1. EDITORS CORNER
   • New SunPoll: High Availability / More on XBOX Live
2. TECH BRIEFING
   • "Just In Time" Learning and IT
3. NT/2000 RELATED NEWS
   • Digital Attacks Against U.S. Rise in November
   • How Terminal Services Licensing Works Now
   • Systems Management with WMI
   • Server Consolidation Primer
   • Microsoft Wants WindowsXP.nu Domain From Hobbyist
   • Information Technology Survey: Perhaps A Christmas Bonus?
   • Meta Group Predicts MS Will Support Linux
4. NT/2000 THIRD PARTY NEWS
   • 99.999% High Availability A Dream?
   • Comptia Unveils Basic Security Certification
   • New Vulnerability Warning In Christmas Carol Format
   • New sonicadmin V2.6 Now With Enhanced Features And Security
5. W2Knews 'FAVE' LINKS
   • This Week's Links We Like. Tips, Hints And Fun Stuff
6. PRODUCT OF THE WEEK
   • iHateSpam

New SunPoll: High Availability / More on XBOX Live

This is the last issue in the year 2002, so it's a bit longer than usual! First thing we start with is the new SunPoll: "Do you think Windows Servers are a viable platform for critical applications in your organization"? Let's see what everybody thinks about this! Vote here, leftmost column:
http://www.w2knews.com/rd/rd.cfm?id=021216ED-SunPoll

OK, I'm now hooked on XBOX live. Yes, the The joystick setup was a drag. But once I was online it was awesome. MotoGP (an online motorcycle racing game) just kicks butt and NFL fever, people tell me, is a bada$$ game and really enjoy it too. Especially the fake or vintage teams. Microsoft has done something very right this time. Who would have ever thought. There are some other advantages to XBOX live:

1. There is no dial up access - so lag is really limited.
2. One sign-on for all games.
3. Account maintenance available via the Xbox live web site, and can be associated with your Microsoft Passport

1. If some one else is using your connection at the same time (Home network), browsing the internet or using a lot of the pipe then you get some serious lag and dropped from games continuously. The XBOX live is a bandwidth hog.
2. The MAC address thing - Apparently there is a known issue also with broadband or DSL routers (Depends on manufacturer - but there can be some additional configurations. Most of the common ones are on the XBOX site. There can also be some firewall problems. XBOX tech support was fast and knowledgeable though. (Prescott Small contributed to this story)

• Success often occurs in private, but failure usually in full view.
• One thing the hardware engineers just can't seem to get the bugs out of is... fresh paint.
• All truth passes through three stages: First it is ridiculed. second, it is violently opposed. Third, it is accepted as being self-evident. - Schopenhauer

"Just In Time" Learning and IT

What makes Automated Learning Management systems attractive to management?

You have just been given the CEO's job at Mega Corporation. You find that the company is lagging the competition as the bad news. The good news is that one of your IT staff has this great idea for a new tool that enables anyone who is computer literate to make easy edits to a corporate intranet site without wiping out the site. The IT pro did this in self-defense. The last major site update that he/she made was barely uploaded when the VP Marketing called and said he wanted a graphic changed, the VP Sales wanted to change a sentence in the text, the Corporate Attorney called screaming that there were not enough whereases, notwithstandings and party-of-the-first-parts in the disclaimers he needed on the site.

You decide that this "site editing for the rest of us" tool would be a great product to add to your arsenal to sell externally, in addition to its obvious benefits for your own organization. You now need to rapidly educate marketing personnel, sales personnel, and support/service personnel on this new product idea and get it to market before the competition catches on.

This is where a learning management system comes in. You get your elearning staff to do up a short interactive course on the new product and how it will be marketed. You store it in the course data base of your learning content management system (at which point it becomes immediately available for training employees). You specify some rules that generate a list of employees that need to do the course. The system automatically sends an email notification to these selected employees that they need to do the course. The email gives them the URL where they can access the course, a user name and password. The next day you logon to the management interface and see who is on the course, how they are progressing and when they will be complete. As the employees complete the course, they are automatically sent a certificate of completion and given credit in their personnel files for doing so.

The result? Key employees all on the same page, successful product introduction, increased sales, reduced training costs, improved profits, employees happy and competition green with envy. And, of course, the IT pro should get a million dollar bonus for coming up with the idea and product. Why not? Compare that to traditional new product training alternatives and you will see the value of a learning management system.

(Note: You may have noticed that the new product idea is actual and was introduced by Macromedia the week I wrote this article - November 11th 2002 and is called "Contribute". Run - don't walk - to get a try and buy copy.) In the next article we will cover the course creation function of an LMS/LCMS.

Digital Attacks Against U.S. Rise in November

The number of digital attacks in the United States rose by 13 percent in November despite an 8 percent decline worldwide, according to a London-based security firm called mi2g. They counted 6,642 attacks in November against the United States, accounting for half of all the attacks worldwide that month. So far this year, according to mi2g's tracking, attacks against the United States exceeded the next four most targeted victims combined. Mi2g nodded to the recent CERT data released in November showing that the highest percentage of major new vulnerabilities impact Linux and that new Windows vulnerabilities were on the decline by that yardstick. Nonetheless, mi2g found that the most attacked operating system in November remained MS Windows at 67 percent or 9,945 of all attacks. Read more at ENTMag:
http://www.w2knews.com/rd/rd.cfm?id=021216RN-Digital_Attacks

How Terminal Services Licensing Works Now

MS has a webpage where they explain the new scheme. There is a white paper available as well. It provides an introduction to Terminal Services Licensing, the client license management service for W2K server. The Terminal Services Licensing service works with Terminal Services to provide, catalog, and enforce license policy among Terminal Services clients. The paper examines the key features and components of Terminal Services Licensing and explains how this service will affect computing in the enterprise. More at MS:
http://www.w2knews.com/rd/rd.cfm?id=021216RN-TS_Licensing

Systems Management with WMI

Gwyn Cole sent me the following very useful contribution:

Many administrators don't know that they can use Windows' built-in management facilities to manage PCs and servers. Windows Management Instrumentation (WMI) is a management technology built on the WBEM (Web-Based Enterprise Management) standard. This incorporates hardware and software management which has been traditionally served by SNMP and DMI. Through WMI, administrators can easily develop scripts for routine administration tasks, such as identifying machines on the network that don't have the latest service pack installed or don't have a virus checker running.

WMI support in Windows 2000 is good and is much more extensive in Windows XP and .NET Server 2003. More and more software will become manageable through WMI which provides administrators the power to harness a new level of system administration. There are some books on the subject on Amazon.com. Simply do a book search for "WMI". You can download the WMI Toolset from Microsoft at the link below.

Load "CIM Studio" to view, add, save and edit the management objects. Try this -- make a management query (it's a toolbar button) and enter: "SELECT * FROM Win32_Service WHERE Started=true", this will tell you what services have started on your Windows system.
http://www.w2knews.com/rd/rd.cfm?id=021216RN-WMI

Server Consolidation Primer

ENTMag has a good article about consolidating servers. Here's more:

One of the driving forces behind the need for high availability on Windows these days is the trend to consolidate multiple Windows boxes on fewer and fewer servers. The more applications on a server, the more costly it becomes when that box fails. There's more than one way to consolidate a Windows server. We'll take a look at MS's preferred approach -- cramming everything onto a massive Windows server. But this article also explores cross-platform alternatives that don't involve porting all your non-Windows applications to the Wintel platform. Read more:
http://www.w2knews.com/rd/rd.cfm?id=021216RN-Consolidating

Microsoft Wants WindowsXP.nu Domain From Hobbyist

Steven Bink, who registered the WindowsXP.nu domain name two years ago, said he won't fight the software maker over his site. Sunbelt has given him free use of our list server to send his newsletters, but MS has some issues. More at:
http://www.w2knews.com/rd/rd.cfm?id=021216RN-WindowsXP

Information Technology Survey: Perhaps A Christmas Bonus?

Sunbelt Software and Survey.com are doing IT industry surveys on a regular basis. As a valued industry professional, we invite you to participate in an extremely sensitive and important research study. In this project, we are examining some very particular aspects of information technology.

The survey is a bit longer than other surveys, so you should block out a bit of time to complete the survey. However, everyone who participates in the survey will have the opportunity to win 1 of 3 cash prizes of $1,000 each. Only approximately 600 respondents are needed for this project, so your chances of winning are quite good. (Offer valid for the USA only - Our apologies this dropped out of the newsletter.)

Please take part in this very important research by clicking on the link below or pasting it into your browser:

http://www.w2knews.com/rd/rd.cfm?id=021216RN-Survey

When taking the survey, please be candid in your responses. We need your honest opinions. The data you submit will remain confidential and will not be released, sold, or used for any purpose other than this research. It will only be used to compile aggregate statistics for a summary report. Neither you nor your company will be identified in any way. Thank you very much for your time.

Meta Group Predicts MS Will Support Linux

Last Monday, the market research outfit predicted that in 2004, MS will introduce software for web services and servers supporting the Linux platform. Micorsoft denied the news, but does see itself confronted with an increasing threat from the open software movement which steadily takes more market share. This is mainly at the cost of old *nix variants. Meta's crystal ball predicts that Linux's share on new servers will grow to almost 50% in 2007. (It's now about 15-20%). At that time it will be difficult for MS to ignore Linux as a platform for SQL, Exchange and IIS.

99.999% High Availability A Dream?

Well, let's conclude that it was great marketing. But if you look under the covers, it usually was not all it was cracked up to be. If one investigates the exact service level guarantees, the penalty to a vendor for not achieving guaranteed uptime typically consisted of a service credit. Big Deal.

More over, most of these guarantees were just focused on the OS. And we just saw last week that over 40% of downtime is caused by apps, and a good chunk by hardware or natural disasters. The gulf between the promise of 99.999% uptime and reality was often quite large.

High availability is still a top concern for system admins though. Outfits that require five-nine, or even 100 percent uptime ? such as financial institutions or 911 centers ? usually choose vendors with specific fault-tolerant machines: Tandem or Stratus usually.

But for mere mortals like us that can live with a little bit of downtime and not get killed for it, W2K demonstrates higher uptime levels than NT. The Aberdeen Group, looking at 10 enterprises in 2001, estimated that W2K servers averaged 99.964% uptime. And MS promises a real 99.999% uptime provided you use Datacenter Server with a proper configuration.

Being part of the Windows Datacenter Program means stringent rules that OEMs must live up to. These include hardware compatibility, support centers staffed by both OEM and Windows specialists, and added to that an active software maintenance program. It really looks a lot like an IBM mainframe type of setup, so you cannot hook up just anything you want to these puppies, or plug in cards you like. Last but not least, the disaster recovery issue has still not been solved by MS, even with Datacenter. Getting your data off-site, real time, to a safe place that can be backed up and/or used to rebuild servers in case the office building goes up in flames or apps crash fatally is still solved by third party tools like Double-Take:
http://www.w2knews.com/rd/rd.cfm?id=021216TP-Double-Take

Comptia Unveils Basic Security Certification

Need a measure of basic (and cheap) security knowledge? The Computer Technology Association (CompTIA) this week unveiled its new Security+ credential, a vendor-neutral certification for first line defenders of the information security world. They call the new Security+ as a baseline for hands-on security knowledge in areas such as authentication, encryption and countering external attacks.

"This is the GED of security, or maybe the associate's degree," says Fran Nielsen, deputy director of the Computer Security Division of the National Institute of Standards and Technology (NIST). NIST helped develop the credential and the certification test. (For people outside the USA, "GED" is the equivalent of a high school diploma)

Security+ is the 11th certification developed by CompTIA, and its first focused on security only. Fran Linhart, CompTIA's director of certification, says the organization began developing the test in the summer of 2001, after a security vendor asked for a baseline test. The tests have an international focus, which of course should be the case, seen the fact that a lot of attacks come from "rogue IT" countries like China and Russia.

Security+ will help IT professionals in general, not just security experts. System Admins, Network admins and Database Admins definitely get a basic understanding of network security issues. This is a good startup course for younger people, but if you are mid-career and want to get into the security business, this is a great first step.

Security+ tests are administered by NCS Pearson's VUE unit and Thomson Learning's Prometric division. The test costs $225, (CompTIA members receive discounts that can cut the price to $125). Here are some details on that to expect on the exam:
http://www.w2knews.com/rd/rd.cfm?id=021216TP-Comptia

New Vulnerability Warning In Christmas Carol Format

PNG (Portable Network Graphics) Deflate Heap Corruption Vulnerability
Release Date: December 11, 2002 Severity: High (Code Execution)

Twas the night before Christmas, and deep in IE
A creature was stirring, a vulnerability
MS02-066 was posted on the website with care
In hopes that Team eEye would not see it there

But the engineers weren't nestled all snug in their beds,
No, PNG images danced in their heads
And Riley at his computer, with Drew's and my backing
Had just settled down for a little PNG cracking

When rendering an image, we saw IE shatter
And with just a glance we knew what was the matter
Away into SoftICE we flew in a flash
Tore open the core dumps, and threw RFC 1951 in the trash

The bug in the thick of the poorly-written code
Caused an AV exception when the image tried to load
Then what in our wondering eyes should we see
But our data overwriting all of heap memory

With heap management structures all hijacked so quick
We knew in a moment we could exploit this $#!%
More rapid than eagles our malicious pic came --
The hardest part of this exploit was choosing its name

Derek Soeder
Software Engineer
eEye Digital Security

Systems Affected:
We have specifically tested the following software and verified the potential for exploitation: Microsoft Internet Explorer 5.01 Microsoft Internet Explorer 5.5 Microsoft Internet Explorer 6.0. Note: We have also successfully exploited this vulnerability via the IE web control for Microsoft Outlook.

For the purpose of completeness we have included a listing of each product that ships with the vulnerable pngfilt.dll version 6.0.2600.0 and prior. We obtained this list from Microsoft's DLL Help Database:

• Access 2000 SR1
• BackOffice 4.5
• Commerce Server 2000
• DirectX 6.0 SDK
• DirectX 6.0 SDK
• Internet Explorer 4.0
• Internet Explorer 4.01 SP1
• Internet Explorer 4.01 SP1
• Internet Explorer 4.01 SP2
• Internet Explorer 4.01 SP2
• Internet Explorer 5.0
• Internet Explorer 5.01
• Internet Explorer 5.5
• Internet Explorer 5.5 SP2
• Internet Explorer 6.0
• Microsoft Visual Studio .NET (2002) and many other development tools
• Windows 2000 and XP, all Server and Pro versions, 95,98, ME, NT

Mitigating Factors:
It should be noted that due to memory management system behavior across various Windows operating system environments, exploitation may become extremely difficult and in some cases unreliable.

Protection:
Retina Network Security Scanner has been updated to check for this hole:
http://www.w2knews.com/rd/rd.cfm?id=021216TP-Retina

Vendor Status:
Microsoft was contacted in August 2002. Internet Explorer SP1 eliminates this vulnerability. Internet Explorer SP1 can be retrieved using the following URL:
http://www.w2knews.com/rd/rd.cfm?id=021216TP-IE_SP1

Microsoft has released a security bulletin for this flaw. It is located here:
http://www.w2knews.com/rd/rd.cfm?id=021216TP-Security_Bulletin

Credits: Discovery: Drew Copley, Research Engineer, eEye Digital Security
Exploitation: Derek Soeder, Software Engineer, eEye Digital Security
Riley Hassell, Research Engineer, eEye Digital Security

New sonicadmin V2.6 Now With Enhanced Features And Security

Planning on spending some time away from the office over the holidays? Need to keep your pager and cellular phone strapped to your belt to deal with any issues when they arise? Afraid to be more than 100 feet away from a wired terminal?

Relax over the holidays with the security of knowing you can handle systems and network administration issues from your Blackberry or wireless Pocket PC. Now you can feel comfortable going to the ski hill and socializing with friends and family. These types of absences from the office are when mobile systems administration solutions are invaluable!

Sonic Mobility announced the shipment and general availability of sonicadmin 2.6, a complete network and server administration utility that allows you to perform complete server and network management on a 24x7 basis from a handheld wireless device such as the HP iPAQ or Blackberry from Research In Motion Limited (RIM.)

Version 2.6 is a significant upgrade to sonicadmin adding support for the new Java based Blackberries (5810/20 and 6710/20) as well as being certified for the Pocket PC Phone Edition or XDA. Larger install sites can make use of valuable new functionality such as a new server autodiscovery feature and NTLM authentication. The new features complement sonicadmin's core functionality which includes power cycling, server rebooting, user management, and command line access. Customers using these powerful features are quickly realizing reductions in systems downtime and increased organizational productivity levels.

"Sonic Mobility has succeeded in creating an extremely useful remote management system which doesn't compromise security or ease of use." said Peter Rysavy, president of Rysavy Research and columnist with MyITForum.com.

Make sure that you can access all of your systems from anywhere with your Blackberry or wireless Pocket PC using sonicadmin and take advantage of our special holiday pricing! If you've been thinking about sonicadmin there has never been a better time to buy. Between now and the end of the year you can set up your systems for full wireless remote access for only $249 per server for the first ten servers, $199 per server for servers 11 through 50, and $149 per server for servers 51 through 100. If you want to set up more than 100 servers, contact us for an unbeatable special quote! sonicadmin Holiday Pricing:

• Servers: 1-10 $249.00 each
• Servers: 11- 50 $199.00 each
• Servers: 51-100 $149.00 each
• Servers 101+ Special Bid
• Telnet $75.00 each

This Week's Links We Like. Tips, Hints And Fun Stuff

iHateSpam

Sunbelt Software, makers of iHateSpam(tm), the top-selling junk email filtering software for Microsoft Outlook(r) and Outlook Express(r), announced today that iHateSpam is now available for just $19.95. The product had previously been available for $29.95. The pricing change is effective immediately on Sunbelt's OnLineShop; retail stores that carry the product are expected to drop their prices imminently. iHateSpam 3.1 is a powerful salvo in the escalating war against junk email. "We decided to make iHateSpam available for just $19.95, giving consumers the best solution in one cheap package," said Alex Eckelberry, president of Sunbelt Software. "Best of all, people get one year of free spam definition updates, as well as our world-class technical support. It's an incredible value."