcha number one: The problem is always DNS
Permissions, logons, domain controller replication, domain controller creation, and just about everything else relies on functioning DNS. Quadruple check that DNS is configured correctly on clients and servers. Always suspect that DNS is not configured correctly if something is not working.

Gotcha number two: Group policies are sneaky
Group policies at multiple levels can affect a single user. Before implementing or changing them, manually sketch out what policies will be in affect, how they will be ACL'd, and how they will be inherited throughout the AD structure.

Gotcha number three: Don't leave time sync to chance
The W32 time service has rules that control how time service clients sync with domain controllers. Understand these rules, and plan out a time server hierarchy. If the time on clients and servers drifts by more than 10 minutes, users may not be able to authenticate against the domain--this is a built-in security feature.

Brian Alletto


New Important Microsoft Licensing Program 6.0 Survey

You will probably know that coming August 1, 2002 is the deadline for Microsoft's new Licensing Program 6.0. The new licensing scheme, which favors a subscription-based "leasing model, " will introduce sweeping changes to the way corporations will do business with Microsoft. It will potentially have a large financial as well as technology impact on your business. To date, many customers have voiced concern and confusion over the new terms and conditions of the Licensing Program 6.0, what it means to their company in terms of value and whether or not their firms can afford it.

Sunbelt and Information Technology Intelligence Corp. (ITIC is our new Analyst Partner) have an important survey for you that you can complete in less than 5 minutes. We need to know how far you are in getting prepared for your new licensing. I'd like you to go to this link and answer these questions. Most of them are just a "one click". Thanks very much in advance!


Microsoft Management Summit 2002: Gotta See This One

If you are interested in systems management, including clients and servers, you will not want to miss this conference. This is the management event of the year. Sponsored by Microsoft, NetIQ and Altiris, attendees will participate in hands-on training, breakout sessions and keynotes from some of the top industry experts, including Microsoft.

This was formerly the SMS & W2K User Conference that was hosted by Altiris. The conference has been expanded to include sessions and labs on numerous Microsoft technologies, including SMS, MOM and Application Center. Conference dates are April 29 - May 3, 2002 at the MGM Grand Hotel in Las Vegas. For more information and registration (including early bird incentives) go to:

MS Releases NT Patch Available for SNMP Vulnerability

ENTMag reported that Microsoft continues to work on bringing out patches for all versions of Windows affected by the industry-wide security hole in SNMP. Microsoft alerted subscribers to its Security Bulletin service Wednesday night that an SNMP patch was available for Windows NT 4.0 users. Read more:


Users Violating Company Policies, The Law And Common Sense?

At Computerworld's annual Premier 100 conference, NT/W2K storage was discussed. Users and applications constantly demand more server storage capacity, which often prompts companies to buy more disk arrays. But at least one IT administrator has found that the disk space is already inside the data center -- it's just poorly managed. That's what David Reimer, project lead at Dallas-based Excel Communications Inc., argued.

"In reality, we have a lot of [disk] space already," he said. "We just need to know how to manage it."

He was in the midst of a server consolidation effort while concurrently designing a $3 million 40TB storage-area network to cut costs and improve capacity. They ran StorageCentral and what he discovered was eye-opening. By using the auditing features in StorageCentral, Reimer found that users had violated company policies, the law and common sense. For example, users were storing pornography on server disks, as well as copyrighted MP3 music files. Users had also squirrelled away unlicensed software. In addition, some had backed up the entire content of their PC desktop drives.

That knowledge convinced Reimer that storage capacity management was a better path to trod than adding disk arrays that can cost up to $17,000 apiece. "We know storage is going to grow. It used to be megabytes, then gigabytes, and now it's terabytes. Tomorrow, it will be petabytes," Reimer said. "Just adding more, expensive disks by themselves is not the answer." Full article is at:

The new StorageCentral V5 30-day eval copies can be had at:


This Week's Links We Like. Tips, Hints And Fun Stuff

  • Yup. Hacking wireless networks with a Pringles tube. No kidding.

  • http://www.w2knews.com/rd/rd.cfm?id=020311FA-WLANhacking
  • Latest And Greatest Network Security Tool Right Here:

  • http://www.w2knews.com/rd/rd.cfm?id=020311FA-UltiSecTool
  • Seems one of these "unbelievable but true" kinda articles. Could it be an early April 1st joke?

  • http://www.w2knews.com/rd/rd.cfm?id=020311FA-Unbelievable

    Hacking Exposed Version 3

    "Still the best for vulnerability assessment and penetration testing"
    Reviewer: Richard Bejtlichfrom Texas, USA.

    I am a senior engineer for managed network security operations, which includes conducting vulnerability assessments against client networks. I read this edition to gain insights into ways to better assess a client's security posture, and also to understand some of the attacks I see while monitoring intrusion detection systems. Of the books I've read, Hacking Exposed remains the best guide to systematically assess and (if necessary) compromise hosts. By understanding black hat methods, defenders can better prepare for the tidal wave of exploits washing upon the networking shore.