- Sign-up Now!
 - Current Issue
 - Edit Your Profile/Unsubscribe

Subscribe | Media Kit | About Us | All Issues | Subscriber Feedback | Contact Us | Privacy Statement
Sunbelt W2Knews™ Electronic Newsletter
The secret of those "who always seem to know" - Over 500,000 Readers!
Mon, Jul 8, 2002 (Vol. 7, #48 - Issue #379)
8-Node Clustering Coming in Windows .NET
  This issue of W2Knews™ contains:
    • Palladium // The Acronym Jungle, It's Not Just In IT
    • 8-Node Clustering Coming in Windows .NET Enterprise Server
    • Major Government Cyber Attack? Naaah.
    • Linux Instead of W2K On Your XBOX? Ouch.
    • Next Threat To Corporate Networks
  5. W2Knews 'FAVE' LINKS
    • This Week's Links We Like. Tips, Hints And Fun Stuff
    • IIS Security
FREE Active Directory e-Seminar Series! Register now for "The
Real World with Active Directory." In this two-part online
seminar event sponsored by Net and Full Armor, you'll learn
how to simplify AD deployment and maximize security procedures.
Register now and you'll receive by email a FREE white paper,
"Securely Managing Your Group Policies".
Visit NetIQ for more information.

Palladium // The Acronym Jungle, It's Not Just In IT

Looking at what the Palladium technology is planned to be, I cannot say I'm hopeful. Despite the fact that it will definitely make IT more secure, the problem of who controls it has not been solved. There will be quite a bit of resistance to this one. Read the FAQ in the fave links below, and you'll get a good picture of it.

And here is some light entertainment in the Editors Corner for a change. You know that in IT we are bombarded with acronyms, but we are not the only ones with our own lingo. Accounting also has their slang. Per this week's Barron's, this is what some popular financial acronyms really mean:

  • EBITDA = Earnings before I tricked the dumb auditor.
  • EBIT = Earnings before irregularities and tampering.
  • CEO = Chief Embezzlement Officer.
  • CFO = Corporate Fraud Officer.
  • NAV = Normal Andersen valuation.
  • EPS = Eventual prison sentence.

And here is a very conclusive list of IT acronyms:

PS, we got a couple of cool Fave Links too this week.

Warm regards,
Stu Sjouwerman (email me with feedback: [email protected])

  SPONSOR: Quest Software
Diagnose Root Causes of Performance Problems at a Glance!
Keep your end users productive. Diagnose and resolve congestion
FAST! Realize ROI in minutes. Quest Software?s Spotlight lets
you take the pulse of your Microsoft infrastructures with one
glance, letting you see and respond to bottlenecks and outages
before they shut you down. Spotlights are available for Windows,
Exchange, Active Directory and SQL Server. Get TEN FREE LICENSES
of Spotlight on Windows NOW!
Visit Quest Software for more information.

8-Node Clustering Coming in Windows .NET Enterprise Server

ENTmag just reported this exciting news. MS will support eight-node failover clusters in Windows .NET Enterprise Server. Microsoft made the post-Beta 3 change to support Exchange Server and multi-site, disaster tolerance scenarios.

The decision came months after the Beta 3 release of the .NET Server family editions back in November, when Microsoft announced that only four-node clusters would be supported in Windows .NET Enterprise Server, while eight-node failover clusters would be reserved for Windows .NET Datacenter Server customers.

A Microsoft spokesman told ENT that customer demand led to the change. "Making eight-node clustering exclusive to Datacenter Server does not fit within our focus of scalability and reliability [for Datacenter Server]," the spokesman said.

Market demand for greater than two-node clusters has been slow to develop. All demand for Microsoft failover clustering has pretty much been satisfied by two-node clustering up until now.

Microsoft first introduced its Microsoft Cluster Services (MSCS), or "Wolfpack", in the operating system in 1997 with the rollout of Windows NT Server 4.0, Enterprise Edition. The two-node limit inherent in the initial version carried through to W2K Advanced Server, released in February 2000. When W2K Datacenter Server launched in September 2000, it ratcheted up the capability to four nodes.

However, some customers suffered from sticker shock when they realized how much more expensive W2K 2000 Datacenter Server was than W2K Advanced Server. For a loose comparison, on fairly recent audited benchmarks, HP listed a cost of about $20,000 for W2K Advanced Server running on eight servers, while IBM listed an operating system cost of about $440,000 for four servers running Datacenter Server. Full article at:


Major Government Cyber Attack? Naaah.

Greg Filter sent in this letter, and he certainly has a point.

"A Major Cyber Government Attack? Where DOES this stuff come from? Does anybody think about this drivel?

When did the BSA become some sort of authority on security? They are nothing but a paid bunch of hit men. In fact I challenge you to go back and look at old copies of their web site. The addition of security to their alleged mission is new. (OK a Google search for the Wayback Machine or www.archive.org if you come up empty).

It is inconclusive, as I believe that there is a problem with the way the pages were archived, and sometimes you will get an extra image that seems to show discussion of security. Nonetheless, they started alleging security involvement sometime in 2001. That said, just saying so does not make it so. You and I both know what the mission is and how they are paid. (editor's note, the BSA is funded by the software industry and has anti-piracy as its goal)

Now let's turn to the 395 IT managers that were alleged to have been polled. These people are not inside the government. What could they possibly know about the state of affairs? What gives them or the BSA the right to make such claims? In my estimation it is NOTHING but speculation. Frankly the entire press report is lame.

I spent 15 years as a civilian in the military. Several years of that was in IT security. I will be the first to tell you that things are not perfect. However things are not a whole lot better in the other sectors of the computing world. Got a firewall? Look at the logs for the last day or two. Assuming that you block inbound 1433 attempts, you will discover dozens of attempts to connect to a SQL Server. Those attacks are coming from unpatched machines. Start looking up the IP assignments, and you will discover that the percentage of government machines is not good.

The government will never be perfect. But until you can get the budgeting cycle out of the hands of politicians, it can never have a chance. Find a dozen folks that have served in the government, and listen to their stories about what it is like to work in their environment. You will be amazed. It is my opinion that EVERYONE should spend 4 years working for the government. Once that tour is over you will vote differently at the polls.

I think this story is trash, and should never have been published, much less reprinted. Not because I believe that there is not a problem with government security, but because I don't think people who are not involved should be voting on it. They should be voting on their OWN vulnerability, assuming that they even know where they are vulnerable."

Linux Instead of W2K On Your XBOX? Ouch.

Now here is something pretty controversial. I'm sure that Microsoft "ain't gonna be happy" to put it mildly. The XBOX Linux project is an initiative that wants to develop a legal Linux flavor that will work on the XBOX. An anonymous donor has provided $200,000 US for the people that make it a reality.

The project has been split in several parts, and those again were split in different tasks. The first project takes the premise that Linux will replace the stripped down version of W2K that currently drives the XBOX. The four required tasks are a new BIOS, drivers, kernel and bootloader.

The second challenge is a Linux port for an unmodified XBOX. Like I said, MS is not going to be happy with a hacked XBOX running the OS of the competition as they are selling the hardware at significant losses. The profits are projected to come out of the software. But those software sales might not be realized is a significant percentage of XBOXen will never run the MS-games to begin with.


Next Threat To Corporate Networks

If you are responsible for your network, email is one of the mission critical elements. This communication line threatens to be overwhelmed by unsolicited email of a more and more graphic nature. I can pretty much predict that companies that allow porn into user's mailboxes are going to be forced to do something about that, some time in the future.

Unsolicited e-mail from adult-oriented Web sites has increased 450 percent since June 2001, according to anti-spam technology firm BrightMail. They actually found that adult spam now comprises 8 percent of all unsolicited messages -- double last year's 4 percent figure.

Measurement and analysis from BrightMail found that unsolicited e-mail fit into eight different categories:

  • Product-oriented messages that advertised general goods or services accounted for 27 percent of the spam.
  • 20 percent were financial marketing messages.
  • Internet- or computer-related e-mails were responsible for 13 percent.
  • The afore-mentioned porn spam, defined as offerings for offensive or inappropriate material for persons over the age of 18, comprised 8 percent.
  • Scams, such as the infamous "Nigerian Urgent Business Letter," accounted for 6 percent.
  • The health category accounted for 4 percent of the spam.
  • Spiritually oriented messages (including offerings for psychics and organized religion) weighed in at 4 percent.
  • Leisure-related messages -- those advertising prizes, awards, discounted travel, online games and casinos -- were responsible for 3 percent of the total spam received.
Miscellaneous messages not pertaining to any of the above categories made up 15 percent. Another result was that adult-content spam is becoming more graphic, possibly creating a legal liability to corporations. Current solutions being utilized include mail filters and rules; software and blocking systems from anti-spam vendors; and of course, the delete key.

Marketers are working diligently with governmental agencies to preserve e-mail as one of the Internet's killer apps, and establish guidelines for legitimate, and permission-based, e-mail marketing. A recent study found that marketers using permission e-mail programs face significant challenges in preserving e-mail as a viable customer communications channel.

70 percent of respondents say they are receiving more e-mail this year than last year; spam was cited as a cause by 74 percent of those who said their e-mail volume grew. Permission e-mail was cited by only 28 percent of respondents as a cause of e-mail volume growth. Two-thirds of respondents feel they get "too much" e-mail.

There are free solutions out there, like mailwasher.com but freeware is usually not appropriate for corporate environments. Sunbelt Software just released iHateSpam, which was designed specifically for Outlook (as an add-in instead of a proxy) for the professional networks. See:


This Week's Links We Like. Tips, Hints And Fun Stuff

  • The best FAQ about the new Palladium Security initiative yet. Chilling.

  • http://www.w2knews.com/rd/rd.cfm?id=020708FA-Palladium_Security
  • Article in The Register about Palladium and its influence on Linux

  • http://www.w2knews.com/rd/rd.cfm?id=020708FA-Palladium
  • And now for something completely different. Kleptomaniac Birds.

  • http://www.w2knews.com/rd/rd.cfm?id=020708FA-Klepto_Birds
  • Google has a page that shows the "signs of the times".

  • http://www.w2knews.com/rd/rd.cfm?id=020708FA-Signs_ofthe_Times
  • Parody of the new Mac ad that apparently got pulled. Funny stuff. [warning: occasional f-word - no nudity]

  • http://www.w2knews.com/rd/rd.cfm?id=020708FA-Mac_Ad
  • These guys sell the latest hot stuff not even on the US market yet.

  • http://www.w2knews.com/rd/rd.cfm?id=020708FA-Hot_Stuff

    IIS Security

    Who doesn't remember the rapid spread of Code Red, which infected one server and from there automatically launched attacks on other nearby Web servers, eventually spreading to thousands and thousands of Microsoft Web servers. Code Red was designed to flood Web servers with data, which it did so successfully that it caused the virtual shutdown of large portions of the Internet, as Web servers became overloaded with more data than they could handle. A worm such as Code Red is just one of dozens of known methods used to hamper, damage, or steal from Web sites. Because these threats are a fact of life, you must prepare yourself to guard your sites against them or suffer the consequences. IIS Security by Marty Jost does just that.