1. EDITORS CORNER
   • SA Vocabulary (Continued)
   • MCSE 2003 Shakeup!
2. TECH BRIEFING
   • Mega Credit Card Hack: Which Platform Was Broken?
   • MCSE 2003 Shakeup!
   • Fill Out Survey: Get Free Performance Booster Software
3. NT/2000 RELATED NEWS
   • Redmond Rolls Out 'Reliability' Programs
   • MS Buys Connectix's Virtual PC, Virtual Server Products
   • Security Standards Released For HIPAA
   • Patching Negligence Can Get You Sued
   • [humor] How To Become A MS Licensing Specialist: Free
4. NT/2000 THIRD PARTY NEWS
   • Survey Data: Disaster Recovery Finds Prominence
   • ScriptLogic v4.12 Is Available
5. W2Knews 'FAVE' LINKS
   • This Week's Links We Like. Tips, Hints And Fun Stuff
6. PRODUCT OF THE WEEK
   • Squeeze The Max Out Of Your WinXP Workstation

SA Vocabulary (Continued)

There seems to be an endless, various and entertaining amount of words that all seem to indicate the same thing: Clueless Users. Here are some more that subscribers sent in: [grin]

• In French, we are often saying about a user mistake "C'est un code 18!" [it a code 18], like the problem was 18 inches in front of the screen!
• Here is one that we used for a long time. 'L' Users (sounds like losers)
• BIU error. Biological Interface Unit, more commonly known as the user.
• "Fleshware, or Wetware Problems", human behind the keyboard.
• "It's a PUE" - probable user error.
• I/O error - idiot operator

• Prolot (sometimes 'prodlot') - a pilot system that ends up as a production system
• Beduction - Beta software ending up running a production system
• Chernobylware: Software that "nukes" the Operating System once installed.

• It gets me the really important data first
• It tells me what Microsoft doesn't
• The technical content helps me keep my systems up & running
• It saves me a lot of time scouring the Net for the data I need
• I like the editorials and the fave links

MCSE 2003 Shakeup!

Major waves in the MCSE world. The new 2003 requirements are very interesting. See the TECH BRIEFING with a brand new Guest Column by MCSE Guru Ed Tittel for this latest news.

Warm regards,

Mega Credit Card Hack: Which Platform Was Broken?

Told Ya So. See prediction #7 in the Crystal Ball issue this Jan:
http://www.w2knews.com/rd/rd.cfm?id=030224TB-Crystal_Ball

No fun though. Hacker(s) have gained access to the accounts of more than 5 million credit card customers. The theft occurred when the system of a clearing house (company that processes credit card transactions for merchants) was broken into. The servers of Visa and MasterCard themselves were not compromised. Total credit cards in the US is about 570 Million so this is a small percentage but still...

Everyone involved has been famously close-mouthed about which banks were affected by the theft, which systems were broken into, what OS had been on these machines and who did not patch them. Neither Visa nor MasterCard was willing to identify the clearinghouse, and they also did not reveal yet how the theft occurred, citing security concerns. The FBI's cybercrime division is also investigating the theft. This is not something regional, it was throughout the nation and could be any bank. (Both Visa and MasterCard offer zero liability policies, which absolve cardholders of responsibility for unauthorized purchases).

I will keep you up to date on the brand of servers and OS that were compromised. In the mean time, keep your own systems patched, with:
http://www.w2knews.com/rd/rd.cfm?id=030224TB-Stay_Patched

MCSE 2003 Shakeup!

This is a guest column by Ed Tittel. He is the Series Editor for Que Certification's best-selling Exam Cram 2 and Training Guide series of exam preparation tools. Look for titles on these forthcoming MCP exams in bookstores this fall.

"Once upon a time, Microsoft used a pretty simple formula to map Windows Server 2000 MCSA/MCSE exams to Windows Server 2003: "add 60." This explains how 70-210 Windows 2000 Professional maps to 70-270 Windows XP Professional, and how 70-215, 70-216, and 70-217 were all supposed to map to 70-275, 70-276, 70-277, and so forth. Allow me to call these exams 70-27x, speaking generically.

As of the week of February 10, all this changed. Some time on Feb. 11 or 12, nearly all mention of as-yet-unreleased 70-27x exams vanished from Microsoft's Web site. I found this extremely mysterious and intriguing, and was therefore not terribly surprised when MS announced a new replacement slate of exams for the MCSA and MCSE on Windows Server 2003 on Monday, February 17. Here's what's new as of that date:

• Exam 70-290: Managing and Maintaining a Microsoft Windows Server 2003 Environment
• Exam 70-291: Implementing, Managing, and Maintaining a Microsoft Windows Server 2003 Network Infrastructure
• Exam 70-292: Managing and Maintaining a Microsoft Windows Server 2003 Environment for an MCSA Certified on Windows 2000
• Exam 70-293: Planning and Maintaining a Microsoft Windows Server 2003 Network Infrastructure Exam
• 70-294: Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure
• Exam 70-296: Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Environment for an MCSE Certified on Windows 2000
• Exam 70-297: Designing a Microsoft Windows Server 2003 Active Directory and Network Infrastructure
• Exam 70-298: Designing Security for a Microsoft Windows Server 2003 Network

Here's how these exams map into MCSA and MCSE, present and future:

1. To upgrade an MCSA on Windows 2000 to Windows Server 2003, take the 70-292 exam. For MCSEs in the same boat, add exam 70-296.
2. New MCSAs who wish to pursue Windows Server 2003 certification must take 70-290, 70-291, and either 70-270 or 70-210. Valid MCP electives are now quite a bit more limited, including only 70-086 (SMS 2.0), 70-227 (ISA Server), and 70-228 (SQL Server). The A+/Network+ or A+/Server+ third-party combinations may still be used to meet the elective requirements. For details see:
   http://www.w2knews.com/rd/rd.cfm?id=030224TB-Electives
3. New MCSEs seeking Windows 2003 certification must take 70-290, 70-291, 70-293, and 70-294 for the core networking exams, either 70-210 or 70-270 for the client O/S core exam, either 70-297 or 70-298 for the core design exam, and one of seven possible electives for a total of 7 exams. See for details:
   http://www.w2knews.com/rd/rd.cfm?id=030224TB-Possible_Electives

Fill Out Survey: Get Free Performance Booster Software

Readers of W2Knews are technology experts, and in many cases you are early adopters and trend setters as well. In other words, your viewpoints on technology are extremely interesting and valuable. Survey.com and SG Cowen have a survey we'd like you to fill out. Everyone that fills out the survey gets a free permanent copy of the new AutoPilot for Windows XP. See Product Of The Week Section below for more info. If you already filled out the survey last week, you'll get the email with the download and key information sent automatically.

I just did this myself, It took me less than 10 minutes to complete. You will be entered into a drawing to win a cash prize of $500, and EVERYONE will get the no-charge new AutoPilot. But we only need 500 more people so you have to be f a s t. Also, you will receive a complimentary summary of the results! That will help you become an even greater opinion leader in your own organization.

Redmond Rolls Out 'Reliability' Programs

MS announced a bunch of programs and services last week. They are all aimed at fortifying the reliability of W2K3, to arrive coming April.

The programs are meant to complement the reliability enhancements in W2K3. A few of the key software improvements are application process isolation, application recycling and memory mirroring for fast failover of fault-tolerant servers.

Application process isolation assures that one application crash does not interrupt Web service uptime. Application recycling for IIS 6.0 prevents application and systems failure because of memory leaks in poorly written code.

Memory mirroring, which writes memory to two different areas, can reduce blackout sessions to less than 1 second. MS says that because of these enhancements, Windows Server 2003 had a 40% reduction in unplanned system downtime in internal tests.

MS Buys Connectix's Virtual PC, Virtual Server Products

The Virtual Server could be used to help move NT Server 4.0 to a supportable environment (read server consolidation). The acquisition is certain to make server virtualization a more mainstream technology. The current market leader VMWare needs to now start watching out though.

This type of code allows you to run several instances of one OS or OS-en on the same computer, so they share processor and memory resources but each OS thinks it owns the machine. You can choose to run the technology in two modes:

1. require a host operating system, or
2. run directly on the hardware below all operating systems

The Virtual Server stuff will turn a four-way Intel server into 16 virtual machines - and even perhaps 24 with a light load. An eight-way can be made into 64 V-machines. Naturally every VM needs a licensed operating system unless you are running... guess what: Linux. Interesting!

Security Standards Released For HIPAA

The U.S. Department of Health and Human Services (HHS) announced the final security standards for protecting electronic health related data under the Health Insurance Portability and Accountability Act (HIPAA) of 1996. It has been four years in the making!

These new security standards go into effect April 21, but most organizations that are covered under this new law will have up to two full years (sometimes 3 if you are small) to comply with the standards. They are expected to be costly to implement and could lead to numerous lawsuits against doctors, hospitals and insurers if they are violated. It's another argument for layered security.

The news release stated: "These standards work in concert with privacy regulations approved last year. Health insurers, certain health care providers and health care clearinghouses must establish procedures and mechanisms to ensure the confidentiality, integrity and availability of health information in electronic forms".

The release of this "final rule" got mixed reactions from health- care IT experts. A few said that the lack of specific requirements will create confusion. But others said the government's hands-off approach was jut what the doctor ordered. Here is the actual stuff (PDF):
http://www.w2knews.com/rd/rd.cfm?id=030224RN-HIPAA

Patching Negligence Can Get You Sued

Source: SearchSecurity.com. I thought this was definitely worth mentioning to you.

Downstream liability sounds like a cable TV fishing show gone awry. But it's something enterprises need to quickly become aware of, especially in light of recent security incidents like the outbreak of the SQL Slammer worm and the attack on the Internet's root DNS servers.

Essentially, downstream liability is all about the liability an enterprise could incur if its unsecured systems are used as part of a distributed denial-of-service attack.

The topic came up during this week's CyberCrime Conference & Exhibition, where former Department of Justice cybercrime prosecutor Marc J. Zwillinger of Sonnenschein, Nath & Rosenthal declared that, indeed, enterprises can be liable for damages incurred during a DDoS attack.

Zwillinger theorizes that breach of contract is no longer the only basis for liability; now enterprises will be held accountable if they are negligent in patching systems, for example. This is the commission of a tort, Zwillinger said. Negligence is the crux of downstream liability, according to a paper written by Scott C. Zimmerman, CISSP, a research associate with the Software Engineering Institute at Carnegie Mellon University; Ron Plesco, director of policy for the Pennsylvania state police; and Tim Rosenberg, president and CEO of White Wolf Security.

Negligence, meanwhile, consists of four parts, according to the law: duty, breach, causation and harm. Zwillinger and Zimmerman said that all four are closely linked and, in order to gain damages, a victim must demonstrate all four.

Duty, for example, is the reasonable expectation that an enterprise with IT assets linked to the Internet keep its systems secure. "Does an owner of IT assets on the Internet have a duty to keep his systems secure and not to be used to hurt another? We believe the answer to this question is a resounding yes," wrote Zimmerman, et al.

A breach of duty is the failure to live up to that obligation. For example, leaving unpatched systems exposed to the Internet and ripe for exploitation would constitute a breach of duty. Next, a victim must prove this breach caused the damages. Finally, the victim must demonstrate he suffered harm, like loss of assets, loss of business opportunities, or damage to reputation, Zwillinger said.

"It's time to recognize that this is a reality," Zwillinger said. "Enterprises need to determine best practices, adhere to regulation [HIPAA, Gramm-Leach-Bliley], hire consultants, adopt an incident response plan and stay current on information security and evolve with it." The rest of the article is here:
http://www.w2knews.com/rd/rd.cfm?id=030224RN-Patching_Negligence

Products to prevent getting hacked:
Retina:
http://www.w2knews.com/rd/rd.cfm?id=030224RN-Retina
UpdateEXPERT:
http://www.w2knews.com/rd/rd.cfm?id=030224RN-UpdateExpert

[humor] How To Become A MS Licensing Specialist: Free

Well here is a way to study and take an exam about MS licensing. It's mainly meant for sales reps and resellers but it's kinda interesting for us end-users that need to juggle the budgets. Having passed this exam you might be able to claim any level of understanding about MS Licensing. But if you have no time for the whole thing, having a bash at these online exams should be an extreme source of amusement. [grin]

Survey Data: Disaster Recovery Finds Prominence

InfoWorld has a great story that I thought you'd like to have as ammo to get budget for HA solutions. Check out the rest of the story on their website. Here goes!

"If there's one trend highlighted in the 2003 InfoWorld Storage Survey that everyone should take to heart, it is this: Business continuity -- taking adequate measures to recover storage equipment from a disaster -- has become part of a CTO's daily life. Business continuity is no longer a mere afterthought or a weak placebo to pacify questioning auditors.

Even though not all survey respondents are flying the disaster recovery flag, an overwhelming majority -- an amazing 9 out of 10 -- has already cemented a disaster recovery plan for storage equipment or will have one in place within the year. These IT leaders are reacting to the ever-present threat of political terrorism, which joins the ranks of an already exceedingly long list of dangers including natural disasters, utility grid failures, catastrophic accidents, and human errors.

As the centerpiece of any business continuity plan, protecting storage equipment and company data from disruption, requires a thoughtful blending of storage administration, risk assessment, and data protection activities. And survey respondents are tuned into that nugget of wisdom -- 60 percent of the IT leaders we polled are involved in both defining disaster recovery procedures and purchasing storage solutions.

As everyone knows, the most effective way to preserve critical data is to create copies, either online or on backup media, in case the original becomes corrupted or unavailable; this implies a need to stock up on additional storage devices to host those replicas. As a result, developing proper backup and disaster recovery strategies is the driving factor for new storage acquisitions among survey respondents, with backup projects ranking first at 69 percent of respondents and disaster recovery third at 57 percent. -By Mario Apicella, InfoWorld senior analyst For the full story:
http://www.w2knews.com/rd/rd.cfm?id=030224TP-Disaster_Survey

The market leader in real-time HA-and-DR-in-one: Double-Take:
http://www.w2knews.com/rd/rd.cfm?id=030224TP-Double-Take

ScriptLogic v4.12 Is Available

ScriptLogic version 4.12 is available and we'd appreciate it if you would update your latest version. The following list is an excerpt from the version history that accompanies ScriptLogic version 4.12. It outlines the major differences between v4.01 and ScriptLogic v4.12:

• Multiple performance enhancements, including smaller executable footprints.
• Service Manager and Replication Manager are now integrated into a single utility: the ScriptLogic Server Manager.
• Implemented a new Distributed Logging Service, including an API function for writing to log files using the new DLS.
• Single service consolidation: The functionality from the ScriptLogic RunAdmin, ScriptLogic RPC, and KiXtart RPC services found in previous versions of ScriptLogic and the new DLS have now been combined into a single "ScriptLogic Service."
• The new ScriptLogic Service will now auto-synchronize the client-side credentials if the account and/or the password used by the client service is changed.
• Inactive list elements within the Manager are now represented by an alternate text color.
• Added a new option to the Profile Manager that, if enabled, will prevent any subsequent profiles from being processed.
• Added support for a more popular graphic file formats to the customer logo display system. ScriptLogic can now display bmp, rle, gif (animated/non-animated) and jpg formats.
• Enhanced troubleshooting & debugging with color-coded html trace log file (now named SLtrace.htm instead of SLtrace.log), and the trace files can now be consolidated to a central server for easy viewing and journaling.
• Enhanced TCP/IP Validation Logic to support true subnet comparisons, using both dotted decimal and single integer bit-masking.
• Ability to enable trace file and/or debug execution must now be configured using the Manager. You may now type the names (including wildcards) of a user -or- computer to perform the trace/debug operation on. The old method of creating a file on each client called "sldebug" is no longer supported.
• Added a Report Generator that produces reports of the configs created within ScriptLogic Manager.
• Included KiXtart 4.12 engine: top new features include: floating point math and multi-dimensional arrays.
• Increased the number of characters that can be placed into the text area of a ScriptLogic alert using the ScriptLogic Manager.
• Choosing to overwrite a mail profile will no longer create backup mail profile copies with Outlook XP.
• Fixed various issue related to assigning Logon Script screens, Log View column headers and fields, slExec() API, Outlook settings, ScriptLogic service that could produce a "Not enough quota space is available", logoff / shut down agent, loader, and LPT ports

This Week's Links We Like. Tips, Hints And Fun Stuff

Squeeze The Max Out Of Your WinXP Workstation